Stan's Blog - News

In the news: SDL's Chief Executive Officer to Leave the Company

Stanislas Biron — Tue, 06 Nov 2012 16:04:19 GMT

SDL's chief executive officer John Hunter is leaving the company “to pursue other business interests”. He spent less than two years in the top job, having previously been SDL’s finance chief. Chairman and founder Mark Lancaster, who was chief executive before Mr Hunter took the reins in February last year, has taken over as interim CEO until a permanent replacement is found.

Canaccord Genuity saw the move as a buying opportunity, arguing that Mr Hunter’s departure would act as an “immediate catalyst for a rebound in the share price”. The shares had tumbled since the group said on October 15 that ongoing litigation could cost the company up to $3m (£1.9m). The group also worried analysts by confirming that technology revenues remained “suppressed”.

Source: The Telegraph >

For those of you who are not aware of the “ongoing litigation” that SDL faces, here’s a quick recap:

On October 15^th SDL noted that it has a minor ongoing litigation with a former Trados shareholder, claiming breaches of fiduciary duty by former Trados directors on the sale of Trados to SDL in 2005. The company estimates the potential exposure to be between $1 million and $3 million, which if required, will be funded as part of the company's operational cash flow in 2013.

The SDL board believes the case to be completely without merit and expects that it will progress to a court hearing in 2013.

In its Interim Management Statement for the period from July 1 to September 30, the company said most of the growth in the quarter predominantly came from language services, whilst technology revenues remained suppressed.

Source: RTT News

Other posts:

In the news: Facebook Admits Too Much Facebook Probably Isn’t Healthy

Google Docs Translations Don’t Make Sense?

Informations On Rhe Canadian Translation Standard

Google Translator Hacked

In the news: Facebook Admits Too Much Facebook Probably Isn’t Healthy

Stanislas Biron — Mon, 05 Nov 2012 16:52:13 GMT

As seen on TechCrunch today:

You could call it a massive social media mistake by social media itself. I think it was an admirable moment of honesty between Facebook and the world. Maybe it’s both. But this week Facebook’s official Facebook Page shared this: “Birthday cakes are made for people to be together. They give friends a place to gather and celebrate. But too much cake probably isn’t healthy. So birthday cake is a lot like Facebook.”

Facebook seems to have had a moment of clarity. Years ago its official stats page touted how much time users spent on the site. The last official statement before it IPO’d was 10.5 billion total minutes per day in January. But it eventually realized that’s not necessarily a good thing. Now Facebook prefers to describe itself by how many things people share on the site rather than the hours spent there.

Great products are efficient. It should take the minimum amount of time to get the maximum value. Trying to simply increase the amount of time spent on site can lead to poor design decisions. It can also lead to unhappiness and unhealthiness.

The fact is that we find information addictive. We love to seek, to learn. It’s an evolutionary trait. The more we know, the more likely we are to survive. But with such vast amounts of information at our fingertips thanks to the Internet, that addiction can really hurt us. I know I’ve been late to get-togethers with friends, or grabbed a seat in the corner at a party because I couldn’t help but browse Facebook, Twitter, news, and other web content.

I truly believe there are benefits to the ambient intimacy of the Facebook news feed. It lets us stay in touch with distant acquaintances we might have drifted away from, gives us a support network, makes us more open and tolerant, and can help us organize real-world interactions.

But it can also alienate us, pulling us out of the present to read about the past of others. And it can erode our relationships if we use it for a substitute for a hug, a handshake, or a hearty laugh in person. Some studies link Facebook use to unhappiness because it makes us think everyone else is more beautiful, out having more fun, and are more popular than us.

Most of these negative consequences come from excessive usage. We’d probably feel better after a good phone call with one friend than browsing the news feed stories of one hundred.

Perhaps the Facebook Page’s status update was the work of a single employee who didn’t think it through. But even still, it indicates a sense of sympathy at Mark Zuckerberg’s company.

One day maybe Facebook will directly confront the issue of Internet addiction that it’s certainly a part of. But for now, Facebook has confessed that it can hurt us. That may show that the people behind it feel a touch of guilt about the excessive time the service has sucked away from us. That’s better than it cruelly cackling about the 200 lifetimes it swallows up each day.

Other posts

Historical Translation Blunder: President Carter Creeps Out a Nation

Big news in security: 1024-bit RSA encryption cracked!

Quick Challenge: Einstein's Riddle

Nice brain-teaser

In The News: AES Encryption Flaw Makes ASP.NET Sites Vulnerable To Attacks

Stanislas Biron — Wed, 15 Sep 2010 13:35:36 GMT

Seen on Visual Studio Magazine

Two security researchers, Thai Duong and Juliano Rizzo, have discovered a bug in the default encryption mechanism used to protect the cookies normally used to implement Forms Authentication in ASP.NET. Using their tool (the Padding Oracle Exploit Tool or POET), they can repeatedly modify an ASP.NET Forms Authentication cookie encrypted using AES and, by examining the errors returned, determine the Machine Key used to encrypt the cookie. The process is claimed to be 100 percent reliable and takes between 30 and 50 minutes for any site.

