Tag Archive: software


How to dual-boot Windows 8 and Windows 7

Filed under: COMPUTINGLeave a comment
December 15, 2012

Surya R Praveen Dual-booting Windows 7 and Windows 8 -- both operating systems side by side
One of the big barriers to upgrading to Windows 8 is that Windows 7 is so good. For keyboard-and-mouse users, Windows 8 isn’t a hugely compelling upgrade — and without judicious use of third-party apps tobring back the Start menu and other core Windows 7 features, Windows 8 can actually make the desktop experience worse.

But what if you want to try out Windows 8? What if you want to take the Metro Start screen for a spin? (Who knows, maybe you’ll like it.) What if you want to give Windows 8 a chance?

One method you could use is virtualization, where you quite literally have Windows 8 open in a window on your Windows 7 PC. Virtualization isn’t really viable if you’re looking to truly experience Windows 8 and everything that it entails, though. For that, you need to dual-boot.

How to dual-boot/multi-boot Windows 8 with Windows 7

This guide assumes that you already have Windows 7 (or XP or Vista) installed. If you’ve already got Windows 8 installed, and you want to install Windows 7 as an additional OS, this guide might still work — but no guarantees.

First things first, you should backup any important documents. You shouldn’t lose any files during this process, but it’s better to be safe than sorry. See our Backup Masterclass for tips on how to backup your data efficiently and securely.

Surya R Praveen Windows Disk Management, shrinking a volumeWith that out of the way, hit Start, typediskmgmt.msc, and press Enter. This will open the Disk Management console. You should see a big (or small) list of all the drives currently attached to your computer.

Find the drive that Windows 7 is installed on (it should be marked as “Boot” or “System”), right click it, and click Shrink Volume. In the window that pops up, you ideally need a figure that’s around 50,000MB (50GB). If your hard drive is very full, this might not be possible. In theory the minimum install size for Windows 8 is around 20GB, but I really wouldn’t proceed without at least 30-50GB. If Disk Management refuses to shrink your volumes, you may need to try a third-party tool such as Paragon’s Hard Disk Manager.

Once the volume has been shrunk, a black, “Unallocated” region will appear at the end of the drive. Right click this and select New Simple Volume. Click through the dialog windows and give the new volume a memorable name such as Windows 8. Don’t change any other settings. This process will format the new partition, which may take a little while.

Installing Windows 8

At this point, all you really need to do is install Windows 8. You might opt to install a full version of Windows 8, or you can grab a 90-day evaluation copy. Either way, you want to slot the DVD (or USB stick) into your computer, reboot, and begin the installation process. (You may need to change the boot priority of your DVD drive/USB stick, which can be done in the BIOS).

Surya R Praveen Windows 7/8 multi-boot boot menuWhen given the option, select a Custom install (not Upgrade). On the next screen you’ll be shown a bunch of partitions/volumes. Select the one that’s labeled Windows 8 (or whatever you called it). Be absolutely certain that you’ve selected the right volume, then click Next.

The slick Windows 8 installer will now do its thing. It will reboot once or twice, but eventually you’ll be greeted with a multi-boot menu that allows you to select which OS you want to load (Windows 8, Windows 7, or any other OSes that’re installed). Windows 8 will load by default after a few seconds, but you can change it back to Windows 7 by clicking “Change defaults or choose other options” at the bottom of the screen. Voilà: You now have a PC that dual-boots Windows 8 and Windows 7.

Source

Tags: , , , , ,
Comment

Linux drops support for Intel’s 386 processors, but does it really matter?

Filed under: COMPUTING, ELECTRONICSLeave a comment
December 14, 2012

Surya R Praveen Intel 386
If you’re the type of person that not only heavily uses the Linux platform, but also has a bunch of very old processors lying around for everyday use, you’ll be disappointed to know that Linux has just dropped support for Intel’s 386 processors. Say goodbye to that hobby Linux operating system you’ve been building on your twenty-year-old rig.

