SpaceX preps upgraded Falcon 9 for return to flight

A SpaceX Falcon 9 rocket stands poised for launch Sunday from the Cape Canaveral Air Force Station to boost 11 Orbcomm data relay satellites into orbit.

Orbcomm

In another first, the Falcon 9 will use colder, denser-than-usual liquid oxygen and kerosene propellants, a significant upgrade allowing the booster's nine Merlin 1D first-stage engines to generate more power, increasing their combined liftoff thrust from 1.3 million pounds to 1.5 million, or 170,000 pounds of thrust per engine.
The new system, including extensive launch pad modifications, was put to the test last week when the rocket was erected at the pad and fueled for an engine test firing. Engineers ran into a variety of glitches that ultimately delayed the "static" firing for two days. But on Friday, the work paid off and the engines were briefly ignited to verify good performance.
Now, with forecasters predicting a 90 percent chance of favorable weather, liftoff from launch complex 40 at the Cape Canaveral Air Force Station is targeted for 8:29 p.m. EST (GMT-5) Sunday.
"Currently looking good for a Sunday night ... attempted orbital launch and rocket landing at Cape Canaveral," SpaceX founder and chief designer Elon Musk tweeted after the successful engine test firing.
Increasing the Falcon 9's thrust will allow SpaceX to launch heavier payloads, a key issue in the commercial satellite industry. Perhaps more important over the long haul, Musk believes the only way to dramatically lower launch costs is to recover, refurbish and reuse spent rocket stages.

A computer graphic showing a SpaceX Falcon 9 first stage attempting a powered landing. The company plans to attempt a landing at the Cape Canaveral Air Force Station after launch Sunday evening.

SpaceX

Amazon-founder Jeff Bezos agrees, and his New Shepard sub-orbital rocket, intended to boost passengers to the edge of space, recently carried out a successful landing in Texas after an unpiloted test flight. But sub-orbital rockets experience far less stress and much lower velocities than boosters taking off on flights to orbit, and getting a Falcon 9 stage safely back to Earth is a daunting technological challenge.Before Sunday's flight, SpaceX had carried out two attempts to land a Falcon 9 first stage on an off-shore barge, demonstrating the booster's ability to autonomously slow down, re-enter the atmosphere and descend to a powered, tail-first landing.
In the first attempt, a hydraulic system failure resulted in a crash landing on the barge. In the second, the booster managed to set down on the barge but tipped over and exploded.
In both cases, the rocket's control software worked properly and left little doubt SpaceX could get a Falcon 9 first stage back to a landing target. But the Air Force, which manages the Florida launch site, had to be convinced a returning booster posed no credible threat to life or property.
Like all rockets launched from the East Coast, the Falcon 9 was equipped with a self-destruct system under the control of Air Force range safety officers.
While no details have been provided, SpaceX was cleared to attempt a touchdown Sunday at "Landing Site 1," an abandoned Atlas ICBM launch complex the company leases at the Cape Canaveral Air Force Station. Area residents were warned they might hear a sonic boom during the booster's approach.
Playing it safe, the Air Force was expected to enforce a large buffer zone, clearing personnel from the immediate area in case the returning rocket somehow went awry. News media, which typically cover SpaceX launchings from a causeway about three miles from the pad, were relocated to Port Canaveral some 14 miles from the launch site and about eight miles from the landing zone.
But the landing attempt, however important to SpaceX's long-range plans, was a purely secondary objective for Sunday's launch. The primary goals of the flight were to test the new rocket and to deploy 11 small Orbcomm satellites, each weighing about 380 pounds, into a 400-mile-high orbit. The satellites are part of a growing constellation of Orbcomm spacecraft that provides data relay services.
The company launched six satellites on a previous SpaceX mission, although one failed after reaching orbit. Overall, Orbcomm operates a constellation of 34 spacecraft.
Orbcomm CEO Marc Eisenberg told Spaceflight Now that his company has enjoyed a good relationship with SpaceX and that he had no qualms being the first customer on the upgraded Falcon 9.
"This is certainly an upgraded rocket," he said. "There's also, if you look at the margins and everything, there's a little bit more redundancy in this rocket as well. I'm feeling pretty good about that. Return-to-flight missions also typically have better success rates than standard missions, but you're also aware that you need your backup plans just in case, and there's a reason to buy insurance."
The upgraded Falcon 9 is five feet taller than the previous version -- 229 feet -- and features an extended "interstage" section separating the first and second stages, along with an improved stage separation system. The second stage propellant tanks were extended and its single Merlin 1D engine features a longer nozzle and can generate 210,000 pounds of thrust in vacuum.
All 10 engines burn refined kerosene fuel, known as RP-1, and liquid oxygen. Liquid oxygen has a temperature of around minus 298 degrees Fahrenheit, but during tests last week Musk tweeted the oxygen on board the upgraded rocket is cooled to minus 340 degrees. The RP-1, which normally is stored at a room temperature 70 degrees, is chilled to 20 degrees.

A SpaceX Falcon 9 rocket breaks apart during launch June 28 when its second stage liquid oxygen tank ruptured due to a strut failure.

NASA TV

"One of the things we're doing for the first time, the first time I think anyone's done it, is deeply cryogenic propellant," Musk said last week at the fall meeting of the American Geophysical Union in San Francisco. "We're sub-cooling the propellant, particularly the liquid oxygen, close to its freezing point, which increases the density quite significantly."The thrust is higher, we've improved the stage separation system, we stretched the upper stage of the rocket to add more propellant to that. There are a number of other improvements in electronics. It's a significantly improved rocket from the last one."
The launching was a critical milestone for SpaceX.
Along with clearing the way for two more launches in January, a successful flight Sunday also was expected to help pave the way for SpaceX to resume space station cargo delivery flights in early February under a $1.6 billion contract with NASA to deliver some 44,000 pounds of cargo and supplies over 12 flights.
The company's seventh operational resupply mission ended in a spectacular failure June 28 when a defective strut inside a Falcon 9's second stage liquid oxygen tank broke away, releasing a high-pressure helium tank and triggering a catastrophic in-flight breakup.
After a lengthy failure investigation, SpaceX took action to make sure no defective struts could find their way into downstream rockets. At the same time, engineers pressed ahead with the modifications allowing the rocket to generate additional launch power through the use of densified liquid oxygen.
Given the failure in June, NASA managers told Musk the agency did not want to resume SpaceX resupply flights until after the upgraded rocket had flown at least once. Along with the Orbcomm launch Sunday, SpaceX plans to launch an SES communications satellite sometime in January, along with a NASA ocean research satellite on Jan. 17.
The SES launch will use the upgraded Falcon 9 while the NASA research satellite uses the earlier version.
Assuming those flights go well, NASA is targeting Feb. 7 for the next SpaceX station resupply flight.
SpaceX is one of two companies with NASA resupply contracts. Orbital ATK holds a $1.9 billion contract with NASA to deliver some 20 tons of supplies and equipment. Like SpaceX, Orbital suffered a catastrophic launch failure Oct. 28, 2014, when a company-designed Antares rocket exploded seconds after liftoff.
The disaster grounded Orbital for a full year, but the company returned to flight Dec. 3 using a United Launch Alliance Atlas 5 rocket to boost a Cygnus cargo ship to the space station. Another Atlas 5/Cygnus launch is planned for March 10, following by the first flight of a redesigned Antares at the end of May.
While Orbital hopes to sell its Antares for commercial flights down the road, NASA is the rocket's only current customer. SpaceX is relying on its upgraded Falcon 9 to carry a full manifest of NASA, military and civilian satellites into orbit.

