"We Will Restore Science To Its Rightful Place"
A health expert warns that China could face a bird flu epidemic, and needs to work harder to prevent outbreaks.
Google Drive, or Gdrive as it is better known, has to be the most anticipated Google product so far. When it arrives, Gdrive will likely cause a major paradigm shift in how we use computers and bring Google one step closer to dethroning Windows on your desktop.
You know what a tweet is and how they're displayed in Twitter. Pretend you're a time traveler from 2003 and someone told you that a primary software interface was going to include bare naked urls, would you have believed it? I wouldn't. I still don't accept that it's the best way to display a tweet. These days lots of software displays them, not just Twitter. And they all have the same problem -- how to display the urls. I haven't seen a lot of approaches. I'd like to generate some, to gather different non-raw-url approaches. Here's an example: Where are the Users at the User Generated Content Expo? We don't shorten urls just to conserve space within the 140-character limit, shortening urls also makes our writing more legible. For that application we could go the full distance and collapse the url down to an 11-by-11 icon. If so, what should the icon be? Here are some examples of vast collections of free mini icons. I'm assuming the best approach is to shrink the url to an icon and store it to the right of the text but if you knew the big ugly url was going to shrink to an icon, you might start putting the urls in the middle of sentences in ur tweets. Maybe a mini-icon isn't the best way to go, maybe there's another way altogether to neaten up tweets and make them more readable? (And yes, I know some people will say the way Twitter does it now is the best possible way, please assume we're all considering that possibility as well). I'm interested to know what people think.
Harvard physician Dr. Atul Gawande offers simple advice on health care reform: start with what you have.
The LA Times reports on a study published in the Archives of Internal Medicine that found "people who sleep less than seven hours a night appear to be almost three times as likely to catch a cold as those who sleep eight hours or more." There was a graded association with average sleep duration: participants with less than 7 hours of sleep were 2.94 times (95% confidence interval [CI], 1.18-7.30) more likely to develop a cold than those with 8 hours or more of sleep. The association with sleep efficiency was also graded: participants with less than 92% efficiency were 5.50 times (95% CI, 2.08-14.48) more likely to develop a cold than those with 98% or more efficiency. These relationships could not be explained by differences in prechallenge virus-specific antibody titers, demographics, season of the year, body mass, socioeconomic status, psychological variables, or health practices. The percentage of days feeling rested was not associated with colds. Conclusion Poorer sleep efficiency and shorter sleep duration in the weeks preceding exposure to a rhinovirus were associated with lower resistance to illness. Fighting a cold? Every bit of sleep counts...
The largest single type of security breach is the stolen or lost laptop, according to the Open Security Foundation, yet these computers are among the least protected of all IT assets. The costs of a data breach can be huge, including the loss of trade secrets, marketing plans, and other competitive information that could have long-term business damage, plus the immediate costs of having to notify people if their personal information was possibly at risk from the breach. Particularly in a recession, enterprise management can't afford to take these risks lightly.There is a way for IT to protect those laptops and the confidential information they contain: encryption. Without the combination of password security and encryption, any halfway-competent hacker has no problem siphoning hard drive contents and putting it to nefarious use.[ Stay up to date on key security issues and solutions in InfoWorld's Security Adviser blog. | Keep abreast of the latest mobile developments in the Mobile Pulse blog. ]Perhaps the most important advantage of full disk encryption, though -- beyond the peace of mind it gives your business's lawyers -- is the "safe harbor" immunity that accrues under many data privacy regulations. For example, credit card disclosure rules don't apply to encrypted data, and even California's strict data-disclosure statute makes an exception for encrypted records -- provided you can prove they're encrypted. That's trivial with full disk encryption but not so easy with partial encryption techniques, which depend on user education for safe operation.A key challenge for IT in deploying encryption on its laptops is the sheer number of encryption options available. Some Windows Vista editions, as well as the forthcoming Windows 7, support Microsoft's built-in BitLocker encryption, and numerous third-party encryption products cover the range of mobile operating systems from XP through Windows 7, Linux, and Mac OS X. Encryption granularity is widely variable as well, ranging from protecting individual files to encrypting virtual disks to deploying fully armored, hardware-based full disk encryption. Prices range from free to moderately expensive.If you've put off laptop data security due to perceived technical shortcomings or high costs, you