Aussie watchdog slaps wrists of Sony, LG, Panasonic, Samsung, Sharp

Summary: What happens when you advertise WiFi ready devices that actually aren't? Consumer watchdogs will descend.

By Charlie Osborne for Between the Lines 

Technology giants Sony, LG, Panasonic, Samsung and Sharp have been given slapped wrists by an antitrust watchdog in the lands down under.

According to the Sydney Morning Herald, the competition regulator's fury has resulted in a marketing closure for specific televisions and Blu-ray players.

The term "WiFi Ready" was used to promote certain products by all the aforementioned companies -- but many cannot actually connect to WiFi networks without the use of a dongle.

Concerns were raised with the Australian Competition and Consumer Commission (ACCC), when the potentially confusing material prompted consumer wrath at the discovery of a required additional purchase to get online through their television set.

The difference? Some "smart" televisions and Blu-ray players can connect to wireless networks, but those that need additional components -- such as an adapter or dongle -- were marketed as "Wi-Fi Ready" and "Wireless LAN ready". Buy one of these sets, and the average customer is set back an additional $100-120 (approximately $100 USD).

The five top television vendors will now have to amend their promotional and marketing material after the ACCC investigated and sided with customers. If Sony, LG, Panasonic, Samsung, or Sharp want to continue using those phrases, they are now required to clearly state that a dongle is required to get online.

ACCC chairman Rod Sims told the publication:

"Consumers should be able to trust that what's represented on promotional material is what they will actually get. "This is particularly the case when the terms 'WiFi Ready' or 'Wireless LAN Ready' appeared to be used on audiovisual products offering in-built WiFi adaptors as well as on products which required an additional device or dongle."

It is not currently known when the firms' current material will be changed in line with the regulator's decision.

Read More

Comscore: There’s an app for… everything (report)

By James Kendrick 

Summary: Those accessing the mobile web rarely use a mobile browser, instead choosing some of the millions of apps.

Society is spending more time on the web than ever before. This is especially true for the smartphone crowd. New numbers from Comscore show that out of all of those folks accessing the web while mobile, virtually all of them are using apps and not a browser.
App usage is growing rapidly as smartphones are now in over half of phone owner hands in the U. S., according to Nielsen. The feature phone is headed for the relic bin as cheap smartphones intrude on the turf formerly reserved for the dumb phone.
The mobile web usage statistics from Comscore show that all of those smartphone users are in one app or another almost all the time. Apps are used to access the web a staggering 81.5 percent of the time spent online, leaving mobile browsers in the dust.
The app usage breakdown is telling, as Twitter users access the social network using apps and not the web a whopping 96.5 percent of the time. Facebook fares better on the browser, but still 80 percent of the time it is accessed with apps. That’s slightly better than access to Google sites, as those are accessed 81.1 percent of the time through apps instead of a browser.
That last figure is surprising, as Google services are designed to be used in a browser. Google apps are not known for being very good compared to the browser, but the statistics show that doesn’t matter to users.
The next time you are in public waiting for a table in a restaurant, look around and of all of the people you see tapping on a phone, you can make some assumptions. They are probably using an Android phone (with a 48 percent share), and they are almost certainly in one app or another. It seems there’s an app for everything.

Read More

Microsoft serves subpoenas on Google to disrupt criminal botnet

By Ed Bott 

Summary: New details have emerged in a massive lawsuit by Microsoft and the banking industry to take down a global botnet based on the Zeus Trojan. Ironically, the leak occurred when Google exercised its privacy policy to notify the suspects.

Online criminals who live outside the borders of the United States might think of themselves as being immune from American legal processes.
Generally, that’s true. It’s hard to serve a U.S. subpoena or search warrant in the Ukraine or Romania.
Ah, but things get complicated when those criminals use online services or hosting companies that are within the reach of American legal authorities.