Linux and the i386 have something of an intertwined history. Intel first released the i386 processor back in 1985, and Linux’s source code was first released back in 1991, after Linus Torvalds developed the operating system on a 386. Eventually, back in 2006, Intelannounced that it would finally cease production of the i386 the following year. Linux continued to support the processor years after it died, and has now finally abandoned said support.

Aside from being free and highly customizable, one of the best features of Linux is that it always maintained support for older or lower-end systems, helping to breathe new life into that old Thinkpad sitting at the bottom of your closet. Case in point: The Raspberry Pi, extremely tiny and underpowered by today’s desktop standards, comes stock with a Linux distribution. As for why Torvalds decided to drop i386 support from the Linux kernel, Red Hat employee and Linux hacker Ingo Molnar explained it was a simple matter of the extra work involved in continuing support not outweighing the resulting benefits. He noted that the complexity of supporting the 386 architecture “has plagued us with extra work whenever we wanted to change SMP primitives, for years.”

Surya R Praveen i386A little snarky in his explanation, Molnar goes on to say: “Unfortunately there’s a nostalgic cost: your old original 386 DX33 system from early 1991 won’t be able to boot modern Linux kernels anymore. Sniff.” Torvalds followed Molnar’s remark with cold acceptance, stating “I’m not sentimental. Good riddance.”

Torvalds announced the dropped support just two days after Linux 3.7 was released, though no mention of the dropped support appears in the release notes. Along with removing i386 support, Linux 3.7 brings some other major changes and additions. It includes completely new architecture for ARM 64-bit CPUs, as well as the ability to build a single ARM kernel that is portable across different hardware setups.

In the scheme of things, Linux dropping i386 support won’t really affect much other than the staunchest of hobbyists. The act holds more historical weight than it does any kind of practical significance, signaling the end of a relatively long era.

Source

Tags: , , , , ,
Comment

Internet Explorer flaw lets websites track your every mouse movement, and MS refuses to fix it

Filed under: COMPUTING, INTERNET, MOBILE, WEBLeave a comment
December 14, 2012

Surya R Praveen Binoculars

Security flaws are inevitable in operating systems and applications. Modern software is incredibly complex, and even the best developers in the world aren’t perfect. How the public responds to security flaws largely depends on how the developer reacts to the exploit. If it responds quickly with a promise to patch the flaw, and then delivers the fix in a timely manner, all is forgiven most of the time. Sadly, an exploit found in Internet Explorer that tracks mouse movement and certain key presses — even when IE is minimized, or the tab is in the background — isn’t getting patched by Microsoft.

A web analytics company alerted Microsoft to this quirk back in October. The security vulnerability affects all versions of Internet Explorer from version 6 through 10. While Microsoft has acknowledged the issue, it isn’t going to be patched in the near future. This is a problem, not only for the obvious privacy concerns, but also for security. Some people use software keyboards on their screen specifically to reduce the chance of their passwords being tracked by a keylogger. With this flaw, unscrupulous people could record the mouse movements used for entering a password just by having a web page loaded in the background. Microsoft even advocates the security benefits of using mice-based password systems with its picture password feature in Windows 8. Yikes.

In this demo, the possibilities for mapping cursor movement are shown quite clearly. The video below even shows how some simple analysis of mouse movements can be used to gather private information like passwords or phone numbers. Even scarier is the revelation that at least two ad analytics companies are already using this exploit to track users. If you weren’t freaked out about advertisers tracking you before, now is the time to think again. The site that revealed the flaw even has a challenge posted for people to try to decipher tracked mouse movements. The leader board shows that it takes less than half an hour for someone to figure out what was being typed on a software keyboard. It’s very scary stuff.

The methodology of exploiting this flaw to track cursor movements and modifier key presses is out in the wild, and any generic ad on any trustworthy website can use it to track what you’re doing. If you don’t want to be tracked, you do have options available. Firstly, you can switch to a different browser. Chrome or Firefox are fantastic options, and they aren’t affected by this flaw. Secondly, you could turn off JavaScript in IE. While this does hinder the usefulness of most modern websites, it will prevent IE from passing on your mouse movements. These aren’t optimal solutions, but Microsoft has given us little choice in the matter. Unless it steps up and patches this flaw, it just isn’t safe to use IE withJavaScript turned on.

