The UpStream (Page 145)

Google Changes Policy on 90 Day Bug Release

posted Sunday Feb 15, 2015 by Scott Ertz

Google Changes Policy on 90 Day Bug Release

Google's Project Zero has not been met with a lot of acceptance from the software community, but has received particular flack from Microsoft. It is a reasonable response from a company who seems to have been specifically damaged by Project Zero's 90 day release policy. That policy, which has been unalterable by the company, has unfortunately released information about Microsoft vulnerabilities before the company has had a chance to patch them. That is an incredibly unusual circumstance in the security world, where the normal policy is to inform the developer of their issue, allow them to patch it, then release the terms of the issue.

This week, Google revised its policy on releasing information on a strict 90 day schedule. They said that they would begin to give their vendors an additional 14 days, so long as the company promised to fix the issue within that 2 week period.

We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+).

Unfortunately, as any software developer will tell you, a hard-set release schedule set by someone outside of your development environment is insane. Some patches are deeper into the system and require significant changes higher up as the initial change is made. Some of these changes simply cannot be made within a 90 day period, and to expect it shows a complete lack of understanding of the software process. It is understandable, though, for a company so totally removed from well-built software.

It will be interesting to see in the coming months which "vendors" they decide to apply these more lenient rules to. Will Microsoft see 14 day grace periods, or will it be just for, as they say, "bugs in the pipeline for Google products?"

Microsoft and Samsung Settle Lawsuit Over Android Patent Royalties

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Microsoft and Samsung Settle Lawsuit Over Android Patent Royalties

Six months ago, Microsoft sued Samsung over missing royalty payments for Android patents Samsung was using. Samsung claimed that since Microsoft purchased Nokia, the company didn't have to pay anymore. Microsoft decided to sue, and because of that, the two parties have agreed to settle outside of the courtroom.

While the specifics of the deal were not disclosed, both companies posted very short statements on their respective websites. Samsung's EVP Jaewan Chi wrote,

Samsung and Microsoft are pleased to announce that they have ended their contract dispute in U.S. court as well as the ICC arbitration. Terms of the agreement are confidential.

Aside from the very brief statement, Microsoft officials would not comment or verify the terms of the settlement. The good news is that Samsung and Microsoft can continue their seven-plus-year contract, with Samsung paying over $1 billion in 2013 alone for the use of patents Microsoft owns.

This puts Samsung back in line with LG and HTC for complying with patent licensing agreements. Still disputing contractual obligations is Motorola, and that's been ongoing since 2010, with no imminent end in sight. Microsoft currently licenses its patents to almost two dozen different companies who manufacture Android, Chrome and Linux-based products.

Sling TV is Open for the Public to Try, Announces Deal with AMC Networks

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Sling TV is Open for the Public to Try, Announces Deal with AMC Networks

Sling TV was announced back in January at the International CES in Vegas, and for about a month, the cord-cutter's alternative was open to those only with an invitation, and contained a select list of channels. Now, Dish has announced that its pay-TV service will be open to the public to sign up, and will have a lot more than what it initially offered in its closed testing.

For only $20 per month, customers can access content such as TNT, TBS, Food Network, HGTV, Travel Channel, El Rey Network, Maker, Adult Swim, Cartoon Network, Disney, ABC Family, CNN and Galavision. More importantly, that same $20 will also include live sports on ESPN, ESPN2 and ESPN3, finally severing the tie between ABC's primetime sports content and having to have a cable subscription to view it online. Dish also announced this week that it will be adding AMC Networks to the lineup in the very near future, after completing a deal with the network shortly after announcing that Sling was open to the public. AMC's content will be available in the same $20 per month tier.

Roger Lynch, CEO of Sling TV, announced the agreement with AMC, saying that its something a lot of people have been wanting.

We flipped the switch this morning opening up Sling TV to all consumers, and we’re giving them something they’ve been asking for: AMC. Soon Sling TV will deliver hits like The Walking Dead and Mad Men with AMC included in our core package. We found a great partner in AMC Networks with a wide range of popular channels to help us quickly make that a reality.

For those looking for more sports, more kid-centric content or for more news and information-based shows, Sling has lined up a view a la carte items to select from. Three additional packages are available for $5 per month on top of your base of $20. HLN, DIY, Bloomberg and the Cooking Channel are lumped into the "News & Info Extra" package. Disney Junior, Disney XD, Boomerang, BabyTV and DucksTV are all available with the "Kids Extra" package. And finally, for those who can't cut the cord because of the lack of live sports available outside of a cable subscription, $5 more per month with Sling will get you the "Sports Extra" package, consisting of ESPN U, ESPN's SEC Network, ESPNEWS, ESPN Bases Loaded, ESPN Buzzer Beater, ESPN Goal Line, BeinHD Sport, Univision's IDN and NBC Universal Sports Network.

A couple of kickers should be noted here. First, some networks will not allow you to rewind and fast forward content, kind of like the on-demand channels on your cable box currently. This is due to contractual restrictions with the networks in question but only exists with shows that have aired in the past 3 days. Also, Sling TV is only available to be viewed from one device at a time, so you can't go all Netflix with this service and share it to four other people at once.

Now for the perks that will simply be listed in succession. Another plus to the sports fan is that the WatchESPN is also available with Sling's basic package. Sling TV customers do not need to sign up to any contracts or commitments for service. Lastly, there's a seven-day trial waiting for anyone who wants to sign up and give this new service a go. I know I'm going to.