This week, some previously secret details about a large and potentially significant crime-busting operation led by Microsoft emerged. Independent security expert Brian Krebs has details in a thorough post that lays out the entire story methodically.
In March, Microsoft and its co-plaintiffs the National Automated Clearing House Association (which manages the ACH Network that processes online banking transactions) and FS-ISAC Inc. (Financial Services – Information Sharing and Analysis Center, the nonprofit security arm funded by the banking industry) filed a civil lawsuit aimed at disrupting the operation of a large criminal gang.
Ironically, the previously secret details emerged when Google invoked its privacy policy to notify the suspects that it had received subpoenas demanding details about their Gmail accounts.
The lawsuit, which included notices in three Eastern European languages, initially listed 39 “John Does” who were charged with running a botnet that used the Zeus Trojan to take over Windows PCs and steal funds from online banking accounts.
The first step was shutting down the network the criminals were using:

As a part of the operation, on March 23, Microsoft and its co-plaintiffs, escorted by the U.S. Marshals, seized command and control servers in two hosting locations, Scranton, Pa., and Lombard, Ill., to seize and preserve valuable data and virtual evidence from the botnets for the case. Microsoft and its partners took down two Internet Protocol addresses behind the Zeus command and control structure, and Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.

This isn’t the first time Microsoft has used the U.S. legal system to shut down a global network. A previous case in 2010 resulted in multiple arrests and also shut down servers used in a different Zeus botnet.
The legal documents are available at zeuslegalnotice.com. Many of its details had been sealed, but some emerged today after Google began alerting the owners of Gmail addresses that their account information had been demanded in a subpoena. Krebs reports:

Over the past few days, Google began alerting the registrants of more than three dozen Gmail accounts that were the subject of Microsoft’s subpoenas for email records. The email addresses were already named in Microsoft’s initial complaint … But when Microsoft subpoenaed the email account information on those John Does, Google followed its privacy policy, which is to alert each of the account holders that it was prepared to turn over their personal information unless they formally objected to the action by a certain date.

According to Krebs, the notification letters included this text:

Google has received a subpoena for information related to your Google account in a case entitled Microsoft Corp., FS-ISAC, Inc. and NACHA v. John Does 1-39 et al., US District Court, Northern District of California, 1:12-cv-01335 (SJ-RLM) (Internal Ref. No. 224623).
To comply with the law, unless you provide us with a copy of a motion to quash the subpoena (or other formal objection filed in court) via email at google-legal-support@google.com by 5pm Pacific Time on May 22, 2012, Google may provide responsive documents on this date.

Another 15 addresses named in the lawsuit are at the hotmail.com or msn.com domains owned by Microsoft.
The aggressive approach taken by the plaintiffs in these lawsuits has rankled some sources in the security community, but this is good news for those who might otherwise have fallen victim to the criminal actions.
David Dittrich, chief legal officer for the Honeynet Project, an independent security group, argued that civil suits are one of the best ways to convince ISPs and hosting companies to do the right thing:

Going to court filing a civil action is more effective than any other means in getting third parties who may otherwise be reluctant to cooperate in removing DNS entries or imaging hard drives on a server used as instrument of crime to do so. It is one thing to deny a request from someone who says they are a victim of crime, or who is acting on behalf of victims of crime, but saying “no” to an order from a federal court means you risk having to appear in that court to defend your refusal.

And Krebs also talked to Jon Praed of the Internet Law Group, who pointedly said: “Microsoft is spending a tremendous amount of money trying to stop this activity, and I don’t know anyone else out there who is even trying to do this.”

Read More

10 classic mistakes that plague software development projects

By Justin James

April 20, 2012, 4:01 PM PDT

Takeaway: When you combine project management pitfalls with software development challenges, you have a recipe for some big (but often preventable) problems.

Project management is never an exact science, but when you combine it with the vagaries of software development, you have a recipe for disaster. I have seen a fair number of common mistakes that project managers make when working with software development projects. Some of these mistakes are not exclusive to software development, but they are especially prevalent and damaging in that context.

1: The “pregnant woman” mistake

Fred Brooks illustrated a common project management mistake with his famous statement that just because one woman can have a baby in nine months does not mean that nine women can have a baby in one month. And we still see this come up time and time again — the idea that throwing more people at a problem can make it be fixed quicker. Sadly, this is just not true.
Every person you add to a project adds friction to the project as well –  things like the time needed to bring them up to speed or coordinate their work with other people. In fact, my experience has been that there is a tipping point where adding people actually slows the work down more than it speeds things up, especially for the first few months. And there are many tasks that just can’t be split up to be done by many people or teams at once. They simply have to be done “one foot in front of the other.”