[Image Credit: Edith Soto]

Source

Tags: , , , , ,
Comment

Vector vengeance: British researchers claim they can kill the pixel within five years

Filed under: COMPUTING, INTERNET, MOBILE, WEBLeave a comment
December 14, 2012

Surya R Praveen The death of pixels

The humble pixel — the 2D picture element that has formed the foundation of just about every kind of digital media for the last 50 years — may soon meet its maker. Believe it or not, if a team of British researchers have their way, the pixel, within five short years, will be replaced with… vectors.

If you know about computer graphics, or if you’ve ever edited or drawn an image on your computer, you know that there are two primary ways of storing image data: As a bitmap, or as vectors. A bitmap is quite simply a giant grid of pixels, with the arrangement and color of the pixels dictating what the image looks like. Vectors are an entirely different beast: In vector graphics, the image is described as a series of mathematical equations. To draw a bitmap shape you just color in a block of pixels; with vector graphics, you would describe the shape in terms of height, width, radius, and so on.

These two methods are very different, and they fulfill very different needs. Vector graphics, because they’re made out of geometric primitives, are infinitely scalable, making them the ideal image format for illustrations, clipart, maps, typography, Flash animations, and so on. For everything else, we use pixel bitmaps. Streaming videos, digital cameras, movie editing, video game textures — all bitmaps. There might be different file formats involved (PNG, MOV, JPG), but they’re all ultimately converted into pixel bitmaps when it comes to displaying them on your monitor, TV, or cinema screen.

Surya R Praveen Difference between bitmap and vector graphicsPixel bitmaps have their problems, though. As display (and camera and cinema) resolution increases, so does the number of pixels. The obvious problem with this is that larger bitmaps are computationally more expensive to process, resulting in a slower (or more expensive) workflow. Pixel bitmaps also don’t scale very gracefully; reduction is okay, but enlargement is a no-no. There is always the issue of a master format, too: With pixel bitmaps, conversions from one format to another, or changing frame rates, is messy, lossy business.

Which finally leads us back to the innovation at hand: Philip Willis and John Patterson of the University of Bath in England have devised a video codec that replaces pixel bitmaps with vectors. In a conventional digital camera, images (or videos) are captured as pixel bitmaps and compressed using a codec such as JPEG or H.264. Willis and Patterson have devised a codec called Vectorized Streaming Video (VSV) that converts the bitmap image into vectors. This builds on their previous work with VPI — vectorized photographic images [PDF] — which deals with converting bitmap images into perfect, vectorized copies.

At the moment there’s very little information about VSV, only that the Bath researchers are working with Root6 Technology (a company that specializes in transcoding) and Smoke & Mirrors (a post-processing studio) to bring the codec to market. According to Smoke & Mirrors, there should be working demonstrations of VSV within the next three to six months — and then, within five years, according to the University of Bath, the pixel will simply… die.

Surya R Praveen An example of the VPI bitmap-to-vector conversion. Bitmap (left) vs. vectorized (right)

An example of the VPI bitmap-to-vector conversion. Bitmap (left) vs. vectorized (right)

Looking at the sample images in the VPI paper (above), Bath’s vectorizing algorithm is certainly quite impressive. Performance is awful — but the algorithm is apparently very parallelizable, so this is unlikely to be an insurmountable issue. A brief look through the paper suggests that the algorithm is fairly similar to the auto-vectorization tools, such as Adobe Live Trace. The biggest issue with photorealistic vector graphics is the coloring of spaces between the geometric shapes — but apparently Willis and Patterson have solved this.

Ultimately, though, I think it will take a lot more than a new codec to kill the pixel. There has been no shortage of new codecs over the last few years, but it has so far proved to be very, very difficult to unseat entrenched favorites such as JPEG, GIF, and PNG. Even WebP, which promised to be better than JPEG in every way, failed to gain traction — and that was with the might of Google behind it.