need to take another look at the field -- before you lose another laptop.The maximum encryption protection possible: TPM Ideally, you'll deploy the full-metal-jacket approach to laptop data protection: full disk encryption using the Trusted Platform Module (TPM) technology. If you can afford the cost, waste no time with inferior methods. All you need is a laptop containing a TPM security coprocessor and, optionally, an encryption-enabled hard drive from one of the major hard drive manufacturers.The TPM is a chip soldered on to the laptop's motherboard, providing hardware-based device authentication, tamper detection, and encryption key storage. The TPM generates encryption keys, keeping half of the key information to itself, making it impossible to recover data from an encrypted hard drive apart from the computer in which it was originally installed. Even if an attacker gets the user's part of the encryption key or disk password, the TPM-protected drive's contents can't be read when connected to another computer. Further, the TPM generates a unique digital signature from the motherboard in which it's embedded, foiling attempts to move the TPM chip itself to another machine.TPM-enabled full disk encryption, especially hardware-based implementations of it, provides one other key benefit to enterprises: data erasure upon laptop decommissioning or repurposing. A common bugaboo in the enterprise is the accidental disclosure of data when seemingly worthless outdated laptops are discarded or sold, or transferred to another employee. Erasing sensitive information in such situations is not trivial, and even removing and physically mangling a laptop's hard drive is no guarantee against disclosure. However, because TPM has absolute control over the encryption keys -- remember, half of the key information is stored with the TPM itself -- you can simply tell TPM to forget its keys, and the hard drive is instantly reformatted and effectively rendered nonrecoverable. Disk sectors aren't zeroed, but no computationally feasible method exists today to decrypt the residue.A great many enterprise-class laptops manufactured in the last two to three years shipped with embedded TPM chips; Apple's Macs are a key exception, as none since 2006 include a TPM chip. But the TPM chips must be explicitly enabled to use them as the authentication mechanism for encryption.If your laptops have a TPM chip, don't try enabling it without carefully following the vendor's instructions -- otherwise, you could accidentally wipe out the laptop's hard drive. Before enabling the TPM chip in a laptop, you must first take ownership of it, a process that establishes user and management-level passwords and generates the initial set of encryption keys. The management password lets IT administration monitor the inventory of TPM devices, recover lost user passwords, and keep track of usage.A TPM works with the laptop's resident operating system to encrypt either the entire hard drive or most of it, depending on the OS encryption implementation. (Microsoft's BitLocker, for example, requires a small, unencrypted initial-boot partition). Alternatively, a TPM can interoperate with encryption-enabled hard drives to perform encryption entirely outside of, and transparent to, the operating system.The TPM technology isn't perfect, but it provides very solid protection in the most common incident, where a laptop is lost or stolen and the user has not left it logged in. If the laptop is powered off, TPM protection is absolute. Most implementations use 256-bit AES encryption, which is considered uncrackable for the foreseeable future. Powering up the device requires entering pre-boot credentials in the form of a password, a PIN, a smartcard, biometric data, a one-time-password token, or any combination of these. If the lost laptop is powered on (but not logged in), or just powered off, an attacker would have to use extraordinary procedures to recover the encryption keys from live memory.However, if a lost device is powered up and logged in, a TPM provides zero protection. An interloper can simply dump the data off the hard drive in the clear using ordinary file copies. Thus, it's essential that TPM-protected systems have noncircumventable log-in timeouts using administrator-protected settings.To achieve the ultimate in full disk encryption protection requires hardware-enabled encryption on board the hard drive. Drive-based encryption closes all of TPM's loopholes, since the encryption key is no longer stored in OS-accessible memory. Hardware-based full disk encryption also eliminates the performance penalty incurred by software-based full disk encryption, although with today's fast, processors, that software encryption overhead is not noticeable to most users.The cost for TPM protection starts at zero for Microsoft's BitLocker, which is built into Vista Enterprise and Ultimate, Windows Server 2008, and the forthcoming Windows 7. Major laptop manufacturers also sell software bundles that enable TPM in any Windows version, including XP, such as Wave's Embassy Trust Suite and McAfee's SafeBoot. The advantage of bundled software is sole-source support and pre-tested configurations.You can also roll your own software protection using stand-alone packages such as PGP Whole Disk Encryption.All these products support a wide range of enterprise-class management tools that let you enforce uniform policies and centrally store encryption