Uptime

On December 27, the Department of Homeland Security's Computer Emergency Readiness Team issued a warning about a vulnerability in wireless routers that use WiFi Protected Setup (WPS) to allow new devices to be connected to them. Within a day of the discovery, researchers at a Maryland-based computer security firm developed a tool that exploits that vulnerability, and has made a version available as open source.

Netbook sales have been declining, with major vendors deciding to leave the netbook market entirely. That hasn't stopped Intel from launching a new family of processors designed for small and cheap laptops.

The new chips are the Atom N2600 and N2800, based on the Intel's third-generation Atom architecture, codenamed Cedarview. The Cedar Trail-M platform pairs one of these processors with company's pre-existing NM10 chipset. As with the previous generation Pineview processor, each dual core, four thread chip integrates a GPU. For Cedarwood, the processor is based on a PowerVR design. Cedarview's GPU offers twice the performance of Pineview's. Cedarview adds to this a dedicated media engine for hardware-accelerated decoding of motion video, including support for 1080p H.264.

Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication Congress event in Germany, the flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google's open source JavaScript engine V8. The vendors and developers behind these technologies are working to close the vulnerability, with Microsoft warning of "imminent public release of exploit code" for what is known as a hash collision attack.

Researchers Alexander Klink and Julian Wälde explained that the theory behind such attacks has been known since at least 2003, when it was described in a paper for the Usenix security conference, and influenced the developers of Perl and CRuby to "change their hash functions to include randomization."

2011 was a year of upheaval in IT, with Flash losing the mobile war to HTML5, RSA succumbing to a hack leaving SecurID products exposed, HP and RIM making big mistakes in core markets, cloud services taking off (while suffering some outages), and more rapid browser release cycles making life difficult for the enterprise. Here's a recap of the year's top stories in IT.

Flash loses mobile war to HTML5

When Apple CEO Steve Jobs wrote his "Thoughts on Flash" open letter in April 2010, it was not yet clear that Adobe Flash would lose the war for mobile video. But with Apple's refusal to support Flash on the iPad and iPhone, consistent performance issues on mobile devices, and an increasingly industry-wide move toward HTML5, Adobe gave up in November of this year and gutted its mobile Flash player strategy. Layoffs were paired with a halt to development of Flash Player for mobile browsers, with mobile Flash support limited to critical bug fixes and security updates for existing device configurations. HTML5 will face trials and tribulations in the post-Flash era, but with Adobe admitting the game is up and throwing its support behind HTML5, the world now seems to be moving in one direction.

For Windows 8, Microsoft is a preparing a new way to log in to tablet PCs by letting users perform gestures on the screen instead of typing in letters and numbers. A user will choose a photo with some personal meaning to them, and create a sequence of taps, lines, and circles which must be performed in the right order to unlock the computer.

The obvious question is whether such a system is as secure as typing a password on a keyboard. Given the kinds of simple passwords many users rely upon, the gesture-based system could well be more secure for numerous people. Microsoft acknowledges that smudges on the screen or recording devices could theoretically allow the gesture password to be compromised, but says the risk is very low.

Jacob "Jack" Goldman, the former head of research at Xerox and the founder of the company's Palo Alto Research Center, died on December 20 at the age of 90 of congestive heart failure. When Goldman joined Xerox in 1969, he pushed the company to invest in long-term research, proposing the creation of PARC (partly as a way to capitalize on Xerox's purchase of the computer company Scientific Data Systems).

Goldman's leadership in forming PARC—and his hiring of George Pake to head the center— led to the development of a number of technologies later exploited by Apple, Microsoft and others, including the laser printer. object-oriented programming, Ethernet, the mouse pointing device, and the graphical user interface. While Xerox never effectively capitalized on developments like the Alto PC—the first networked personal computer—PARC's work inspired the development of the Macintosh and the Windows operating systems.

Before joining Xerox, Goldman worked at Ford, where he conducted research into sodium-sulphur (NaS) batteries for electric cars in the 1960s. NaS batteries are now used heavily for large-scale battery back-up systems.

The source code for Oracle's Solaris 11 operating system is now out in the open for anyone to peruse and compile, thanks to a furtive posting of a compressed archive that has been mirrored across scores of bitstreams and filesharing sites. But so far, Oracle hasn't moved to do anything about it, and the question remains whether the code was leaked by a disgruntled Oracle employee, or if this is the strangest open-source code-drop in history.

"The question I have is, what is it?" said Bryan Cantrill, former Sun Microsystems engineer and developer of the DTrace diagnostics tool, and now vice president of engineering at Joyent, in an interview with Ars. "Is it a deliberate act or not?"

