KeyLemon adds an extra layer of security to your computer log-in process by making your Webcam do all the heavy lifting. Instead of typing your password, KeyLemon 2.2 associates your face with your profile, and then regularly checks to make sure that the person sitting in front of the computer matches the image attached to that profile. If it doesn't think they match, the computer takes a photo via the Webcam and then automatically goes to hibernate.
The latest version of KeyLemon introduces a Firefox plug-in called LemonFox that lets users log in to three social-networking services using their Webcam.
Once installed, the program's Wizard will walk you through creating a profile of your face, and link it to your computer's log-in. By default, KeyLemon will check the Webcam every 10 seconds to make sure you're you, although that can be changed in the Control Center's LemonScreen tab. Also, KeyLemon conveniently includes a text bypass for your log-in. This is important because, occasionally, KeyLemon won't be able to recognize you.
The problem is rare, but I found it occurs in two situations. In bright-light settings where the details of your face get washed out, KeyLemon struggles and often fails to recognize your face. There was also occasional failure on laptops resuming from a closed-lid hibernation. One big bug was on laptops jumping from a dock to an undocked state, where the program would freeze the entire operating system and require a reboot. Generally, though, KeyLemon worked more than 90 percent of the time over several days of testing.
KeyLemon's setup wizard.
(Credit: Screenshot by Seth Rosenblatt/CNET)In the Control Center under the LemonScreen and LemonLogin tabs, you'll find a decent array of settings to tweak. These include being able to toggle on and off the log-in feature, configuring the program to run at start-up, program logging, reshooting your profile pic, and creating your own skins.
The Firefox plug-in LemonFox can be used to log you in to your Facebook, LinkedIn, or Twitter accounts. Just like the main program, LemonFox opens to a tutorial to get you started, and it uses the Webcam to prevent unauthorized access--at least on the computer with KeyLemon installed. It's a good idea to start with the social-networking services, but what I'd really like to see is integration with the Firefox password manager and support in other browsers.
Overall, though, it seems like a solid software tool for adding an extra layer of security to your computer for a reasonable price. The trial limits you to 30 uses, but has no major feature restrictions. A one-year license retails for $19.95, and it's compatible with XP, Vista, and Windows 7.
McAfee spent three years researching and developing a new vertical interface for its consumer security suites, and has made them far better in the process. The improved detection engine includes enhanced download scanning, faster scan and start-up times, and a stronger firewall.
Check out this First Look video for a tour of McAfee AntiVirus Plus. If you're interested in McAfee Internet Security 2010 or McAfee Total Protection 2010, note that those upgrades have more features tacked onto the same security engine, but they lack trials.
Tales2Go offers a variety of short stories and full-length audiobooks.
Hey, fellow parents. Sick to death of the kids' "Wiggles" CDs? Exhausted the library's "Magic Tree House" collection? Do I have an app for you: Tales2Go provides on-demand access to nearly 900 children's stories. It's my single favorite app of 2010 (so far).
The Tales2Go collection includes works from a variety of audio publishers, including Audio Bookshelf and Recorded Books. A Tales2Go representative told me a couple "major" new publishers will collectively add about 80 more titles to the library in coming weeks.
The app provides countless ways to peruse the catalog, starting with highest rated and most popular playlists. You can also browse by age group, story type, narrators (a few recognizable names, including Catherine O'Hara and Tom Bosley), character and series, and grade level.
The collection includes everything from two-minute fables to six-hour novels, with just about everything in between. I found "American Girl" and "Diary of a Wimpy Kid" titles for my 10-year-old daughter, and "Encyclopedia Brown" and "Henry and Mudge" for my 7-year-old son. Truly, there's something here for everyone.
The Tales2Go app scores high with its smart, simple interface. While listening to a story, you can create a bookmark (for easily returning to where you left off), add the story to your Favorites list, and apply a rating.
There's even an alarm feature so you (or, presumably, your children) can wake up to Tales2Go, which automatically plays your favorites station.
If you end up using the app in the car, keep in mind that streaming audio requires a decent EDGE, 3G, or Wi-Fi connection--which could be a problem if you're driving in a rural area. I wish it would include a download option.
The app is free and includes a 30-day trial of the Tales2Go service. After that, a one-year subscription will cost you a very reasonable $24.99--about what you'd pay for a couple audiobook CDs. Needless to say, I consider this a killer deal.
If you have preteen-or-younger children, and have a good way to listen to iPhone audio via your car's speakers, I can't recommend Tales2Go highly enough. Check out the demo video:
To entice security researchers to look for holes in the Chrome browser, Google has announced it will pay $500 for bugs found in the code. But several experts say that's not enough money to motivate skilled vulnerability researchers.
