Since Windows 2008 the “oldschool” and well known 2003 terminal services are extended on rich web services which provides now great new capabilities in designing and deploying built in terminal server services based on HTTP/HTTPS. in combination with RD Gateway the applications can also be securely published to WWW and session host server be isolated in non public facing network segments. all terminal services are now called Remote Desktop services shortly RD.
To enable RD (Remote Desktop) services there are generally 2 ways, “Quickstart” and “Standard Deployment”. Also there 2 types of RD services available, Session Virtualization or VDI (Virtual Desktop Infrastructure). In this blog article I focus and deploy RDS for session virtualization which means hosting and publishing of terminal server applications.
Quickstart is straight forward and deploys you quickly the required services and configure an standard pool of applications mainly can be used for setting up a…
View original post 240 more words
Kenya has made a remarkable move of deploying its first ever satellite tracking system. Thanks to a new satellite tracking system based in Kenya, eastern and southern African states have joined the growing ranks of countries tracking extreme weather and climate change impacts from space.
The Regional Centre for Mapping of Resources for Development (RCMRD) in Nairobi launched a satellite tracking system in mid-July that can collect real-time data from 75 percent of Africa’s land area.
Capable of capturing images with a 250-metre resolution, the Moderate Resolution Imaging Spectroradiometer (MODIS) monitors factors affecting the environment, like forest fires, in areas where human surveillance cannot reach without the aid of aerial photography.
“It enables the acquisition of direct data which can be processed into different products for a variety of applications, such as flood mapping, crop monitoring, fire assessment, water quality assessment and hailstorm prediction, among others,” said the RCMRD’s director for remote sensing, Tesfaye Korme.
The satellite receiving station in Nairobi collects data from several earth observation satellites, which it shares with the RCMRD’s 15 member states in eastern and southern Africa, Korme said.
Funded by the Google Foundation at a cost of $250,000, the MODIS antennae gathers information on Africa from the Atlantic coast to the Indian Ocean and from the north to the south of the continent, officials said.
DATA FOR INSURANCE
That means it can tap data from Gachari Wanja’s village in central Kenya.
The farmer from Nanyuki has tried a couple of options, including conservation agriculture techniques, to boost production from her land in Laikipia County. But none has yet shown promise, laments the mother of four.
“I have even signed up with a crop insurance scheme as a way of ensuring I do not suffer so much loss when the rains fail,” said the 36-year-old. “Sometimes I am compensated for the loss, but at other times I do not get a payout.”
It is not her fault when she doesn’t get anything, as payouts are made to farmers depending on data collected from the nearest remote weather station.
Powered by solar energy, the automatic weather stations are fitted with a General Packet Radio Service (GPRS), which enables them to record rainfall data from farms within a radius of 20 km every 15 minutes, according to officials at the Center for Training and Research in Arid and Semi Arid Lands Development (CETRAD).
For instance, if rain falls at Wanja’s farm but doesn’t reach her neighbour’s land some 5 km away, it means the neighbour wins compensation but Wanja doesn’t.
“Insurance companies ask for evidence of what is being claimed,” said Robinson Mugo, who heads up an ecological monitoring and disaster-response project called SERVIR-Africa at the RCMRD. But sometimes remote weather stations fail to give accurate data, he added.
This, according to Mugo, is where MODIS – which supports the SERVIR project, among other things – comes in.
It can show insurance companies, governments and farmers how much rain is received over a given period of time much more accurately than the weather stations, he said.
The SERVIR platform, set up in 2008, integrates satellite observation and predictive models with other geographic information to track and forecast ecological changes, and respond to natural disasters.
INVESTING IN PEOPLE TOO
Mugo, who recalls his childhood growing up on a farm, is troubled by the rapid change in climate patterns. Installations like automatic weather stations, he says, cannot meet the demand for factual information to shore up expanding initiatives like crop insurance.
“Climate change not only affects countries but has gone beyond geographical and political boundaries,” Mugo said. The cross-border data captured by MODIS can be shared to inform policies that help ordinary people cope with the impacts of a warming world, he added.
The technology is also useful for scientific activities such as measuring ocean temperatures and soil sediment running off into water bodies, and predicting hazards like tsunamis, he added.
