Astronomers creating 3D map of the universe

A group of astronomers looking to better understand dark energy have started creating a three-dimensional map of the universe. The researchers hope to complete that part of the map by 2014, the university said. The first segment of the 3-D map is being designed to include data from 1.4 million galaxies and 160,000 quasars according to the University of Arizona , which is part of the project.

The team is using a 2.5-meter telescope, equipped with two powerful special-purpose instruments, at Apache Point Observatory in New Mexico. Scientists have not announced how long it might take to create the whole map. "Making a three-dimensional map is essential to understanding why the universe is expanding at an ever-accelerating rate," said University of Arizona astronomy professor Daniel Eisenstein , director of the Sloan Digital Sky Survey III. A collaboration of 350 scientists are working on the survey, also known as SDSS-III. The mapping project, known as the Baryon Oscillation Spectroscopic Survey, or BOSS, is part of SDSS-III. Astronomers long have been trying to figure out dark energy . Experts theorize that about 70% of the universe is made up of dark energy. They have so far collected astronomical data on a thousand galaxies and quasars. The universe, which is believed to be driven by the mysterious force known as dark energy, is expanding at an accelerating rate. Following the Big Bang theory, it was believed that the universe was created out of a massive explosion. The rapid expansion has mystified scientists.

It was theorized that the pull of gravity would slow the universe's rate of expansion over time, but in 1998 the Hubble Space Telescope determined that the expansion actually is speeding up, not slowing down. It's a very odd thing," said Eisenstein. "Gravity pulls things together, so you'd expect gravity would be pulling the universe back together so that it would expand at a decelerating rate. According to NASA , scientists generally believe that dark energy, while its particulars are uknown, appears to be causing the universe's increasing expansion. "We're trying to understand why that is. But something is causing the universe to expand at an accelerating rate. The BOSS team, which is made up of personnel from 42 different institutions, is focused on measuring the spectra, or colors, of galaxies and quasars.

Either we misunderstand how gravity works on the largest scales, or there's some extra thing in the universe that actually causes gravity to repel structure." Here on Earth, the Large Hadron Collider , which is the world's largest particle collider , is also looking for clues about the ingredients of dark energy and its effect on the expansion of the universe. That information enables astronomers to determine how far away and how far back in time the celestial objects they're observing are. "The data from BOSS will be the best ever obtained on the large-scale structure of the universe," said BOSS principal investigator David Schlegel of the U.S. Department of Energy's Lawrence Berkeley National Laboratory, in a statement.

Cisco bolsters routers to spur IPv6 migration

Cisco this week enhanced its IPv6 offerings for its carrier core and edge routers in an effort to ease the eventual migration from IPv4. The Carrier-Grade IP Version 6 Solution line includes a new hardware module for Cisco's CRS-1 router, and software for that system as well as for the ASR 9000 edge router. By 2015, there will be 15 billion IP endpoints on the Internet. Cisco also unveiled professional services offerings to assist customers in the transition from IPv4 to IPv6. The evolution of the Internet Cisco says there are 700 days left until the last block of IPv4 addresses are allocated. The IPv6 enhancements rolled out this week are intended to provide a bridge from IPv4 to full IPv6 network while at the same time preserving existing IPv4 addresses to ease the migration.

IPv6 has 340 undecillion unique addresses - or more than 50 billion billion billion - for each person on earth, more than enough to continue to support the demand for IP addresses, Cisco says. IPv4 has a finite set of unique addresses, numbering approximately 4 billion, which is rapidly depleting due to the growth of Internet-connected devices and smart devices. However, the protocols of IPv4 and IPv6 are not directly compatible, so migrating a network from IPv4 to IPv6 requires preservation of IPv4 while orchestrating a gradual and prudent transition to IPv6. This has been a chief reason why the industry has been procrastinating on this migration even though IPv6 was developed a decade ago. It's probably something to take seriously two to five years from now but (carriers) have to start to prepare." With that, Cisco unveiled the Carrier-Grade Services Engine for the CRS-1. Deployed deep in the core of service provider's network, this module supports large-scale, high-throughput network-address translation (NAT). At the edge, Cisco rolled out Carrier-Grade IPv6 Solution for its ASR series routers. But with IPv4 addresses facing imminent depletion, the time may have come to accelerate the adoption of IPv6. "I do think we've reached the point where we should be concerned about it," says Glen Hunt, an analyst at Current Analysis. "The biggets problem might be that we've been crying wolf about IPv6 and defining ways to get around attacking the problem. This is software that helps enable NAT at the edge of a network for smaller or distributed IP networks.

