MIT wins DARPA’s Great Red Balloon Hunt

Almost as soon as it was launched, in only nine hours in fact, the Defense Advanced Research Projects Agency (DARPA) announced that the MIT Red Balloon Challenge Team won the $40,000 cash prize in the DARPA Network Challenge, a competition that required participants to locate 10 large, red balloons at undisclosed locations across the United States. Bots, bombs and weird science: The wackiest stories of 2009 "The Challenge has captured the imagination of people around the world, is rich with scientific intrigue, and, we hope, is part of a growing 'renaissance of wonder' throughout the nation," said DARPA director,Dr. Regina E. Dugan in a statement. The MIT team received the prize for being the first to identify the locations of all 10 balloons. DARPA last month offered up the rather interesting challenge: find and plot 10 red weather balloons scattered at undisclosed locations across the country.

According ton the agency, the balloons were in readily accessible locations, visible from nearby roadways and accompanied by DARPA representatives. The first person or team to identify the location of all the balloons and enter them on the challenge Web site will win a $40,000 cash prize. All balloons are scheduled to go on display at all locations at 10:00AM (ET) until approximately 4:00 PM on Saturday, December 5, 2009. Should weather or technical difficulties arise with the launch, the display will be delayed until Sunday, December 6 or later, depending on conditions. Latitudes and longitudes are entered in degree-minute-second (DDD-MM-SS) format as explained on the website Coordinates must be entered with an error of less than one arc-minute to be accepted. If, for any reason, the balloon is displayed in one location then moved to a second location, either location will be accepted. 12 mad science projects that could shake the world Entrants were required to register and submit entries on the event website.

The DARPA Network Challenge is designed to mark the 40th anniversary of the Internet. "It is fitting for DARPA to announce this competition on the anniversary of the day that the first message was sent over the ARPANET, the precursor to the Internet," said Dr. Regina E. Dugan, who made the announcement at a conference celebrating the anniversary. "In the 40 years since this breakthrough, the Internet has become an integral part of society and the global economy. The Grand Challenge competitions were started in 2004 to foster the development of autonomous robotic vehicle technology for use on the battlefield. The DARPA Network Challenge explores the unprecedented ability of the Internet to bring people together to solve tough problems." This is the latest example of DARPA's interest in reaching nontraditional sources of ideas and talent. The competition model for stimulating technological development enabled significant strides that will someday keep our men and women in uniform out of harm's way. DARPA has held a number of challenges including one that featured robot cars and another that seeks to develop lunar spacecraft.

Alcatel integrating network layers for efficiency

Alcatel-Lucent on Wednesday set a course for tighter integration of the two main components of long-haul service-provider networks, saying it will help carriers streamline their infrastructure and run it more efficiently. Now, with the Converged Backbone Transformation Solution, it is leveraging its expertise in both technologies so the two can work more smoothly together and be managed more easily. The company is a major player in carrier optical transport and is gaining ground on Cisco Systems and Juniper in IP (Internet Protocol) routing, according to industry analysts.

The payoff for enterprises that rely on carriers to interconnect their offices could be both faster provisioning and lower prices, said Ray Mota of Synergy Research Group. The two domains have remained largely separate, but Alcatel said it will bring its IP and optical systems closer together, with more flexible capacity-handling and unified management. Most service-provider networks use electronic packet routers to direct Internet and private IP traffic, but also optical infrastructure to transport data over long distances. Today's IP and optical network elements effectively just hand off traffic to each other without much interaction, and they typically are managed by separate teams, said Lindsay Newell, vice president of marketing for IP at Alcatel. If you go to an optical vendor, you get an optical answer," Newell said.

His company is best equipped to make these systems work more closely together because it has experience making both parts, Newell said. "If you go to a router vendor, you get a router answer. Alcatel says it is skilled in both. Current routers from most vendors can map one router port to one wavelength of light for optical transport. One thing Alcatel aims to provide is a more granular way of feeding traffic from IP routers into optical infrastructure. Alcatel is introducing that technology, called IP over dense wave-division multiplexing, on its service routers now. Alcatel plans to offer the ability to send traffic from multiple ports or from multiple virtual LANs into a single wavelength, Newell said.