Once the Machine Key is determined, attackers can create bogus forms authentication cookies. If site designers have chosen the option to embed role information in the security cookie, then attackers could arbitrarily assign themselves to administrator roles. This exposure also affects other membership provider features, spoofing protection on the ViewState, and encrypted information that might be stored in cookies or otherwise be made available at the client.

While the exposure is both wide and immediate, the fix is simple. The hack exploits a bug in .NET's implementation of AES encryption. The solution is to switch to one of the other encryption mechanisms -- to 3DES, for instance. Since encryption for the membership and roles providers is handled by ASP.NET, no modification of existing code should be required for Forms Authentication.

The encryption method can be set in the web.config file for a site, in IIS 7 for a Web server, or in the config file for .NET on a server in %SYSTEMROOT%\Microsoft.NET\Framework\version\CONFIG\. On 64-bit systems, it must also be set in %SYSTEMROOT%\Microsoft.NET\Framework64\version\CONFIG\. A typical entry would look like this:

    <machineKey validationKey="AutoGenerate,IsolateApps"         
                           validation="3DES"                           
                           decryptionKey="AutoGenerate,IsolateApps"
                           decryption="3DES" />

On a Web farm, this setting will have to be made on all the servers in the farm.

These settings are also used to prevent spoofing (ViewState data is encoded but not encrypted), so making this change will also switch the ViewState to using 3DES. Developers who are using AES in their code to encrypt information made available at the client should consider modifying their code to use a different encryption mechanism.

Other Posts:

Google instant makes searching for God harder

Tabnabbing: A New Kind Of Phishing Attack

Big news in security: 1024-bit RSA encryption cracked!

Tips to enhance your SQL Server security

What is LDAP injection?

In the news: Google instant

Stanislas Biron — Mon, 13 Sep 2010 15:18:44 GMT

As seen on techcrunch:

If you think about all the things people search for on Google, “God” has to be pretty high up there, right? I mean, since the dawn of man, people have been searching for the meaning of life and its creator, so what better way to do that than with a search engine? But divinity apparently has nothing on cheap domain names.

When you try to do a search for “God” with the new Google Instant feature, it predicts that you’re going to type in “Godaddy” instead. If you hit a space after the “d”, it thinks you’re looking for “God of War”, the popular videogame. So the only way to actually search for “God” with this new Google Instant feature is to hit the search button.

To make Google Instant work, the search giant looks across all queries to find the most popular ones and then predicts what it thinks you’re going to type and auto-populates the results based on that. Clearly, both “Godaddy” and “God of War” are more popular queries on Google — something that is either humorous or sad depending on your level of religiousness.

Also kind of humorous is that “Godaddy” isn’t really the name of the company, it’s “Go Daddy” with a space (though the domain is of course godaddy.com). Also interesting is that a Go Daddy is a heavy Google AdWords user, and so the first result for the “God” query is a sponsored link for Go Daddy.

Other posts:

Some funny cross cultural marketing and translation mistakes

Make Your Site Faster with Google Page Speed

Big news in security: 1024-bit RSA encryption cracked

Google Translator Hacked

Georges Perec's palindrome

In the news: Microsoft has released IE 9 Platform Preview 2

Stanislas Biron — Thu, 06 May 2010 14:02:03 GMT

Microsoft has released the Internet Explorer 9 Platform Preview 2, keeping to its promise of delivering new IE9 functionality every eight weeks.

Microsoft originally introduced the IE9 Platform Preview in mid-March at the MIX 2010 show in Las Vegas, and just seven weeks later the software giant has released version 2 of the IE9 Platform Preview, which features advances in compliance to industry-standard tests, improvements in performance and a lot more. Internet Explorer 9 Platform Preview 2 is available for developer download at the IE Test Drive site: www.ietestdrive.com.

Moreover, according to a source close to the company, there have been more than 1 million downloads of the IE9 Platform Preview to date.

Among the goals of IE9 is to deliver HTML5 capability into the browser as well as the "same markup" experience to developers -- which basically means developers will be able to write code once and have it run on multiple sites without modification. Essentially this means enabling the same markup – the same HTML, the same CSS and the same script – to work the same across different browsers is as crucial as performance for HTML5’s success. Developers should expect the same markup to produce the same results across browsers consistently.

Microsoft has created a rhythm of disclosure around IE9. At the company's Professional Developers Conference in November 2009, Microsoft discussed performance, hardware acceleration and same markup. At MIX 2010 the company discussed performance, hardware acceleration and same markup. And on May 5 Microsoft is back with improvements to its IE9 preview for developers.

Among the improvements is that Microsoft's IE9 preview has passed more of the Acid3 test. Microsoft has taken heat for its Acid3 results, but it is still early in the IE9 development process and the company is showing improvement. Acid3 comes from the Web Standards Project and checks how well a browser adheres to certain selected elements from web standards, especially the Document Object Model (DOM) and JavaScript. With IE9 Platform Preview 2, Microsoft increased its Acid3 test score results from 55 in the initial platform preview to 68 -- out of 100 -- in the new release.

