We Need More Science: 03/10/15

Hillary Clinton Says Her Email Was Secure; She Can’t Know

Then-Secretary of State Hillary Rodham Clinton checks her Blackberry from a desk inside a C-17 military plane, Oct. 18, 2011. Kevin Lamarque/AP

Hillary Clinton set up her own private email server because she didn’t want to lug around two mobile phones. We learnt that Tuesday at a as she addressed the continuing controversy over her use of a 90s style home email server when she was Secretary of State in the first Obama administration.

“I saw it as a matter of convenience,” she said during the 20-minute press conference. She couldn’t do personal email on her government-issued phone, so instead she set up her own server, using the clintonemail.com domain, and a server that appears to have been running out of her Chappaqua, N.Y. home. Email she sent from this server to state department officials at their .gov addresses would be saved on the government servers. That’s the email that she’s now asked the State Department to release. As for the rest, well that’s private.

We’ve already pointed out that this choice was a major security fail, but you can see how Clinton would have gone for it. After all, vice presidential candidate Sarah Palin had just had her Yahoo Mail hacked, thanks to a weakness in Yahoo’s password reset protocol. And that incident was surely fresh in Clinton’s mind when she decided to retain total control of her email system.

On Tuesday, she said that was the right thing to do. “The system… had numerous safeguards,” she said. “It was on property guarded by the Secret Service and there were no security breaches. So I think that the use of that server… certainly proved to be effective and secure.”

A nice thought, but one that Clinton didn’t back up today. The internet protocols we use to zap email about the globe were largely written during the early freewheeling days of the net and they’re still vulnerable to a wide range of attacks. Emails can be spoofed; they can be read in transit; and servers can be hacked. “Email is one of the least secure services you can run,” says Jonathan Zdziarski, a forensic scientist with viaForensics. “[Clinton’s] people might be very good, but no one who really is at the top of their game is going to try to make the claim that they can catch 100 percent of the attacks.”

And Clinton’s job as Secretary of State would have made her “a target of some the most well-funded adversaries,” says Dan Guido, the CEO of security consultancy Trail of Bits. In the years since Clinton was sworn in as Secretary of State, we’ve learnt that those attackers are capable of some very sneaky and technologically accomplished attacks. Knocking over a home-brew email server doesn’t seem so far fetched, given the break-ins we’ve seen at RSA, Sony, and the U.S. Government itself.

So while Clinton’s emails haven’t been posted to BitTorrent, that doesn’t mean there were no security breaches.

Julia Greenberg contributed to this story.

Pao’s Credibility Under Fire in Kleiner Cross-Examination

Ellen Pao. Josh Valcarcel/WIRED

Combat began in earnest today as the attorney representing storied venture capital firm Kleiner Perkins Caufield & Byers began her cross-examination of Ellen Pao, a one-time partner suing for gender discrimination and retaliation. Attorney Lynne Hermle sought to undermine Pao’s credibility by establishing inconsistencies in her testimony, cross-referencing Pao’s answers with excerpts from a pre-taped video deposition played before a standing-room-only San Francisco courtroom.

Pao, who left Kleiner Perkins in October 2012, is suing her former employer, claiming the firm relegated her to menial tasks and demoted her while her male peers were allowed to advance within the company. She also says Kleiner punished her after she complained. The trial, now in its third week, has captured the attention of the tech world, where women are still very much in the minority.

In her first day of testimony yesterday, under questioning from her own legal team, Pao portrayed herself as a highly qualified employee who was passed over and shut out due to bias. Hermle tried to show that, to the contrary, Pao lacked the investing and entrepreneurial experience that would have made her as qualified as she contended she was. Hermle also prodded Pao on her relationship with a former partner at the firm, suggesting the affair was completely consensual, and pointed to the advancement of other women at Kleiner to suggest that not gender but Pao herself was the problem.

Confronting Pao on the witness stand with the posting for her position, which listed humility as one of the job’s requirements, Hermle asked, “Do you know what ‘humble’ means?”

Question of Motive

Pao started the day on friendly turf as she faced more questions from her own team. She described Kleiner Perkins as a place where employee complaints fell on deaf ears and where issues could not be resolved through official channels. After she had filed a formal complaint with the company, Pao testified that she was fed up with Kleiner Perkins doing nothing. In May 2012, she said, she decided to file a lawsuit. “I had gone through every possible internal process that I thought I could go through,” she said.