Read More

2016 Infiniti QX60 is refined, not reinvented

• 

Previous Next

Infiniti rolled out updates to its Q50 sedan and QX60 three-row crossover at the same time, but the company took two different approaches to revitalizing its vehicles. Whereas the Q50 focused on adding loads of new tech and lacked exterior refreshing, the QX60 keeps the underpinnings mostly the same, instead relying on a fresh new exterior.
The changes are tough to discern from far away, but if you get up close, they're pretty apparent. Up front, Infiniti redesigned the grille and added thinner headlights that incorporate more LEDs than before. The rear hatch has some new chrome trim and there's a new shark fin-style antenna on the roof. The QX60's parking sensors have been updated, as well, no longer requiring large, unsightly bevels.

2016 Infiniti QX60 raises the bar on design... See full gallery

1 - 4 of 7

Next Prev

Infiniti slightly tweaked the suspension and chassis, as well. The shocks and springs have been retuned for additional ride comfort, and new all-season tires should help cut down on road noise. The power steering has also been tweaked for better response. To mitigate any powertrain vibration, there are new motor mounts, as well.
The powertrain is largely unchanged -- the QX60 retains the same 265-horsepower, 3.5-liter, six-cylinder engine as before, mated to a continuously variable transmission. The car is also available as a 250-hp hybrid, both of which feature all-wheel drive as an optional upgrade.
Inside, there's thicker front glass for better road-noise mitigation, softer-touch materials on the upper instrument panel and a new design for the gearshift lever. Non-hybrid models also feature three additional USB ports, but other than that, the interior is no different than it was before.
The QX60 goes on sale "later in 2016," according to the automaker. It did not give any further information on release dates, market availability or pricing.

Read More

Mozilla updates Firefox, abandons Thunderbird and Firefox OS

16 Dec 2015 , 16:28

While it intends to stop work on its chat software Thunderbird and to slow down the development of its alternative mobile operating system Firefox OS, the Mozilla Foundation has unveiled a new update for its internet browser Firefox (43.0).
This new version of Firefox reflects an increasing battle against ad trackers. The idea is to optimize blocking of all these trackers in order to guarantee better privacy protection as well as an increased page loading rate. Net surfers now have a choice between blocking by default, classic blocking, and the possibility of blocking absolutely all types of tracker, with the risk of making some sites unstable.
Another new feature is address bar search suggestions, provided that the browsing history is retained. And lastly, Firefox automatically deactivates all the extensions which are not Mozilla’s. It is then possible to reactivate them one by one.
This update comes at a tricky time for Mozilla, which has recently announced its intention to halt the development of its free and alternative mobile operating system, Firefox OS, which is aimed at smartphones. Launched less than three years ago, it is currently available in about 40 countries via low-cost offerings from local operators. Conscious of not offering the best user experience after several years of development, Mozilla has nonetheless decided to continue to try it out on connected devices.
In addition, the Mozilla Foundation is set to drop Thunderbird, its famous messaging software, the development of which has been abandoned for several years. Mozilla is therefore concentrating on its star browser more than ever.
Firefox has recently become available for iOS, where it offers private browsing (no browsing history or cookies recorded) and the option for users to sync their account and access their favorites, browsing history and passwords whatever the device used. Firefox has already long been available for Android.

Read More

Mozilla Releases Firefox 64-bit for Windows

Mozilla this week released a version of its Firefox browser that's optimized for those with 64-bit Windows systems.
Firefox 64-bit for Windows works on Windows 7 and above and is available on the Firefox All Systems page.
Mozilla said the upgrade should result in "added performance for applications and games." Don't be surprised, though, if certain sites requiring plugins that worked in previous 32-bit versions don't work in Firefox 64-bit for Windows.
In October, Mozilla announced plans to end support for the aging Netscape Plugin Application Programming Interface (NPAPI) by the end of 2016. Once essential to the Web experience, NPAPI has been replaced by streaming video, advanced graphics, and gaming features.
Also this week, Mozilla rolled out more user control over how data is shared in Firefox; folks can now block additional trackers in Private Browsing with Tracking Protection.
Introduced in early November, the Windows, Mac, Android, and Linux-based program prevents sites from gathering data about your Web activity. While browsing in a private window, it blocks ads, analytics trackers, social share buttons, and other content that may record behavior without your knowledge.

Read More

Court blocks WhatsApp Brazil message service for 48 hours

Short term measure: SindiTelebrasil said it received the order to shut off WhatsApp text message and Internet voice telephone service for smartphones throughout Latin America's largest country on the afternoon of Dec 16. — Reuters

RIO DE JANEIRO: Access in Brazil to the WhatsApp phone-messaging application was cut off early on Dec 17 after a Brazilian judge told local phone companies to block the popular service for 48 hours for failure to comply with a July court order in a criminal case. 
SindiTelebrasil, a Brazilian phone-company association, said it received the order to shut off WhatsApp text message and Internet voice telephone service for smartphones throughout Latin America's largest country on the afternoon of Dec 16. The association's members put the blockade into effect at midnight (0200 GMT Thursday) as required by the court. 
"We are disappointed in the short-sighted decision to cut off access to WhatsApp, a communication tool that so many Brazilians have come to depend on, and sad to see Brazil isolate itself from the rest of the world," said Jan Koum, chief executive of WhatsApp, in a statement posted on Facebook. 
Brazilian phone companies have sought and failed to get the government to limit use of free voice-over-Internet (VOIP) services offered through WhatsApp, which is owned by Facebook Inc. The phone companies say the free WhatsApp calls undermine their own services. 

advertisement

However, the shutdown order stems from a criminal proceeding in the Sao Paulo State Justice Tribunal in São Bernardo do Campo, the court said in a statement. SindiTelebrasil said it and its members are not party to the case. 
As part of that case, WhatsApp has failed to comply with a judicial order issued July 23, the court said. Mountain View, California-based WhatsApp was notified again on Aug 7 when the court set a fine for non-compliance. 
On Dec 16, after finding WhatsApp in continued non-compliance, Judge Sandra Regina Nostre Marques ordered the 48-hour shut-down under terms of the country's Internet legislation, the statement said. 
The name of the petitioner seeking the injunction before the criminal court as well as other details of the case are being kept secret by the judge, as is allowed under Brazilian law. 
WhatsApp and Facebook did not immediately respond to questions about the judge's reasons for the ban. — Reuters

Read More

Google's top trending topics of 2015 include the hottest gadgets in tech

Globally, the biggest search spikes were for breaking news and entertainment. But nerds like us searched for gadgets, gadgets, and more gadgets.