But not everyone is convinced that big investments in technology will achieve much in tackling climate change.
Lanyasunya T.P., a member of the management board at Kenya’s National Commission for Science, Technology and Innovation (NACOSTI), argues that young people and women need to be involved at the community level in such efforts if they are to bear real fruit.
“The future of this country in all spheres of development is in the hands of the coming generation,” he said. But NACOSTI – which is not involved in the MODIS project – lacks funding to help young people begin exploring their own ideas, he added.
The RCMRD’s Mugo, however, believes governments affiliated with his institution are making progress in engaging their employees, as well as donors and communities affected by climate change.
“It might look like governments are making a small contribution to fight climate change but it is significant,” Mugo said.
In the case of the MODIS project, the Kenyan government employs the staff working on the project, and is responsible for gathering, processing and distributing the data to the centre’s other member states.
Barclays Bank in the U.K. will begin using a finger vein scanner to identify its customers. The move comes after a wave of hacks on financial institutions that have demonstrated how feeble password and PIN protections have become.
The bank will send the small portable device to its customers who want to do their banking online. It will function as a form of two-factor identification. Users will punch in their pass word or account details, and then be required to confirm their identities by sticking their fingers into the scanner, a separate device from their computer.
Barclays customers have already been using a separate portable device, the PINsentry, the access their accounts online. Users log in, then insert their debit cards into the PINsentry to retrieve another code number, and can only proceed with transactions once the web site is satisfied that the user, the card and the PINsentry code all came from the owner of the account.
Here is a PINsentry:
The vein scanner will be even more secure, Barclays says: “The compact device can read and verify the users’ unique vein patterns in the finger. Unlike finger prints, vein patterns are extremely difficult to spoof or replicate. Barclays will not hold the user’s vein pattern and there will be no public record of it.”
Here is a closeup:
Barclays finger vein scanner
The device will require users to make sure they don’t lose any of their fingers, the Guardian noted:
Customers will first have to register a finger – Barclays is recommending the index finger, plus a back-up digit should you be careless enough to lose or damage the first choice. The unique vein pattern in the finger will then be held on a sim card that is added to the reader. Barclays itself will not store the data.
The device then scans the unique pattern of veins inside your finger to confirm that it’s actually you:
Japan, Turkey, Russia and Poland already have banks using vein scanners to confirm IDs, the Financial Times says.
By Tom Cheshire, Technology Correspondent
Millions of eBay users were asked to change their passwords on Wednesday after the site’s security was compromised. Here are some top tips and what to do to tighten up your online security.
Change your password
Even if you haven’t used your eBay account, change your password – especially if you’ve used that password on other sites.
It’s a pain, but it’s worth changing your major passwords – especially anything tied to financial and sensitive personal information – every few months.
Change your password in the browser
When changing your password, don’t do this by following an email prompt.
Instead, go the website directly by pasting its URL into the address bar in your web browser.
More generally, never click on links on emails unless you’re completely sure it’s from a trustworthy source. Even a friend sharing an amusing cat video may have been hacked.
Choose the best possible password
What makes the best password is subject to hard fought debate online.
The most secure passwords are also the hardest to remember, and any password is a trade-off between security and convenience. A long, unintelligible string of alphanumeric and special characters is strongest, but not practical for everyday use.
Instead, use a memorable combination of words – not culled from a famous phrase or book.
If your phrase is anywhere on the web, chances are it’s known to hackers – so ‘itwasthebestoftimesitwastheworstoftimes’ isn’t much better than ‘eBayPassword679’.
Don’t use easily guessable information. Choose a nonsense phrase that you’ll remember, and swap in some numbers and special characters.
Something like ‘InApril1EnjoyThrowingDucks!n1ntoTh3R1ver’ is good, then come up with a variation on that for each site.
Again, don’t use the same passwords across different sites.
Use a password manager
If you do prefer to use a stronger password, but struggle to keep track of them, consider using a password manager.
These collect all your passwords into one place, so that you access all the different passwords with one master password.
Because there’s only one point of failure, that password needs to be very secure – and also very well protected.
KeePass, LastPass, Password Box and Dashlane are all good options.
Consider two-step verification
For your most important online accounts – banking, email and social networking – two-step authentication is a very good way of making yourself more secure.