Who knows: A bona fide, high-performance vector video codec would be very, very exciting. If anything could shake up the tools and industry that has built up around the bitmap, it would be a vector video codec, with vector masters that can be scaled and resized infinitely in any direction. “This is a significant breakthrough which will revolutionise the way visual media is produced,” says co-inventor Willis. We shall see.

[Image credit]

Source

Tags: , , , , ,
Comment

Windows Blue: Microsoft’s plan to release a new version of Windows every year

Filed under: COMPUTING, ELECTRONICS, GAMING, INTERNET, MOBILE, WEBLeave a comment
December 12, 2012

Surya R Praveen Windows 8... blue
Way back in August, three months before the release of Windows 8, we learnt about the existence of a project at Microsoft codenamedBlue. At the time it wasn’t clear whether this was Windows 9, or some kind of interim update/service pack for Windows 8. Now, if unnamed sources are to be believed, Windows Blue is both of those things: a major update to Windows 8, and also the beginning of a major shift that will result in a major release of Windows every 12 months — just like Apple’s OS X.

This information stems from The Verge, which cites several anonymous sources who are “familiar with Microsoft’s plans.” According to these insiders, Blue will roll out mid-2013, and will be very cheap — or possibly even free, to ensure that “Windows Blue the next OS that everyone installs.” Exact details are still rather vague, but at the very least Blue will make “UI changes” to Windows 8. The sources also indicate that the Windows 8 and Windows Phone 8 SDKs will be merged or standardized, to further simplify the development of cross-platform apps.

Once Blue has been rolled out, the insider sources claim that the Windows Store will no longer accept apps that are designed specifically for Windows 8 — i.e. developers will be forced to create a single Metro app that works on both Windows 8 and Windows Phone 8. Presumably the new SDK will ensure that this is a Good Thing, and not just an arduous hoop to jump through. The sources say that Windows 8 will keep its name for the foreseeable future, too — much in the same way that OS X hasn’t changed its name in 11 years.

WindOS X

Surya R Praveen Windows 8 flag logo

The new Windows logo is blue — coincidence?!?!

Perhaps more important, though, is the shift to a 12-month release cadence. Historically, Microsoft has released a major version of Windows every few years, with the intervening periods populated with stability — and security-oriented service packs. Now it seems that Microsoft wants to move to an OS X-like system, where new and exciting features will be added on an annual basis. In turn, Microsoft will drop the price of these releases — probably to around $25, just like OS X.

In theory, quicker releases will allow Microsoft to better compete with Apple and Google, who have shown themselves to be a lot nimbler than Microsoft in recent years. With Microsoft’s current few-year release cycle, there’s always the risk that its OS will already be oudated or bested by the competition by the time it hits the market. By moving to an annual release cycle, Microsoft should be able to stay ahead of the curve, rather than constantly playing catch-up.

We should also pay heed to that tidbit about Windows 8 and WP8 SDKs being “standardized.” As you may already know, Windows Phone 8 shares the same “common core” as Windows 8 — the same kernel, the same network stack, the same low-level security features and so on. Here at ExtremeTech we’ve repeatedly speculated about the possibility of Windows Phone 8 being removed from the equation entirely, with Windows 8 running across every computer form factor, including the smartphone. Having a single desktop and mobile OS that receives major annual updates, and has access to one vast library of apps, could be a very strong strategy for finally cracking the mobile market.

Source

Tags: , , , , ,
Comment

How to bring back the Start menu and button to Windows 8

Filed under: COMPUTING, INTERNET, MOBILE1 Comment
December 12, 2012

Surya R Praveen Windows 8 Start menu replacement: The Metro Start screen... as a menu!
In our continuing quest to fix and finesse some of Windows 8′s frolicsome foibles, we turn at last to the Start menu — that beloved button that has staked out the bottom left corner of your desktop for almost 20 years, only to be ignominiously removed from Windows 8 and replaced by the desktop-hating Metro Start screen.