But IP over DWDM isn't ideal, because it wastes optical capacity if there isn't enough traffic from the IP port to fill the wavelength, Newell said. Carriers can use this to make more efficient use of each wavelength, so potentially they won't have to deploy or light up as many wavelengths, he said. The company will implement the capabilities using existing and emerging industry standards, adding some proprietary features of its own but keeping its products interoperable with gear from other vendors at a more basic level. This could save space and power in carrier facilities as well as money. Also through closer integration, Alcatel will allow IP routers to send traffic straight across the optical network, bypassing unnecessary IP routing along the way.

At a higher level, Alcatel said it can integrate the management of both network layers because it supplies both. This core router bypass capability will let traffic destined from, say, Los Angeles to New York go straight to its destination without going through an IP router in Chicago, Newell said. Among other things, the IP and optical management systems will know what resources are available on each and be able to communicate fault management alarms. The Converged Backbone Transformation Solution is a set of features that will roll out over time. Ultimately, the IP network elements will be able to reroute traffic if there's a failure in the optical layer, and vice versa. Immediately, Alcatel is delivering features including IP over DWDM on service routers and the initial elements of information exchange between IP and optical, such as common alarm views and fault isolation.

Later it will offer more dynamic interaction between the layers, including dynamic provisioning for failover, Newell said. Next year, the company plans to provide static provisioning for port-level and VLAN traffic grooming. The integration ultimately can save carriers at least 30 percent in capital expenditures on a network built from the ground up with the new technology, according to Newell. Many carriers are grappling with data traffic that is growing far faster than the revenue they can collect for it, and this type of streamlining approach could help them, Synergy's Mota said. Savings for carrier networks with a large amount of existing infrastructure will be more incremental, he said.

Med students' tweets, posts expose patient info

Future doctors are too frequently putting inappropriate postings and sometimes confidential patient information on social sites like Facebook and Twitter, according to a study published in the Journal of the American Medical Association. Thirteen percent reported that students had violated patient confidentiality in postings on social networking sites. The study shows that in a survey of medical colleges, 60% reported incidents of medical students' posting unprofessional content online.

The survey also showed that 39% of colleges found medical students posting pictures of themselves being intoxicated, and 38% reported medical students posting sexually suggestive material. Of the schools that reported finding inappropriate student content only, 67% said they gave informal warnings and 7% said they expelled the student. The study, published this week, surveyed deans or their counterparts at 78 U.S. medical colleges. People are frequently warned that photos and posts, and even comments from friends and family - on sites like Facebook, MySpace and Twitter could come back to haunt them. Dan Olds, an analyst with The Gabriel Consulting Group, said people who post inappropriate material, such as pictures of themselves drunk, has long been a downside of social networking.

Companies report that they check social networking sites before hiring a prospective employee, and an off-hand comment about a work project or annoying colleague can easily come back to bite someone in the office. However, when health care workers are involved in such activity, it takes on a new dimension. "Doctors are in a bit of a unique position in society - almost universally trusted by patients to hold some of their most personal information confidential," Olds said. "This relationship needs to exist, because if patients hold back information from their doctor, it can have a serious impact on their lives. And it's hard to believe that medical students, folks who are highly educated, are so stupid as to not see the downside of these social networking activities." He added that aside from posting patient information online, it's also a bad idea for medical students to post pictures of the drunken party they were at the night before or information about their latest tryst. "Even though this was probably done innocently and with no bad intent, the potential for damage to patients is large," Olds said. "Seeing their doctors partying and drunk is not the way to engender trust, particularly if you're the person who has an appointment with that doctor the next day." If patients believe their doctors are unintentionally, or, worse yet, intentionally, revealing confidential information, then that trust will be irreparable damaged.