The morning session ended with an impassioned speech from Pao about the need for equal opportunities for women in venture capitalism. “It’s been a long journey, and I’ve tried many times to bring Kleiner Perkins to the right path,” she said. “I wanted to make sure my story was told.”

In the afternoon, the defense worked to show that Pao’s motivations weren’t quite so noble. Pao conceded to Hermle that in the seven years she worked at Kleiner, from 2005 to 2012, she did not look for an anti-discrimination policy—implying that it only became a concern for Pao once she filed her lawsuit. Hermle pointed out that Beth Seidenberg, who heads life science investments at Kleiner, was promoted during the time Pao was employed with the firm. And she intimated that Pao had tried to manufacture controversy by stoking media interest in her lawsuit.

Hermle named two reporters with whom Pao had been seen having lunch since filing the lawsuit, implying an effort to promote her case. Pao protested that she considered the two reporters to be her friends.

’You Didn’t Say No?’

Hermle pushed Pao to recount the phases of her relationship with Ajit Nazre, the more senior colleague Pao with whom admits she had an affair, and who she says retaliated against her after she ended it.

Hermle tried to suggest that Pao welcomed the attentions from Nazre in early 2006. Pao acknowledged in her testimony that she thought the relationship with Nazre could be serious, that she told him she loved him, and that she shared that she wanted children. Hermle asked Pao about an incident in which Nazre touched Pao after Pao had been hit by a cab: “When Nazre went to touch you, you didn’t say no?”

Pao responded icily: “No, I had just been hit by a cab, so I couldn’t move.” She testified that she was in a daze and couldn’t refuse his advances.

“You’re not blaming him for what happened to you [getting hit by a cab], are you?” Hermle asked.

“Not this part,” Pao replied.

In June 2007, Pao testified, she went to Ted Schlein and Ray Lane, managing partners at Kleiner, and said she wanted to leave the firm. But she didn’t mention Nazre. Pao said she didn’t tell coworkers about the relationship until years later, and even then did not let all of the partners know about it.

A Meaningful Amount

During her morning testimony, in which she was questioned by her own attorney, Therese Lawless, Pao said that in early 2012 she sought a $10 million payout from Kleiner in exchange for her departure from the company.

According to Pao, she believed an eight-figure sum would be a “meaningful” amount to Kleiner—a number that would “actually hit their radar.”

“I wanted my payment to be enough so [Kleiner Perkins] saw it would be painful not to fix problems,” Pao said.

In her formal written complaint, which Pao sent in January 2012 to leading Kleiner Perkins partners Ted Schlein, Eric Keller and John Doerr, she wrote, “I believe that the treatment to which I and other women have been subject continues to this day and is carried out … by our firm more broadly. If you can, imagine your wife or daughter in my position and what it feels like to be deceived and intimidated into having a relationship with someone who flouts his seniority.”

In response to her complaint, Kleiner Perkins hired a lawyer, Stephen Hirschfeld, to investigate Pao’s allegations of gender bias at the company. Hirschfeld, who preceded Pao on the witness stand, interviewed employees at the firm, including all the female partners, and delivered a report saying he found no discrimination at Kleiner Perkins. On the witness stand, Pao accused Hirschfeld of taking selective notes and said he was not open to hearing what she had to say. “I feel like he was grilling me about answers I didn’t have, and trying to push me into specific answers.”

Pao also testified that she was told Hirschfeld had “expressed an interest” in working for Kleiner Perkins after the investigation as the firm’s HR lawyer. In an email describing Hirschfeld, Pao wrote, “I found him unprofessional, antagonistic, inappropriate and biased.”

Pao is currently the interim CEO of Reddit. When she started at the company, she said, she made $150,000 per year. But after her November promotion, Pao testified under questioning from Hermle, that salary rose to $220,000 a year. At Kleiner Perkins, Pao said, her base salary was $400,000. She also received bonuses and “carry interest” from investments in Kleiner portfolio companies. In her suit, Pao is seeking $16 million in damages from Kleiner Perkins.

Angry Nerd: Do We Really Need Another Cinderella Movie?

Cinderella has had 13 movie adaptations since 2000. Why tarnish yet another animated classic by turning it into a live-action film? Angry Nerd is getting sick of the déjà vu and has some very pointed thoughts on Disney’s latest reboot of the classic fairy tale.