"I think it's ridiculous," Charlie Miller, a senior security researcher at Independent Security Evaluators, said when asked Monday for his opinion of Google's new bug bounty program. "It's insulting. It's so low."
Under Google's new "experimental" incentive program, announced last week, people will get paid $500 for select interesting and original security vulnerabilities discovered in Chrome, or $1,337 for particularly severe or clever bugs. That figure refers to the geek term for elite, or "leet," which can be spelled out using the numbers.
Mozilla pays $500 to researchers who find valid security bugs in the Firefox browser, the Thunderbird e-mail client, or the Mozilla suite.
Jeremiah Grossman, chief technology officer and co-founder of WhiteHat Security, said Google's plan could be the start of an interesting trend.
"If a researcher is purely interested in the dollar reward, then by all means he should go where the dollar is highest. But if you happen to find one because it's fun and interesting to you, then you'll get paid too," he said. "I've been suggesting Microsoft should do this for a long time but they have a moral issue with it."
Microsoft is sticking with its no-bounty stance.
"Microsoft does not offer compensation for information regarding security vulnerabilities. We do not believe that offering compensation for vulnerability information is the best way we can help protect our customers," said Dave Forstrom, group manager of Microsoft Trustworthy Computing. "We also do not think it fosters the growth of a healthy ecosystem."
You would think Google would be roundly praised for offering to pay researchers for work they often do for free. But not everyone is impressed.
"It's probably better to pay professional QA [quality assurance] people and pen [penetration] testers than to expect the public to do your testing for you on the cheap," said Gary McGraw, chief technology officer at Cigital and a specialist in secure code writing processes. "No excellent professional tester I know would be attracted by a bounty like that--perhaps adolescents would do it for beer money (or rather Red Bull and vodka money)."
Miller's criticism might be particularly stinging, given that he announced a campaign called "No More Free Bugs," about a year ago. He argued that vendors should pay when outside researchers discover vulnerabilities in their commercial software instead of freeloading on the efforts of volunteer bug hunters whose work ends up making the products safer.
"In some senses this is my dream come true," Miller said. "I've been begging vendors for this. And then when it happens I'm bitter and critical," because it's so much lower than what researchers can make from bounty programs at VeriSign iDefense's Vulnerability Contributor Program and the Zero Day Initiative run by 3Com's TippingPoint.
"If I did find a bug in Chrome, I could sell it to the Zero Day Initiative and make $2,000 and it still gets reported to Google eventually, so why would I give it to Google for $500? It doesn't make sense," he said.
Pedram Amini, who runs the Zero Day Initiative, wouldn't say exactly how much the program pays for bugs, but did allow that "on average it's over 10 times what Google's offering."
"Google is the first huge company to create a bug bounty. I'm happy they're doing it. It's a step in the right direction," he said. "But pricing-wise, they're not going to be able to compete with other bug bounty programs."
On the bright side
Granted, it might be easier to find bugs in beta software than in products that have been released to the public, which the Zero Day Initiative focuses on, according to Amini. And it's wise for Google to do something to attract the attention of researchers to its browser, which is much newer and has fewer users than the other major browsers, he said.
"I think there is going to be a subset of people who will use the Google program," he said. "One thing that is certain--vulnerabilities do have value."
Google's pay scheme is at the low end of what iDefense pays, according to Rick Howard, director of iDefense Intelligence.
"Google has always shown that it is willing to take on large and complex projects for which it has no past experience and make a success of it. I see no reason why they should not succeed in this one," Howard said.
And Google doesn't always go cheap. Last July, it paid more than $8,000 to a team of researchers that won a Native Client Security Contest.
Asked to comment on complaints that $500 is too little compensation for bug hunters, Chris Evans of the Google Security Team wrote in an e-mail: "We took care to design the program to allow for a wide variety of bugs to qualify for payment and to make it easier for researchers to participate--for example, we don't necessarily need a working exploit (which is often much more difficult than finding a bug) and we're interested in bugs even if they manifest within the Chromium sandbox."
Chromium is the open-source project for Google's Chrome browser and unreleased Chrome operating system. Evans said it was too early to say whether Chrome OS would be included in the bounty program after it launches.
"Chromium has already benefited from collaboration with security researchers, and we expect they will continue to scrutinize the Chromium code and help us improve it regardless of any action we take," he said. "To them, this reward can be seen as a token of appreciation. To others, we hope the addition of a reward may encourage new people to participate beyond how they might have otherwise."
Mozilla wants its Firefox browser to drop support for Mac OS X 10.4--the operating system also known as Tiger that was released in 2005--but the plan is running into some resistance.
If support is indeed removed, then Firefox 3.6--the current version of the browser--would be the last one to support Mac OS X 10.4, although Mozilla would still issue updates for several months after the succeeding version of Firefox is released.