Ellison: Fusion Applications in 2010

Oracle plans to launch its long-awaited Fusion Applications in 2010, and they will be deployable both on-premises and as SaaS (software as a service), CEO Larry Ellison said Wednesday during a keynote address at the OpenWorld conference in San Francisco. Oracle has placed special emphasis on improving the user experience with Fusion, as well as embedded BI (business intelligence) throughout the applications, Ellison said. Fusion Applications, which Oracle first announced several years ago, will combine the best elements of Oracle's various business software product lines into a next-generation suite.

Ellison's keynote contained the most specific information the company has provided about Fusion Applications since first announcing the project several years ago. We're absolutely committed to do that," he said to applause. "We can afford to not only maintain the software you're running today, but also build the software you may want to move to tomorrow." Ellison did not provide details regarding licensing and pricing models, including whether Oracle will sell the new applications via subscription, as is the norm with SaaS. But Oracle is nonetheless ensuring the products are ready for SaaS, including by developing monitoring tools that will track their performance, Ellison said. The CEO took pains to tell the packed room of Siebel, JD Edwards and E-Business Suite users that Oracle has no plans to abandon the product lines anytime soon. "Oracle will continue to enhance those applications for the next decade and beyond. While SaaS vendors provide users with service-level agreement guarantees, "there aren't very good tools for figuring out whether you're actually getting the service levels you're paying for," he said. This gives Oracle "a huge advantage" because the SOA model will allow users easily to tie together "the Fusion generation and all the stuff you have deployed today," Ellison said. "We don't think all customers are going to replace what they have today with Fusion," he added. "We think they will augment what they have with some Fusion. Oracle's tools will enable it to "not only contractually commit but prove we're delivering the service levels." Fusion Applications are based on a SOA (service oriented architecture) provided by Oracle's Fusion Middleware stack, Ellison said.

Fusion is designed to be delivered that way. ... We have replacement applications and then we have net-new applications." The initial suite will include modules for financial management, human capital management, sales and marketing, supply chain management, project management, procurement management and GRC (governance, risk and compliance), but other key areas, such as manufacturing, will come later. Oracle has worked "very, very closely" with customers to design and test Fusion Applications, work that has resulted in a superior user interface, Ellison said. Ellison stressed the benefits of the modular approach. "You assemble the components in the order you want to use them, in the order that makes sense for your industry," he said. Embedded BI is another major focus of the suite. "You can't use the system without using business intelligence," Ellison said. The application allowed the user to bring up a dashboard showing which order manager was responsible for the particular transaction, and then begin an instant-messaging conversation with him directly from the tool. In a demonstration, a pair of Oracle executives showed how the system alerted one user that a particular shipment had been delayed.

In turn, the order manager was able to search for less critical orders and reroute them to fulfill the first one. "We tell you what you need to know, what you need to do, and we tell you how to do it," Ellison said. While Oracle "definitely has the capability to deliver this as SaaS, it's really up to them to figure out if they want to enter [that market] large-scale," Wang added. Ellison's presentation proved that "Fusion apps are real," said Ray Wang, a partner with the analyst firm Altimeter Group. In some product areas, such as talent management, "they can't compete without the SaaS option," he said. In a presentation Tuesday, on-demand CRM (customer relationship management) vendor and Oracle rival Salesforce.com compared multitenancy to an office building, where individual tenants share the overall infrastructure but customize their office spaces.

SaaS applications are different from straight application hosting, because they use a "multitenant" architecture wherein customers share a single instance of an application but their data is kept private from other customers. Oracle "will definitely" offer a hosted version of Fusion Applications, although it remains to be seen exactly how their SaaS strategy for the software plays out, Wang said. They're playing catch-up." Meanwhile, the work ahead of companies looking to adopt Fusion Applications sooner rather than later is "not trivial," said Floyd Teter, head of the Oracle Applications Users Group's Fusion Council, which has been educating group members about the upcoming applications release. When Fusion Applications arrive, they will also raise the competitive stakes between Oracle and its main rival, SAP. But SAP spokesman Saswato Das dismissed Oracle's announcement. "Basically, our Business Suite 7 is the most comprehensive and flexible suite of applications on the market," Das said. "Oracle has been talking about Fusion for a long time, and our suite is available now. One key step customers should take is to catalogue their application customizations and determine which ones could be retired, Teter said. "A lot of us have done a lot of custom things. The skill set now is more Java and specifically [Java Enterprise Edition]. You also better have some knowledge of JavaScript." In addition, Fusion Applications rely on Oracle's JDeveloper IDE (integrated development environment), rather than other Java development tools like Eclipse.