This means that when you log into an unusual computer, you’ll have to authenticate yourself using your mobile phone or another means of verification. Most major web sites offer this now, and it’s less of a hassle than you think.
Pay attention to iTunes
If you suspect you’ve been hacked, pay close attention to your outgoing finances.
Hackers will often use very small amounts to test the water with stolen financial information.
Pay close attention to iTunes especially – hackers will make tiny purchases worth pennies here, to see if a credit card works. So make sure you check your iTunes statements.
Scan for malware
If hackers have your email address and other personal information, there’s a good chance they can access your personal devices.
Install malware protection from a reputable source and scan your computer.
Everyone hates passwords and, thankfully, they may not be around for much longer.
Many companies are working on software that uses behavioural monitoring – the way you type, click around a website and generally interact – to uniquely identify you.
Others are looking at biometrics – like Apple and Samsung’s fingerprint readers on their smartphones.
Future technology might use facial recognition, or heartbeat pattern detection.
Understanding How Transport Rules Are Applied
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2010-01-25
In Microsoft Exchange Server 2010, transport rules allow you to apply messaging policies to messages in the transport pipeline. Actions such as redirecting a message or adding recipients, rights-protecting messages, and rejecting or silently deleting a message can be taken on messages that match the conditions and none of the exceptions defined in the rule.
Given the scope and potential impact of transport rules on messages, it’s important to understand how transport rules work. To learn more about transport rules, see Understanding Transport Rules. For a comprehensive list of transport rule predicates and actions available on the Hub Transport server and Edge Transport server, see Transport Rule Predicates and Transport Rule Actions.
Looking for management tasks related to managing transport rules? Check out Managing Transport Rules.
Transport Rule Scope
Although the procedures used to create and modify transport rules on each server role are the same, the scope of transport rules on each server role is very different.
Transport rule scope
Hub Transport server role
Edge Transport server role
|Agent||Transport Rules agent||Edge Rules agent|
|Rule storage||Active Directory domain controllers||Active Directory Lightweight Directory Services (AD LDS) (local)|
|Rule replication||Active Directory replication||No automated replication between Edge Transport servers|
|Rule scope||Entire Exchange organization||Local to each Edge Transport server|
|Message types||All messages except system messages||All messages|
|Lookup distribution group membership||Yes||No|
|Lookup Active Directory attributes||Yes||No|
|Inspect or modify Information Rights Management (IRM)-protected message content||Yes (requires transport decryption)||No|
Rule Storage and Replication
The transport rules you create on a Hub Transport server are stored in Active Directory and are available after Active Directory replication on all Hub Transport servers in your Exchange 2010 organization. This allows you to apply a consistent set of rules across the entire Exchange organization.
Transport rules created on an Edge Transport server are stored in the local instance of AD LDS. No automated replication of configuration information or transport rules occurs between two Edge Transport servers. You can use distinct sets of transport rules on different Edge Transport servers. For example, if an organization uses a different set of Edge Transport servers for inbound and outbound messages to and from the Internet, different rules can be used on these servers. Rules created on the Edge Transport server apply only to messages that pass through that server. However, if applying the same set of transport rules on all Edge Transport servers is a requirement, you can also clone the Edge Transport server configuration, or export transport rules from one Edge Transport server and import it to other Edge Transport servers. For more details, see Understanding Edge Transport Server Cloned Configuration and Export and Import Transport Rules.
On Edge Transport servers, rules apply to all messages. On Hub Transport servers, rules are applied to messages that meet the following criteria:
- Messages sent by anonymous senders Transport rules are applied to all messages received from anonymous senders. E-mail received from the Internet falls under this category.
- Messages sent between authenticated users Transport rules are applied to the following types of messages sent between authenticated users:
- Interpersonal messages Interpersonal messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies.
- Encrypted e-mail messages Messages that are encrypted using S/MIME. Transport rules can access envelope headers contained in encrypted messages and process messages based on predicates that inspect them. Rules with predicates that require inspection of message content, or actions that modify content, can’t be processed.