keys, including special data-recovery keys that solve the problem of lost passwords and prevent employees from locking employers out of their hard drives.If you can't do TPM, here's your plan B for encryption Although the deployment of TPM-based full description is ideal, you may count the cost of full disk encryption and come up short-funded, especially if you just refreshed your enterprise laptops with non-TPM models. Forklifting your entire laptop population is an undeniably expensive proposition, as is replacing the non-TPM laptops if your company has a mix of TPM and non-TPM laptops. If you can't go all TPM, there's a plan B that can give you much of the encryption benefits you need.You might think that plan B involves partial disk encryption, typically deployed by designating specific folders on a laptop as encrypted; as files are moved into that folder, they are automatically encrypted. Apple and Microsoft have long offered this form of encryption, via FileVault on the Mac and the Encrypted File System tools in Windows XP and Vista. But this approach has a major flaw: It depends on users to properly store sensitive data only in encrypted form.A variation of folder-level encryption is virtual disk encryption (VDE), in which a single disk file contains a virtual disk image that the user can mount when needed; this virtual disk collects all sensitive files in one location. Microsoft's BitLocker offers this feature in all Vista editions, as well as in Windows Server 2008 and Windows XP. Third-party products such as PGPDisk and even free open source software programs such as TrueCrypt have VDE capabilities. Many of these third-party utilities are easier to use than BitLocker, so they can save you some implementation expense.Another form of partial disk encryption is to apply encryption to specific files, typically those residing on corporate servers that users want to open locally. In this approach, users must enter a password every time they open a protected file. IT not only is on the hook to ensure that all sensitive files get encrypted but also has no way to stop users from simply saving the opened file as an unencrypted copy. Still, this protection is better than nothing and is widely available via free disk utilities. But key management can be a problem, and these file-level encryption tools generally don't support multifactor authentication.But the best plan B to TPM-enabled full disk encryption isn't any of these partial disk methods. The best plan is software-only full disk encryption, in which either the operating system or a third-party program performs the same encryption as with TPM but uses another method to store the encryption keys, such as a thumb drive or a smart card.The good news is that virtually all-TPM full disk encryption suppliers' offerings, including BitLocker, can operate in this software-only mode, which relies on a removable hardware token so that you can use this approach for your non-TPM devices while having a consistent encryption method to manage across all your laptops.It's true that software-based full disk encryption is less secure than if you have a TPM-equipped laptop: The entire drive can still be encrypted, but a determined hacker will have more opportunities to gain access through compromised keys. For example, if the key-storage token is left with the notebook computer (how likely is that?), the hacker may be able to simply plug the token in and gain access to the drive contents. Even multifactor authentication in this scenario is subject to attack by inspection, since the key token is not tightly bound to the system motherboard.Still, when TPM-enabled encryption is not an option, pure software full disk encryption can still give you considerable peace of mind, as well as provide the "safe harbor" benefits afforded encrypted systems in data-privacy regulations. Software full disk encryption solutions have also been around long enough that they're available for most mobile computing platforms, including Linux and Mac OS X.TPM technology changes to come Although TPM full disk encryption with hardware-based encryption in the hard drive is the best you can do for data protection today, security researchers are constantly testing TPM's mettle and devising improvements to it.One potential vulnerability of today's separate TPM chip implementation is that keys must be transported across conductors in the motherboard to the CPU for software-based full disk encryption, or to the hard drive for hardware-based full disk encryption. That could provide an entry point for a hacker. That's why a major vendor trend is to move all TPM-oriented data manipulation on to the CPU chip set in the form of customized silicon. Intel has advertised its vPro solution, which is part of the upcoming Danbury processor and Eaglelake chip set. This feature will perform all encryption and decryption for SATA and eSATA drives without involving the CPU, OS device drivers, or even the hard drive itself.Such an approach could make TPM even more secure. But there's no reason to wait until such chips are standard in laptops. With today's TPM-equipped laptops, and with the software-based fallback option for non-TPM laptops, you have a platform for a consistent, manageable, secure deployment strategy. Consider yourself lucky if you've successfully dodged the stolen laptop bullet thus far. But don't tempt fate -- or hackers. Implement some form of laptop encryption today.
