Which protocols are affected?
Are all protocols affected or is it only unencrypted protocols such as HTTP (port 80) and DNS (port 53) ?
If only these then it sounds like deep packet inspection has found a bottomless pit :)
36 posts • joined 16 Jun 2011
Are all protocols affected or is it only unencrypted protocols such as HTTP (port 80) and DNS (port 53) ?
If only these then it sounds like deep packet inspection has found a bottomless pit :)
This being America why aren't we hearing of law suits - maybe class actions - by Verizon retail customers due to a breach of the the contract between customers and Verizon? After all, the customers presumably pay for unlimited access (both in reach and content) up to their connection speed.
Is it that the contract doesn't commit Verizon to providing the headline service advertised (Tx/Rx speeds) and allows for Verizon to force contention on its retail customers ?
Reading the 2013 annual report shows that the business unit responsible is Verizon Wireline. Within that they have "Mass Market" and "Global Enterprise" units. Verizon operates several business units, one of which is the consumer 'last-mile' ISP the customers contract with which is in the "Mass Market" unit. This Verizon Consumer ISP then contracts with the "Global Enterprise" Verizon Enterprise entity that sells transit connectivity and capacity to business customers .
Verizon Enterprise operates on the same basis as other transit and connectivity providers with a combination of public peering and private peering. In the private peering there are several types of contract and, as I understand it, the contract between Verizon Enterprise and Level 3 (in terms of these congested connections affecting Netflix) is a "balanced flow" agreement.
Balanced flow agreements are no-cost contracts between connectivity providers that expect each party to be sending the other roughly the same amount of traffic. To avoid the administrative overhead of metering and invoicing each other when the net effect is basically $0, they agree to peer with each other without charge.
The Verizon Enterprise Peering Agreement  specifically addresses this issue at:
"1.2 Traffic Exchange Ratio. The ratio of the aggregate amount of traffic exchanged between the Requester and the Verizon Business Internet Network with which it seeks to interconnect shall be roughly balanced and shall not exceed 1.8:1."
So for flows whose aggregate ratio exceeds 1.8:1 there is usually an invoice due payable by the party sending the most data on the link.
It *seems* as if the cruz of the Netflix issue is that they have contracted with Level 3 to provide their transit connectivity from the Netflix data-centres.
Level 3 are then routing that traffic through their cheapest routes to their Verizon Enterprise peering points.
The flows on these connections are now overwhelmingly Level 3 > Verizon and so Verizon Enterprise probably sees it as an abuse of the balanced flow agreements. If you set aside the emotion surrounding Netflix then this makes perfect sense and is the normal course of business for transit.
Presumably Level 3 priced their Netflix contract on being able to use their Verizon Enterprise peering points at no cost and are put-out that they may have to start paying and would prefer that not to happen.
Netflix are caught out through no fault of their own since their business model is probably costed on the basis of the cost of Level 3 transit and so place the blame on the amorphous Verizon Communications group.
As the article initially says "the court ruled Ms Richardson must pay her own costs" then later "Oracle has also been ordered to pay Richardson's costs" it is misleading and liable to misinterpretation.
In the interests of accuracy the court hasn't - yet - ordered Oracle to pay the victim's (Ms Richardson) trial costs; only the appeal costs.
The court has ordered the victim to file a submission on trial costs within 21 days with a response from Oracle within 21 days (see 2(b)5,6).
Whilst the original author, Robin Seggelmann, wrote the code I'd argue that the code reviewer and commiter, "Dr"* Stephen Henson, has the greater responsibility for this.
The reviewer is often the only set of 'expert' eyes that review the code before commit and as such acts as the gatekeeper on code quality and consistency.
According to his own consultancy web-site biography he's been an OpenSSL core developer since 1999. If anyone is aware of the kind of code pitfalls to avoid in security programming and where to spot them in the OpenSSL codebase it is he - I know I shan't be hiring him to advise on TLS/SSL!
Makes me wonder how many other of his commits should be reviewed?
* "Dr" since it it is a Heartbleed.
See "Contracting With Minors", State Bar of California, Business Law News Issue 4, 2008 by Robert N. Pafundi 
Since 1971, the age of majority in California has been 18 for both men and women. The general rule is that a minor may make a contract in the same way as an adult, subject to the power of disaffirmance. See Family Code § 6700.