These are professional services designed to make the transition to IPv6 smooth and reduce the risk to network operations. The software is intended to first tunnel IPv6 addresses through IPv4; and then perform the inverse function as IPv6 addresses outnumber IPv4. Lastly, Cisco is offering services for the Carrier-Grade IPv6 Solution implementation. The services include initial planning and IPv6 readiness assessment to design and implementation. All products will be available in early 2010. Cisco did not disclose pricing.

Keep an eye on temps, and other holiday season security tips for retailers

Temporary workers brought in to help during the busy holiday shopping season can sometimes pose a data security risk for companies. The council oversees the implementation of mandatory security standards for protecting credit and debit card data across the payment industry. Retailers that hire temporary help need to keep a watchful eye on them to reduce the risk of data compromises, said Bob Russo, general manager of the PCI Security Standards Council. With many retailers hiring temporary workers to handle extra business, vigilance is key, Russo said. "Management needs to hover at this time of the year, especially with temps," he said.

Proper access controls also need to be in place to prevent temporary workers from gaining access to other systems, he said. Temporary workers who handle credit card data or are involved in any form of payment processing need to follow appropriate security procedures. Training and background checks also need to be done as much as possible, he said. "When you hire somebody as a full-time employee, you have time to do independent checks. But if there is a way to perform checks, even if it is simply verifying references, it's important to do so, he said. "You've got to hope for the best but plan for the worst," in such cases, he said. You can't do that at the end of the year when you are trying to make the Christmas rush and you have about 40 to 45 days to make money," he said. Here are some other measures that security experts suggest retailers take to minimize data compromise risks during the holiday season: Monitor the use of temporary cash registers and handheld scanners.

It's a good idea to bolster physical security around these devices to ensure they are not tampered with, Russo said. Many retailers tend to increase their use of handheld scanners and satellite cash registers to speed up the payment process during the busy season. Without monitoring, it's easier to install a card-skimming device on a satellite register for instance, than it is in on a point-of-sale device in a permanent checkout lane. Install additional video cameras to monitor the use of such devices. Look also for signs of tampering with PoS devices, such as raised or broken seals, he said.

Review log data daily. Checking them daily for red flags is a good idea at any time, but even more so during the holidays, Russo said."Though you might not be able to stop a data breach, you can mitigate them if you are watching those logs daily. System and transaction logs can reveal a lot of information about the security of a payment system. It's a pretty common sense kind of thing," he said. The fraud detection systems that online retailers use can sometimes flag legitimate transactions. "It's generally better to manually review suspect and suspended transactions that may be legitimate rather than lose good sales and customers by rejecting them outright," said Avivah Litan, an analyst with Gartner Inc. Assign more staff to perform manual reviews of suspected/suspended transactions.

Implement "hard" firewall policies. Also train or refresh call center and customer service staff on fraud prevention procedures. "Social engineering of call center representatives is a favorite ploy of the fraudsters," she said. Use a white list of known good addresses to preclude the possibility of card and payment data going anywhere outside the enterprise firewall except to your payment processor, Litan said.

Fingerprints not enough for future security government systems

In the emerging world of advanced security systems at the FBI  and http://www.networkworld.com/news/2009/092309-dod-wartime-biometrics.html ">Department of Defense, DNA, facial recognition, iris scans and palm prints will play a larger role in investigations than the traditional fingerprint. Though NGI will initially be a fingerprints repository like the existing IAFIS, palm prints are being added in as well. Both agencies have embarked on biometrics-system makeovers that may eventually include mass-scale DNA biometrics storage for investigative purposes.  Under what's called the Next-Generation Identification (NGI) program, the FBI is looking toward replacing its current Integrated Automated Fingerprint Identification System (IAFIS) for a totally revamped biometrics system that over the years will not only be a repository for individuals' fingerprints, but also store additional biometrics expected to include iris scans, 2D-to-3D facial imaging, palm prints, voice and DNA. Slideshow: The changing face of biometrics "We see the December, January timeframe for rolling this out," said Kevin Reid, section chief for the biometrics services sector at the FBI, who spoke on the topic at this week's Biometric Consortium Conference.

And 2D-to-3D facial imaging, iris, and especially DNA profiles are all of interest to the FBI for its NGI system in the future. The U.S. Department of Defense has embarked on a similar biometrics project with its Next Generation Automated Biometrics Identification System (NG-ABIS). The older ABIS it replaces was basically a fingerprint-oriented system that has mainly been used in hunting down dangerous insurgents and terrorists in wartime Iraq and Afghanistan. Louis Greve, executive assistant director of the FBI's science and technology branch, this week called DNA the most accurate biometric known today, along with fingerprints. At the core of the DoD's NG-ABIS is an upgraded database guarded under high security at a location in West Virginia. Corp.