Google’s Calendar App Finally Arrives on the iPhone

Screenshot: Google

Google finally released a Google Calendar app for iPhone today. While it doesn’t go above and beyond a standard set of smart calendar features, it does fill in the final gap of your Google-dependent digital life.

Google’s iOS Calendar app takes its styling cues from its Android counterpart. The interface follows Google’s Material Design guidelines, opening into a simple, blocky list of your upcoming events. Each event is color-coded based on what calendar it belongs to, and events with additional information attached to them (a location, flight details, etc.) also show up in this view. An event like “Trip to New York” shows a Google Maps image or a photograph of New York as its background; something like “Dinner with Douglas” sports a background illustration of plates and cutlery. This breaks up the monotony of the listed view of your week, and highlights the different types of events you have coming up.

At the top of the app, you can also open up a month-view to select which date to jump to; individual upcoming events aren’t shown here. Or by tapping a three dot options icon in the upper right, you can also switch to a day view or three-day view of upcoming events. There you can also search your calendar for a keyword, and it’ll pull up recent and upcoming events that match. You can use Google Calendar with any and all calendars you already have in place on your iPhone.

You can add events to your calendar using the plus icon in the upper right, specifying a location and contacts that are also participating, among other options like setting alert notifications and selecting which calendar the event is for. This is much the same as you’d do on the web, but with better auto-filling for locations and people (something Google calls “assists”). It was simple and intuitive to create a calendar event for drinks with a coworker, using Google’s assist in finding my coworker’s name in my contacts, and autofilling the name of the bar we’ll be going to.

Gmail users get extra functionality here, as well: The app can create calendar events automatically from Gmail. This can be handy for hotel and plane reservations, or just saving you some time once you’ve coordinated meeting details with a client or colleague. I’ve seen Gmail and Google Calendar do this automatically on the desktop; however, in my tests using just the mobile versions of both services today, Google Calendar did not automatically add an event for dinner tonight, or an event for an upcoming evening networking event. Perhaps I didn’t use the right keywords, or it was waiting for greater mutual confirmation that these were, indeed, events that needed to be added to my calendar. Either way, integration doesn’t seem quite seamless yet.

Google Calendar for iPhone is clean, swift, and simple; however, if you already use a robust calendar app like Fantastical 2 or Tempo, it likely adds little benefit in terms of useful features. If you’ve just been using Apple’s built-in Calendar app and are a heavy Google user, though, you’ll likely be far happier with Google Calendar in your life.

You can grab the free app today from the App Store.

Solar Is Growing Faster Than Non-Renewable Energy in the US

This story was originally published by Mother Jones and is reproduced here as a part of the Climate Desk collaboration.

We’ve noted here before the many ways in which solar power is blowing up in the United States: Adding tons of jobs, driving progressive policies, and attracting millions of dollars in investment from major corporations. It’s not slowing down anytime soon: New data from market analysis firm GTM Research finds that 2014 was solar’s biggest year ever, with 30 percent more photovoltaic installations installed than in 2013. Check it out:

GTM

Those numbers are even more impressive when you compare them to other types of energy sources. Even though solar still accounts for a small share of US electricity generation (less than 1 percent), last year it added nearly as many new megawatts to the grid as natural gas, which is quickly catching up on coal as the country’s primary energy source. (Coal, you can see, added almost nothing new in 2014.)

GTM

The report points to three chief reasons for the boom. First, costs are falling, not just for the panels themselves but for ancillary expenses like installation and financing, such that overall prices fell by 10 percent compared to 2013. Second, falling costs have allowed both large utility companies and small third-party solar installers to pursue new ways to bring solar to customers, including leasing panels and improved on-site energy storage. Third, federal incentives and regulations have been relatively stable in the last few years, while state incentives are generally improving, particularly in states like California and Nevada that have been leading the charge.

One more chart worth pointing out: Rooftop solar tends to get the most press because that’s where homeowners and solar companies get into tussles with big incumbent power companies and the state regulators that often side with them. And it’s true that a new home gets solar more often than a giant solar farm gets constructed. But on a sheer megawatt basis, utility-scale solar is still far and away the leading source, with a few notable projects coming online in 2014, like the Topaz Solar project in the California desert, the largest solar installation in the world.

GTM

Apple Shareholders Would Sure Like Tim Cook to Buy Tesla

1 / 1

Apple CEO Tim Cook speaks to members of the media at an Apple event in San Francisco, California on March 9, 2015. Josh Edelson/AFP/Getty Images

Apple is getting into the luxury market in a big way with its new Watch. But apparently that wasn’t enough for a few investors at Apple’s annual meeting today.