To be sure, the new release builds on the initial platform preview . And in addition to more improvements to IE9’s performance and support for standards , with this release Microsoft has submitted additional tests to the working groups at the World Wide Web Consortium (W3C). Indeed, Microsoft submitted 79 new tests to the W3C, bring the number of tests the company has submitted to 183, a company spokesperson said. Microsoft has been busy creating, submitting, and revising comprehensive test cases for developers and browser manufactures to responsibly test and design for same markup.

Meanwhile, according to Webkit.org’s SunSpider benchmark test, Internet Explorer 9 Platform Preview 2 is now even faster. The overall performance results have improved by 117 milliseconds.

In addition, more than 10 new developer samples on the IE9 Test Drive site highlight performance, graphics and HTML5 . Developers can take a look at these samples in a video at http://vimeo.com/11370608, or view demonstrations of the concept of same markup in action at http://vimeo.com/11478301, http://vimeo.com/11478843, and http://vimeo.com/11479609. Should a password be required, use "samemarkup," however the videos will be live on Microsoft's Channel 9 by mid-day May 5.

Microsoft also changed the platform preview console window to be a full tab that includes diagnostic information from IE. The company also added a “Change User Agent String” tool that enables you to change the UA string sent with every request, selecting from preset strings or creating your own custom string. This complements another feature Microsoft added – the IE9 UA string.

Said a company spokesperson: "We know that when developers spend less time re-writing their sites to work across browsers they have more time to create amazing experiences on the web. At its essence, that is what we are trying to achieve when we say 'same markup.' It’s allowing for an interoperable web so developers can create the next class of rich web apps that will take advantage of the capabilities that will be made available with HTML5."

Source: eWeek

Other posts:

In the news: Google will allow users to opt-out of Analytics tracking

How to spot innovators

Survey of .NET Framework features most used

Big news in security: 1024-bit RSA encryption cracked

Silverlight Game Creation Tutorials

In the news: Google will allow users to opt-out of Analytics tracking

Stanislas Biron — Fri, 19 Mar 2010 13:16:00 GMT

Some people don’t like the idea of Google having any data about them. Unfortunately, if you visit a site tracked by Google Analytics (and chances are you hit several each day), you have no choice. But soon, you might.

Google is testing a browser-based opt-out solution for Google Analytics, they briefly note today on the Google Analytics blog. Specifically, this would be a “global browser based plug-in to allow users to opt out of being tracked by Google Analytics.” They note that engineers are finalizing and testing the funtionality.

How exactly this will work globally across all browsers remains to be seen. While Firefox and Chrome allow for easy use of plug-ins, Internet Exploerer and Safari are a bit more complicated. Still, if you’re a user who really cares about Google not tracking this information about you, it will probably be worth it to you to install this thing.

Of course, the other question is what this means for site owners. While it’s unlikely that a lot of users would install something like this, what if they did? That could drastically cripple the entire point of Google Analytics.

Source: Techcrunch

Other posts:

Big news in security: 1024-bit RSA encryption cracked

US Investigators Pinpoint Author Of Google Attack Code

Google Translator Hacked

How to use the Robots.txt file

Big news in security: 1024-bit RSA encryption cracked!

Stanislas Biron — Wed, 10 Mar 2010 14:32:52 GMT

First off: no, it’s not a joke! April 1^st is in three weeks.

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe. Only the most brutish of brute force efforts (and 1,500 years of processing time) could manage to bypass its 768-bit variety.

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a very close eye on your server room's power supply.

From the article on techworld:

RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. The researchers – Andrea Pellegrini, Valeria Bertacco and Todd Austin - outline their findings in a paper titled “Fault-based attack of RSA authentication” to be presented 10 March at the Design, Automation and Test in Europe conference.

Quite scary…

Other posts:

US Investigators Pinpoint Author Of Google Attack Code

Google Translator Hacked

What is LDAP injection?

Tips to enhance your SQL Server security

Password aren't a good defense?

In the news: US Investigators Pinpoint Author Of Google Attack Code

Stanislas Biron — Tue, 23 Feb 2010 15:33:37 GMT

The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

Put simply, this means that the “consultant” who created the code posted a proof of concept for this exploit on a hacking forum. Then someone took this proof of concept, turned it into a working exploit and attacked 33 US based companies.

It will be interesting to watch how this story will unfold after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to secretly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is still a little vague.

Source: The Register

Other posts:

Google Will Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Google Translator Hacked

Password aren't a good defense?

In the news: Google negotiating cooperation with the NSA

Some tips to enhance your SQL Server security

How To: Create an Outlook 2003 addin using VSTO SE and Visual Studio 2005

In the news: Google leaps language barrier with translator phone

Stanislas Biron — Tue, 09 Feb 2010 14:39:00 GMT

Google is developing software for the first phone capable of translating foreign languages almost instantly — like the Babel Fish in The Hitchhiker’s Guide to the Galaxy.

By building on existing technologies in voice recognition and automatic translation, Google hopes to have a basic system ready within a couple of years. If it works, it could eventually transform communication among speakers of the world’s 6,000-plus languages.

The company has already created an automatic system for translating text on computers, which is being honed by scanning millions of multi-lingual websites and documents. So far it covers 52 languages, adding Haitian Creole last week.