NG-ABIS was put in place earlier this year under a contact with Northrop Grumman. Ken Lehman, vice president of identity management at Northrop Grumman's information systems division in McLean, Va., says NG-ABIS is based on an Oracle database with Java Enterprise Web Services and includes a search engine from L-1 Identity Solutions. NG-ABIS "has more scalability," says Lehman. "We can add new modalities as they come into play, not just fingerprints. The older ABIS used the HP Superdome supercomputer for fingerprint storage. A new modality is palm prints, for example." It's anticipated that multiple biometrics types will help in more quickly and definitively identifying an individual for stronger match rates that add up to an individual's biometrics match score.

But for investigative purposes, one thing holding back use of DNA as a reliable identifier of an individual is the time and labor associated with analyzing DNA samples today manually in laboratories equipped for that purpose. The DoD has long kept a "DNA dogtag" database of enlisted personnel whose main purpose is helping identify those whose lives are lost in service. So the DoD and FBI are teaming on some things, such as sponsoring research on creating so-called rapid DNA analysis. He said researchers believe DNA doesn't change over an individual's lifetime. It's envisioned by some as a self-contained kit that would automate and speed the manual processes involved in DNA analysis today, which typically run from several hours to days, say experts. "Each person has a unique DNA profile, except identical twins, and each person's DNA is the same in every cell," said Peter Vallone, research chemist in the biochemicals sciences division at the National Institute of Standards and Technology (NIST), who spoke on the topic in a presentation made at the Biometric Consortium Conference. NIST, in conjunction with academic institutions that include the Lincoln Laboratory at MIT, is coordinating the research on rapid DNA analysis.

It would be like "a lab on a chip," he said. The goal is to have a system that can take a swab of DNA, such as from the inside of an individual's cheek, and have that testing completed as automatically as possible within an hour. There's no specific timeframe for introducing such as kit, and it will probably take several years, but there's optimism it can be done. Ironically, IBM is a sub-contractor on the winning Lockheed Martin NGI contract, so IBM will be involved on the NGI project, points out Barbara Humpton, vice president, security and citizen protection in Lockheed Martin's information systems and global services division. The FBI's long-term transition from IAFIS to the NGI biometrics system upgrade is being conducted under a 10-year $1 billion contract awarded to Lockheed Martin in February 2008, though a protest led by competitor IBM delayed the contract's finalization under May of this year. It's not yet clear what IBM's exact role will be, though Humpton said the FBI just a few weeks ago approved a conceptual design plan as part of a critical review to decide elements of NGI. She said she wasn't at liberty to discuss details, though it's been made public that MorphoTrak has been selected for the 10-fingerprint biometrics piece of NGI. The role of other vendors will be made clear over time as additional technology reviews are done, says Humpton.

But it does seem likely the FBI will be taking a services-oriented architecture (SOA) route. The FBI is expected to start taking delivery of new computers for NGI early next year. John Mears, director of biometric solutions at Lockheed Martin's information systems and global services division, says the advantage of a services-oriented framework is that you can "plug in a different biometric modality, such as finger, face and iris." There's the prospect ahead of adding a DNA piece, too, especially if the rapid DNA profiling technology is developed, he notes. This would be a game-changer for biometrics, he notes, subject to policies and laws associated with DNA around the world, not to mention the court of public opinion.

Kindle has best sales month in November, Amazon says

November was the best sales month ever for the Kindle e-reader, even before traditionally heavy sales on Cyber Monday, Amazon.com Inc. said early today. Manufacturers of e-readers have been closed-mouthed about sales figures, and even analysts widely disagree on how many have sold. Notably, the online bookseller didn't say how many Kindles it sold in November. For all of 2009, the analysts' sales tallies range from 2 million to about 5 million. "Kindle is a great gift for anyone who loves to read and it's flying off the shelves faster than any other product Amazon sells," said Ian Freed, vice president of Amazon's Kindle division.

The fact that the Kindle device is shipping immediately may be Amazon.com's main reason for making today's announcement, drawing attention to Kindles remaining in stock compared to e-readers from other device makers that are sold out. The latest Kindle generation, released in October , sells for $259 and is available for immediate shipment, Amazon.com said. For example, the $259 Nook from Barnes & Noble Inc., was due to hit bookstores today after several weeks of pre-sales, but was recently reported out of stock , with deliveries starting after Jan. 4. Sony also said on Nov. 18 that its Daily Edition e-reader might not make it to buyers before the end of the year. But analyst firm iSuppli Corp. predicted 5 million e-readers will be sold in 2009, an estimate recently confirmed by iSupply analyst Vinita Jakhanwal. Forrester Research in early October said sales of e-readers from all makers will be about 900,000 in November and December, bringing the total number of units sold in 2009 to 3 million units, up from 2 million in an earlier projection. Analyst Nick Hampshire at MediaIdeas, however, said recently that far fewer than 5 million e-readers will sell in 2009, and said 5 million is the amount he is estimating for all of 2010, when iSuppli is predicting 13 million will be sold.