- Protected messages Messages that are protected by applying an Active Directory Rights Management Services (AD RMS) rights policy template. With transport decryption enabled, the Transport Rules agent on a Hub Transport server can access the content of protected messages. Messages must be published using an AD RMS cluster in the same Active Directory forest as the Exchange 2010 server. With transport decryption disabled, the agent can’t access message content and treats the message as an encrypted message.
- Clear-signed messages Messages that have been signed but not encrypted.
- Unified messaging e-mail messages Messages that are created or processed by the Unified Messaging server role, such as voice mail, fax, missed call notifications, and messages created or forwarded by using Microsoft Outlook Voice Access.
- Read reports Reports that are generated in response to read receipt requests by senders. Read reports have a message class of
Transport Rule Replication
Transport rules configured on Hub Transport servers are applied to all messages handled by the Hub Transport servers in the Exchange 2010 organization. When a transport rule is created or an existing transport rule is modified or deleted on one Hub Transport server, the change is replicated to all Active Directory domain controllers in the organization. All the Hub Transport servers in the organization then read the new configuration from the Active Directory servers and apply the new or modified transport rules. By replicating transport rules across the organization, Exchange 2010 enables you to apply a consistent set of rules across the organization.
|Replication of transport rules across an organization depends on Active Directory replication. Replication time between Active Directory domain controllers varies depending on the number of sites in the organization, slow links, and other factors outside the control of Exchange. When you configure transport rules in your organization, make sure that you consider replication delays. For more information about Active Directory replication, see Active Directory Replication Technologies.|
|Each Hub Transport server maintains a recipient cache that’s used to look up recipient and distribution list information. The recipient cache reduces the number of requests that each Hub Transport server must make to an Active Directory domain controller. The recipient cache updates every four hours. You can’t modify the recipient cache update interval. Therefore, changes to transport rule recipients, such as the addition or removal of distribution list members, may not be applied to transport rules until the recipient cache is updated. To force an immediate update of the recipient cache, you must stop and start the Microsoft Exchange Transport service. You must do this for each Hub Transport server where you want to forcibly update the recipient cache.|
|Each time the Hub Transport server retrieves a new transport rule configuration, an event is logged in the Security log in Event Viewer.|
Transport rules configured on Edge Transport servers are applied only to the local server on which the transport rule was created. New transport rules and changes to existing transport rules affect only messages that pass through that specific Edge Transport server. If you have more than one Edge Transport server and you want to apply a consistent set of rules across all Edge Transport servers, you must either manually configure each server or export the transport rules from one server and import them into all other Edge Transport servers.
Order in Which Transport Rules Are Applied
Transport rules are applied in the following order:
- Message scope The first check performed by rules agents is whether a message falls within the scope of the agent. Transport rules aren’t applied to all types of messages.
- Priority For messages that fall within the scope of the rules agent, the agent starts processing rules based on rule priority in ascending order. Rules with lower priority are applied first. Transport rule priority values range from
nis the total number of transport rules. Only enabled rules are applied, regardless of priority. You can change the priority of rules using the Exchange Management Console or the Exchange Management Shell.
- Conditions Transport rule conditions are made up of predicates.
- Rule with no conditions A rule with no predicates and no exceptions is applied to all messages.
- Rule with multiple predicates For a rule’s action to be applied to a message, it must match all of the predicates selected in the rule. For example, if a rule uses the predicates from a member of distribution list, and when the Subject field contains specific words, the message must match both predicates. It must be sent by a member of the distribution list specified, and the message subject must contain the word specified.
- Predicate with multiple values If one predicate allows entering multiple values, the message must match any value specified for that predicate. For example, if an e-mail message has the subject Stock price information, and the
SubjectContainscondition on a transport rule is configured to match the words Contoso and stock, the condition is satisfied because the subject contains at least one of the values of the condition.
- Exceptions A rule isn’t applied to messages that match any of the exceptions defined in the rule. Note, this is exactly opposite of how the rules agent treats predicates. For example, if the exceptions except when the message is from people and except when the message contains specific words are selected, the message fails to match the rule condition if the message is sent from any of the specified senders, or if the message contains any of the specified words.