Google also has a voice recognition system that enables phone users to conduct web searches by speaking commands into their phones rather than typing them in.

“We think speech-to-speech translation should be possible and work reasonably well in a few years’ time,” said Franz Och, Google’s head of translation services.

“Clearly, for it to work smoothly, you need a combination of high-accuracy machine translation and high-accuracy voice recognition, and that’s what we’re working on.

“If you look at the progress in machine translation and corresponding advances in voice recognition, there has been huge progress recently.”

Although automatic text translators are now reasonably effective, voice recognition has proved more challenging.

“Everyone has a different voice, accent and pitch,” said Och. “But recognition should be effective with mobile phones because by nature they are personal to you. The phone should get a feel for your voice from past voice search queries, for example.”

The translation software is likely to become more accurate the more it is used. And while some translation systems use crude rules based on the grammar of languages, Google is exploiting its vast database of websites and translated documents to improve the accuracy of its system.

“The more data we input, the better the quality,” said Och. There is no shortage of help. “There are a lot of language enthusiasts out there,” he said.

However, some experts believe the hurdles to live translation remain high. David Crystal, honorary professor of linguistics at Bangor University, said: “The problem with speech recognition is the variability in accents. No system at the moment can handle that properly.

“Maybe Google will be able to get there faster than everyone else, but I think it’s unlikely we’ll have a speech device in the next few years that could handle high-speed Glaswegian slang.

“The future, though, looks very interesting. If you have a Babel Fish, the need to learn foreign languages is removed.”

In the Hitchhiker’s Guide to the Galaxy, the small, yellow Babel Fish was capable of translating any language when placed in the ear. It sparked a bloody war because everyone became able to understand what other people were saying.

Source: Times Online

Other Posts:

Google Willing To Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Silverlight Game Creation Tutorials

Facts and Figures about the Language Industry

Google Translator Hacked

Compendium of Dumb Laws in the United States

In the news: Google negotiating cooperation with the NSA

Stanislas Biron — Fri, 05 Feb 2010 15:30:04 GMT

In January, Google went public with news that some of its systems had been hacked, along with those of a number of US-based companies. The attacks had targeted both accounts maintained by political activists and commercial code, and Google pointed the finger straight at China, vowing to change its entire approach to business in that country. But a report now suggests that the company is also looking to beef up its internal defenses to prevent a repeat of the attacks.

The Washington Post is reporting that Google has started negotiations with the US National Security Agency about a collaborative effort to analyze the attack and figure out how best to prevent a recurrence. The Post is citing confidential sources, as the deal isn't final and, even if it were, it's unlikely that Google would seek to publicize it.

For starters, both organizations have already been the target of many complaints by privacy advocates, the NSA for its domestic surveillance efforts, Google for its data retention policies. The combination of the two would clearly make the advocates far more uneasy, and might help them make their case with the wider public. Meanwhile, as the report notes, private companies have often been loath to share information about their proprietary systems with the government for a variety of reasons.

That may explain why the negotiations have been going slowly, as the NSA would clearly need access to and understanding of Google's infrastructure in order to fully evaluate the attacks and future risks. And that's precisely the sort of proprietary information that Google is presumably reluctant to provide anyone with—even a highly secretive organization like the NSA.

Other posts:

Google Willing To Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Google Translator Hacked

BusinessWeek hit by SQL Injection attack

Password aren't a good defense?

Google Willing To Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Stanislas Biron — Mon, 01 Feb 2010 15:22:17 GMT

This is a pretty interesting development from Google and also seems to be coming much more common now, companies openly offering payments for bugs/vulnerabilities discovered in their software. They already used that strategy to find bugs last year with their Native Client Security hacking contest. This time they offer $500 for most vulnerabilities, $1,337 for 'particularly clever' flaws. You can see the blog post on the Chromium blog here.

It’s a chance for the white-hat guys to earn a few bucks, but honestly I don’t think it’s going to change anything. Especially not when we’re talking $500 per vulnerability because a serious browser 0-day exploit that can allow execution of malware will go for 100 times that much on the black market. Even for the particularly severe or clever bugs worth $1,337, that’s still peanuts compared to what they can sell the exploit for on the black market.

I hope it helps though and gives some legitimate security researches a little more incentive to focus on Chrome, the bad guys won’t pay much attention though as Chrome is still a relatively small player in the browser world.

From the article at Network World

“We are hoping that … this program will encourage new individuals to participate in Chromium security,” said Evans. “The more people involved in scrutinizing Chromium’s code and behavior, the more secure our millions of users will be.”

“Internet Explorer, Safari, Firefox…those browsers have been out there for a long time,” said Pedram Amini, manager of the security research team at 3com’s Austin, Tex.-based TippingPoint, which operates Zero Day Initiative (ZDI), one of the two best-known bug-bounty programs. “But Chrome, and now Chrome OS, need researchers. Google needs people to put eyes on the target.”

Google’s new bounty program isn’t the first from a software vendor looking for help rooting out vulnerabilities in its own code, but it’s the largest company to step forward, Amini said. Microsoft , for example, has traditionally dismissed any calls that it pay for vulnerabilities. “This will be beneficial to Google,” Amini added. “There are actually very few vendors who play in the bounty market, but Google doing it is definitely interesting.”