Despite Microsoft’s best efforts to ensure that the Start button and menu remain dead, a bunch of third-party replacements have emerged. Really, it just goes to show how devoted the Desktop Windows userbase is: Microsoft completely stripped out the underlying Start menu code to quash potential Luddite revolutionaries, and yet just weeks after the release of Windows 8 there are dozens of Start menu and Start button replacements.

Let’s take a look at the best, cheapest, and most authentic apps for bringing back the Windows Start menu and button.

Surya R Praveen Windows 8: Classic Shell Start menu replacement

Classic Shell

Classic Shell is free, open-source donationware that gives you the option of a classic (Windows 98ish), Windows XP, or Vista/7 Start menu. At its most basic, it puts a Start button back on your taskbar — but as always with third-party utilities, it has a ton of other features and settings that you can tweak to your heart’s content (in Classic Shell’s case, there’s probably too many tweakable settings). There is apparently an option for Classic Shell to boot straight to Desktop, but I couldn’t find it.

One strong point of Classic Shell is that it successfully rebinds your Start key, so that the Start menu pops up instead of the new Metro Start screen. Hitting the Start key from Metro pops up Classic Shell, too. Other Start menu replacements don’t usually cope quite so well.

Take care while installing Classic Shell, though: It’s not just a Start menu replacement, and if you’re not careful you will end up installing Classic IE and Classic Explorer, too.

Download Classic Shell (free)

Surya R Praveen Windows 8: Pokki Start menu replacement

Pokki

Where Classic Shell tries to replicate the Windows of yesteryear, Pokki (free) is very much its own beast — and as much as I love the Windows 7 Start menu, I have to admit that Pokki is probably even better. It utilizes a neat “pinning” system that isn’t unlike the home screen of your smartphone or tablet (though I would argue that the Windows taskbar/superbar still does a better job). You can also add widgets to Pokki, such as Gmail or Facebook, which display your latest email or status updates.

By default, Pokki will configure your Windows 8 system to boot straight to the Desktop — and there is an option that will just completely disable the hot corners, if you so desire. (Remember, Win+C pops open the Charms menu, if you need.)

Download Pokki (free)

Surya R Praveen Windows 8: Start8 Start menu replacement

Start8

Finally, a commercial offering that will set you back $5: Start8. Start8 is very similar to Classic Shell, but it’s just a little bit smoother. Start8′s configuration interface is much easier to use (and easier on the eyes), and the actual Start menu feels much more like a contiguous part of Windows.

Start8 has a curious option where you can actually have the Metro Start screen pop up as a menu, rather than full-screen (pictured at the top of the story). This is kinda neat, though you’re probably better off sticking to the normal Windows 7-style Start menu replacement.

Like Pokki, Start8 can disable your hot corners and boot directly to Desktop. Start8 also has a bunch of configuration options for how the Start key interacts with Desktop and Metro, which can be useful if you’re looking for a very specific functionality.

Download Start8 ($5, free 30-day trial)

For more Windows 8 tips, such as shutting down a Windows 8 PC easily, or booting to the Desktop without the aid of a third-party app, check out ExtremeTech’s extensive Windows 8 tips.

Source

Tags: , , , , ,
Comment

Netflix open-sources Hystrix to boost global cloud performance and stability

Filed under: INTERNETLeave a comment
December 12, 2012

Surya R Praveen Clouds

Today, most large online services aren’t hosted on a single server. Amazon, iTunes, and Xbox Live are all run on countless networked servers all over the world. There is a lot of benefit to splitting up the load over many different servers and locations, but cloud computing also has its own problems, such as latency and stability. Top network engineers are working on smoothing out problems as they arise, and Netflix just made a big step in helping cloud services become more resilient.

Announced this week as Hystrix, this system was originally developed by the Netflix API team back in 2011 to control the interactions between Netflix’s distributed services and systems, stepping in to prevent cascading failures if they seem likely. As of today, anyone can use Hystrix completely free because it has been officially released on GitHub under the Apache 2.0 license. The announcement does a good job at showcasing the enormous scale at which this system works: “Today tens of billions of thread-isolated and hundreds of billions of semaphore-isolated calls are executed via Hystrix every day at Netflix and a dramatic improvement in uptime and resilience has been achieved through its use.” This might not sound all that exciting at first, but this could have huge implications for the online services we already use as well as the services of the future.