One shareholder told Cook, “I’d like to see you guys buy Tesla,” according to the Financial Times’ Tim Bradshaw. Cook’s response was unequivocally equivocal:

“We don’t really have a relationship with Tesla … I’d love Tesla to pick up CarPlay,” Cook reportedly said, a reference to the in-car version of Apple’s iOS mobile operating system. “Was that a good way to avoid the question?”

But Cook may not be able to avoid the question for long. In addition to CarPlay, reports that Apple is secretly working on designing its own electric car have fueled (driven?) loads of speculation and analysis pointing to the conclusion that the company putting its mind to four-wheeled transportation isn’t such a bad idea. Apple is good at design. Apple is good at manufacturing. Apple is rich. So why not add a few tires to the product mix?

Still, Tesla has been rolling innovative vehicles off its robot-powered assembly line for years, while Apple’s alleged car is still on the drawing board. And with $178 billion in cash at last counting, Apple has enough money to buy Tesla (current market cap $23.9 billion) many times over. For the moment, Apple may be content to peel off Tesla’s engineers. But some investors seem to think Apple should just get on with it and absorb the whole company.

“Am I insane to imagine something might happen here?” another shareholder—and Tesla Model S owner—reportedly said to Cook.

“Let me think if there’s another way to do a non-answer,” Cook replied, before not answering.

So What Happens to the MacBook Air Now?

Yesterday, Apple introduced a laptop that looks suspiciously like an evolved MacBook Air. It’s thinner, it’s lighter, it has the Retina display that the Air (somehow) still lacks. For now, at least, the MacBook is a product line unto itself. But it’s easy enough to envision a near-future where Apple’s new one-port wonder doesn’t just complement the MacBook Air; it replaces it altogether.

For now, there are plenty of reasons to keep the MacBook and the MacBook Air separate. Apple’s new offering might have a brilliant display, but its Core M processor makes it relatively underpowered next to the rest of Apple’s laptop lineup. It’s also, frankly, a little weird. Its keyboard’s new “butterfly” mechanism takes getting used to, and its lack of ports, aside from a single USB-C that handles both charging and data transfer, will confound those accustomed to the standard I/O buffet.

But when you look at the ways in which the MacBook Air and MacBook overlap, it’s easy to imagine a future in which that Venn diagram becomes a circle. Think about their trajectories over the next few years. The MacBook Air gets thinner; the MacBook gets more powerful. The Air gets a Retina display; the MacBook clears new battery life milestones. Both become cheaper. Wireless solutions like Handoff, AirDrop, and iCloud all become reliable enough that that we gladly relinquish our space-hogging ports.

Apple doesn’t need two ultraportable laptops that can handle most people’s computing needs most of the time. It doesn’t need consternated Apple Store clerks outlining the fine distinctions between Core i3 and Core M. It doesn’t need consumer confusion, which is what two largely overlapping products sows. The easiest way to fix that? Pare those two products down to one. Ditch the MacBook Air.

Pro or No

The complications around trying to sell three laptops—two of them destined for increasing overlap—become especially apparent when you consider the alternative. Do you need a MacBook for work? You’re a Pro. For home? You’re not. An Air, in that context, sounds like a laptop for people who dunk well.

Apple

You can see how this sort of simplified, binary line-up could play out across all of Apple’s product categories. Are you iMac or Mac Pro? Are you iPhone or iPhone Plus? You’re either an iPad mini or Air for now. But consider that Apple hasn’t substantially updated its tiny tablet in a year and a half, and that a rumored larger iPad may be on the horizon. It’s a stretch, but you can imagine a scenario in which the mini gives way entirely to the larger iPhone, and you’re either iPad or an iPad Pro.

Pruning the decision tree makes life easier for customers, sure. It’s also a potential boon to Apple, which can push the enterprise market—or people who just want to hook up a couple of monitors—towards the costlier MacBook Pro with Retina line. The lightest of which, for what it’s worth, today weighs just a small amount more than the original MacBook Air did.

The Cost of Business

There are plenty of limiting factors that could keep the MacBook Air around for a while. The Core M inside works fine, but it’s not ready to carry a full load. People might be (understandably) slow to embrace USB-C as their one true port. The biggest hiccup of all, though, might be price.