I don’t realistically expect any groundbreaking bugs to come out of this initiative, but I think a few people might bust out their browser fuzzing tools and see what they can find.

Worth a bit of effort if you can find 10 decent bugs in a couple of hours and net yourself $5000usd.

You can see the on the chromium project severity guidelines page the different severity ranking for bugs.

Other posts:

Google Translator Hacked

Some tips to enhance your SQL Server security

What is LDAP injection?

Some tips to enhance your SQL Server security

How to generate random numbers within a T-SQL query

Google Translator Hacked

Stanislas Biron — Fri, 29 Jan 2010 15:47:40 GMT

With all of the news about hacked e-mail accounts, it isn’t a big surprise that other Google services can be manipulated, too. Yesterday, politicking or pranking Russian translators forced a Google Translate mistranslation of four segments — “USA is to blame,” “Russia is to blame,” “Obama is to blame,” and “Medvedev is to blame” into English from Russian (click here to see a screenshot).

Google Переводчик (Translator) made the U.S. and President Obama blameless in the Russian translation (”USA is not to blame,” and “Obama is not to blame”, while placing blame on Russia and President Medvedev. Naturally, soon after the news went up, Google quickly fixed the translations.

According to Moscow News:

The same is true if the word combination is translated into Ukrainian and Belorussian. However, if the output translation is set to Spanish, French, German, and other European languages, it is translated correctly. […]

"These are translation bombs" said Alla Zabrovskaya, Google's Russian Public Relations Director. "We are not always able to weed them out, and it is good that our users find them, and let us know about them.

But the question that remains is: how many more of those mistranslations (or “translation bombs” as they call them) exists in the Google translation engine (or any others automatic translation engine)? Some of them should be very easy to spot (such as translation “White House” with “ Visit myspamsite.com”) but others will be spotted only through careful analysis of the translation.

The lessons learned here:

Crowdsourcing applications need protection against malicious manipulation because the wisdom of the crowd will more and more reflect the politics of its members.
Online translation applications are only as reliable as the crowd that feeds them. You should therefore never use those applications to translate important documents or messages. “Machine translation” is only useful to grasp the general meaning of a piece of content but nothing more.
If you need real professional translations, you should work with a real translation provider. Unlike automatic translation engines, they have the ability to garantee you that your message will be the same in every language.

Other posts:

In the news: Bing translator now supports Haitian Creole

Facts and Figures about the Language Industry

Some tips to enhance your SQL Server security

Big news in the translation industry

In the news: Bing translator now supports Haitian Creole

Stanislas Biron — Tue, 26 Jan 2010 15:06:45 GMT

Bing Translator> now comes with support for Haitian Creole, also referred to as Creole or Kreyòl, one of the two official languages in Haiti, along with French. Vikram Dendi, senior product manager, Microsoft Translator, notes that Microsoft has worked in order to introduce support for Haitian Creole at the request of the community involved in Haitian relief efforts. In this regard, Microsoft Research unveiled at the end of the past week an experimental machine translation system designed to allow users to translate to and from Haitian Creole.

“This is an experimental system put together in record time. While our typical approach to adding new languages involves significantly larger amounts of training, a higher threshold for quality testing – we decided that the upside warranted making the system available to the community at the earliest, and continue improving it subsequently. We are working diligently to keep improving the quality, but bear with us if you encounter problems. You can always contact us at mtcont at microsoft.com with feedback,” Dendi stated.

Machine translation associated with Haitian Creole is available not only in Bing Translator, but also via additional Microsoft Translator technologies, including services and application programming interfaces. An illustrative example in this regard, is the Messenger Translation Bot which can now speak Haitian Creole. All that users need do is add mtbot@hotmail.com to their messenger buddy list in Windows Live messenger and they will be able to talk with Kreyol speakers.

“The Haitian Creole translator is now part of the Microsoft Translator web service enabling many of the user scenarios powered by the service. Users can access the service through the Microsoft Translator web site. Developers would be interested in looking at our APIs – and choose from SOAP or HTTP (Support for Haitian in our AJAX API will be rolled out in the coming days),” Dendi added.

The Microsoft Translator API, the machine translation technology and services from Microsoft, including Bing Translator can be accessed and used completely free of charge. Developers can leverage the application programming interface in order to build apps or integrate translation services into websites with support for Haitian Creole.

“In the coming days expect to see support for Haitian Creole added to even more of our scenarios (Translator widget, Office etc) as well as the AJAX API. Known issues and announcements can also be found on our forums. We hope that this contribution proves useful to the various humanitarian efforts underway, and please stay tuned to this blog for further news on the Haitian Creole language support,” Dendi explained.

Source: Softpedia

In the news: Amazon Launches Kindle Software Development Kit

Stanislas Biron — Fri, 22 Jan 2010 16:04:16 GMT

Seattle-based Amazon.com said late Wednesday evening that it has launched a new, software development kit for its Kindle electronic reader.