Sling TV is available on all the usual platforms you'd expect, with Dish partnering with Roku and Amazon with device offerings. And while we don't see the app on the Windows Store (and there's no plans for it on the site yet), Sling TV is smart and has offered up a standalone download to install the software on any laptop or PC. An especially exciting plus is that under the supports devices for gaming consoles, the Xbox brand is listed as "Coming Soon!" Sony's PlayStation line of devices is not listed as supported on Sling's website.

Malware Attack on Banks Allows Thieves to Walk Away with Over $300 Million

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Malware Attack on Banks Allows Thieves to Walk Away with Over $300 Million

In what is one of the largest and intricate Internet attacks of all time, banks across the globe have been breached since 2013, allowing hackers to walk away with over $300 million in less than two years. Among the 100 banks from 30 countries that have been affected, Russia, Japan, Europe and the US are within that pool of nations.

An extremely advanced malware attack seems to be part of the cause, as discovered by Kaspersky Labs, the team which completed a report on the matter. So far, no banks have stepped up to admit they've been attacked, probably due to the severe nature of the breach. On the heist, Kaspersky NA's manager Chris Doggett said,

This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.

Just how covert were these criminals? According to the report, the robbers were calculated and meticulous with their actions, going so far as to install surveillance software onto bank computers in order to track and measure operations over a long period of time. Then, they were able to disguise themselves as actual bank employees to draw up to $10 million out of customers' accounts. A particular client of Kaspersky has alleged that they are missing over $7.3 million from their bank account from ATM withdrawals.

The good news, for us in the United States at least, is that almost all of the banks affected are based out of Russia. However, Kaspersky says the malware is spreading and still active. When the security firm reached out to the Financial Services Information Sharing and Analysis Center, the financial industry's advisory board on cyber attacks and malicious software, the agency said that it is aware of the breach and has "disseminated intelligence on this attack to the members." Customers of affected banks have not yet been informed of the attack.

Twitter CEO Blames Himself for Escalating Problem of Trolls and Abuse on the Platform

posted Sunday Feb 8, 2015 by Nicholas DiMeo

Twitter CEO Blames Himself for Escalating Problem of Trolls and Abuse on the Platform

Twitter CEO Dick Costolo finally admitted this week that Twitter sucks. Granted, he was specific about where exactly the sucking was occurring, but it still makes me feel good to begin an article with that sentence.

Being completely accountable for his platform staff's inaction when it comes to trolls and abusive tweets, Costolo said that, "it's nobody's fault but mine." He added that there will be change soon and that the nonsensical accounts, and sexual and racist posts, are causing people and businesses to steer away from Twitter. All of this was posted on an internal forum, where he addressed these concerns.

We suck at dealing with abuse and trolls on the platform and we've sucked at it for years. It's no secret and the rest of the world talks about it every day. We lose core user after core user by not addressing simple trolling issues that they face every day.

I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing.

We're going to start kicking these people off right and left and making sure that when they issue their ridiculous attacks, nobody hears them.

Costolo then posted another memo, which stated that Twitter needs to stop dragging its feet when it comes to dealing with these issues. He said that he takes personal responsibility for the company failing at it, then essentially repeated what he said in the message before.

While it's better late than never, the recent wave of attacks have been more extreme and more personal than ever, especially during incidents like GamerGate and almost anything involving women. It'll be interesting to see what Costolo's next move is and exactly how he plans on handling the problem.

Staples Acquires Office Depot in $6 Billion Deal

posted Sunday Feb 8, 2015 by Nicholas DiMeo

Staples Acquires Office Depot in $6 Billion Deal

It seems like this was a week of big shakeups in the tech space. Add Staples acquiring Office Depot to the list of buyouts and closings for the first quarter of 2015.

Staples will be purchasing all outstanding shares of Office Depot, and in exchange, all shareholders for Office Depot will get $7.25 for each share, in cash. They will also receive 0.2188 of Staples stock, which is quite a strange amount. All in, the acquisition places Office Depot at $6.3 billion in valuation. Staples and Office Depot started to discuss the deal back in September and the terms were unanimously passed in a vote by the Board of Directors for both companies.

Ron Sargent, CEO of Staples said that this move would allow Staples to serve its customers better.

This is a transformational acquisition which enables Staples to provide more value to customers. We expect to recognize at least $1 billion of synergies as we aggressively reduce global expenses and optimize our retail footprint. These savings will dramatically accelerate our strategic reinvention which is focused on driving growth in our delivery businesses and in categories beyond office supplies.

Buzzwords aside, if joining forces would effectively save $1 billion annually, I'm shocked it took this long for the deal to go down. Between employee reduction on the administration end, distribution reduction and cuts in the size of the total retail space, Staples might positively refocus itself by taking a long hard look at its own costs.

Office Depot's CEO Roland Smith added that after adding OfficeMax to the Office Depot portfolio over the past year, this acquisition made a lot of sense "over the long term." He closed his statement by saying that, Office Depot "look(s) forward to bringing our experience and knowledge to the new organization."

For the Board of Directors, Staples will approve adding two more members to its Board, increasing the size to 13. Sargent will continue running Staples as CEO and the corporate HQ will stay in its home in Framingham, MA. The transaction should clear by the end of 2015 pending shareholder and any SEC clearance.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats