Sign up for our Technology Newsletter 
Will ARM’s Mbed OS Help The IoT?
October 13, 2014 by admin
Filed under Around The Net
Comments Off on Will ARM’s Mbed OS Help The IoT?
ARM has announced a software tool to make Internet of Things (IoT) deployment faster and easier and thus speed up the creation of IoT devices.
Called the Mbed IoT Device Platform, the software is primarily an operating system (OS) built around open standards that claims to “bring Internet protocols, security and standards-based manageability into one integrated tool” in order to save money and energy in making IoT devices.
The Mbed IoT Device Platform is made up chiefly of the Mbed OS, a free operating system for Cortex-M processor based devices that “consolidates the building blocks of the IoT in one integrated set of software components” and contains security, communication and device management features to enable the development of lower power IoT devices.
The OS will be available to Mbed partners in the fourth quarter for early development, with the first production devices due in 2015 to allow companies to focus on innovation, reducing development costs and time to market.
It will also support standards such as Bluetooth Smart, 2G, 3G, LTE and CDMA cellular technologies, Thread, WiFi, and 802.15.4/6LoWPAN along with TLS/DTLS, CoAP, HTTP, MQTT and Lightweight M2M, ARM said.
The Mbed OS will also feature the Mbed Device Server, a licensable software product that provides the required server-side technologies to connect and manage devices in a more secure way. It also provides a bridge between the protocols designed for use on IoT devices and the APIs that are used by web developers.
“This simplifies the integration of IoT devices that provide ‘little data’ into cloud frameworks that deploy big data analytics on the aggregated information,” said ARM. “Built around open standards, the product scales to handle the connections and management of millions of devices.”
Mbed Device Server is available now, with an aim to improve efficiency, security and manageability for devices using a “standards-based and IoT approach”, ARM said.
The software also comes with its own community, Mbed.org, which is the focus point for a more than 70,000 developers around the platform. The website provides a database of hardware development kits, a repository for reusable software components, reference applications, documentation and web-based development tools. It is already up and running, ARM said.
“Deploying IoT-enabled products and services requires a diverse set of technologies and skills to be coordinated across an organization,” said ARM CEO Simon Segars. “ARM Mbed will make this easier by offering the necessary building blocks to enable our expanding set of ecosystem partners to focus on the problems they need to solve to differentiate their products, instead of common infrastructure technologies. This will accelerate the growth and adoption of the IoT in all sectors of the global economy.”
ARM is launching Mbed with a number of partners, including Atmel, CSR, Ericsson, Farnell, Freescale, IBM, KDDI, Marvell, Megachips, Multitech, Nordic Semiconductor, NXP, Renesas, Seecontrol, Semtech, Silicon Labs, Stream Technologies, ST, Telenor Connexion, Telefonica, Thundersoft, u-blox, wot.io and Zebra.
Intel Shows Wireless
Intel demoed its “no wires future” of wireless gigabit docking at its Intel Developer Forum (IDF) in California.
Intel wireless gigabit docking is a fully cable-free experience that includes wireless docking, wireless display and wireless charging. Intel demonstrated a reference design based on a next generation 14nm Intel processor on stage during its opening keynote on Tuesday.
Intel hopes to implement this technology by the end of 2015.
“Not only your wireless display, but storage, keyboard and mouse – all the other peripherals you have that have been weighing down our backpacks or strewn across our desk, we’re eliminating with one technology, and that’s wireless gigabit,” said an Intel expert on stage.
“It’s not only a secure and also localised connection – so you can use it in high dense areas such as in an office – but also extremely fast performing at over three times the performance of today’s WiFi.
“But while that’s cool we still have one more cord in our bag and let’s get rid of it: ditch that brick. That last thing that’s weighing us down is [resolved by] wireless power; the ease of use and installation it has is really going to be an advantage using the wireless resonance technology.”
The technology works over a simple receiver that goes into client devices, along with a resonance board that acts as a dock, which creates its own wireless hotspot.
Intel demonstrated how the standard will work using a laptop that automatically powered up and charged as soon as it reached the surface of the table due to the magnetic charging field built into the desk surface.
Intel said that this technology could also charge wireless Bluetooth earpieces, wearable devices, tablets and notebooks. However, it doesn’t have to be built into devices to work, as Intel said it can also be retrofitted into the cases of the devices we are carrying around.
Intel’s wireless gigabit technology is another push towards the firm’s vision of a cable-free future, meaning there’ll be no annoying wires or leads connecting computers to monitors, laptops to plug sockets or tablets to projectors.
The semiconductor giant first announced this view in August, saying that it’s looking to change the enterprise IT market with a strategy that will offer “three major experiences” in the office, that is, wireless display connectivity, wireless docking and wireless charging.
HTTP2 Procotol Nears Completion
When it comes to amping up traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.
The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.
Not everyone is completely satisfied with the protocol however.
“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.
Others, however, praise HTTP/2 and say it is long overdue.
“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”
First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.
Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.
“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.
While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.
HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.
HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.
As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks — mobile users for instance,” Garrett said.
FTC Pushes For Security Standards
Despite growing resentment from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.
The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.
On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.
“I’d like to see FTC be the enforcer,” Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. “If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it’s something we’ve continued to push for.”
According to Ramirez, the FTC supports a federal data-breach notification law that would also give it the authority to penalize companies for data breaches. In separate comments at the same event, FTC counsel Betsy Broder reportedly noted that the FTC’s enforcement actions stem from the continuing failure of some companies to adequately protect data in their custody.
“FTC keeps bringing data security cases because companies keep neglecting to employ the most reasonable off-the-shelf, commonly available security measures for their systems,” Law360 quoted Broder as saying.
An FTC spokeswoman was unable to immediately confirm the comments made by Ramirez and Broder but said the sentiments expressed in the Law360 story accurately describe the FTC’s position on enforcement authority.
The comments by the senior officials come amid heightening protests against what some see as the FTC overstepping its authority by going after companies that have suffered data breaches.
Over the past several years, the agency has filed complaints against dozens of companies and extracted costly settlements from many of them for data breaches. In 2006 for instance, the FTC imposed a $10 million fine on data aggregator ChoicePoint, and more recently, online gaming company RockYou paid the agency $250,000 to settle data breach related charges.
Does The Cloud Need To Standardize?
Comments Off on Does The Cloud Need To Standardize?
Frank Baitman, the CIO of the U.S. Department of Health and Human Services (HHS), was at the Amazon Web Services conference praising the company’s services. Baitman’s lecture was on the verge of becoming a long infomercial, when he stepped back and changed direction.
Baitman has reason to speak well of Amazon. As the big government system integrators slept, Amazon rushed in with its cloud model and began selling its services to federal agencies. HHS and Amazon worked together in a real sense.
The agency helped Amazon get an all-important security certification best known by its acronym, FedRAMP, while Amazon moved its health data to the cloud. It was the first large cloud vendor to get this security certification.
“[Amazon] gives us the scalability that we need for health data,” said Baitman.
But then he said that while it would “make things simpler and nicer” to work with Amazon, since they did the groundwork to get Amazon federal authorizations, “we also believe that there are different reasons to go with different vendors.”
Baitman said that HHS will be working with other vendors as it has with Amazon.
“We recognize different solutions are needed for different problems,” said Baitman. “Ultimately we would love to have a competitive environment that brings best value to the taxpayer and keeps vendors innovating.”
To accomplish this, HHS plans to implement a cloud broker model, an intermediary process that can help government entities identify the best cloud approach for a particular workload. That means being able to compare different price points, terms of service and service-level agreements.
To make comparisons possible, Baitman said the vendors will have to “standardize in those areas that we evaluate cloud on.”
The Amazon conference had about 2,500 registered to attend, and judging from the size of the crowd it certainly appeared to have that many at the Washington Convention Center. It was a leap in attendance. In 2012, attendance at Amazon’s government conference was about 900; in 2011, 300 attended; and in 2010, just 50, Teresa Carlson, vice president of worldwide public sector at Amazon, said in an interview.
Is The Tesla Hackable?
It’s the curse of the connected car once it’s linked to the Internet, it’s, well, on the Internet. In the case of the Tesla Model S, this means that mischievous hackers could, in theory, control some functions of the vehicle and even snoop without the owner’s knowledge.
Tesla offers Android and iPhone apps for Model S owners, which can be used to check the vehicle’s battery, track its location and status, and tweak several other settings, like climate control and the sunroof. It can also be used to unlock the doors on the Model S.
Dell senior engineer George Reese says the REST API used by Tesla to provide access for Android and iPhone apps has several fairly serious security flaws, which could offer a way in for unscrupulous hackers.
According to an article written by Reese for O’Reilly, Tesla appears to have broken from accepted best practice when designing the API for the Model S.
“It’s flawed in a way that makes no sense. Tesla ignored most conventions around API authentication and wrote their own. As much as I talk about the downsides to OAuth (a standard for authenticating consumers of REST APIs–Twitter uses it), this scenario is one that screams for its use,” he wrote.
However, Reese notes, this is merely a potential attack vector, not one that could be immediately exploited. That said, a compromised website particularly one designed to provide “value-added services” via the API to Tesla drivers could prove highly damaging.
“I can … honk their horns, flash their lights, and open and close the sunroof. While none of this is catastrophic, it can certainly be surprising and distracting while someone is driving,” Reese wrote.
Automotive hacking has been posited by experts for some time, and several presentations at this year’s Defcon detailed fairly comprehensive methods of compromising some models.
Cloud Storage Specs Approved
The International Organization for Standardization (ISO) has ratified the Cloud Data Management Interface (CDMI), a set of protocols defining how businesses can safely transport data between private and public clouds.
The Storage Networking Industry Association’s (SNIA) Cloud Storage Initiative Group submitted the standard for approval by the ISO last spring. CDMI is the first industry-developed open standard specifically for data storage as a service.
“There is strong demand for cloud computing standards and to see one of our most active consortia partners contribute this specification in such a timely fashion is very gratifying,” Karen Higginbottom, chairwoman of the ISO committee, said in a statement. “The standard will improve cloud interoperability.”
The CDMI specification is a way to create an interface for accessing data in the cloud by preserving metadata about information that an enterprise stores in the cloud. With metadata associated with the information, companies can retrieve data no matter where it’s stored.
“With the metadata piece, it’s also complementary with existing interfaces. The standard can be used with Amazon, for file or block data and it can use any number of storage protocols, such as NFS, CIFS or iSCSI,” said SNIA Chairman Wayne Adams.
Based on a RESTful HTTP protocol, CDMI provides both a data path and control path for cloud storage and standardizes a common interoperable format for securely moving data and its associated data requirements from cloud to cloud. The standard applies to public, private and hybrid deployment models for storage clouds.
Huawei Investigating Security Flaws
August 14, 2012 by admin
Filed under Network Services
Comments Off on Huawei Investigating Security Flaws
Huawei Technologies said on Thursday it was investigating claims that its routers contained critical vulnerabilities, after security researchers disclosed alleged problems last.
“We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims,” Huawei said in an email. The company added it uses “rigorous security strategies and policies” to protect the networks of its customers, while following industry standards and best practices concerning security.
“Huawei has established a robust response system to address product security gaps and vulnerabilities,” the company said. The company is also calling on industry to promptly report all product security risks so that the problems can be addressed and fixed, it said in its email.
The alleged security vulnerabilities were disclosed at the Defcon hackers conference this past Sunday by two security researchers. The vulnerabilities were found in the firmware of Huawei AR18 and AR29 series routers, which once exploited through the flaws, could be taken over via the Internet.
One of the researchers, Felix Lindner the head of security firm Recurity Labs, described the security of the Huawei devices he analyzed as “the worst ever”, and said there were bound to be more security flaws with the products.
FTC Singles Out Google’s Chrome
Federal Trade Commission Chairman Jon Liebowitz this week singled out Google for not adopting “Do Not Track,” the privacy feature that allows consumers the ability to opt out of online tracking by Web sites and marketing entities.
In an interview Monday with Politico, Liebowitz called out Google for not supporting Do Not Track in its Chrome browser.
Noting that Do Not Track had gathered momentum, Liebowitz said, “Apple just announced they’re going to put it in their Safari browser. So that gives you Apple, Microsoft and Mozilla. Really the only holdout — the only company that hasn’t evolved as much as we would like on this — is Google.”
Do Not Track has been promoted by the FTC and by privacy advocates including the Electronic Frontier Foundation (EFF), as the best way to help consumers protect their privacy.
The technology requires sites and advertisers to recognize incoming requests from browsers as an opt-out demand by the user. The information is transmitted as part of the HTTP header.
As Liebowitz said, Microsoft and Mozilla have added Do Not Track header support to their Internet Explorer 9 (IE9) and Firefox 4 browsers. While Apple hasn’t confirmed that the next version of Safari will include Do Not Track, developers have reported finding the feature in early editions bundled with Mac OS X 10.7, aka “Lion,” the upgrade slated to ship this summer.