2: The wrong metrics

Managers need metrics for variety of reasons: measuring “success” or status, performance reviews and analysis, and so on. The mistake I see too often is that the easier it is to collect a metric, the more likely that it’s not measuring anything useful. Of course, the easiest metrics to collect or understand are also the most likely to be used. Let’s take “bug tickets” as an example.
It is easy to count how many tickets get entered. But that is not a good measure of quality, because how many of those tickets are user error or truly “features”? So managers often look to the next level of metric: ticket resolution rate (tickets closed per day or week or iteration or whatever). If you have ever dealt with a help desk that constantly closes tickets for things that aren’t actually fixed, causing a proliferation of tickets, you know what it’s like dealing with an organization driven by this metric!
Instead of actually getting work done or helping the user (for example, leaving tickets open until the user accepts the resolution), the organization exists solely to open as many tickets as possible and then close them as quickly as possible, so it can get its resolution rate up. A better number would be the hardest to measure: ratio of true “bug tickets” created in relationship to features deployed, changes made, or something similar. Needless to say, that is not an easy number to understand or to collect and report on. The result is that organizations choose to make decisions based on the wrong metrics rather than the right ones, due to convenience.

3: Estimating times too far out

A common problem I see with certain project management methodologies is that they like to play “just so stories” with timelines and time estimates. Project manager who honestly think they know what pieces of functionality any given developer will be working on more than a month or two out (unless it is a very large, broad piece of functionality) are likely to be disappointed and mistaken. Software development is just too unpredictable. Even if you can prevent or account for all the usual things that alter timelines and priorities, there is still little guarantee that things will take the time you think they will.

4: Estimating times too broadly

Another typical issue with time estimates involves not breaking tasks down into small enough pieces. If I’m told that a piece of work will take one week, I’ll ask where exactly that number is coming from. Unless someone has analyzed all the minor pieces of work in the whole, a “one-week” time estimate is nothing but pure conjecture and should be disregarded.

5: Failing to account for tasks

How many times have you seen a deadline blown because it was established without accounting for a critical task like testing? That is another reason why you cannot and should not ever accept a task on a timeline that is not broken down into its component tasks. There is a chance that the estimate omits something important.

6: Poor communications

It is important to keep everyone in the loop on project status, but it is easy to forget to do it. This is where a lot of the mistrust between IT and the business team comes from: The business does not feel like it has a good handle on what’s happening with its projects. And the more it feels left in the dark, the more likely it is to start trying to micromanage or force things to happen the way it feels it should be done. You can mitigate this problem by letting people know where things stand, both on a regular basis and when milestones are accomplished or the status changes.

7: Disconnected business priorities

There is often a wide gap between the priorities of projects within the development organization, the priority of the project in the view of the overall business, and the priority of the project in the eyes of the requester. A common issue is that a “high priority” project for one department is not viewed as important by the business because it does not generate revenues, and so the developers also downgrade it. Everyone needs to be on the same page with priorities, and a large part of that is to ensure that business units are not evaluated on the basis of projects that the overall business considers lower priority.

8: Constructing a wall of process

When the development team feels overwhelmed, one of the natural reactions is to establish a lot of process to slow things down. I have worked at places where even the most simple of changes required a change request form to be filled out (on paper, of course), in triplicate, physically disseminated, agreed upon, cross-signed by managers, and after all of that, there was still a 45-day minimum time until the work was to be done! Needless to say, this organization was not seen as a “partner” or an “important lever for getting work done” in the business, they were seen as a cost center and treated as such. The wall of process is typically a stopgap measure to deal with deeper issues in the process or company’s culture, and while it is easier to put up the wall than to deal with those issues (and in some companies, the issues are irreconcilable), the wall of process is counterproductive and leads to a hostile environment.

9: The “hit-the-ground-running” myth

When adding people to a project, it is tempting to assume that they can hit the ground running. No one hits the ground running in the world of software development, and those who say they do are mistaken. Every project has an acclimation period, and the farther along the project is, the longer that acclimation period is — there is more and more code to understand and get a handle on. Failing to take this into account will get you into hot water. It may take only a few days or weeks for a developer to come into the project at the beginning, but it could take months for a developer to be fully productive when added to the project long after it has started

10: Multi-tasking

This is another “skill” (like “hitting the ground running”) that people think they have, but they really do not. The more you ask people to multi-task, the worse their work will be and the longer it will take. This applies to multi-tasking at the minute-to-minute level (juggling emails, phone calls, actual work, etc.) as well as the hour-to-hour or day-to-day level (handling multiple projects). The more you demand from people, the more the wheels fall off. To make it even worse, multi-tasking not only is likely to mangle the work, but it grinds people up and sends them looking for another job eventually… forcing you to bring in new people in the middle of a project and causing even more issues.

Read More