If you're a long-term Oracle customer, it's easy to lose track." Fusion Applications will also require some companies to acquire new development skills, Teter said. "A lot of us run a lot of customizations through MOD PL_SQL. That's going to be gone. For many companies, there will be plenty of time to plan, since the first version of Fusion Applications won't include certain functional areas. In the meantime, we'll continue to stay current on EBS." But Teter said the vendor's work on Fusion has produced impressive results, particularly in regards to user experience. The lack of manufacturing has prompted the Jet Propulsion Laboratory at the California Institute of Technology, which uses E-Business Suite, to wait for a future version, said Teter, who is a project manager at the lab. "When I get a full-functionality replacement, we'll look at it. Earlier in his keynote, Ellison turned to Oracle's recently announced Exadata 2 appliance for data warehousing and transaction processing. Exadata 2 uses Sun hardware, while the original machine, announced at last year's OpenWorld show, used Hewlett-Packard iron.

He claimed the machine widely outperforms and is much less expensive than competing technologies, such as from IBM, calling it "the fastest computer that has ever been built to run data warehousing applications." "This system will outperform any of the competition," he said. Oracle is in the process of buying Sun Microsystems but the deal is on hold while European officials conduct an antitrust review. Ellison temporarily ceded the stage to California Gov. Ellison didn't discuss the acquisition during his keynote, but Sun and its officials have played an active role in this year's OpenWorld conference. Arnold Schwarzenegger, who delivered a joke-peppered talk espousing the value of technology, from biotech to the Hollywood special effects that powered his long career as an action star. "Think of Conan the Barbarian fighting the giant snake," he said, referring to his role in the 1982 film based on Robert E. Howard's tales of a legendary warrior king. "I never could have done that and look so studly without technology," he said to an eruption of laughter from the crowd.

Schwarzenegger also congratulated Ellison and Sun chairman Scott McNealy on the pending acquisition, stressing the companies' importance to California's economy. "Working together, I know the sky is the limit for you and your employees," he said.

Amazon takes Kindle global, lowers price

Amazon plans to start selling its Kindle reader in over 100 countries and territories on Oct. 19, and the company has already started booking pre-orders for the device on its web site. The Kindle was earlier only available in the U.S. Amazon has been working with publishers for many months to build a vast selection of English language books available around the world, said Stephanie Mantello Ward, a spokeswoman for Amazon, in an e-mail on Wednesday. Amazon is selling the Kindle with U.S. & International Wireless to customers in Asia, Africa, Europe, Australia and South America, for US$279 for a reader with a 6-inch display and the ability to wirelessly download books and other content globally, the company said on Wednesday. Amazon also has some books in languages other than English, but its focus right now is to provide its customers with the best possible experience for English-language content, she added.

She did not give a reason why China was not included in the current launch. The Kindle will not be sold in China because Amazon is unable to ship the Kindle or offer Kindle content to Chinese customers, the company said. "We want to ship Kindle everywhere, and we're working on it," Ward said. Best-seller books will cost $11.99 or more for international customers, with about 100,000 other titles available for less than $5.99, Amazon said. Amazon also said that it is lowering the price of the 6-inch display Kindle in the U.S. from $299 to $259. The Kindle DX, which has a 9.7-inch display, retails for $489. The Kindle with U.S. & International Wireless is 0.36 inches thick and weighs just over 10 ounces, Amazon said. These prices are higher than in the U.S. where most best sellers cost $9.99. As Amazon is selling from the U.S. store, the prices of the books in international markets are denominated in U.S. dollars rather than local currencies. "We aren't announcing a timeline today for payments in other currencies," Ward said. Its 2GB of memory holds up to 1,500 books.