"We would like to take advantage of more modern technologies on Mac OS X, and 10.4 support has been a hindrance," Josh Aas, one of Mozilla's Mac experts, said in a mailing list post. "We are planning to make the decision to remove 10.4 support final and remove the code from the tree. If you have any strong objections please let us know now."
There are objections, of course.
"I still have two PowerPC machine that use OS X 10.4.11...As it stands now it impractical for me update either machine due to lack of funds...So if support for 4.11 is removed then that means I will have to go to something else such a iCab, Opera, or OmniWeb rather than Firefox and you don't need to lose users," Phillip Jones said in a response, suggesting a two-track approach. "You can create one with all the fancy new stuff. Then one for us poor people that [can't] drop ($3,000) at the drop of the hat and have to hang onto older equipment out of necessity."
But his objection and some from others have not moved Mozilla members to change course thus far.
"Does this suggestion come with a donation for doubling of full-time development resources, QA [quality assurance] and testing, build and release infrastructure, and user support for this second track that would cover a shrinking minority of Firefox on Mac users?" Mozilla's Asa Dotzler asked in a post. "There are currently approximately 1.5 million people using Firefox on 10.4 and we're fully aware of that...In one year, I expect 10.4 to account for less than 5 percent of Mac OS X users and at that point it will have less prominence than Windows 98."
Supporting Mac OS X 10.4 also comes with a penalty for those who are using 10.5 and 10.6, added Mozilla programmer Boris Zbarsky. "We can significantly improve the user experience on 10.5 and especially 10.6 if we drop support for 10.4 (we're talking something like 30 percent performance improvement on 10.6, for example if I recall the numbers correctly, between the newer compiler and doing 64-bit builds," he noted.
Mike Shaver, Mozilla's vice president of engineering, added that the decision wouldn't immediately cut off those with Tiger.
"10.4 users would still have a supported release until Firefox 3.6 was end-of-lifed, which I would expect to be at least 6 months after the trunk release of which Boris speaks," Shaver said. "They wouldn't be able to upgrade to the latest and greatest, but they would still get stability and security updates."
The sometimes-emotional debate recapitulated elements of a 2009 discussion about dropping Mac OS X 10.4 support.
TweetDeck's new column navigator.
(Credit: TweetDeck)The latest version of TweetDeck is out, and although it's a minor update it also introduces some useful changes worth noting. Available for Windows, Mac, and Linux on Adobe AIR, the biggest change in TweetDeck 0.33 is an alteration to the program's guts that gives it more Twitter API breathing room.
TweetDeck now uses OAuth for calling Twitter's API. The API calls are how TweetDeck gets your tweet information from Twitter's servers, so this means that users can have TweetDeck update all their columns more regularly. In the previous version of TweetDeck, the API limit had been below 200 per hour. Now, it's shot up to 350 calls per hour.
There's also a new column navigator that lives at the bottom of the window. The navigator is made up of several bars, each one analogous to a column in your main window. Clicking a bar will jump you to the top of that particular column. For users with more columns than can fit onscreen, this should make jumping around much easier. Mouse over one of the columns and you'll see the column name, the service icon, the account attached if relevant, how long until the next update, and the current API usage. This can be good to know in case you're worried that one column is consuming too many calls.
TweetDeck 0.33 adds more media previews, including YouTube, Flickr, TwitGoo, MobyPicture, and Posterous, and also allows users to edit search columns without having to delete and then re-create them. The Help window has been revamped completely, as well. The full list of bug fixes and improvements can be read here.
Adobe Systems, evidently stung by recent criticisms of its widely used Flash Player browser plug-in, has promised better performance on Mac systems.
"Given identical hardware, Flash Player on Windows has historically been faster than the Mac, and it is for the most part the same code running in Flash for each operating system," said Adobe Chief Technology Officer Kevin Lynch in a follow-up comment to his own blog post. But Adobe and Apple have been cooperating to make things better, he said. "In Flash Player 10.1 we are moving to Core Animation, which will further reduce CPU usage and, we believe, will get us to the point where Mac will be faster than Windows for graphics rendering."
Things should get better with video, too, one of the primary reasons Flash has thrived on the Web. "Video rendering is an area we are focusing more attention on--for example, today a 480p video on a 1.8Ghz Mac Mini in Safari uses about 34 percent of CPU on Mac versus 16 percent on Windows (running in BootCamp on same hardware). With Flash Player 10.1, we are optimizing video rendering further on the Mac and expect to reduce CPU usage by half, bringing Mac and Windows closer to parity for video."
The words reflect an Adobe effort to explain itself while under competitive threat. HTML is gradually encroaching on the turf Flash has had largely to itself, and some are taking advantage of the opportunity to bash Flash.
Adobe also is taking on the matter of bugs.