However, some contracts with minors, such as those “relating to real property or any interest therein” or “any personal property not in the immediate possession or control of the minor” are void from the time they are entered into ( Family Code §§6701(b) and 6701(c)).
In addition, a minor is also prohibited from delegating the power to contract on his or her behalf. (Family Code § 6701(a)).
But most contracts, except those that are statutorily prohibited, may be “disaffirmed by the minor before majority or a reasonable time afterwards or, in the case of the minor’s death within that period by the minor’s heirs or personal representative.” Family Code § 6710.
The effect of this rule is that the minor can unilaterally void or disaffirm the contract, or decide to enforce it against the other party (unless the other party is also a minor).
The minor can disaffirm the contract orally or through an action that manifests an unequivocal intent to repudiate the contract. See, e.g., Spencer v. Collins (1909) 156 Cal. 298, 303; Celli v. Sports Car Club of America (1972) 29C al.App.3d 511, 517. See also Pereira v. Toscano (1927) 84 Cal.App. 526 (holding that an oral statement was sufficient to disaffirm a contract).
The minor, however, cannot disaffirm parts of a contract and seek to enforce its other provisions. It is all or nothing. See Holland v. Universal Underwriters Ins. Co . (1969) 270 Cal.App.2d 417, 421.
The generally protective approach to minors who contract is warranted. Even in our media - saturated culture where children seemingly mature faster than they used to, children are substantially more vulnerable than adults with whom they contract. But as children have wielded more economic power, and as some contracts with minor actors and athletes can involve tens of thousands if not millions of dollars, California law has developed tools that increasingly give those contracting with minors the ability to enforce those contracts.
The most straightforward way to enforce a contract with a minor and overcome the minor’s common law right to void the contract unilaterally is to obtain pre-approval of the contract from a superior court. Family Law §6751 establishes an underutilized procedure for obtaining such approval.
Under that section, “[a] contract, otherwise valid, . . . entered into during minority, cannot be disaffirmed on that ground either during the minority of the person entering into the contract, or at anytime thereafter, if the contract has been approved by the superior court . . . .” A Superior Court has the authority to pre-approve the contract if it is located “in any county in which the minor resides or is employed or in which any party to the contract has its principal office in this state for the transaction of business.” Thus, a business headquartered in any California county may seek court approval from its local superior court regardless of where the minor lives or works.
 http://pafundilawfirm.com/Articles "Contracting With Minors: How California Lawmakers and Courts Deal with Adults Who Enter Contracts with Minors"
In the U.K. at least, I think the legal principle is that a contract cannot (could not?) be enforced against a minor, and contracts with under-sevens and those 'unfit' through mental incapacity are deemed void.
For older minors, they can enter into a contract but they can also terminate it at any time, and the redress (if any) available is limited to damages, which is why guarantors are often required in such circumstances.
Obviously California law applies in the case reported, and it sounds as if the applicable law is similar in respect of minors being able to enter into legal contracts, which means the terms that allow Facebook to use the minor's shared data is a valid contractual term.
How many organisations - especially governmental - would continue buying IBM if it was shown that in all likelihood the company was complicit in helping or turning a blind eye to the installation of back-doors in the firmware of IBM kit; SANs, Chassis Controllers, Fabric and Network switches, etc. ?
All the same stuff the USA has accused Huawei of doing for, or being complicit with, on behalf of the Chinese Government.
Most of the 'smart' is in various so-called "set-top boxes" which should properly be called "carpet-top boxes" in many cases.
If a TV maker produced a TV with generic mains-powered vertical slots behind the top edge of the unit so that STBs could be slid in so they're concealed, provided with AC power and individual remote on/off contorl, short connection leads to per-STB ports, gigabit Ethernet switch, integrated IR transceivers to clip over the STB IR LEDs, we'd again have a single TV and single universal programmable learning remote. Add WiFi and HTTP server hosting an HTML5 remote-control web-app and any flavour of smart-phone or tablet could also control it.
That's what I call a 'smart' TV that'd I'd buy.
... proceedings, let alone having to fight them tooth and nail.
With this knowledge in the open how can any court in good conscience find it equitable to extradite - or even accept an extradition application for - a UK citizen to the USA to face charges whilst the USA does much worse to citizens and sys-admins of other countries, and their civil corporations, with impunity?
I'm associated with the Replicant project with my work on reverse-engineering the MEIF protocol for GNSS/GPS chipsets to create an open-source replacement for the current binary blobs that implement location services.