Customers who buy a Kindle in a country without Whispernet coverage will be able to purchase content from the Kindle Store through a PC and download it to their Kindle through a USB (universal serial bus) cable, Ward said. The device features an experimental text-to-speech feature, Amazon added. Whispernet is a wireless delivery system for the Kindle that allows a user to download books and other Kindle content. AT&T will be offering the service to international users of the Kindle.

Flash flaw puts most sites, users at risk, say researchers

Hackers can exploit a flaw in Adobe's Flash to compromise nearly every Web site that allows users to upload content, including Google's Gmail, then launch silent attacks on visitors to those sites, security researchers said today. "The magnitude of this is huge," said Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security. "Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this." The problem lies in the Flash ActionScript same-origin policy, which is designed to limit a Flash object's access to other content only from the domain it originated from, added Mike Bailey, a senior security researcher at Foreground. How many of those sites serve files back to users from the same domain as the rest of the application? Unfortunately, said Bailey, if an attacker can deposit a malicious Flash object on a Web site - through its user-generated content capabilities, which typically allow people to upload files to the site or service - they can execute malicious scripts in the context of that domain. "This is a frighteningly bad thing," Bailey said. "How many Web sites allow users to upload files of some sort?

Nearly every one of them is vulnerable." Bailey, who demonstrated how attackers could compromise a Web site and attack users in a post today on Foreground's blog , outlined how a hacker would leverage the Flash flaw. "It's relatively simple," he maintained. "All they need to do is create a malicious Flash object, and upload it to the [Web] server." He used the example of a company that lets users upload content to a message forum to explain the process. "If the user forum lets people upload an image for their avatar, someone could upload a malicious Flash file that looks like an avatar image," Bailey said. "Anyone who then views that avatar would be vulnerable to attack." Adobe has told Foreground that the flaw is "unpatchable," Murray and Bailey said. But they've not had much success. "Some of the big Web properties have figured this out," said Bailey. "In a lot of cases, they're hosting user-generated content on another domain, perhaps for performance reasons." Among those site and services that have locked down their servers, Foreground cited Microsoft's Windows Live Hotmail and Google's YouTube. "But very few system administrators are even aware of this," Bailey added. Instead, Adobe is trying to educate site administrators to close the hole on their end. Even some of Adobe's Web properties are vulnerable to such an attack. "How can Adobe expect others to protect themselves when they can't do it themselves?" asked Murray. The only current defense users can employ against such attacks is to stop using Flash, or failing that, restrict its use to sites known to be safe with tools such as the NoScript add-on for Mozilla's Firefox, or ToggleFlash for Microsoft's Internet Explorer. "The best mitigation is to not use Flash," argued Murray, "but we know that that's impossible for most users, since Flash is so widely used on the Web." "Almost everyone using the Internet is vulnerable to a Web site that allows content to be updated inappropriately," said Murray. "That's not hyperbole, it's just fact.

Google's Gmail is also at risk from malicious Flash attack - Gmail lets users upload and download file attachments - although Bailey said that exploiting Google's Web mail service would be "extremely tricky" with "lots of hoops to jump through." Although Foreground has not detected any in-the-wild attacks using the technique, Murray said that there's evidence hackers are moving toward such tactics. "We're starting to see Flash used in these ways," he said, and cited a recent worm that leveraged a similar vulnerability in Adobe's software, which is pervasive on the Web and on users' machines. "The worst-case scenario is that someone would figure this out, and launch silent attacks against the entire Internet." That fear was a major consideration in Foreground's decision to go public with its information, even though Adobe can't fix the problem with a global patch of some sort. "We went back and forth on this a whole lot," said Murray. This has the potential to affect any social media site, any career site, any dating site, many retail sites and many cloud applications. End users would never know they got exploited." Adobe was not immediately available for comment. That's why this attack is so serious.