You can purchase a MacBook Air today for $899, a remarkable price point even though the device you get for it won’t win any drag races and has piggy-bank-level storage. The MacBook, meanwhile, starts at $1,299. That’s a lot more money, especially for a processor that’s even pokier than the cheapest Air’s.

Apple

With the MacBook’s price, though, Apple has built in a number of hedges against the future. That Retina display—remember, the MacBook Air is still painfully low-resolution next to its peers—is just a start. The base model of the MacBook comes with 8GB of RAM, twice what you’ll find in the entry-level Air. Its storage is similarly doubled up, with a 256GB SSD versus 128GB in the Air. In fact, the 12-inch MacBook costs the same as a similarly equipped, 13-inch MacBook Air. You’re just trading a lesser processor for a much better display. And you’ll own a device that can still keep up with the needs of OS X and the internet at large four years from now. The same probably can’t be said of any $899 Apple device.

For now, losing the MacBook Air would leave a gaping hole in Apple’s low-end lineup. But as storage and memory prices drop—and as Apple sells its customers on the value in a computer that’s not just cheap, but future-proof—it seems like yet another hold-up that could be easily resolved in a few years’ time.

A Unified Vision

Today, the MacBook Air and MacBook offer enough substantive differences that it makes perfect sense that they’ll live in harmony on Apple Store shelves. Price, performance, looks all vary; there’s a decently defined audience for both.

At some point, though, assuming Apple continues to evolve both products on their current trajectories, that will no longer be true. When that happens, whether it’s two, three, or five years from now? The MacBook becomes true to its name, and the Air becomes just that.

Why USB Type-C Is the Port of the Future

The new USB-C port is reversible, and it handles power, HDMI, and data transport. Apple

Yesterday, Apple showed off the MacBook, a new laptop notable for its thinness, its gold coloring, and most surprisingly, the absence of all but one solitary port. It’s called USB Type-C, and it’s going to transform gadgets as we know them.

Envisioning a future of laptops with just one input—aside from the headphone jack—is like entering an aquarium full of single-tentacled octopi. It’s unsettling. How do I charge it? Where does my SD card go? Why can’t I hook my computer up to more than two things at once?

These are all fair questions, but they can all find an answer in USB Type-C (or USB-C for short). Here’s a quick rundown of what you need to know.

What does USB-C look like?

A USB-C plug is slender, about the same size as a micro-USB (8.4mm by 2.6mm), but it’s reversible. Like Apple’s Lightning connector, upside down and right-side up are one and the same. So if you’re plugging in your MacBook in the dark, there’s no need to futz and fiddle to figure out which way it needs to be plugged in.

That’s pretty sweet. So does it work like a normal USB?

It’s like a USB on steroids. First off, charging: USB-C can deliver bi-directional power. It can be used to charge a host device, or it can allow the host device to charge a peripheral. It can handle large loads too, delivering up to 20V at 5A (100W). That’s more than enough to charge up a notebook, or multiple mobile devices simultaneously.

USB-C is also faster than our current USB-B standard. Data transfers can run at rates up to 10 Gbps, but it’s backwards compatible with older USB standards, as long as you have an adapter. Right now, our fastest USB Type B devices transfer data at half that speed.

If you want to nerd out on some more details about USB-C, Ars Technica has more information.

But it’s still only one port. What about all the other things I want to plug into my computer?

For that, you’ll need an adapter, and Apple has a number of options already available: USB-C to USB ($19), USB-C to HDMI, and USB to VGA (both $79). DisplayPort, gigabit Ethernet, SD card adapters, and other connector standards should arrive soon, both from Apple and from third parties.

However, Apple is betting that in the future, you’ll have fewer and fewer things you actually need to plug into your computer, thanks to the proliferation of wireless, Bluetooth and Wi-Fi-connected devices. Wireless headphones are actually worth listening to now, wireless speakers abound, and for things like wearables, you’ll likely just leave the charger next to your bed or at your desk.

Is USB-C another Apple-only thing? I hate Apple.

Regardless of your opinion of the company or its products, USB-C is not another proprietary connector from Apple. It’s a new, industry-wide standard, and we should be seeing devices from all sorts of different manufacturers using USB-C in the not-too-distant future. Apple’s new MacBook is the first consumer notebook to embrace USB-C.

Does anything else actually use USB-C at this point?