I think Paul has misunderstood the architecture and purpose of these master-slave System on Chip (SOC) designs - the applications CPU is a co-processor under control of the boot CPU.
I've reverse engineered several 'smart' phones with dual-CPU architectures where the baseband real-time executive OS is something like REXX/AMSS running on the boot CPU and the user interface OS is Android/Linux or Windows Phone running on the application CPU.
Internal flash memory is partitioned and some partitions are used for read/write data by the real-time executive. At power-on the boot CPU has exclusive access to the flash partitions.
However, once the boot CPU has initialised the application CPU and handed over control to the secondary boot loader on the application CPU, which in turn loads the kernel and the root file-system, it cannot directly access the flash partitions without risking corruption.
From that point on the application CPU OS has exclusive control of the flash memory. If the boot CPU needs to access it that has to be done via shared memory or other RPC mechanisms.
These are required for Firmware Over The Air (FOTA) updates and access to other partitions containing OS and user configuration data, including such things as touch-screen calibration data.
... plug in headphones!
It's an intriguing attack scenario though.
Instinctive reaction to the "infection over ultra-sonic" is "Impossible, system needs infecting by some other method before communication can begin".
But, in light of some of the recent public revelations from the Snowden documents, I don't think we need to be wearing tin-foil hats to imagine it possible that one or more of the (few) modular BIOS/Firmware makers could have been internally compromised in order to insert a small additional acoustic coupling module into their standard images.
Alternatively, the BIOS/Firmware USB modules may have one or more buffer overflow flaws that allows an inserted-at-boot-time USB flash device that has malicious reprogrammed firmware to insert a payload into the BIOS/Firmware module chain.
It would be easier to believe Dragos Ruiu's claims of infection if he published the make/model of the PCs he claims have been infected, and released copies (or SHA checksums) of the BIOS/EFI images so that others can compare against other identical hardware. All I can find are now-extinct fie-locker style links, and reports that the images he did release were edited by some mysterious entity whilst on the public servers to remove the root-kit evidence, which doesn't give much confidence in the claims being verifiable.
>I think you better do some research before posting! Judge Koh hasn't been too nice towards Apple in the past! And the patent is legit...
I suggest you do too, before committing yourself.
December 20th, Samsung Emergency Motion tells the judge that the U.S. P.T.O. has issued an Advisory Action (the last step in a re-examination) finding all claims of patent No. 7,844,915 (the pinch-to-zoom patent) invalid. The Advisory Action is the Examiner’s final word on the invalidity of the ’915 patent.
The P.T.O. issued the Final Office Action and a shortened 2-month deadline on July 26th, which was subsequently extended to the maximum 6 months allowed. The clock started ticking on July 26th.
This Advisory confirms the P.T.O. view that all 21 claims of the '915 patent are invalid. Although the clock doesn't stop until January 26th for further responses from Apple to try to persuade the P.T.O to change their view, or else file an appeal with the commissioners, any responses from Apple will not stop that clock.
The re-examination control number is: "90/012,332".
Anyone can view the status and document files via the Public PAIR web-site at: http://portal.uspto.gov/pair/PublicPair
Look at the Image File Wrapper tab to view the document trail.
The Advisory says, in page 8 of the PDF, paragraph 5: "The patent owner's other arguments are not persuasive for the same reasons as set forth above and in the final Office action mailed on July 26, 2013. See the patent owner's remarks at pages 9-15, repeating and/or incorporating by reference the arguments presented in the response filed on March 19, 2013."
"Embrace, extend, and extinguish", also known as "Embrace, extend, and exterminate", is a phrase that the U.S. Department of Justice found was used internally by Microsoft to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences to disadvantage its competitors.
... may well help avoid reflections from strong light sources because if the curvature is 'just right' it'll focus on the face of the viewer (as well as what's to either side) in most cases.
Whether the device runs an ASOP or GNU/Linux based operating system (both of which require the Linux kernel) you have the same problem that Replicant aims to solve - that these devices rely upon numerous proprietary binary blob drivers that aren't updated or supported by their creators and cannot be legally distributed without the accompanying device.
I joined the Replicant project this summer as a result of the publicity. Prior to publicity I wasn't aware it existed, despite having been reverse-engineering and hacking code of Android devices since 2010.