In particular, it's answering a security problem Matthew Dempsky reported in September 2008, shortly before Flash Player 10 was issued. Dempsky took Lynch to task for his statement in the comment that "we don't ship Flash with any known crash bugs, and if there was such a widespread problem historically Flash could not have achieved its wide use today."
Flash Player manager Emmy Huang apologized for the issue in a separate blog post.
"We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch. The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release. We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that," Huang said. "It slipped through the cracks, and it is not something we take lightly."
And for those who are interested in helping Adobe track down problems, Adobe's Ted Patrick called on people to try the Flash Player 10.1 beta.
One of the strengths of Vitamin D Video, which exited beta on Monday, is its ability to pick out humans in surveillance video, allowing more easy scanning of hours of security camera footage.
(Credit: Vitamin D)Vitamin D, the start-up founded by three former Palm executives, said on Monday that it is ready with the final Version 1.0 of its software for Windows and Mac, which enables people to use a standard Webcam as a security system.
The company, which caught some interesting things on tape during beta testing, said that the single camera version of its software will continue to be free, as it was during beta testing. A version of Vitamin D Video that works with two cameras will cost $49, while a high-end edition that supports an unlimited number of cameras running off a single computer will cost $199.
The software works on both Macs and PCs and has as its biggest selling point the fact that it can pick out humans as opposed to just motion, allowing users to more easily pore over hours upon hours of surveillance footage.
The company uses artificial intelligence technology licensed from Numenta, a company started by Palm Pilot creator Jeff Hawkins.
"Vitamin D Video is an effective and inexpensive video monitoring tool that is easy to install and use. With this product available, there is no reason for any home, small business or school to be without video surveillance that really works," CEO Celeste Baranski said in a statement. "The enthusiastic response of our beta customers has already proven that Vitamin D Video works well in security applications, and is proving valuable for uses beyond traditional security."
RealPlayer SP for Mac
The way people consume media has been constantly evolving, especially over the past five years. In 2005, it would be practically unthinkable for any consistent TV viewers to cancel their cable subscriptions and watch only online video. Now, many more people are depending on the Internet for their video content, made abundantly clear by the fact that advertising on sites like Hulu sometimes go for higher rates than that on network television.
In such an atmosphere, it's more important than ever for digital media players and converters to stay in front of the curve. More than two years ago, Real Networks took its media player, which was mostly popular as an embedded app for online audio and video playback, and added a one-step video-downloading feature. Today, the company is updating RealPlayer SP for Mac with the addition of a built-in video converter that also offers one-click transcoding for portable devices. The program lets Mac users download practically any unprotected streaming and then transfer it directly to an iPhone, iPod, BlackBerry, or other device. RealPlayer SP handles the transcoding in the background, which makes the front-end experience very simple.
Downloading a flash video from Vimeo
Compared side by side with RealPlayer SP for Windows, I have to say that the Mac version isn't as seamless. ... Read More
On Monday only, get 27 apps for the price of, well, none.
What's better than 27 apps for 99 cents? Why, 27 apps for zero cents, of course.
That's what you get from iCatchall, which, like last week's App Genie, delivers more than two dozen tools under one app roof. Normally it's 99 cents, but in conjunction with previously mentioned Free App a Day, iCatchall is free on Monday (and only this Monday).
As you might expect, there's a bit of overlap between these two kitchen-sink apps--but less than you might think. iCatchall is actually a mix of tools, games, and sound effects.
Instead of cramming everything onto a single screen like App Genie, iCatchall spreads its icons across four pages, which you swipe through just like the iPhone's own app pages. You can't reorganize the icons, but at least they're alphabetical.
The Fun and Games page contains mostly junk--unless you're into dealing cards (seriously, that's all you do), stacking poker chips, and watching two flaming balls of fire, well, flame. Only the two-player Texas Hold 'Em and Kitchen Sink resemble actual games, and they're both weak showings.
As for the sound effects, you get a rim-shot, a clapping studio audience, randomized samples of someone saying "huh?", and the inevitable flatulence.
Thankfully, some of iCatchall's apps have actual merit. ContactClone, for instance, lets you wirelessly share contacts with other iPod and iPhone users on the same Wi-Fi network. Very handy.
File Storage turns your device into a wireless flash drive. Just point your PC's Web browser to the IP address shown in the app, then choose files to upload. Again, very handy.
I also like the Reward For Return app, which generates a custom wallpaper with your contact information, so anyone who finds your iPhone or iPod can easily return it.
iCatchall's other tools include currency and unit converters, a tip calculator, a phases-of-the-moon viewer, a ruler, and a three-axis level. It's all good stuff.
And, hey, you can't argue with the price. iCatchall may be 50 percent junk, but it's also 50 percent useful--and 100 percent free if you grab it before midnight.