HDTVs, Blu-Ray Players Push Web Connections

Connected TVs, set-top boxes, and Blu-ray Disc players aren't new, but they continue to make new connections with Web sites and services, from YouTube and Netflix to Amazon and Internet radio sites. Some offer a lot more than others, but all are building up their portfolios of Web video and interactive services. The definition of "connected" varies widely between consumer electronics vendors.

Some of the newest entries were on display last week at the CEDIA (Custom Electronic Design and Installation Association) event in Atlanta. Available on networkable Bravia sets, the video service will also appear on a new networkable Sony Blu-ray Disc player, the BDP-N460, which will ship later this fall priced under $250. (Sony Bravia TVs also offer Web content such as stocks, weather, and Twitter, via their Bravia Widgets.) LG Electronics, meanwhile, announced the addition (via a firmware upgrade later this month) of the Vudu on-demand service to the Netcast Entertainment Access service on its $399 BD390 Blu-ray Disc player. Sony, which already offers movies, TV shows, and music from some two dozen partners, including Amazon movies on demand, Slacker radio, and YouTube, announced that it will add Netflix to its Bravia Internet Video lineup later this fall. The service already offers access to CinemaNow, Netflix, and YouTube content. And Samsung's networkable Blu-ray Disc players, including the BD-P1600, BD-P3600, and BD-P4600, will add YouTube access to the existing Pandora and NetFlix services.

Samsung's Internet@TV service, which already had a dozen Yahoo widgets, now offers on-screen access to Rallycast fantasy sports applications, including Facebook messaging and access to team stats. Pioneer, meanwhile, demo'd a new platform for connected electronics. The prototypes at CEDIA featured everything from video-on-demand services to backup. Code-named Project ET, it is designed to allow device designers and/or consumers to choose the content and services they want by clicking on menu buttons in the service's Web portal. Pioneer officials said the platform could exist on a set-top box of its own or on a Blu-ray Disc player or other networkable device (one demo setup featured a Blu-ray player with 1 terabyte of built-in storage.

The company hopes to show a product based on the platform within the next few months.

The other iPhone lie: VPN policy support

It turns out that Apple's iPhone 3.1 OS fix of a serious security issue - falsely reporting to Exchange servers that pre-3G S iPhones and iPod Touches had on-device encryption - wasn't the first such policy falsehood that Apple has quietly fixed in an OS upgrade. Before that update, the iPhone falsely reported its adherence to VPN policies, specifically those that confirm the device is not saving the VPN password (so users are forced to enter it manually). Until the iPhone 3.0 OS update, users could save VPN passwords on their Apple devices, yet the iPhone OS would report to the VPN server that the passwords were not being saved. It fixed a similar lie in its June iPhone OS 3.0 update. The fact of the iPhones' false reporting of their adherence to Exchange and VPN policies has caused some organizations to revoke or suspend plans for iPhone support, several readers who did not want their names or agencies identified told InfoWorld.

Worse, it revealed that Apple's iconic devices have been unknowingly violating such policies for more than a year. "My guess is the original decision to emulate hardware encryption was made at a level where there wasn't much awareness of enterprise IT standards. One reader at a large government agency describes the IT leader there as "being bitten by the change," after taking a risk to support the popular devices. "I guess we will all have to start distrusting Apple," said another reader at a different agency. [ Apple's snafu on the iPhone OS's policy adherence could kill the iPhone's chances of ever being trusted again by IT, argues InfoWorld's Galen Gruman. ] Last week's iPhone OS 3.1 update began correctly reporting the on-device encryption and VPN password-saving status when queried by Exchange and VPN policy servers, which made thousands of iPhones noncompliant with those policies and thus blocked from their networks. (Only the new iPhone 3G S has on-device encryption.) Apple's document on the iPhone OS 3.1 update's security changes neglected to mention this fix, catching users and IT administrators off-guard. After all, this is a foreign language for Apple," says Ezra Gottheil, an analyst at Technology Business Research. "However, once the company realized the problem, it made a spectacularly dumb choice. Instead, it allowed itself to be seen in the worst possible light. The change was necessary and inevitable, but Apple could have earned some points by coming clean at the earliest opportunity. This is the result of a colossal clash of cultures.

Even when it is trying, Apple cannot force itself to think like an enterprise vendor." Apple's advice to users on addressing the Exchange encryption policy issue is to either remove that policy requirement for iPhone users or replace users' devices with the iPhone 3G S. IT organizations can also consider using third-party mobile management tools that enforce security and compliance policies; several now support the iPhone to varying degrees, including those from Good Technology, MobileIron, and Zenprise.