Yes! Sandisk makes a 32 GB flash drive with a Type C connector, and Lacie’s Porsche Design Mobile Drive now comes with a USB-C connector as well. It comes in 500GB, 1TB, or 2TB variants.

The recently announced Nokia N1 also features a Type C connector, however, Nokia’s implementation sticks with the current 5Mbps speed standard of USB-B devices.

IT and You: Role Reversal and Tech ‘Consumerization’

Enterprise IT is becoming a commodity. The cloud makes it easy for companies to provide updates and feature upgrades constantly, behind the scenes. As a result, the leaders in every technology category are starting to look the same – all selling the same basic services, all delivered using the same basic infrastructure.

Truly, the main difference is becoming how easy technology vendors make it for customers to buy their product and start using it.

I predict we can look for more enterprise-grade software and hardware being sold on consumer outlets. Amazon already has at least one listing for a multi-user license of enterprise “web-to-host network management” software. (That’s not even Amazon Web Services. That’s just plain Amazon.)

What does consumerization of enterprise technology mean for business – and business workers?

Consumerization Has shifted the IT-Worker Balance of Power

The roles are reversed for IT departments and their customers. IT used to make all network and appliance decisions. Employees or other users had to adapt their way of working to whatever technology they were given.

Think about the whole Bring Your Own Device movement. Originally, IT directors held off on integrating tablets and smartphones into their networks. Their argument was that personal devices couldn’t offer the security that businesses need.

But the users decided. They demanded personal devices on corporate networks, and it’s happening, almost like fate. Standards allowed it to work, and by and large that was that.

So it goes with a lot of technology today. As the Internet has matured, expectations of how and where you can work have changed. You are now just as likely to be in the driver’s seat as the IT department when it comes to choosing the technology you want for work.

You’re still the customer, and IT’s still the provider – it’s just that the balance of power has shifted.

Cloud Services Let IT departments Put User Experience First

It’s not unreasonable any more to expect IT to adapt to users’ technology – much of which is designed for the consumer market. It’s easier now than even five years ago.

With Software-as-a-Service and Infrastructure-as-a-Service over the cloud, today’s IT leaders worry less about racks, equipment and networks. They can focus more on meeting user technology expectations. (And users expect to use their consumer devices and applications at work.)

Even now, IT departments aren’t necessarily buying “technology”; they’re buying services, and letting consumers bring their own products to access those services.

That’s why it’s not much of a leap to conclude that enterprise-class business technology of all kinds should soon be available on consumer shopping sites. Before long, you may be able to purchase sophisticated business collaboration software, the latest New York Times Best Seller and a Billboard Hot 100 album at the same time.

You can probably download them all, too.

Simon Dudley is the Video Evangelist for LifeSize. He is on Twitter @simondudley.

Report: CIA Has Tried for Years to Break Into Apple Gear

The CIA has been working with security researchers to hack into Apple’s technology since long before we all carried Apple devices around in our pockets.

That’s according to a new report from The Intercept, based on documents supplied by National Security Agency whistleblower Edward Snowden. The story lays out in detail how, for nearly a decade now, the CIA has been working on ways to penetrate Apple’s iPhones and iPads, in order to collect data on Apple customers, which Apple CEO Tim Cook has publicly and repeatedly vowed to protect.

According to the report, researchers have been targeting Apple’s security keys, which encrypt user data, as well as working on their own version of Xcode, Apple’s software development tool, which would give the intelligence community access to any apps developed using the modified tool—access, which Apple does not otherwise allow. One document cited in the report notes that this tool could “force all iOS applications to send embedded data to a listening post.” These and other findings have been presented annually at the CIA’s Trusted Computing Base Jamboree conference.

The goal of this research, according to the documents, was to make the CIA less dependent on “a very small number of security flaws, many of which are public, which Apple eventually patches.” The new methods researchers have been pursuing were designed to go undetected. And yet, The Intercept reports that none of the documents indicate whether or not these methods have been proven to work.

If successful, however, the implications of such breaches would be immense, because, as Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute told The Intercept, “Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else.”

This report comes less than a year after Apple launched a new website, detailing the lengths the company goes to to protect user data. In an open letter, CEO Tim Cook wrote that Apple had never allowed government agencies access to a “backdoor” to its products and services. “And we never will,” he added. The site also noted that on iOS 8, all user data is protected by users’ own passwords, which Apple cannot bypass. These default encryption settings earned high praise from privacy advocates but spurred widespread criticism from government officials, including U.S. Attorney General Eric Holder and FBI Director James Comey, who said such protections could cripple law enforcement investigations.