According to Amazon, its new Kindle Development Kit allows developers to create active content for the Kindle, including mobile games, active content, links to web site data, and more. Among firms developing content for the Kindle are EA Mobile, the mobile games arm of Electronic Arts; Handmark, which is developing an active Zagat guide which pulls Zagat's online ratings and reviews onto the Kindle; and Sonic Boom, which is building word games and puzzles for the electronic reader.

Amazon said it will be providing a limited beta to participants who want to access the development kit, which includes sample code, documentation, and a Kindle Simulator which runs on Mac, PC, and Linux desktops.

Other posts:

Huge List of Dumb and Crazy Laws in the United States

Some tips to enhance your SQL Server security

Facts and Figures about the Language Industry

Non-Latin internet addresses

How-To: hiring and managing geeks
>>

Non-Latin internet addresses

Stanislas Biron — Tue, 22 Dec 2009 15:40:43 GMT

After a long wait, ICANN (the Internet Corporation for Assigned Names and Numbers) has finally taken some steps to make web-addresses that are not based on the Latin alphabet a reality. In other words, the Internet is going to get a lot more friendlier for a major part of the global population.

A proposal for the use of non-English characters in web addresses is up for consideration. The proposed change is called Internationalized Domain Names or IDNs. At present non-English characters can only be used in a section of a web address. Once IDNs become a reality, native web-users from Japan, China, Russia, Arabia and Korea and many other nations will be able to fully browse through the net in their very own languages. The most obvious result of this development would be a significant leap in internet usage across many parts of the world. Another result of this development will be a growing need for translation services and localization because of the rise of cultural and linguistic diversity within the online population.

From the press release:

"The coming introduction of non-Latin characters represents the biggest technical change to the Internet since it was created four decades ago," said ICANN chairman Peter Dengate Thrush. "Right now Internet address endings are limited to Latin characters – A to Z. But the Fast Track Process is the first step in bringing the 100,000 characters of the languages of the world online for domain names."

Though they have not been put to use on a global scale, IDNs are not a new concept, on the contrary they been hotly debated for around a decade. There has been a lot of doubt about whether IDNs as a concept could work, however thanks to countries like China and the fact that over half of the 1.6 billion internet users are not familiar with Latin characters, ICANN has been led to consider IDN.

The organization has been testing the translation technology that can convert from one character set to another and deliver the correct address for over a couple of years now and is confident about its success. ICANN will be reviewing this historic proposal at the 36th International Public Meeting in Seoul and if the body approves it then we could be seeing the use of IDNs by mid of the coming year.

Other posts :

Facts and Figures about the Language Industry

The Best Damn Web Marketing Checklist, Period!

How to generate random numbers within a T-SQL query

Domain registration and one full year of Web hosting for Free!

Free software tools for students
>>
Big news in the translation industry

Google Native Client Security - Hacking Contest - You could win $8,192 USD!

Stanislas Biron — Wed, 11 Mar 2009 13:57:37 GMT

What is Native Client?

Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps.

About the contest

Do you think it is impossible to safely run untrusted x86 code on the web? Do you want a chance to impress a panel of some of the top security experts in the world? Then submit an exploit to the Native Client Security Contest and you could also win cash prizes, not to mention bragging rights.

What is the contest

This is a contest with the goal to test the security of Native Client.

To participate, you will need to:

Register yourself (or your team)

Download our latest build

Join the NaCl discussion group

Report the exploits you find to our team

When

You can register for the contest on Wednesday, February 25th 2009. The contest will end on Tuesday, May 5th 2009 at 11:59:59 Pacific time. Sign up early to start reporting exploits as soon as possible.

What’s in it for you

Participating in the contest means that you will engage with early stage research technology. In addition, your work will be reviewed by a panel of security experts from some of the world’s most renowned universities, chaired by Edward Felten of Princeton University. Finally, by submitting high impact bug(s), you will also have the chance to compete to win one of our five cash prizes, as well as the recognition of your peers.

Eligible participants that are ranked in the top 5 positions of the competition by Judges will receive the following awards in U.S. Dollars based on their rank:

1st prize: $8,192.00
2nd prize: $4,096.00
3rd prize: $2,048.00
4th prize: $1,024.00
5th prize: $1,024.00

Winning Entries will be announced on or about December 7th.

Details at:

http://code.google.com/contests/nativeclient-security/

Domain registration and one full year of Web hosting for Free!

Stanislas Biron — Fri, 20 Feb 2009 20:41:02 GMT

The words “free” and “Microsoft” don’t often appear in the same sentence, so imagine my surprise at discovering this deal: a free custom domain name, free Web hosting, free e-mail accounts, and more.

As you might expect from the name, Microsoft Office Live Small Business has a decidedly business focus–but that doesn’t mean you can’t use it for a personal site.

The freebie account includes not only the domain (any available .com, .net, .org, or .info address), but also site-building tools, reporting tools, project and document managers, 100 e-mail addresses, and collaboration-minded online workspaces. You get 500MB of storage, too.

So what’s the catch? There really isn’t one, though the free domain hosting expires after one year. After that, it’ll run you $14.95 annually.

Photo by Microsoft.