It quickly became apparent - to me at least - that Replicant is not going to achieve anything until it changes its focus onto up-to-date devices and engages developer attention as Cyanogenmod does. With the rate of change in the mobile arena an 18-month old (and getting rapidly older) device isn't going to attract developer attention and certainly not users - who wants a 2 year old device which lacks key functionality including, sometimes, the ability to make and receive calls? May as well carry a brick around.
The problem for Replicant is that most if not all AOSP-based devices depend on binary blob proprietary drivers for key hardware interface functionality - video output is the obvious one, but also things like sound, radio interface, and GNNS/GPS. Cyanogenmod does this and suffers much pain figuring out how to get older binary blobs to work with newer, revised, AOSP ABI/APIs.
I decided to focus on GPS blobs by beginning to reverse-engineer the Nokia MEIF binary GNSS/GPS protocol used in Broadcom chip-sets that more devices are using so that support can be added to gpsd and other location-awareness daemons and stacks. This work is useful to the general F/OSS community rather than the handful - literally - of Replicant users.
My belief is that we'd do better overall to have developer teams focus on the particular functionality in binary blobs that prevents users from being the masters of their own devices, rather than try to maintain a fork of an entire OS.
What is the cost?
The basic pan-European eCall service, based on 112, is a public service which must be offered for free. Taking into account economies of scale, installation of the eCall in-vehicle system is estimated to cost much less than €100 per new car.
It is also expected that the eCall technology platform capabilities (i.e., positioning, processing and communication modules) could be exploited for additional services (e.g., advanced insurances schemes, stolen vehicles tracking etc).
Can the vehicle be tracked or hi-jacked?
The 112 eCall is a "dormant" system, i.e. the eCall in-vehicle system is only active when an accident occurs or if it is manually triggered. It is not traceable and when there is no emergency (its normal operational status) it is not subject to any constant tracking. As it is not permanently connected to mobile networks, hackers cannot take control of it.
What about privacy and data protection?
As the eCall in-vehicle system is only active when an accident occurs or if it is manually triggered, there is no privacy issue related to any tracking of the car. For liability reasons, the emergency call centres (PSAPs) will store the data related to the eCall for a determined period of time, in accordance with national regulations and with Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The road to eCall
The EU-wide, harmonised implementation of an interoperable eCall service has been on the agenda of the Commission since 2005 and is a priority action for the deployment of Intelligent Transport Systems. As an important road safety measure, the rollout of eCall is also a priority for the EU automotive sector, within the CARS 2020 action plan, presented by the Commission in November 2012.
In 2009 the Commission reported on the progress in introducing eCall and concluded that as the initial voluntary approach was insufficient, regulatory measures had to be considered. In July 2012 the European Parliament adopted a resolution which urged the Commission to submit a proposal to ensure the mandatory deployment of a public, 112-based eCall system by 2015 in all new type-approved cars and in all Member States.
Press Releases: 13/06/2013
The European Commission adopted two proposals to ensure that, by October 2015, cars will automatically call emergency services in case of a serious crash. The "eCall" system automatically dials 112 - Europe's single emergency number - in the event of a serious accident.
Like many others I have watched from the sidelines as authoritarian legislation creeps up on us bit-by-bit. I've spoken to my circle of friends about it passionately but without seeing any lever to make a difference.
Some of the terms of the Terrorism Act 2000 are likely illegal under UK obligations to the European Court of Human Rights - specifically detention without arrest, detention without legal representation, obligation to hand over possessions, obligation to provide information.
I wonder if this incident could be a catalyst for at least reigning in the excesses that the state is guilty of?
Individually we cannot hope to make a difference but if each of us takes 15 minutes to write to the Prime Minister, the Home Secretary (as Minister responsible) and our Member of Parliament then combined it might poke their consciences and remind them that we elect them to represent us, not to represent authoritarian state agencies that break the spirit and letter of the law.
Write on paper rather than email - they and their officials have to spend time replying individually rather than firing off a single canned-response email.
I recently began planning and implementing encryption of all my Internet traffic and servers by default including using only HTTPS for the web sites I manage, deploying Apache 2.4 and Perfect Forward Secrecy, VPNs for all traffic moving over my ISP's connections, digitally signed and encrypted email using either or both of S/MIME and PGP. Many of those are using layers within layers of encryption on the same basis as The Onion Router.