According to one American Civil Liberties Union technologist quoted in The Intercept, these changes have only served to fuel the intelligence community’s desire to seek out vulnerabilities in Apple’s encryption technology. It’s an effort that is well funded, and not limited to Apple’s products. According to one classified budget, a 2012 project designed to infiltrate “strong commercial data security systems” received $35 million in funding.

The projects are part of an overarching shift at the CIA toward cyberespionage. Just last week, CIA director John Brennan issued a memo stating that digital technology must be “at the very center of all our mission endeavors.” Brennan’s memo seemed to suggest that this shift was a reaction to intelligence officers’ dwindling involvement in armed conflict in Iraq and Afghanistan. “Now they have to go back to old-school spying, recruiting agents, getting people to tell you secrets in a peaceful environment,” he wrote. And yet, the Agency’s heightened interest in infiltrating American companies on American soil seems to tell a different story.

It’s a strategy that Green believes could not only threaten American privacy, but also the U.S. economy. “U.S. tech companies have already suffered overseas due to foreign concerns about our products’ security,” he told The Intercept. “The last thing any of us need is for the U.S. government to actively undermine our own technology industry.”

Internet of Anything: An Open-Source Smart Home You Control

Smart homes could make our lives easier. But they could also end up being a real pain. Devices from competing companies might not want to talk to each other. Your gadgets might collect personal data and sell it to advertisers without you knowing about it it. The company you bought your hardware or software could close down, rending the product you shelled out big bucks for practically useless. Your whole house could become a botnet.

But it doesn’t have to be that way. There’s no reason that your personal “Internet of Things” shouldn’t be a collection of gadgets and apps that you you control — not some company off in the cloud somewhere.

The Calaos Project is a collection of software tools aimed at helping you do just that. “The goal of the project is to produce an entire software suite that lets people configure, control and monitor their houses the way they want,” says Calaos developer Raoul Hecky.

Calaos includes a custom version of Linux designed specifically for the Internet of Things; a server platform for centralizing third party devices; and, perhaps most importantly, mobile apps for Android and iOS so that you can control all of your smart home gadgets from one interface. You can use the web and mobile apps to control anything that’s connected to the Calaos server, whether that’s a lighting system, a music player, or the locks on your house. It can become, in short, a remote control for your life.

Open House

Calaos was originally the name of a company that sold this set of tools commercially. The company, founded in 2007 by Hecky and a friend from university, never quite found its footing, and, lacking the funds to continue, closed its doors in 2013. But instead of letting the software die with the company, Hecky and company released the source code for its software under an open source license, meaning that anyone can now view the code, make changes to it, and release their own custom versions of the software.

The Calaos Project

In other words, the world can audit the software for privacy and security problems and even contribute fixes. Any hardware developer can ensure that their products are compatible with the system, without having to seek out a partnership with the developers. And the software is no longer at the mercy of the businesses decisions of a single company.

The downside, as of today, though, is that you’ll have to get your hands dirty to set all this up. Much like many other open source Internet of Things platforms — such as the hardware boards Tessel and Spark or software like Meshblue (formerly known as SkyNet), this stuff is for power users who have an idea of what they want to build.

“Today, Calaos is for end users that have some knowledge about electrical installations or home automation,” says Hecky. But he says that as more user friendly home automation tools hit the market — regardless of whether the devices themselves are open source — Calaos will support them, making it easier and easier to get started.

Keeping the Code Alive

The big question, though, is who will maintain Calaos. Hecky now has a new job at a software company in a completely different industry, and runs the project in his spare time. For now, he’s not interested in starting another company. “I [would] need a solid business plan and a good idea to not make the same mistakes,” he says. “If I’m going to start something again I don’t want to just re-create the same company we had.”

Instead, the Calaos team has founded a non-profit organization so that it can collect donations and handle all the expenses the project has right now, such as servers and test hardware for developers. And the beauty of open source is that, even if Hecky decides to move on, other developers can always pick up where he left off.

In the meantime, Calaos could make an interesting test bed for thinking through how the Internet of Things ought to work. As commercial giants try to sell consumers on their early smart home products, the field is still wide open for options that don’t require a corporate overseer.