Credit: Florence Ion

Susie Ochs | @sfsooz

Executive Editor, Macworld

• Dec 16, 2015 11:34 AM

If the eyes are the windows to the soul, the things we search Google for day in and day out might be the windows to our brains—or at least what most captured our minds, as a global society, during the past year.
Google on Wednesday released its lists of the biggest trending topics of 2015, namely the ones that got the biggest spike this year versus 2014. The lists are presented interactively, letting you refine the search by country, drill down by topic, and even flash back to earlier years to see how our online obsessions have changed over time.

Globally, the top 10 biggest trending topics include a mix of entertainment and breaking news, sometimes both, as in the case of the No. 1 search, “Lamar Odom.” The retired NBA star and estranged husband of Khloe Kardashian fell into a coma in October of this year, which means searches for him must have spiked a lot to take the crown for all of 2015. The top 10 is rounded out by Charlie Hebdo, Agar.io (a hit browser game that was ported to iOS and Android), Jurassic World, Paris, Furious 7, Fallout 4, Ronda Rousey, Caitlyn Jenner, and American Sniper.
More interesting to nerds like us is probably the list of consumer tech trending topics, a distilled look at the hardware we were most fascinated by in 2015. That includes:

10. Surface Pro 4

Rob Schultz

PCWorld’s Mark Hachman loves his Surface Pro 4, explaining in his review, “The combination of an Intel Skylake chip, a new Type Cover keyboard, and faster SSD speed help push the Surface Pro 4 into a higher echelon of performance.” The only tablets that made this list are aimed at people who want to get serious work done, an interesting trend in itself.

9. Nexus 6P

Adam Patrick Murray

For the pure Android experience, you can’t beat a Nexus phone, and the Huawei-made Nexus 6P turned plenty of heads this year. In her review, Greenbot’s Florence Ion called it not just “the best Nexus ever” but “the best premium Android phone on the market.”

8. HTC One M9

Greenbot’s Florence Ion had mixed feelings about the latest flagship phone from HTC, calling it “a disappointingly good phone,” for not iterating enough compared to last year. Kind of makes you want to Google it to find out more, doesn’t it?

7. Samsung Galaxy J5

Samsung

This phone is only available in India, which means we don’t have any hands-on experience with it, but it generated tons of interest in that part of the world. The Galaxy J5’s big selling points are data compression and restrictions on background data, to save customers both data and battery life.

6. Samsung Galaxy Note 5

Florence Ion

The world likes big phones, and our Google searches cannot lie. In her Greenbot review, Florence Ion says that Samsung’s killer phablet is “so good at everything it does, it outshines the rest of the Galaxy family.” Yes, even the No. 2 gadget on this very list…

5. LG G4

Rob Schultz

Jon Phillips found a lot to like about the LG G4 in his Greenbot review, praising it for old-school features like a removable battery and expandable microSD storage. Florence Ion even crowned it the winner of a camera shootout with the Galaxy S6.

4. iPad Pro

Apple

Apple’s tablet went big this year, with a 12.9-inch model aimed at power users who want to run two full-sized apps side-by-side, or take advantage of the pressure-sensitive Apple Pencil drawing tool. Writing for Macworld, Susie Ochs says it makes “a rightful claim on the name Pro,” but may not be worth the premium price for more casual iPad users.

3. Apple Watch

Susie Ochs

The only smartwatch to crack the top 10 trending topics, the Apple Watch had a slow rollout beginning in April (we wonder how many searches were driven by its only-available-online exclusivity), but quickly clawed its way to the top of the nascent smartwatch market. In Macworld’s review, Susie Ochs called it “a lovely piece of hardware” even while being frustrated by its version–1 shortcomings.

2. Samsung Galaxy S6

Florence Ion

Samsung’s flagship phone debuted this spring, bringing major improvements over the previous version. Greenbot’s Florence Ion says in her review, “The Galaxy S6 is evidence that the company has finally figured out that premium phones should look and feel premium. It’s fast, powerful, battery efficient, and quite frankly it’s one of the best Android devices I’ve ever used.”

1. iPhone 6s

Jason Snell

The world’s biggest trending tech topic is—obviously—the world’s most popular single phone. Apple moved record numbers of its iPhone 6s this year, thanks in large part to the device’s runaway popularity in China. In the Macworld review, Jason Snell fought back at claims that Apple’s “S year” phones don’t innovate enough, saying, “The iPhone 6s and 6s Plus offer some major improvements, with better cameras (front and back), much faster processors, more responsive Touch ID, and the single biggest improvement to the iPhone’s user interface in its history. But other than that, y’know, no big deal.”

Read More

VisionTek's new Pocket SSD delivers PC-sized storage in a flash drive-sized package VisionTek's Pocket SSD slips into your pocket, but it's faster than the hard drive in your PC—and just as spacious.

Brad Chacos | @BradChacos

Senior Editor, PCWorld

• Dec 16, 2015 8:40 AM

Hard drives are sooo 2010. VisionTek just released an SSD-on-a-stick that could be the perfect complement to your PC-on-a-stick, or any other computer that needs a quick, yet spacious storage boost.
The VisionTek USB 3.0 Pocket SSD lineup appears to be mere thumb drives on the outside—albeit ones clad in snazzy aircraft-grade aluminum—but on the inside, they offer SSD-sized storage: 128GB ($90), 256GB ($150), and a whopping 512GB ($280). As the name implies, VisionTek’s tiny USB 3.0 Pocket SSD slips into your computer’s USB 3.0 port, where it delivers read/write speeds of up to 450MBps/155MBps. Being restrained by the limits of the USB 3.0 interface, that’s nowhere near as fast as modern internal SSDs, but it’s still speedier than many traditional hard drives—and hey, it’s portable! This could be a solid solution for schlepping your movie collection and Steam library from PC to PC.
VisionTek’s Pocket SSD lineup is slated to launch later this month in North America, and as USB devices, they’ll work with Macs, Windows devices, and Linux PCs. Stay tuned! We have a review sample inbound to deliver you a no-nonsense verdict sooner rather than later.
The story behind the story: Flash drives aren’t just for stashing documents on anymore—they’re getting as spacious as SSDs and faster than the spinning hard drives found in most PCs. Wondering how you can put something like the VisionTek Pocket SSD to good use? Be sure to check out PCWorld’s guide to five insanely powerful tools you won’t believe can fit on a flash drive.

Read More

California opens road to public use of autonomous cars Manufacturers could start leasing autonomous cars to the public

A Google self-driving navigates streets near the company's headquarters in Mountain View, California, on June 29, 2015. Credit: Martyn Williams

Martyn Williams

IDG News Service

• Dec 16, 2015 10:06 AM

California has published the world's first regulations dealing with the routine use of autonomous cars on city streets -- a big step toward the day when computers, not humans, are in charge of cars.
But the draft rules published on Wednesday don't go as far as some companies might have hoped. For now, they specifically exclude fully autonomous driverless cars that wouldn't even have a steering wheel.

Currently, use of autonomous vehicles has been restricted to trained employees of companies like Google, Mercedes Benz and Toyota, but the draft rules propose the general public be allowed to operate the vehicles.
This could, for example, allow car makers to lease autonomous vehicles to members of the public -- something that would provide valuable real-world data about the car's performance and its ability to handle diverse traffic situations.
Anyone hoping to jump in the driver's seat of an autonomous car will need to hold a regular driving license and an additional autonomous vehicle operator certificate issued by the DMV (Department of Motor Vehicles), according to the proposed regulations.

Martyn Williams

A Google self-driving navigates streets near the company's headquarters in Mountain View, California, on June 29, 2015.

The operator won't be able to sit back and take their eyes off the road. They must be ready to take over from the computer at any time should it encounter a problem. The operator will also be responsible for safe operation of the car and any traffic tickets.
Car makers will have to certify the car's safety and put it through a third-party safety test to demonstrate its ability to perform maneuvers typical of real-world road conditions. And as a condition of their three-year deployment permits, car makers will have to report monthly on their performance, safety and usage.
A key aspect of the new regulations also cover cybersecurity and privacy.

Car makers will have to disclose to drivers any information the autonomous vehicle collects that is not necessary for safe operation of the vehicle and obtain written approval to collect it.
And cars will have to be able to detect cyberattacks or unauthorized intrusions and include an override system that gives the human operator control of the vehicle in the event of such an attack.
Consumer Watchdog, a Los Angeles-based consumer advocacy group that has been petitioning the DMV to take a methodical approach to the regulations and avoid pressure from car makers, says it is generally happy with the proposed rules.
"We've long been advocates of the notion that if you are to have a so-called self-driving car, you’ll need a steering wheel and pedals and licensed driver capable of taking over if something goes wrong," said John Simpson, an advocate at the organization. "We’re glad the DMV has taken that approach."
The rules published on Wednesday are still just a draft. They have to go through a rule-making process that is expected to take at least half a year, so they aren't likely to become law until the second half of 2016.
There are already just over 100 autonomous driving prototypes on the streets in California. About three-quarters of them are owned by Google X and tested daily on trips around the company's Mountain View headquarters. Many of the Google cars are capable of operating completely driverless for most of each journey but employees are still capable or taking over should there be a problem.

Martyn Williams

A Google self-driving navigates streets near the company's headquarters in Mountain View, California, on June 29, 2015.

The technology to remove the driver control is a good deal more advanced and the DMV said it needs more time to examine the unique issues posed by truly driverless cars.
"Given the potential risks associated with deployment of such a new technology, DMV believes that manufacturers need to obtain more experience in testing driverless vehicles on public roads prior to making this technology available to the general public," the DMV said in the draft rules.
The DMV anticipates publishing rules governing such fully driverless cars in the future.
Another 10 automakers are also part of the DMV's program, including Ford, which announced its driverless car plans yesterday.

Ford

A Ford Fusion prototype autonomous vehicle shown outside the company's research lab in Palo Alto, California.

While the new regulations pave the way to wider use of the cars, current technology will still limit the geographic area in which they can travel. Most autonomous cars use LIDAR (light detection and ranging) sensors on the roof to produce an accurate, laser scan of the surroundings.
The cars aren't sophisticated enough to analyze images on the fly and instead match them to a database of previously recorded images. That means the cars are restricted in autonomous mode to premapped roads. But that, as with all technology, is expected to improve with more research.
The DMV will hold two public meetings to get feedback from members of the public -- one on Jan. 28, 2016, in Sacramento and one on Feb. 2, 2016, in Los Angeles.

Read More

Microsoft launches new OneDrive for Business sync client, developer kit

Mobile apps for the storage service also received an update

OneDrive for iOS's offline storage feature Credit: Microsoft

Blair Hanley Frank

IDG News Service

• Dec 16, 2015 12:16 PM

OneDrive for Business entered the next stage of its evolution on Wednesday when Microsoft launched a series of updates that are aimed at improving its cloud storage and productivity service for businesses and other large organizations.
First and most importantly, the company launched its next-generation OneDrive for Business sync client Wednesday, which should bring increased speed and reliability to the experience of using Microsoft's enterprise cloud storage on a computer. It's also compatible with Windows 7, 8.1 and 10, along with Mac OS versions 10.9 and later. The latter is a major shift for OneDrive for Business, which previously only offered a sync client on Windows.
With the release of this sync client, OneDrive for Business is now using the same syncing code that powers the consumer version of OneDrive. It's supposed to be faster and more reliable, in addition to including new features like the ability to selectively sync only certain files and folders from Microsoft's cloud onto a local device.
That's good news in terms of the product's present capabilities along with its capacity for future updates, since improvements to Microsoft's consumer storage product can filter out to business users. Unfortunately, it also means that some organizations will have to hold off on deploying it, or use it alongside the existing old sync client -- both things that Microsoft supports at the moment.
That's because the new client doesn't support some of the features that are built into the old one, most notably syncing with SharePoint and OneDrive for Business at the same time.
In addition, people who want to use OneDrive for Business to enable real-time collaboration on documents in the Word 2016 client app will have to open any document they collaborate on in either the applications File > Open menu or through the OneDrive for Business web interface. Double-clicking on a file from OneDrive for Business inside the Windows File Explorer won't allow users to work on it with other people in real time.
People who use Microsoft's iOS apps also have some new features to look forward to. OneDrive for iOS will support offline storage by the end of this year for use with both Microsoft's consumer and business storage services, following the company's launch of that feature on Android earlier in 2015.
Office Lens for iOS users will now be able to save scanned files directly to OneDrive for Business from inside the app, with that capability coming to Android and Windows 10 Mobile in the first quarter of 2016.

Finally, developers also got some love with the new OneDrive for Business API. It allows third-party apps to programmatically get access to OneDrive for Business files and do things like import files into the service, or export them out of it.
The product improvements are a spot of good news for users, coming on the same day that Microsoft revealed that it would only offer unlimited cloud file storage to organizations with a premium Office 365 subscription -- reneging on a promise it made last year.