Update: this story has been corrected and amended based on information received from Richard James of sendpace.com.

For thousands of customers of Subway restaurants around the US over the past few years, paying for their $5 footlong sub was a ticket to having their credit card data stolen. In a scheme dating back at least to 2008, a band of Romanian hackers is alleged to have stolen payment card data from the point-of-sale (POS) systems of hundreds of small businesses, including more than 150 Subway restaurant franchises and at least 50 other small retailers. And those retailers made it possible by practically leaving their cash drawers open to the Internet, letting the hackers ring up over $3 million in fraudulent charges.

In an indictment unsealed in the US District Court of New Hampshire on December 8, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims.

We recently asked businesses and schools using Google Apps to rate Google's customer support, and found that it often falls short of being business-worthy. But Google is trying to change its reputation with 24/7 phone support to all Google Apps customers for any issue, which should theoretically alleviate some problems.

So what about Google's cloud competition over at Microsoft? The folks at Redmond continually trumpet their enterprise experience and scoff at Google's supposedly immature products and support system. But at least on the one issue of phone support, Microsoft's policies prevent most customers from reaching technical support by phone.

Look at the URL of most pages on Facebook, and you'll see a ".php" in there somewhere. That's because Facebook has leaned heavily on the PHP scripting language to develop the Web-facing parts of the site. PHP's popularity and simplicity made it easy for the company's developers to quickly build new features. But PHP's (lack of) performance makes scaling Facebook's site to handle hundreds of billions of page views a month problematic, so Facebook has made big investments in making it leaner and faster. The latest product of those efforts is the HipHop VM (HHVM), a PHP virtual machine that significantly boosts performance of dynamic pages. And Facebook is sharing it with the world as open-source.

Facebook's initial PHP performance efforts had been focused on tuning the Zend Engine—contributing fixes and patches to Zend, and writing C++ based PHP extensions to offload the heavy lifting of application logic. But as Facebook senior engineer Haiping Zhao said in a post to Facebook's developer blog last year, those efforts required splitting up development resources and investing time in mastering the Zend APIs for C++. Facebook wanted to be able to keep as many engineers working in PHP as possible, and the company wasn't seeing the kind of performance boosts that developers were hoping for.

Creative Commons is preparing to draft a new version of its eponymous suite of copyleft licenses. The aim of the update is to deliver improvements in key areas such as database rights and the definition of noncommercial use. The organization has launched a preliminary requirements-gathering effort to collect ideas and proposals from the Creative Commons community.

The Creative Commons licenses, which were originally published in 2002, have exploded in popularity and seen broad adoption. There are now hundreds of millions of individual works distributed under Creative Commons licensing terms. The new version of the licenses will be the fourth major revision.

Amazon's S3 Simple Storage Service has outperformed Microsoft's Windows Azure Storage and all other major providers in an extensive study testing the feasibility of businesses using cloud services for primary storage, data protection, and disaster recovery.

Nasuni, which sells data protection services that work across any type of cloud storage, says it has been testing the 16 largest cloud storage providers (CSPs) since April 2009 to determine the best services for its customers. Ultimately, only six of the 16 providers passed Nasuni's testing—in addition to Amazon and Microsoft, the other winners were Nirvanix, Rackspace, AT&T Synaptic, and Peer1 Hosting. Both AT&T and Peer1 use EMC's Atmos platform on the back end, although EMC itself discontinued its own public cloud based on Atmos.

World's first 128Gb 20nm NAND flash could pack 2TB into a 2.5" SSD: Intel and Micron have announced the creation of a 128 gigabit flash die. An SSD built from such parts could pack 2TB into a 2.5" drive. They probably won't hit the market until 2013, though, as the new dies also sport a new interface and internal structure.

Hackers hit supermarket self-checkout lanes, steal money from shoppers: Criminals have tampered with the credit and debit card readers at self-checkout lanes in more than 20 supermarkets operated by a California chain, allowing them to steal money from shoppers who used the compromised machines.

The ultimate fate of HP's webOS mobile platform was finally revealed today. The company has announced plans to contribute its operating system to the open source software community. The move will open the door for other hardware manufacturers to adopt the operating system and ship it on their own devices.

We called for HP to open webOS last month in response to rumors that were circulating about the operating system's future. As we pointed out at the time, key components of the webOS userspace stack have considerable value. We argued that HP, existing webOS users, and the open source software community would all benefit if the platform were opened. HP apparently reached the same conclusion.