I do it not to protect my own traffic, but to make it harder for the illegal and immoral snooping of routine Internet traffic topick out those that have a legitimate need for such encryption. It is much harder for NSA/GCHQ to analyse patterns of meta-data or content if everyone routinely uses high-grade encryption.
"Except as specifically licensed by Google, you may not use the APIs for any activities ..."
Errr, didn't Google recently win a minor court case (*subject to appeals) in the USA where the plaintiff (Oracle) was claiming that APIs are copyrightable.
If APIs are not copyrightable, as the court found, then on what basis can Google license use of an API?
"We will continue monitoring the health of the Storage service and SSL traffic for the next 24 hours," the company wrote.
That statement makes it sound like they don't monitor the systems routinely unless something fails; explains alot!
This seems to offer potential for use to enable much easier channel bonding, for example, for ISP <> CPE situations where aggregating several slower DSL links is required - especially where VDSL is not available or can't achieve high speeds (anyone 1km from the cabinet, for example!). Currently, getting an ISP to channel bond is a challenge in futility and cost.
ISP equipment supporting 1905.1 would make the process easy and transparent and not require any IP-level configuration with round-robin or other techniques in the CPE.
Bring up multiple PPPoE connections on the same account, and provided the ISP account enables it, you've got multi-DSL channel bonding sorted.
"But the numbers are small"
Only when you compare apples and oranges.
Intel is a chip-baker, chip-set and motherboard maker (not to mention flash and other non-microprocessor activities).
Take ARM's numbers, then add the revenues and profits that its licensees make from ARM-based designs (Samsung, Apple, etc.). According to ARM:
Cortex Processors Licenses
Classic ARM Processors Licenses
ARM11 Family 79
ARM9 Family 273
ARM7 Family 171
I think, of anyone, J.R.R. Tolkien has the distinction of being associated with the word "moot" in the general public consciousness, and would be the the primary beneficiary of any recognition, having been working on the Lord of the Rings stories since around 1938.
Trying to understand what Nvidia mean here. Performance gains are usually incremental when gained through driver optimisation. Do they mean they found some hitherto unknown bottlenecks in the Linux drivers or have they simply removed an artificial cap in the drivers that prevented the Windows drivers looking bad on the same hardware?
"According to the chip maker, the drivers “double the performance and dramatically reduce game loading times” of Linux games - at least if a test comparing the new code with version 304.51 while running Valve’s Left 4 Dead 2 beta is anything to go by."
If you currently have FTTC, what speed are you getting and what speed did you get on ADSL? It'd be useful for many of us to know if 50% of ADSL theoretical maximum can be translated to approximately 50% of VDSL theoretical maximum.
Like many others I see today that the line-enabled date that was 30th September is now 31st December. That's the 5th time its changed:
31/12/2011 (changed 20/12/2011)
31/03/2012 (changed 26/03/2012)
30/06/2012 (changed 26/06/2012)
30/09/2012 (changed 25/09/2012)
The ADSL Max speed is 5.5 ~ 6 Mbps with an SNR of 8~12 db. On that basis I figured we could expect at least 40Mbps on VDSL (shorter length of copper, 50% of theoretical maximum).
I emailed email@example.com to ask about the line last week and today got this reply:
"Thank you for your interest in our Fibre Broadband deployment. We are deploying one of the fastest and largest commercial deployments in the world. Our commercial deployment will have extended to 66% of the UK by the end of December 2014. We aim extend this to 90% of the UK, in partnership with other sources of funding, e.g. local and National government.
Unfortunately, we are technically unable to provide fibre broadband to your premise because of the excessive length of line between your premise and the fibre broadband cabinet"
So when the local exchange is enabled but the line-enabled date keeps slipping it could be because O.R. have decided the line won't handle VDSL at a sufficient speed.
The implications of the lock-in to IE5/6/7 applications are that Microsoft's claims over that last decade or so that Window's total cost of ownership is less than its competitors need revising - upwards.
In the interests of balance and accuracy, of course!
I wonder if Adobe have given advance notice to the likes of the BBC because this announcement doesn't have much lead-time before the Flash libraries are withdrawn from the Play store for new devices.
For the BBC iPlayer it could be a great thing - it was hobbled by not being able to play in the background or usable for radio streaming since when the screen goes off so does anything Flash-based.
The jury were not "deliberating over the weekend" - they were sent home Friday and told not to discuss. They continued deliberating Monday and reached a partial verdict.