Read More

Microsoft reneges on unlimited cloud storage for some business users

Organizations that have 'premium' Office 365 subscriptions will still get all the storage they need

 

IDG News Service

• Dec 16, 2015 12:37 PM

Microsoft reneged on its promise of unlimited OneDrive for Business storage for all organizations, announcing Wednesday that only premium Office 365 subscribers will get access to limitless cloud storage.
While the company never officially said that every paying organization using OneDrive for Business would get unlimited storage, a blog post announcing unlimited storage for consumers said that it would be on the Office 365 roadmap. Removing that option for budget customers is a move that’s sure to be unpopular among those businesses who thought that they would get more bang for their buck storage-wise.
It’s a decision that’s similar to one that Microsoft made regarding its consumer Office 365 product. According to Seth Patton, a senior director of product marketing for Office 365, Microsoft decided to go that way in order to focus OneDrive on helping users be productive—and avoid acting as an online backup service.
“But it’s a take back for some customers who we promised unlimited for, and we recognize, again, that’s disappointing some customers,” Patton said in an interview. “And it’s a tough business decision and I just want to make sure that my empathy is clear on that.”
Organizations using Microsoft’s Office 365 and Office 365 Government E3, E4 and E5 plans, along with Office 365 Education, OneDrive for Business Plan 2 and SharePoint Online Plan 2 will still get access to unlimited storage. Microsoft will begin rolling that out by upgrading all users on those plans from 1 TB of storage to 5 TB of storage between now and March.
For those people with eligible plans who need more than 5 TB of storage, they can contact Microsoft support to get their capacity expanded.
Offering unlimited storage only to premium customers isn’t an unprecedented move among the company’s competitors in the online storage and collaboration space. Google does the same thing with its Google Drive for Work offering, and Box does the same thing for its enterprise storage service.
Microsoft’s storage plan changes also come alongside a number of product updates, including the launch of a new sync client for Windows and Mac, the announcement of upcoming support for offline storage on OneDrive for iOS and new developer tools.

Read More

Medical treatment abroad

The popularity of Medical treatment abroad is expanding globally mainly due to its greater capacity to provide safe, high quality treatments to those who cannot receive comparable care in their country of origin; many turning to India and Israel.

Medical Tourism once broadly focused on provision of health care and emergency treatment provided by higher-income countries to less developed nations, has since expanded to include patients from many parts of the world to countries with the full range of health care system infrastructure and modernity. Medical Tourism (MT) has become particularly popular in the United States, mainly due to high living costs and costly health services and care. In the United States, a staggering 50 million people are uninsured and over twice as many are uninsured for dental care. Nevertheless, insurance may not cover specific treatments and many are unable to meet the financial requirements specified for medical procedures that they require.
Therefore, Americans have many reasons for seeking treatment elsewhere - since it has also become easier over time to receive the treatment they need that is on average 30% cheaper than in the United States. They can also receive the quality and safety that equals national standards for the very same procedure. Furthermore, patients reap the benefits of getting medical care and treatment while they travel and vacation.
In the modern MT industry, international patients can be rest-assured that in nearly all countries, patients receive quality treatment in the same hospitals that also serve the local population. Services are provided by licensed professionals who maintain international accreditations that adherence to strict medical protocols.
MT is forecasted to expand even further, becoming an increasingly global phenomenon. Along with its growth, affordable and highly sophisticated diagnostic tools that guide the development of innovative treatments. Renowned specialists work with international patients; contributing to the growth of the industry and its success through expertise in specific branches of medicine. Today, an astounding 7 million people have travelled the globe for medical services for procedures like heart transplants to cosmetic surgery and dental care.
MT allows those seeking care to obtain treatment for conditions requiring procedures and processes that would be otherwise unobtainable in their home country; specifically in countries with a medical infrastructure, that lacks important resources for health care delivery.
The MT industry strengthens local economies and provides important employment opportunities of countries that offer medical treatment to foreign patients. Patients worldwide are drawn to new and efficient treatments that have become more cost-effective in places such as Israel and India – this includes complex surgical procedures. Other popular destinations for Medical treatment abroad include Thailand, Singapore, and Mexico.

Medical tourism in India

India often attracts patients that require orthopedic and cardiac surgeries, as well as IVF and oncological treatment. Complications have arisen in incidents of malpractice, lack of comprehensive follow-up care and other difficulties that result in patients seeking services elsewhere. India also has a long rainy season (monsoon) that makes the country difficult to navigate due to weather conditions from May to September – which may affect a patient’s decision to travel to India, especially if the patient is living with a chronic disease.
India is emerging, creating new departments within government-managed facilities to serve medical tourists and working to improve the coordination of healthcare services.  In addition, India aims to promote traditional and alternative medical care through the incorporation of yoga and ancient medicine - Ayurveda.

Israel: Top medical tourism destination

Israel’s rising popularity as a destination for MT originates from its dynamic tourist attractions, high quality and safe medical procedures and leading doctors, all of which continue to evolve, advancing its successful medical services. In 2014, the Medical Tourism Index (MTI) ranked Israel highly as third in a list of top destinations for medical treatment around the world. Israel uses the most modern techniques for medical practice through the incorporation of advanced screening techniques, laboratory analysis, and individualized treatment. In addition, Israel’s industry, pioneering in the production and development of bio-medical devices, such as the ReWalk exoskeleton.
Bordering the Mediterranean Sea, Israel is an easily accessible destination to access from many countries of the world.  The beaches of Israel are among the finest in the world and enjoyed by patients who stay for post-operative care (following orthopedic surgeries, for example) who simultaneously can enjoy their vacationing period and save money on their medical care.
Israel has successfully established its medical presence on a global scale, including plans for developing Israeli clinics within Russia, as Israel is a popular destination for many Russian patients, as well as in Cyprus; where medical facilities in the countries seek to employ Israeli doctors. Many esthetic and reconstructive surgical techniques of Israeli doctors are implemented within hospitals across the globe.
As mentioned, medical successes in Israel, such as success rates for IVF (In-vitro fertilization) are significantly higher (25-30%) than global averages for procedures of this type and performed at a fraction of the cost than most other countries. Cardiac surgery is another main branch of medicine that attracts tourists to receive care in Israel with many successful bypass surgeries performed. In addition, a large proportion of Israel’s medical tourists come for various cancer treatments.
Furthermore, Israel is known as a country that is focused on health and wellness. The Dead Sea, a natural water source is rich with unique mineral salts, known to have miraculous healing properties to treat a multitude of conditions that range from eczema to rheumatoid arthritis.
Globally, Medical treatment abroad continues to flourish, with greater accessibility to innovative treatments and medical technologies, many foreign patients can take full advantage of what the industry has to offer. Before traveling for a medical procedure, all prospective patients should consider and remain aware of all possible complications regarding treatment abroad. Patients should ensure that the hospital of choice for treatment is fully accredited, equipped, as well as a trusted and registered medical tourism provider for safe and effective medical practice.

Read More

How to set up your own Raspberry Pi powered VPN By Kate Russell BBC Click presenter

Eyes are everywhere online.

The websites you visit often track where you came from and watch where you head off to next.
A VPN - or virtual private network - helps you browse the internet more anonymously by routing your traffic through a server that is not your point of origin.
It is a bit like switching cars to shake off someone who is tailing you.
There are plenty of companies offering services with varying degrees of security and varying degrees of cost, but if you are willing to roll your sleeves up and get technical with some basic coding and a £30 Raspberry Pi computer, you can build your own VPN server at home.
It won't give you the option of appearing to be from somewhere else but you can use it to connect external devices like a smartphone to browse the internet more securely through your home network, and access shared files and media on your home computer.
Make no mistake, this is not a quick and easy process.
On BBC Click I have shared some tips from my own experience setting up a DIY VPN server.

Below is a step-by-step guide you will need to follow to the letter, symbol and space if you want to follow in my footsteps.
To follow this guide you will need:

• 1 x Raspberry Pi/Pi 2
• 1 x 8GB micro SD card
• 1 x SD card reader
• 1 x 5 volt mini USB power supply (a suitable phone charger will do)
• 1 x HDMI monitor (your TV or computer monitor)
• 1 x USB keyboard
• 1 x Ethernet network cable

Prepare to install your operating system
Insert the micro SD card in your card reader.
If you are reusing an old SD card make sure it is fully formatted to remove any old files using the free tool at http://sdcard.org
Install Raspbian on your Raspberry Pi
Download NOOBS (New Out Of the Box Software) from the Raspberry Pi website (https://www.raspberrypi.org/downloads/). This is an easy operating system installation manager.
Open the .zip you downloaded and select all files, then just drag and drop them onto your SD card.
Insert the SD card in the Raspberry Pi then connect a monitor, keyboard and power cable.
Connecting the power will cause the Raspberry Pi to boot up and the green and red LEDs on the board should light up.
If the files are copied properly onto the SD card the green light will start flashing as the computer reads the data.
After a few seconds you will see a window open on the monitor with a range of operating systems to install - use the arrow keys on the keyboard to choose Raspbian and hit ENTER to install.
N.B. If you have trouble getting the NOOBS installation manager to work, you can also install Raspbian by copying the disk image of the operating system onto your micro SD card. Follow the instructions at https://www.raspberrypi.org/downloads/ to do this.
Change the default password
Before you go any further, make sure you change the default password, or anyone who knows the default will be able to access your home network.
You can do this from the options screen you are shown the first time you boot up your Raspberry Pi after Raspbian is installed.
When you next reboot your Raspberry Pi the login will be "pi" and the password whatever you have set.
Give your Raspberry Pi a static IP address
The IP address is what tells devices where to find your Raspberry Pi on your home network.
Networks usually issue a dynamic IP address, which can change each time you power up the device. If you want to be able to consistently connect to your Raspberry Pi from outside your home network you need to fix its IP address so that it is always the same - a static IP address.
Connect your Raspberry Pi to your router with an Ethernet cable.
At command prompt type:
ifconfig
A bunch of information will come up and you need to note down what it says for your set against the following:
inet addr [Current IP Address]
bcast [Broadcast Range]
mask [Subnet Mask]
Next at the command prompt type:
sudo route -n
This tells you information about your router. Note down:
Gateway
Destination
You now have all the information you need about your current IP set up and can edit the network configuration file to make the IP static.
At command prompt type:
sudo nano /etc/network/interfaces
Look for the line that reads "iface eth0 inet dhcp" or "iface eth0 inet manual".
The "dhcp" bit is requesting a dynamic IP or if your file says "manual" it is a manual setting, so use the arrow keys on your keyboard to move the cursor so you can delete this and replace it with "static".
Next put your cursor at the end of this line and hit Enter, then add the following lines directly below the line you just altered, filling the [square brackets] with the information you just noted down.
address [your current IP address]
netmask [your subnet mask]
network [your destination]
broadcast [your broadcast range]
gateway [your gateway]
To save the file press CTRL and X together, when prompted to save type "y" and hit Enter to accept the file name without changing it.
At the command prompt type:
sudo reboot
Your Raspberry Pi will now restart with the new, static IP address.
Set up an easy control system
To save switching around cables if you do not have a spare HDMI monitor and keyboard you can download a free utility that lets you control your Raspberry Pi through a pop up window on another computer.
This is called an SSH. The tool is called PuTTY (j.mp/DLPutty).
Double click the PuTTY.exe file you download and it opens a dialogue box where you can enter the new static IP address you have given your Raspberry Pi. The first time you do this it will ask you to confirm accessing the device.
You can now login and do everything you need to through this dialogue box on your computer, which means your Raspberry Pi never needs a monitor or keyboard to keep running. This is known as running it "headless".
Update your Raspberry Pi
One last piece of housekeeping to ensure you are running the latest software and drivers.
At command prompt type:
sudo apt-get update
Wait for the updates to finish downloading and then type:
sudo apt-get upgrade
Wait until the upgrade completes.
You are now ready to make your VPN
The Raspbian operating system we just installed comes with OpenVPN ready to unpack, which is the software we will be using to make our VPN.
At command prompt type:
sudo apt-get install openvpn
You will be asked to confirm your instruction then the software will be unpacked and installed.
Generating keys
Just like the unique key that unlocks your front door, your VPN needs keys generated to make sure that only authorised devices can connect to it.
OpenVPN comes with Easy_RSA, a simple package for using the RSA encryption method to generate your unique keys.
The next series of commands need to be done in the root directory. You will notice at the moment the command prompt sits in a directory labelled as 'pi@raspberrypi: ~ $'.
Typing "sudo" before a command tells the operating system to execute the command in the root directory, but if you want to save yourself some typing you can go ahead and type:
sudo -s
You will now see your command prompt sits at 'root@raspberrypi:'
Now, at the command type on one line:
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
Make sure you have spaces in the right places (before /usr and /etc). This instruction copies all of the files from the easy-rsa 2.0 directory into a directory in your openvpn installation.
N.B. You can copy lines of text using right-click and then when you right click inside the PuTTY window it should paste, saving you a lot of typing. Be aware though, some formatting errors can occur when copying and pasting large blocks of text so if you do not get the result you are expecting, resort to typing the details in by hand.
Next type:
cd /etc/openvpn/easy-rsa
This changes the directory your command prompt sits at to your openvpn/easy-rsa directory.
You now need to edit the text in the file we just copied over. Nano is a simple text editor in Raspbian you are going to see a lot of over the next few pages. To open the file inside this text editor type:
nano /etc/openvpn/easy-rsa/vars
In the text that opens find the line that begins: export EASY_RSA=
You need to move the cursor down to edit this line to read:
export EASY_RSA="/etc/openvpn/easy-rsa"
N.B. Make sure you remove any extraneous speech marks as anything other than the exact text above here will stop your keys from saving in the right place.
Next move your cursor down until you see the line: export KEY_SIZE=1024
If you want to be extra secure you can change the value here to 2048 bit encryption, although the key you eventually build will take significantly longer to generate. If you choose to do this edit that line to read:
export KEY_SIZE=2048
Keep scrolling to the end of the file and you will see a bunch of export parameters such as Country, Province and City etc. You can choose to change these to set new defaults (this will potentially save you some typing in various later stages), but doing so will not affect the workings of your VPN.
Type CTRL and X then Y then ENTER to save this file.
Build your certificates
You are now set up to build the certificates your VPN will use to grant authority to devices you want to connect with. To open the easy-rsa directory, at the command prompt type:
cd /etc/openvpn/easy-rsa
Next type:
source ./vars
This loads the vars document you edited earlier.
Next type:
./clean-all
This will remove any previous keys in the system.
Next type:
./build-ca
This final line builds your certificate authority. The Raspberry Pi will now ask you to complete some additional export values, like Country, Province, City, Organisation etc. (if you changed these in the previous stage you will see your own choices already set as default).
It is not necessary for these values to be accurate so just hit Enter each instance to use default value if you are feeling slack.
Name the server
Once you have entered through the fields and returned to the command prompt you need to name your server. Call it whatever you like but do not forget it.
Type:
./build-key-server [ServerName]
… replacing [ServerName] with your choice of name.
You will now be given some more fields to enter values. You can change these or leave them as the defaults, but pay attention to three fields:
Common Name MUST be the server name you picked.
A challenge password? MUST be left blank.
Sign the certificate? [y/n] Obviously, you must type "y."
Finally when prompted with the question:
1 out of 1 certificate requests certified, commit? [y/n]
Type "y"
Build keys for each user
Your server is now set up and you need to build keys for all the devices you want to be able to connect.
You can cut corners here and just build one key to use on all devices. Only one device can connect using each key at a time though, so if you want simultaneous connections you will need a different key for each one.
To assign a user a key type:
./build-key-pass [UserName]
… substituting the [UserName] with your desired text - for example to make a key to connect my android to the VPN I chose the name KateAndroid
You will get some more prompts now:
Enter PEM pass phrase
… choose a password you will remember! It asks you to input this twice to eliminate errors.
A challenge password? MUST be left blank.
Sign the certificate? [y/n]
Hit "y"
Next type:
cd keys
then (using my example username, which you should change for your own):