- Actions Messages that match the rules conditions get all actions specified in the rule applied to them. For example, if the actions prepend the subject with string and Blind carbon copy (Bcc) the message to addresses are selected, both actions are applied to the message. The message will get the specified string prefixed to the message subject, and the recipients specified will be added as Bcc recipients.
|Some actions, such as the Delete the message without notifying anyone action, prevent subsequent rules from being applied to a message.|
Transport Rules and Group Membership
When you define a transport rule using a predicate that expands membership of a distribution group, the resulting list of recipients is cached by the Hub Transport server that applies the rule. This is known as the Expanded Groups Cache and is also used by the Journaling agent for evaluating group membership for journal rules. By default, the Expanded Groups Cache stores group membership for four hours. Recipients returned by the recipient filter of a dynamic distribution group are also stored. The Expanded Groups Cache makes repeated round-trips to Active Directory and the resulting network traffic from resolving group memberships unnecessary.
In Exchange 2010, this interval and other parameters related to the Expanded Groups Cache are configurable. You can lower the cache expiration interval, or disable caching altogether, to ensure group memberships are refreshed more frequently. You must plan for the corresponding increase in load on your Active Directory domain controllers for distribution group expansion queries. You can also clear the cache on a Hub Transport server by restarting the Microsoft Exchange Transport service on that server. You must do this on each Hub Transport server where you want to clear the cache. When creating, testing, and troubleshooting transport rules that use predicates based on distribution group membership, you must also consider the impact of Expanded Groups Cache.
Create a Public Folder Mailbox
Applies to: Exchange Server 2013, Exchange Online
Topic Last Modified: 2013-02-14
Before you can create a public folder, you must first create a public folder mailbox. Public folder mailboxes contain the hierarchy information plus the content for public folders. The first public folder mailbox you create will be the primary hierarchy mailbox, which contains the only writable copy of the hierarchy. Any additional public folder mailboxes you create will be secondary mailboxes, which contain a read-only copy of the hierarchy.
For additional management tasks related to public folders in Exchange 2013, see Public Folder Procedures.
For additional management tasks related to public folders in Exchange Online, see Public Folder Procedures in Exchange Online.
What do you need to know before you begin?
- Estimated time to complete: less than 5 minutes.
- You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Public folders” entry in the Sharing and Collaboration Permissions topic.
- For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.
What do you want to do?
Use the EAC to create a public folder mailbox
- Navigate to Public folders > Public folder mailboxes, and then click Add .
- In Public Folder Mailbox, provide a name for the public folder mailbox.
- Click Save.
Use the Shell to create a public folder mailbox
This example creates the primary public folder mailbox.
New-Mailbox -PublicFolder -Name MasterHierarchy
This example creates a secondary public folder mailbox. The only difference between creating the primary hierarchy mailbox and a secondary hierarchy mailbox is that the primary mailbox is the first one created in the organization. You can create additional public folder mailboxes for load balancing purposes.
New-Mailbox -PublicFolder -Name Istanbul
For detailed syntax and parameter information, see New-Mailbox.
How do you know this worked?
To verify that you have successfully created the primary public folder mailbox, run the following Shell command:
Get-OrganizationConfig | Format-List RootPublicFolderMailbox
With Windows 8.1, Microsoft is finally getting there.
When Microsoft first revealed Windows 8.1, many pundits fixated on what they saw as backpedaling. The fact that Microsoft was bringing back a Start button, and making it easier to stay within the confines of the desktop, they said, was a sign that Microsoft had gone too far in pushing the new, touch-friendly side of Windows 8.
While Microsoft has made some concessions for desktop users, the company hasn’t stopped pushing. Windows 8.1 is full of major improvements to the modern-style interface (formerly known as Metro). Apps that were previously cheap imitations of their desktop counterparts are now capable alternatives. Tasks that once required you to visit the desktop have migrated to the new interface. And although Microsoft hasn’t duplicated the windowing system of the classic desktop, it’s created a new one that’s in many ways simpler and easier.
As an experiment, I’ve been trying to do all of my work today within the modern-style interface, using the preview build of Windows 8.1. This isn’t something that everyone can do–lots of people rely on specific software that isn’t available through the Windows Store or a web browser–but since my primary work tools are web-based, working with modern apps isn’t a problem. While there are things I miss about the desktop, Windows 8.1 makes a strong case for doing everything within the modern-style interface. It’s the first version of Windows in which the new interface can become a replacement for the desktop, rather than a supplement.