The judge had earlier reserved to himself the decision on whether the "'structure sequence and organization" (SSO - in other words, the APIs of the disputed 37 packages) are copyrightable. For the purposes of question #1 he instructed the jury to assume SSO is copyrightable therefore the jury could hardly do anything else but find for Oracle.
Q1. As to the compilable code for the 37 Java API packages in question taken as a group:
Q1 (a) Has Oracle proven that Google infringed the overall structure, sequence and organization of copyrighted works. YES.
Q1(b). The jury could not decide if Google's use of the SSOs constituted fair-use or not.
Oracle made a point of shifting their accusations late-on to the Java API documentation - as most of us know this is generated by javadoc.
Q2. As to the documentation for the 37 Java API packages in question taken as a group:
Q2(a). The jury found Google did not infringe.
Q2(b) moot (no need to decide).
Q3 Google had already conceded it copied the following, the only issue to decide was if the use was de minimis (and therefore non-infringing).
Q3(a). Google DID infringed for the rangeCheck() method in TimSort.java and ComparableTimSort.java.
Q3(b). Google DID NOTinfringe for source code in 7 "Impl.java" files and onr "ACL" file.
Q3(c). Google DID NOT infringe for the English language comments in CodeSourceTest.java and CollectionCertStoreParametersTest.java.
Q4. An advisory for the judge. If Q1(a) is found for Oracle then...
Q4(a). Has Google proven that Sun and/or Oracle engaged in conduct Sun and/or Oracle knew or should have known would reasonably lead Google to believe that it would not need a license to use the structure, sequence and organization of the copyrighted compilable code. YES.
Q4(b) If so, has Google proven that it in fact reasonably relied on such conduct by Sun and/or Oracle in deciding to use the structure, sequence and organization of the copyrighted compilable code without obtaining a license. NO
Q4(b) is irrelevant if the judge finds that SSOs (APIs) are not copyrightable. If he finds they are copyrightable, well Google's loss is the least of your worries since it means that if upheld on appeal that the American software industry will implode as originators of APIs begin suing others using those APIs.
Google is putting forward a motion for mistrial based on Q1(b) not being answered. The basis of the appeal will likely be that it is established case law that all parts of a question should be answered.
If you thought the USA's software patent situation absurd, copyrightable APIs will have you retiring to a quiet cave with plenty of provisions whilst USA goes into meltdown.
Maybe this will push the BBC into finally abandoning Flash in the iPlayer on Android - meaning iPlayer may at last be able to do background playback of radio/audio streams and not turn off when the screen is blanked.
The same argument being advanced by the police could be just as easily applied to the news channel live TV helicopter coverage often seen when incidents occur.
If the 'perp' is watching TV then the same result occurs - he gets fed information about what's going on outside beyond his own vision.
Sounds to me more like the police are just pissed off with his 'friends' and want to extract some 'revenge'.
So, almost as good a specification as the Notion Ink Adam that's been shipping for the last 6 months and cost ~ £370 then?
The daylight readable display is a revelation especially as it draws little or no power so the device will last all day. It's like reading a printed magazine rather than an electronic display.
The 10.1" Pixel Qi (pronounced Chee) Transflective LCD is the technology originally developed by Mary Lou Jepsen for the OLPC project. It is daylight readable and uses less than 1 watt:
Resolution R 3072x600 (reflective)
Resolution T 1024x600xRGB (transmissive)
My Adam has Android 2.3.3 on and is about to get 3.0 and later 3.1. It can also run a full Linux distro that supports the ARM processor (Debian/Ubuntu, Linaro, etc.). It also has:
3G modem, 802.11bg/n, Bluetooth 2.1, FM Receiver/Transmitter, A-GPS, Compass, Accelerometer, Nvidia Tegra 2 dual-core. 1GB RAM, 8GB NAND Flash, microSD slot, SIM slot, HDMI 1080p output, 3 USB ports, stereo speakers, rotating front/rear video camera.
To toughen it up I bought a carbon-fibre 'Skinomi' kit for £25 that has already fended off some serious knocks and abrasions - highly recommended to protect mobile devices.
Not a great inspirer of confidence in a 'free' provider:
"We apologize for the temporary inconvenience. The service will be offline until Monday, the 20th June 2011. Thank you for your understanding."
Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415
(spullin mistax figxed)
Apple (iOS 4.1+, OSX 10.6.4+): http://support.apple.com/kb/HT4415