Surya R Praveen Netflix Logo

Previously, large companies needed to hire a bunch of network engineers to develop and maintain a completely new system for managing latency and cascading failure in cloud computing. Now, companies can utilize Hystrix, and have their engineers focus on tailoring it for their specific needs. Because so much of our technology today is being developed by independent companies, there is a lot of needless duplicated work being done. Instead of reinventing the wheel, network engineers can take projects like Hystrix, and build upon them. This is great news for online service companies, but it is even better news for consumers. Better, more reliable services are something to get worked up about. Just a few months ago, Amazon’s cloud service went down, and it took companies like Netflix and Instagram with it. Cloud computing is pretty far from its pinnacle, so having a newly available tool for reliability in everyone’s arsenal is good news.

Netflix isn’t just releasing this code out of the goodness of its heart. Heck, it could even benefit its competitors. So, why release it at all? It’s crowd sourcing of a kind. Additions and improvements other people make to this project can directly be put to use on Netflix’s own servers. This is a superb example of a rising tide floating all boats. By taking this step, Netflix is banking on distributed communal work on the problem of cloud reliability being a better long-term solution than everyone working separately. Let’s hope Netflix’s decision turns out well for them, and we all benefit by having faster and more stable cloud services across the board.

[Image credit: Karin Dalziel]

Source

Tags: , , , , ,
Comment

Android 4.2′s built-in malware scanner tested, detects only 15% of threats

Filed under: MOBILELeave a comment
December 12, 2012

Surya R Praveen Jelly Bean Malware
Google’s choice to go with a more open app model for Android has invited nefarious people all over the world to develop exploits for the platform. Various anti-malware services have launched on Android, but Google stepped into the ring just recently when it added an app verification system to Android 4.2 Jelly Bean. How well does it work? That’s a question researchers at North Carolina State University (NCSU) have attempted to answer. The results are not pretty.

Out of 1260 malware signatures, Google’s native verification system in Android 4.2 detected only 193 — that’s a little over 15%. While this sounds laughably bad, there’s a little more nuance to the numbers.

What’s supposed to happen

The first time an app is installed on Android 4.2, a message pops up asking the user to enable app verification. This will probably be the last time most people see the app verification screen, but it will be silently working in the background. It even has a very Googley approach: Unlike most third-party anti-malware services, this is an entirely cloud-based solution.

Surya R Praveen VerifyWhen an app is installed, Android gathers a few pieces of information about it. It will aggregate things like the package name, size, and SHA1 hash value. This data is sent off to the Google servers, where it is compared against a database of potential threats. The result is sent back down and the user gets no feedback if the app is clean. If Google finds something suspicious, the device will block the installation.

Since all apps installed on Android go through the same package verification (there is no such thing as a silent install on Android), Google’s system should be in a perfect position to detect all threats.

What’s actually happening

The NCSU team found that Google actually fails to detect a great many malware packages that the third-party apps handle just fine. Just like desktop malware, there are usually updated and slightly modified versions of the same basic bit of malicious code. In some cases Google could detect the original variant, while missing all the new ones. But why?

Surya R Praveen DangerousGoogle’s verification system relies almost entirely on SHA1 values and the package name to determine if something is malicious. This is a very limited approach because malware authors can easily change the checksums without making any other alterations. Google just isn’t acquiring enough information to do in-depth analysis.

The third-party apps are running local checks on apps as they are installed, which is probably why some of them have perfect or near-perfect detection records in the NC State tests. Google is doing all the work in the cloud, and it doesn’t want users waiting on a response from Google’s servers while it verifies apps.

A potential benefit to this system is that Google can update the malware fingerprints on its servers at lightning speed without pushing updates down to all users. It will also be incredibly straightforward to target a specific threat in the future. Basically, the kind of widespread malware attacks we saw in the Play Store a few years ago could be stopped before they ever got going.