New Kinds of Windows
The biggest improvement in Windows 8.1 is the expansion of Snap, a neat trick that lets you run multiple apps side-by-side on the screen. Windows 8.1 increases the number of apps you can snap on the screen at once from two to three, and the size of each frame is now fully adjustable.
While working in Windows 8.1, I’ve been using Snap to keep an eye on e-mail and Twitter in their own separate frames, and using a text editor to write in a third frame. Occasionally, I’ll open Internet Explorer in the main frame to check on the TIME Tech chat room or to read news stories. On a laptop, it almost feels like I’m working with multiple monitors.
There is a bit of a learning curve to Snap, especially now that you can have three apps open at once. Juggling multiple apps can be a hassle, because there’s no simple way to swap the order of open frames. Still, it’s easier to set up several snapped apps than it is to place multiple windows side-by-side on the desktop. And while desktop applications aren’t always designed to run in small windows, most Windows Store apps support Snap, and will adjust automatically as you change the size of the frame.
Jared Newman / TIME.com
Desktop-esque Web Browsing
One of my biggest problems with the modern-style interface in Windows 8 was the lack of a window structure for web browsing. I spend a lot of time in the browser, with lots of tabs open at once, and on the desktop, I’m used to grouping these tabs into windows. (One for e-mail and other communication, one for writing, one for various articles and research.) Most tablet operating systems–including Windows 8–don’t allow this kind of organization.
In Windows 8.1, you can open up to three separate instances of Internet Explorer 11 by right-clicking or long-pressing on a link or open tab, then choosing the option to open it in a new window. This gets a little tricky, because the second window opens up in Snap view (see above), but if you then hide that window, you can still access it through the tabs menu or the recent apps list.
Another big change that makes IE11 more like a desktop browser is the option to always show the address bar and open tabs. Enabling this option in Settings creates a permanent bar on the bottom of the screen, so you can quickly switch between tabs.
These two new features go a long way toward making the modern-style Internet Explorer feel like a desktop browser. This is the first time I’ve felt comfortable using the app for serious work.
Work to Be Done
Windows 8.1 still has its fair share of rough edges. The Mail app, which received a big upgrade in March, still needs an easier way to navigate through messages, such as swiping or up/down arrows. I’d like to see multiple window support in more apps, such as the new Calculator (so you could calculate two things separately). And while the Photos app now includes a basic image editor, Microsoft should really do a full-blown, modern-style overhaul of Paint–something that could compete on a basic level with Photoshop.
Also, though it’s no fault of Microsoft’s, the near-complete absence of Google services is still a drawback. Google has only offered a basic all-purpose app for Windows 8, and it’s no better than accessing the company’s services through a browser. There’s no Gmail app to stand in for the default Windows Mail app and no Google Drive integration, and in lieu of an official YouTube app, the Windows Store is rife with imitators. Google is not opposed to being on other platforms, but has shunned Windows 8 because the audience isn’t big enough. Hopefully that will change as Microsoft makes the modern-style interface more alluring.
Then there’s the biggest missing piece of all, Microsoft Office. Microsoft knows the cursory touch-optimizations in Office 2013 aren’t enough, and the company does plan to release a true modern-style version of the software. But it won’t be ready until 2014. Until then, the modern interface of Windows 8 will have no chance of replacing the desktop for a lot of people.
Why Modern-Style Matters for Productivity
Using Windows 8.1′s modern interface wasn’t just an experiment for experiments’ sake. The PC I’m using has a touch screen, and I’m warming to the idea of using it more regularly. All the apps I’ve been using are designed for touch, and reaching out to tap or swipe has its perks: I can zero in on opposite ends of the screen faster, and it’s more enjoyable to swipe through web pages than it is to scroll with a trackpad. I still loathe the idea of giving up mouse input entirely, but devices where the trackpad is secondary–like Microsoft’s Surface or Sony’s Vaio Duo 11–are starting to make more sense.
The challenge for Microsoft, then, is to create a better touch-centric productivity platform than iOS or Android. The booming iPad keyboard market is proof that tablets can be used for work (no matter how often people try to deny it), and while the desktop helps Windows stand out for productivity, on touch devices the modern-style side of Windows needs to be just as capable, if not more so.