openssl rsa -in KateAndroid.key -des3 -out KateAndroid.3des.key
This last line adds an extra layer of encryption to make it harder for hackers to break in.
You will be asked to enter pass phrase for KateAndroid.key - this is the phrase you entered in the previous step.
You will then be asked to enter and repeat a new PEM pass phrase for the des3 key. I used the same pass phrase for both so you only have one to remember. You will need the 3des.key pass phrase at the end of this process when you import your files to your devices.
Repeat these steps for all the usernames you want to build a key for.
You have now created your "client certificates". Type:
cd ..
Generate the Diffie-Hellman key exchange.
This is the code that lets two entities with no prior knowledge of one another share secret keys over a public server. Type:
./build-dh
The screen will slowly fill with dots as the key is built from random numbers. It will take at least an hour if you upped your encryption to 2048-bit. If you left it at 1024-bit it could take as little as five minutes.
Denial of Service (DoS) attack protection
OpenVPN protects against this kind of attack by generating a static pre-shared hash-based message authentication code (HMAC) key. This means the server will not try to authenticate an access request if it does not detect this key. To generate the static HMAC key type:
openvpn --genkey --secret keys/ta.key
N.B. If you are using copy and paste it probably will not work on this line as the double "-" seems not to translate in the same way if you do not type it in.
Configuring your server
Now you have created all the locks and keys you need to tell your Raspberry Pi where you want to put the doors and who you want to give the keys to - essentially instructing the OpenVPN which keys to use, where you are going to be connecting from and which IP address and port to use.
To do this you must create a server configuration file. At command prompt type:
nano /etc/openvpn/server.conf
This opens an empty file.
Fill it with this text, taking care to change the details where indicated with a comment in # CAPS LOCK. (Placing a "#" in front of a sentence in the code like this tells the system it is a comment and to ignore it when building the program). Also when changing the YOUR SERVER NAME sections I refer to the server name that was given to the 'build-key-server' command earlier on.
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/XX.crt # SWAP XX WITH YOUR SERVER NAME
key /etc/openvpn/easy-rsa/keys/XX.key # SWAP XX WITH YOUR SERVER NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # IF YOU CHANGED YOUR ENCRYPTION TO 2048, CHANGE THAT HERE
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.10 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.0.1" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER ADDRESS AND SHOULD NOT NEED TO BE CHANGED
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
Hit CTRL and X then Y and ENTER to save.
There is one last edit to make in the server configuration files to make sure your Raspberry Pi knows you want it to forward Internet traffic through our new network.
Type:
nano /etc/sysctl.conf
Near the top it says, "Uncomment the next line to enable packet forwarding for IPv4."
You want to remove the "#" from the start of the next line to inform OpenVPN you want it to take that text into consideration.
The line should then read:
net.ipv4.ip_forward=1
Hit CTRL and X, then Y and ENTER to save.
Finally you need to action the change you just made in the sysctl.conf file. To do this type:
sysctl -p
You have now made a functioning server that can access the internet.
Pass through the firewall
Raspbian has a built-in firewall that will block incoming connections, so we need to tell it to allow traffic from OpenVPN to pass through.
To create a file that will run each time you start up your Raspberry Pi issuing this permission type:
nano /etc/firewall-openvpn-rules.sh
Inside this new file type:
#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.10
# SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
CTRL and X then Y and ENTER to save.
Newly created files are not executable by default, so we will need to change the permissions and ownership of this file you just created. To do this type:
chmod 700 /etc/firewall-openvpn-rules.sh
then:
chown root /etc/firewall-openvpn-rules.sh
This script gives OpenVPN permission to breach the firewall and we now need to add it into the interfaces setup code so it runs on boot. Type:
nano /etc/network/interfaces
Find the line that says: "iface eth0 inet static." We want to add a line below the list of numbers that follow it. This line needs to be added at an indent so hit TAB first:
pre-up /etc/firewall-openvpn-rules.sh
CTRL and X then Y and ENTER to save.
Finally, reboot your Raspberry Pi by typing:
Reboot
N.B. Each time you reboot your Raspberry Pi you will need to relaunch PuTTY to connect to it.
Ensure you have a static public IP address
We have created locks and keys for devices to use to connect to your VPN, but before we hand those keys out we need to tell them where to find the front door. This is your public IP address, which should be kept a secret as it identifies your location on the internet.
You can find out your public IP by asking Google. Just type "what's my IP address?" into the search box.
If this address changes each time you log on you do not have a static IP address so will need to use a dynamic domain name system (DDNS) service to give yourself a domain name to put in place of the IP address.
There is a free service at https://www.changeip.com Then on your Raspberry Pi, you need to run something called DDclient to update your DDNS registry automatically.
At the command prompt type:
sudo apt-get install ddclient
This will launch a wizard for configuring ddclient. Don't worry too much about what you enter here as we will be entering the config file straight away.
To edit the DDClient configuration with the correct setting type:
sudo nano /etc/ddclient.conf
Every service will have slightly different configuration, - if you are using changeip.com this blog post will tell you how to edit your settings successfully https://blogdotmegajasondotcom.wordpress.com/2011/03/14/use-ddclient-with-changeip-com/
CTRL and X then Y and ENTER to save.
Finally, to set this program running type:
sudo ddclient
N.B. If you reboot your Raspberry Pi you'll need to type "sudo ddclient" to start running it again.
Create profile scripts for the devices you want to connect
We have created keys for clients (computers and devices) to use to connect to your VPN, but we have not told the clients where to find the server, how to connect, or which key to use.
If you created several different client keys for each of the devices you want to grant access, it would be a lot of trouble to generate a new configuration file for each client from scratch.
Luckily Eric Jodoin of the SANS institute has written a script to generate them automatically.
First type:
sudo nano /etc/openvpn/easy-rsa/keys/Default.txt
Fill in the blank text file with the following:
client
dev tun
proto udp
remote [YOUR PUBLIC IP ADDRESS] 1194 #REPLACE YOUR DYNAMIC DNS VALUE FROM CHANGEIP.COM
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
CTRL and X then Y and ENTER to save.
Next, to create the script that makes your profile keys type:
nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh
In this file you need to add the text that Jodoin wrote to create the script:
#!/bin/bash
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".3des.key"
CA="ca.crt"
TA="ta.key"
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client's Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client's cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
exit
fi
echo "Client's Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
exit
fi
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the default file
cat $DEFAULT > $NAME$FILEEXT
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
cat $CA >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
cat $NAME$KEY >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
cat $TA >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin
\ No newline at end of file
CTRL and X then Y and ENTER to save.
N.B. I was not able to successfully copy and paste the entire script accurately in one go, but taking it one section at a time worked no problem).
Next you need to give this script permission to run. Type:
cd /etc/openvpn/easy-rsa/keys/
The to give it root privileges type:
chmod 700 MakeOVPN.sh
Finally, execute the script with:
./MakeOVPN.sh
As it runs, it will ask you to input the usernames names of the clients for you generated keys for earlier (in my case KateAndroid). Type that when prompted and you should see the line:
Done! KateAndroid.ovpn Successfully Created.
Repeat this step for each additional username you added client.
Export your client keys for use on the connecting devices
You now need to copy those keys onto the devices you want to use them. If you are using PuTTY on a Windows machine you can use a software package called WinSCP to do this. For Mac, try Fugu.
First, to grant yourself read/write access to the folder at the command prompt type:
chmod 777 /etc/openvpn
chmod 777 /etc/openvpn/easy-rsa
chmod 777 /etc/openvpn/easy-rsa/keys
chmod 777 /etc/openvpn/easy-rsa/keys/[ClientName].ovpn
Be sure to undo this when you're done copying files by typing:
chmod 600 /etc/openvpn
and repeating for each step with the chmod 600 command, which removes read/write access again.
You can now launch the software you are using to copy the files off your Raspberry Pi to navigate to the openvpn folder and copy the files labelled "KateAndroid.ovpn" etc.
You can also open the command prompt on the machine in your network you would like to copy the files to and type:
scp pi@[ip-address-of-your-pi]:/etc/openvpn/easy-rsa/keys/[ClientName].ovpn [ClientName].ovpn
Install the OpenVPN Connect app on your device
You are now ready to download and install the OpenVPN Connect app on your Android or iPhone - they are available through the stores as a free download. You will need to import the profile keys you just made as the final piece of the VPN connection puzzle.
When prompted for a pass phrase here it is the 3des.key one you will need to enter.
For iOS
Use iTunes to add the .ovpn file to the OpenVPN Connect app. When you launch the app on your phone you will now get the option of installing that profile and making the connection.
For Android
Connect your android device to your computer with a USB cable. Navigate to the Downloads folder on your handset and paste the .ovpn file there.
When you launch the app on your handset you can now tap the menu dropdown in the top right corner, select Import>Import profile from SD card then navigate to the downloads folder and choose to import the file and make the connection.
One more thing
After all this is done, if your phone still can't connect to the OpenVPN server you might need to adjust the firewall on your router to do port-forwarding of port 1194 to the Raspberry Pi. You'll need to follow the instructions from your ISP to access the router and complete this step.
THANKS TO : https://twitter.com/zoodor for debugging this guide.