Microsoft Silverlight 3 features

Stanislas Biron — Mon, 02 Feb 2009 20:02:34 GMT

According to Silverlight Development Team Leader, Scott Guthrie, the next Silverlight release is planned for 2009. The new Silverlight 3 will bring in a lot of new features and cool stuff. Here is a small list of the most important new features :

New media enhancements (including H.264 video support)

Major graphics improvements (including 3D support and GPU hardware acceleration)

Application development improvements (including richer data-binding support and additional controls)

The possibility for a Silverlight 3 application to run outside the browser

BusinessWeek hit by SQL Injection attack

Stanislas Biron — Fri, 28 Nov 2008 17:51:21 GMT

It’s stunning to see how many website are still vulnerable to SQL Injection attacks. Many SQL Injection worms are circulating right now and are dropping malicious code in thousands of databases. Even major sites are vulnerable to this type of attack. BusinessWeek, the world-class magazine, was a victim of this kind of attack last September.

From the article at Net-Security:

Folks from Sophos have discovered that the website of BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect its readership with malware.

Hundreds of webpages in a section of BusinessWeek’s website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site's underlying database - to pepper pages with code that tries to download malware from a Russian web server.

At the time of writing, the code injected into BusinessWeek’s website points to a Russian website that is currently down and not delivering further malicious code. However, it could be revived at any time, infecting hundreds of MBA students looking for high-earning jobs. Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers' scripts are still present and active on their site.

This goes to show you that, if you are the developer of an internet facing website (or an intranet for that matter), you need to commit yourself to enhance it’s security against these kind of threats. Everyone should adopt secure coding practices as there is no site that will be spared. More and more we will see automated SQL Injection attacks using crawlers, worms and bots and.

Free software tools for students

Stanislas Biron — Thu, 27 Nov 2008 19:16:58 GMT

As a follow-up on my post on Bizspark, Microsoft’s initiative to provide startups with free versions of their software, here is DreamSpark.

Basically, DreamSpark is the same thing as Bizspark but aimed at students all over the world. DreamSpark is simple, it's all about giving students Microsoft professional-level developer and design tools at no charge. DreamSpark enables students to download and use Microsoft developer, designer, gaming tools, Windows Server 2008 and more. In order to access the softwares available on DreamSpark, students only need to verify their student status once every 12 months.

The full list of software that is available for free on DreamSpark’s site is:

Visual Studio 2008 Professional Edition

Visual Studio 2005 Professional Edition

Expression Studio 2 (includes Web, Blend, Media and Design)

SQL Server 2008 Developer Edition

Windows Server 2008 Standard Edition

IT Academy Student Pass

Robotics Developers Studio 2008

SQL Server 2008 Express Edition

Visual Studio 2008 Express Edition

XNA Game Studio 2.0 (with 12-month Creators Club Student trial membership)

Virtual PC 2007

The Microsoft developer, designer and gaming tools available on DreamSpark are NOT 30-day trial versions; they’re the complete and full professional grade versions. >>
There is a little problem however. If you’re living in Canada like me (and probably in other places too), not every university is participating in this program. Here is the list of the canadian’s universities that are participating as of today:

ISIC

McGill University

Queen’s University

Simon Fraser University

University of Alberta

University of Calgary

University of Gelph

University of Ottawa

University of Saskatchewan

University of Toronto

University of Windsor

York University

So, if you’re canadian and not a student of one of these universities, you can’t benefit from this program right now. However, i’m sure that Microsoft is working on integrating more universities into their program.

If you want to have your university added to this program, or if you are a administrator of a university that isn’t currently on Microsoft’s list, go to this page to get more information about enrolling.

Microsoft BizSpark - Free MS software for startups

Stanislas Biron — Wed, 05 Nov 2008 16:13:54 GMT

Microsoft is launching a new program focused on helping Startups get up and running. The program is called BizSpark and according to Microsoft, the biggest benefits are

Software. Receive fast and easy access to current full-featured Microsoft development tools, platform technologies, and production licenses of server products for immediate use in developing and bringing to market innovative and interoperable solutions. There is no upfront cost to enroll.
Support. Get connected to Network Partners around the world — incubators, investors, advisors, government agencies and hosters — that are equally involved and vested in software-fueled innovation and entrepreneurship who will provide a wide range of support resources
Visibility. Achieve global visibility to an audience of potential investors, clients and partners

Basically, you enroll and are given access to a almost all the nessecary server and development software you need. The server licenses are even prouduction grade, so you can deploy (from what I can tell) cheaply. You are getting a high end MSDN subscription and a lot more, all for free.

Big news in the translation industry

Stanislas Biron — Tue, 05 Aug 2008 15:28:52 GMT

The word on the street is that google is about to launch a new translation service. Called “Google Translation Center”, this service will:

Connect translators with clients

Let translators work for free or charge their clients for their work.

Let translators translate their documents online

Provide translators with a CAT (computer assisted translation) tool similar to the other tools available on the market

From the article at techcrunch:

If you have a document that needs translating, you can upload it and request a translator to work on it, according to the marketing information on the site. The Translation Center is set up as a marketplace for matching translators with people who need texts translated. It supports both paid translations and volunteer ones.