Hong Kong action icon Michelle Yeoh stars alongside American muscle Vin Diesel in this science fiction thriller concerning a nun who is charged with the task of caring for a young girl who may be the carrier of a deadly virus. Based on author Maurice Dantec's Babylon Babies, this tale of genetic manipulation comes to the screen courtesy of director Mathieu Kassovitz. ~ Jason Buchanan, All Movie Guide [more]
There are three kinds of lies: lies, damned lies, and statistics. – Benjamin Disraeli, British Politician, (1804-1881) Have you ever been completely overwhelmed while reading the morning paper? 1 in 6 American men will be diagnosed with prostate cancer during his lifetime (American Cancer Society, October 2008). Studies estimate that CT scans account for as much as 2 percent of all cancers (as reported by Reuters, December 2008). People who sleep less than seven hours a night are three times more likely to develop a cold than people who sleep eight hours or more a night (Carnegie Mellon University, January 2009). Mouthwash linked with increased cancer risk (Australian Dental Journal, January 2009). How are we to interpret and digest all of this information? Data about relative risks and absolute risks – heck, it’s 6:30 a.m. and I’m lucky if I can focus long enough to read the back of the Wheaties box. According to a January 11, 2009 article in the Sacramento Bee, ‘Risk percentages, drug benefit numbers and survival rates can be manipulated as deftly as a chiropractor cracking a back.’ An article published the same day in the Chicago Tribune cited a group of physicians at Dartmouth Medical School as saying that ‘taking time to understand the often-confusing statistics used in the medical industry, is key to making smarter decisions about your individual healthcare.’ Here are some tips to remember when wading through the 11 o’clock news: · Differentiate between a lifetime risk and an annual risk. An annual risk is the number diagnosed each year in a population, usually expressed as a number per 1,000 or 100,000 individuals in the population. The lifetime risk is the sum of the risk of developing that disease each year, and thus sounds far more ominous. · Where possible, re-frame the statistic. Yes, colon cancer strikes 150,000 Americans, but there are 300 million Americans, which means you only really have a 0.05 percent chance. Don’t you feel better already? · Know your starting risk. If a drug company says their drug will result in 50% fewer deaths, then you need to ask: what was the starting risk of death? As the Chicago Tribune article so beautifully analogized: a 50% off coupon applied to a 50-cent pack of gum reaps different savings than when applied to a $35 turkey. So did you start with the gum or the turkey? · Check to see if the study involved people similar to you in terms of age, gender, risk factors and family history. While you’re at it, double check to make sure the study referenced human subjects, as opposed to rodents. Above all, remember that getting a disease does not, by a long shot, mean dying of it. Intrigued? Try perusing “Know Your Chances: Understanding Health Statistics”, S. Woloshin, L.M. Schwartz, and H.G. Welch, University of California Press, November 2008. My favourite: “Struck By Lightning: The Curious World of Probabilities”, J.S. Rosenthal, HarperCollins Canada, September 2005. Jennifer Hartman, Guest Blogger
Rob sez, "The kids' page of the Japan Agency for Marine-earth science and technology has some awesome [free!] papercraft models of deep sea creatures and submersibles." Jamstec Papercraft (Thanks, Rob!)...
This is episode twenty-nine. This episode covers all of the amazing health benifits of Vitamin D as well as the interesting outcome of a study involoving people who consume breakfast each morning, all in this month's podcast. Feel free to email us at health@lencolabs.com with any questions you may have, it might be answered on next month's show! 6:04 min.
Two things to look for when you're picking stocks today.
So how can these not be the cheapest stocks that you know, too?
Banking stocks fall sharply, despite the government's second package of measures to help the sector increase its lending levels.
The government unveils an insurance scheme for banks as it tries to get them lending again, but banking stocks fall heavily.