Read More

Facebook amends 'real name' policy after protests

After passionate and at times angry pleas from various vulnerable communities, Facebook has announced it is to amend its controversial "real name" policy.

On Tuesday the site said it was to test new tools that allowed people to share any special circumstances they felt meant they could not use their real name.
The tool is intended to help people who may have suffered domestic abuse, or in cases where their sexuality could put them in danger.
However, Facebook stood firm on insisting people use "real names" in all but the most unusual situations.
"We require people to use the name their friends and family know them by," the company said.
"When people use the names they are known by, their actions and words carry more weight because they are more accountable for what they say.
"We're firmly committed to this policy, and it is not changing.
"However, after hearing feedback from our community, we recognise that it's also important that this policy works for everyone, especially for communities who are marginalised or face discrimination."

Intense pressure

The company is also adding a new tool for reporting fake names, requiring anyone who is reporting another user to provide more context for their complaint.
Facebook said it received hundreds of thousands of reports of fake names every week.
"In the past, people were able to simply report a 'fake name' but now they will be required to go through several new steps that provide us more specifics about the report," the company said.
"This additional context will help our review teams better understand why someone is reporting a name, giving them more information about a specific situation."

Image copyright Getty Images

Image caption Facebook founder Mark Zuckerberg was criticised for his remarks on the policy

The social network had faced intense pressure from rights groups over its hard-line stance on real names.
Founder Mark Zuckerberg was heavily criticised after he suggested that people that use two names, or have an alias, showed a "lack of integrity".

Drag queens

Last year, prominent drag queens in San Francisco had their Facebook accounts deleted as they were deemed to be violating the real name policy.
After considerable uproar, including a planned protest outside Facebook's headquarters, the company acknowledged that it had been a mistake to delete the accounts, but said it faced a challenge in verifying people on the network.
It argued that insisting on real names played a role in preventing bad actors on the site and had made people more accountable for what they posted.
"The stories of mass impersonation, trolling, domestic abuse, and higher rates of bullying and intolerance are oftentimes the result of people hiding behind fake names, and it's both terrifying and sad," the site said.
"Our ability to successfully protect against them with this policy has borne out the reality that this policy, on balance, and when applied carefully, is a very powerful force for good."
A group of civil liberties organisations and rights groups formed the Nameless Coalition which has been leaning on Facebook to change its policies.
The new tools announced on Tuesday fall short of the group's complete suggestions, but representatives from Facebook met members of the Nameless Coalition at a public event in San Francisco.

Read More