Also, Google doesn’t want to take part, for now, in the payment process. They state in their terms of service:

Your interaction with any third party participant(s) or user(s) within Google Translation Center, including payment and delivery of goods and services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and such third party participant(s) or user(s) and Google is not involved in such dealings.

Translations created in Google Translation Center are purely between the translation requester and the translators.

As a R&D Director for a translation firm in Canada, this news rapidly caught my eye. Here is my breakdown of the impact this new service will have and my humble predictions:

So, what does all of this means for the translation industry

For translator networks:

This will surely steal business from a lot of web sites connecting translators to clients such as elance and craiglist, but not enough to get them out of business since they have more than translation projects in their portfolio.

For professional freelance translators:

For a lot of them, this will probably become their primary portal since Google is very good at indexing other sources of data than just theirs (just check the sources of the videos featured on google video and you will see what I mean). They will probably index every translator gig available in the world and provide translators with a portal to search, maybe bid on them and execute the translation.

For professional translation firms:

For translation firms, this is neither a good or a bad news. They will lose maybe a handful of customers due to the fact that they will get very cheap translations on Google platform. But, this is one industry where the saying “You get what you pay for” is really true. You won’t have any quality assurance when using this kind of service and, for many customers, this matters a lot. The quality of the corporate communications is a mirror of the company’s professionalism. And when you are a major bank, or in the medical industry (where a typo in a prescription can effectively kill someone), you can’t afford low quality translation. And you never will be safe with the quality of the translation provided by Google’s service (or any other online service for that matter) because the reviser might be your old Uncle Joe who runs only Word’s spell-checker on your document.

For translator tools software vendors:

This will probably be the main spot in the industry where the impact if this service will be felt. For these vendors, the whole market of freelancers is at risk since they will have access to a CAT tool and translation memories for free. The only market that will be left for them after the service will be mainstream is the big translation firms, for the reasons stated above.

For the future of Google’s platform:

The big challenge for google with this platform is to keep away the spammers. How easy will it be to log-in as a “fake translator” add advertising into a document. Then, when the client get his translation, he will be directly hit by the ad when reviewing this document. Or worse, the ad won’t be caught (very possible case since you won’t know every language your document/brochure/Web site/etc. has been translated into) and will be published as a part of that document. The worst case scenario for Google is that all the email spammers will use their platform to publish their ads, since the email rarely even get opened by the target of spammers. But inserting spam as part of a translation in a legitimate document will be a lot more effective.

UPDATE: Google removed most of the pages and reference documents (all URLs are now redirected to google’s main page).

Amazon's new payment service

Stanislas Biron — Thu, 31 Jul 2008 13:37:49 GMT

AppScout has a good article on the new Amazon’s payment service:

Amazon on Tuesday unveiled two new payment options that allow Web site owners to shift payment transactions to the online retailer.
With Checkout by Amazon, webmasters will get help from Amazon in managing shipping charges, sales tax, promotions, and post-sale activities including shipments, refunds, cancellations, and charge backs.
Amazon Simple Pay, meanwhile, is a less complicated option for those who don't need Amazon's end-to-end checkout pipeline and order management capabilities.
To enable Checkout by Amazon, webmasters must add Amazon 1-Click to their Amazon.com account and insert a few lines of code into their Web site template. When customers go to check out of the site, they click the "Checkout with Amazon" button, a widget pops up asking for a shipping address, and customers buy via Amazon's 1-Click. Amazon sends them a confirmation e-mail, and users remain on your site.

Click here to read more

Mix08 Sessions

Stanislas Biron — Thu, 22 May 2008 14:15:28 GMT

All the Mix08 sessions are online !

I also found this blog post with links to the wmv of all 88 sessions if you want to watch them offline.

In the news today: The .NET Framework 3.5 source code is going to be released!

Stanislas Biron — Wed, 03 Oct 2007 19:37:44 GMT

It’s simply amazing! Scott Guthrie announced today that the .NET framework source code is going to be released later this year. He says it will be released at the same time that Visual Studio 2008 and the 3.5 Framework are going to be released. This means that you will be able to drill down inside the framework when debugging your applications in Visual Studio 2008.

This is a bold move from Microsoft’s part by any standards. I think the motivation behind this release is two-fold:

1. This seems to be part of a larger company-wide politic to show to developers that Microsoft genuinely care about them.

2. They also need to work with the flow. More and more, tools like Lutz Roeder’s .NET Reflector (a utility and Visual Studio plugin to decompile and visualize .NET assemblies) are becoming popular and the Framework is, for all intent and purposes, already opened and ripped apart. I look at classes of the framework myself using this tool from time to time.

All that being said, this is really great news and I can’t wait to play with this and see the internals of the framework “in action”.

Click here to view the full article from Scott.

If you don’t know who Scott Guthrie is.. Well he’s the team leader for :

IIS

ASP.NET

The AJAX Toolkit

The CLR

The Compact Framework

Windows Forms

Commerce Server

Visual Web Developer 2005

Visual Studio Tools for WPF

In others words, if you love your job as a programmer using Microsoft’s technologies, it’s because of this guy.

Tags: .NET, News