Behind the numbers

I’ll be the first to admit that these numbers sound bad — they are bad. If Google is going to go out of its way to add malware detection to Android, it should have done a more thorough job with it. However, many of the malware samples tested by the researchers are complete non-issues at this point.

Surya R Praveen Android ExploitTake the so-called DroidKungFu Trojans. These nasty little bits of code are intended to root a target device and give control of it to a remote server. Yeah, it sounds really terrible until you realize this malware relies on an OS exploit that was patched at the system level over two years ago. There is just no reason for Google to bother scanning for this. No phone with the app verification system will ever need to worry about any of the nearly 500 DroidKungFu samples tested.

It’s the same story with a few other pieces of malware. Android is no longer susceptible to many of these old attacks, but the researchers checked anyway. This was just scientific thoroughness, but I feel like it should have been pointed out in the results that many of these exploits are now neutered.

One issue uncovered by the study is the way Google is handling SMS Trojans. These apps use the Android permission system to message premium rate numbers and rack up huge charges. SMS Trojans are usually found in obscure Chinese app stores, but Google detected almost none of them. This likely has something to do with most of Google’s certified device users (i.e. non-Chinese) being at little to no risk of catching a SMS Trojan.

Time to panic?

In a word: no. The time has not yet arrived to smash your Android phone and live off the grid up in the mountains. Google has been implementing security measures like app verification and the Google Play Bouncer to improve security. These systemshave improved security, but the problem was never as bad as some news headlines made it seem. Pirated apps hosted in suspicious Chinese app stores are filled with malware, but that’s not something you need to fret over.

Apps you get from Google Play are almost certainly safe these days. As for the somewhat shady things they do with your data, that’s another matter entirely. Google is trying to get the tools in place to protect Android users going forward. For the time being, this is all a placebo. That goes for Google’s approach, and the third-party apps alike.

Source

Tags: , , , , ,
Comment

How to pirate Windows 8 Metro apps, bypass in-app purchases, and more

Filed under: COMPUTING, INTERNET, MOBILELeave a comment
December 12, 2012

Surya R Praveen Windows 8 Metro interface, meets pirate boat
The principal engineer for Nokia’s WP7 and WP8 devices has demonstrated, in rather frank detail, how to pirate Windows 8 Metro apps, how to bypass in-app purchases, and how to remove in-game ads. These hacks aren’t exactly easy, but more worryingly they’re not exactly hard either.

On his blog (Google cache), Justin Angel shows that turning a trial version of a Metro app into the full version — i.e. pirating an app — is scarily simple. It’s just a matter of downloading a free, open-source tool, and then using it to change a Metro app’s XML attribute from “Trial” to “Full.” Likewise, a quick change to a XAML file can remove an app’s ads.

Surya R Praveen Pirating a Windows 8 Metro app: Turning a Trial version into a Full version

Bypassing in-app purchases is a little trickier, involving some reverse engineering of some DLLs and and decryption of database files, but Angel still makes it look fairly easy. Angel gives himself one million credits in Soulcraft, an RPG game — something that would cost you over a thousand dollars, if you performed a legitimate in-app purchase. Angel also demonstrates a way to bypass in-app purchases in WinJS (Metro/JavaScript) apps, by injecting scripts into IE10 (the rendering engine for WinJS apps).

Surya R Praveen Pirating a Windows 8 Metro/WinJS app: Checking out the JavaScript source

Ultimately, all of these hacks represent ways of getting stuff for free. This is obviously bad news for developers, who probably don’t realize that by allowing trial downloads they are opening themselves up to piracy. In-app ads and purchases are massive revenue streams for developers, and yet we now see that it’s very easy to circumvent both.

You can protect these files with encryption — and indeed, some of them are — but that’s no good if you have access to the code that performs the encryption. As Angel says, “We have the algorithm used for encryption, we have the hash key and we have the encrypted data. Once we have all of those it’s pretty simple to decrypt anything.” Angel notes that there are some security mechanisms in place that stopped him from directly editing app DLL and JS files, but, as we can see, that didn’t stop him from pirating apps or bypassing in-app purchases.