MRSA can linger in homes, spreading among its inhabitants

Households can serve as a reservoir for transmitting methicillin-resistant Staphylococcus aureus (MRSA), according to a study published this week in mBio®, the online open-access journal of the American Society for Microbiology. Once the bacteria enters a home, it can linger for years, spreading from person to person and evolving genetically to become unique to that household.

MRSA are strains of the bacterium Staphylococcus aureus that are resistant to almost all antibiotics related to penicillin, known as the beta-lactams. Since the 1990s, community-associated MRSA infections, mostly skin infections, have been seen in healthy people. The predominant community-associated strain of MRSA, called USA300, is virulent and easily transmissible.

For the study, researchers used a laboratory technique called whole genome sequencing on 146 USA300 MRSA samples. These samples were collected during a previous study from 21 households in Chicago and Los Angeles where a family member had presented to the emergency room with a skin infection found to be caused by USA300 MRSA. During that study, published in 2012 in the journal Clinical Infectious Diseases, investigators visited the homes of 350 skin infection patients, culturing their and their family members' noses, throats and groins for bacterial colonization. Among 1,162 people studied (350 skin infection patients and 812 household members), S. aureus colonized at one or more body sites of 40 percent (137 of 350) of patients with skin infections and 50 percent (405 of 812) of their household contacts.

For the current study, investigators evaluated the samples to understand transmission dynamics, genetic relatedness, and microevolution of USA300 MRSA within households. They also compared genetic information from these MRSA samples with previously published genome sequences of 35 USA300 MRSA isolates from San Diego and 277 USA300 MRSA isolates from New York City, as well as with the completed genomes of the bacteria USA300 TCH1516 and FPR3757. They created an evolutionary tree to show the relationships among the bacterial strains.

The researchers found that isolates within households clustered into closely related groups, suggesting a single common USA300 ancestral strain was introduced to and transmitted within each household. Researchers also determined from a technique called Bayesian evolutionary reconstruction that USA300 MRSA persisted within households from 2.3 to 8.3 years before their samples were collected, and that in the course of a year, USA300 strains had a 1 in a million chance of having a random genetic change, estimating the speed of evolution in these strains. Researchers also found evidence that USA300 clones, when persisting in households, continued to acquire extraneous DNA.

"We found that USA300 MRSA strains within households were more similar to each other than those from different households," said senior study author Michael Z. David, MD, PhD, an assistant professor of medicine at the University of Chicago. Although MRSA is introduced into households rarely, he said, once it gets in, "it can hang out there for years, ping-ponging around from person to person. Our findings strongly suggest that unique USA300 MRSA isolates are transmitted within households that contain an individual with a skin infection."

USA300 broke down into two big groups or clades, with the vast majority of isolates from Los Angeles genetically different from those in Chicago. Fluoroquinolone-resistant USA300 clones emerged around 1995 and were more widespread in Los Angeles, San Diego and New York City than in Chicago.

"The study adds to the knowledge base of how USA300 MRSA has spread throughout the country," said study coauthor Timothy D. Read, PhD, an associate professor of infectious diseases at the Emory University School of Medicine in Atlanta. "We're also getting hints at how it evolves inside households. Decolonization of household members may be a critical component of prevention programs to control USA300 MRSA spread in the United States."

Story Source:

The above story is based on materials provided by American Society for Microbiology . Note: Materials may be edited for content and length.

Here’s How Activists Smuggle Friends Into North Korea

1 / 4

Michael Marsicano

2 / 4

3 / 4

Michael Marsicano

4 / 4

Michael Marsicano

Western movies, TV shows, documentaries, news—despite a ban on foreign media in North Korea, many of its citizens are able to watch all this stuff. And activists have found plenty of ways to smuggle digital contraband into the “darkest place on Earth.” Dissident groups like the North Korea Strategy Center, North Korea Intellectuals Solidarity, and Fighters for a Free North Korea use low tech tricks to pass pamphlets, USB drives, and SD memory cards with information and entertainment across the border. Few North Koreans can get online, but millions have access to TVs, computers, or video players, called notels, that have USB and SD ports. So, for activists hoping smuggled data will help bring down Kim Jong-un’s regime by showing life outside the DPRK, the main question isn’t whether the media can be seen but what to smuggle and how. Here’s a sampling of contraband material that permeates the border and how activists sneak it in.

What Gets Smuggled In

How It Gets Smuggled In

Read our

April cover story

on the North Korean data-smuggling movement.

Michael Marsicano