With Windows 8.1, Microsoft is finally getting there. The whole concept of the modern-style interface has plenty of detractors, but for those who don’t want to confine themselves to the desktop, Windows 8.1 is a glimpse at what’s possible.
Stay tuned for more on Windows 8.1 in the days ahead. We’ll be looking at more of the modern-style interface, and yes, at the desktop too.
US spy chief James Clapper has strongly defended government surveillance programmes after revelations of phone records being collected and internet servers being tapped.
He said disclosure of a secret court document on phone record collection threatened “irreversible harm”.
Revelations of an alleged programme to tap into servers of nine internet firms were “reprehensible”, he said.
Internet firms deny giving government agents access to their servers.
The director of US national intelligence issued a strong-worded statement late on Thursday, after the UK’s Guardian newspaper said a secret court order had required phone company Verizon to hand over its records to the National Security Agency (NSA) on an “ongoing daily basis”.
That report was followed by revelations in both the Washington Post and Guardian that US agencies tapped directly into the servers of nine internet firms to track people in a programme known as Prism.
- The numbers of both people on the phone call
- How long the call lasts
- The time that the call is placed
The reports about Prism will raise fresh questions about how far the US government should encroach on citizens’ privacy in the interests of national security.
The NSA confirmed that it had been secretly collecting millions of phone records. But Mr Clapper said the “unauthorized disclosure… threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation”.
The article omitted “key information” about the use of the records “to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties”.
He said reports about Prism contained “numerous inaccuracies”. While admitting the government collected communications from internet firms, he said the policy only targets “non-US persons”.
‘Variety of threats’
Prism was reportedly developed in 2007 out of a programme of domestic surveillance without warrants that was set up by President George W Bush after the 9/11 attacks.
Prism reportedly does not collect user data, but is able to pull out material that matches a set of search terms.
Mr Clapper said the communications-collection programme was “designed to facilitate the acquisition of foreign intelligence information concerning non-US persons located outside the United States”.
I may have been wiretapped
In 2006 I was a plaintiff in an American Civil Liberties Union lawsuit against the government over a domestic spying programme. Other plaintiffs include the late Christopher Hitchens, and James Bamford, the author of a book, The Shadow Factory, about the NSA.
The lawsuit stated that NSA officials may have eavesdropped on us illegally – and that the warrantless wiretapping programme should come to a halt. In 2007 an appeals court said that we could not prove that our calls had been monitored. As a result it did not have standing. The suit was dismissed.
“It cannot be used to intentionally target any US citizen, any other US person, or anyone located within the United States,” he added.
Mr Clapper said the programme, under Section 702 of the Foreign Intelligence Surveillance Act, was recently reauthorised by Congress after hearings and debate.
“Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats,” he added.
But while US citizens were not intended to be the targets of surveillance, the Washington Post says large quantities of content from Americans are nevertheless screened in order to track or learn more about the target.
The data gathered through Prism has grown to become a major contributor to the president’s daily briefing and accounts for almost one in seven intelligence reports, it adds.
The Washington Post named the nine companies participating in the programme as Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple.
Microsoft said in a statement to the BBC that it only turned over customer data when given a legally binding order, and only complied with orders for specific accounts.
“If the government has a broader voluntary national security program to gather customer data we don’t participate in it,” Microsoft said.
Meanwhile, Yahoo, Apple and Facebook said they did not give the government direct access to their servers.
In a statement, Google said: “Google does not have a ‘back door’ for the government to access private user data.”
On Wednesday, it emerged that the NSA was collecting the phone records of tens of millions of Americans, after the Guardian published a secret order for the Verizon phone company to hand over its records.
A senior congressman, House intelligence committee chairman Mike Rogers, told reporters that collecting Americans’ phone records was legal, authorised by Congress and had not been abused by the Obama administration.
He also said it had prevented a “significant” attack on the US “within the past few years”, but declined to offer more information.
The order requires Verizon – one of the largest phone companies in the US – to disclose to the NSA the metadata of all calls it processes, both domestic and international, in which at least one party is in the US.
Such metadata includes telephone numbers, calling card numbers, the serial numbers of phones used and the time and duration of calls. It does not include the content of a call or the callers’ addresses or financial information.