It’s easy to blame Microsoft for this, but really this is an issue that is intrinsic to all installed applications. The fact is, Windows 8 Metro apps are stored on your hard drive — and this means that you have access to the code and data. In general, every installed application is vulnerable to these kinds of attacks. Hex editors, save game editors, bypassing Adobe’s 30-day trials by replacing DLL files, pirating Windows 8 apps — these are all just different incarnations of the same attack vectors.

The only real solution is to provide some kind of server-side sanity checking: You hack the software from Trial to Full — but when you log in, the server knows that you haven’t bought the software, and so it reverts you back to Trial mode. You give yourself one million credits — but the server checks your purchase history, knows that you cheated, and so resets your credits back to zero. The problem with this route, of course, is that it requires you to be online — and you know how we feel about always-on DRM. Plus, it’s very easy to disable server-side checks with a little Hosts file hacking.

In short, Windows 8 Metro apps have been hacked, and it’s now just a matter of time until some enterprising developer creates a one-button tool that pirates trial apps, unlocks every in-app purchase, and removes in-app ads. There are certainly changes that Microsoft could make to shore up the security of Metro apps, but it would only delay the inevitable. Really, this is just a natural part of Windows 8′s evolution.

Source

Tags: , , , , ,
Comment

How to play DVDs and Blu-ray discs in Windows 8

Filed under: COMPUTING, ELECTRONICSLeave a comment
December 12, 2012

Surya R Praveen Windows 8 Start screen/DVD hybrid
With the release of Windows 8 and Windows 8 Pro, Microsoft made the decision to remove DVD playback, and forego the inclusion of Blu-ray playback. Whereas with Windows 7 you could slot a DVD into your computer and open it in Windows Media Player, that is no longer the case with Windows 8 and Windows 8 Pro.

There is a very simple reason for this: The codecs required to play DVDs and Blu-rays — primarily MPEG-2/4 for video and Dolby Digital for audio — cost money. For every copy of Windows 7 sold, Microsoft has to pay MPEG-LA (a patent-holding consortium) $2. Microsoft doesn’t give the exact figure for a Dolby Digital license, but it’s probably in the same ballpark. This cost is passed on to the consumer, whether you play DVDs or not. ForWindows 8, with streaming services taking hold and optical drives dying out, Microsoft basically decided that it wasn’t worth paying for the codecs.

If you do want to play DVDs on Windows 8 or Windows 8 Pro, however, there are two very easy solutions.

Surya R Praveen Windows Media Center

Install Windows 8 Media Center Pack

If have purchased (or otherwise acquired) Windows 8 Pro, you can obtain Windows Media Center for free until January 31, 2013. All you have to do is enter your email address and a free license key will be sent to you. After January you will have to purchase the Media Center Pack (it’s unlikely to be too expensive; $20 maybe).

If you only have the vanilla version of Windows 8, you will need to purchase the Windows 8 Pro Pack, which costs $70. For that, you get a full version of Windows 8 Pro, Media Center, BitLocker encryption, Remote Desktop, and a few other tidbits.

Once you have Media Center installed, you will be able to play DVDs — but only in Media Center, not Media Player. You also gain the ability to watch and record broadcast TV, if you so wish. You won’t, however, be able to play Blu-ray discs — for that, you’ll need a third-party player.

Surya R Praveen VLC media player

Install a third-party player

The other option, of course, is to simply install VLC — a free, open-source media player that will play all of your DVDs and unencrypted Blu-ray discs. VLC will also play encrypted Blu-ray discs, but that’s beyond the scope of this story.

If you prefer commercial, closed-source software, there’s always the infamous Cyberlink PowerDVD , which plays DVDs and Blu-ray discs — but it’ll set you back around $50. Don’t forget, though, that most modern computers are bundled with some kind of DVD/Blu-ray player — and if you bought a standalone Blu-ray drive, it almost certainly came bundled with some software.

Check out more Windows 8 tips

Source

Tags: , , , , ,
Comment