8th > December > 1999 Archive

The Register breaking news

NT scales C2 security heights – but what about Win2k?

Microsoft announced this week that it has received Orange Book C2 certification for NT 4.0, and FIPS 140-1 validation of the cryptographic services in Windows 95, Windows 98, NT 4 and Windows 2000. Microsoft says that "customers now have formal, third-party verification of the security" of these operating systems. Microsoft also said that "C2 is generally acknowledged to be the highest rating a general-purpose operating system can achieve", something that it has said before, but in different context, as we shall see. First let's recap on these coloured books. The US Department of Defense, through the US National Computer Security Center (NCSC, part of the National Security Agency), has a series of "rainbow" books, known as the DoD Trusted Computer System Evaluation Criteria. The Orange Book defines the criteria, but the Red Book is an interpretation of the Orange Book. The Red Book came about because the Orange Book was inadequate with regard to networking. There is also a Blue Book for advanced systems. The criteria are hopelessly out-of-date in many respects, because it takes so long for security organisations to develop standards. The only C2 security that Microsoft had previously received was Orange Book for Windows NT 3.5 (not 3.51) - but it was required that networking was disabled, that the floppy disk drive was disabled, and that the standard file system permissions were changed to be very restrictive, along with many permissions in the registry. Some cynics compared the process with castration. At the time, Enzo Schiano, a Windows NT Server product manager also noted that C2 presumes that the PC is kept locked away from unauthorised users since it was only necessary to remove the hard disc to get access to all the data. Microsoft had received E3/FC2 for NT3.51 and NT 4.0, but this level is regarded as too low for serious security consideration. If C2 Orange Book is about as reassuring as food labelled "100 per cent organic", then the E and F levels are perhaps the equivalent of dog food. In May, when Microsoft was not allowed to bid for the US Army Battle Command System which required secure messaging, Microsoft was cross because the UK Information Technology Security Evaluation Criteria (ITSEC) certification board had given Windows NT 4.0 (with Service Pack 3) an E3/FC-2 rating, which Microsoft then called "the highest security evaluation possible for a general purpose operating system". Sounds familiar, does it not? But that's what Microsoft now says about its Orange Book C2 certification. There were many critics of NT security. Terry Edwards, director of technical integration for the US Army's Force XXI initiative at Fort Hood, Texas, considered that "NT cannot support our security requirements". Mary Ellen O'Brien, director of DoD sales, Microsoft Federal, confirmed that MS is working with a third party, which she refused to name, to develop a Unix client for Exchange. Microsoft was concerned that Notes, running on Solaris, may increasingly replace Exchange in the military. It has also upset Microsoft mightily that Novell had received the superior Red Book C2 security on both the server and the client for NetWare 4.11, which meant that NT Server had no level of certified security. A Novell product manager sniffily described NT security as "an entire disease: they throw a password around the network, so it is available for capture, so it's not surprising that professional hackers are finding holes". In October at Gartner's Orlando meeting, Ann Reid of the US Department of Agriculture asked Steve Ballmer what Microsoft was doing about security problems and the federal information security requirements. Ballmer had to admit that Windows 2000 was unlikely to meet the requirements, which was interpreted at the time as no C2 in prospect. There is a footnote, and a serious one. Ed Curry, a former independent contractor for Microsoft and a security specialist, claimed that in 1998 Microsoft had been selling NT 3.51 and 4.0 to the US government and representing them as secure versions when they were not, and had false information on its Web site. Curry, who has since died, wrote to the US Secretary of Defense at the time claiming that "Microsoft has knowingly and wilfully concealed information regarding security flaws in computer hardware... I have raised the issue internally with Microsoft, and in return have been the subject of both bribes and threats". ®
Graham Lea, 08 Dec 1999
The Register breaking news

IBM, Samsung square up for Compaq Alpha contract

Samsung and IBM Microelectronics have emerged as the front-runners -- nay, the only runners -- in the bid to supply The Big Q with the next version of the Alpha CPU. Alpha is currently at version EV6, as supplied to Compaq by Samsung. The Korean giant reckons it can get EV7 sampling by next July and into volume production by Q3 2000. If Samsung's bid is based on speed of delivery, IBM's centres on the incorporation of the company's own copper interconnect technology -- and possibly Silicon-on-Insulator (SOI), too -- into the EV7, according to a Big Blue spokesman cited by Electronics Buyer's News. Samsung's rejoinder is that it plans to use copper and SOI too, and integrate L2 cache and memory controller onto the die, and by 2001 get the chip out using a 0.13 micron process. According to Samsung, the Alpha market will be worth some $100 million by the end of the year, rising to $140 million next year. Big money by our standards, yes, but hardly colossal in the CPU business' terms. Samsung also told EBN that it plans to break into the Alpha EV6 mobo and chipset market with a single-CPU chipset codenamed Caspian in Q3 (sampling in March) and Tasman, a four to eight-way server chipset, sometime in 2001. The clever part is that Samsung will use Caspian to get into the x86 market, by supporting AMD's Athlon, which uses the same bus as the Alpha EV6, in the same chipset. Curiously, given Samsung's desire to drive the Rambus market, Caspian will not support that memory technology, only PC133 and DDR SDRAM. ®
Tony Smith, 08 Dec 1999
The Register breaking news

Cobalt clinches French educational server appliance deal

Linux server appliance specialist Cobalt Networks has made a major breakthrough into the European educational market, following the adoption of the Cobalt Qube by France Telecom for deployment in schools and other educational organisations. The servers are to be supplied via French systems integrator DNS Telecom as part of France Telecom's Scol@gora service. This will include core Web services, content filtering and virus protection. According to France Telecom Education technical director Michel Dana the Qube is "the best platform to deliver our Scol@gora services." DNS Telecom CEO Philippe Moity said the Qubes provided "a complete solution that did not require special maintenance. Most importantly, [France Telecom] needed a server platform that would enable easy integration and deployment of RuleSpace Enterprise Suite and Trend Micro Virus Scanner to protect the children from unwanted content." It's not clear how many units the France Telecom deal is worth, but the deployment is likely to be substantial. Presenting a recent survey of use of the Internet in schools France Telecom described itself as "leading an ambitious programme of Internet use in the world of education." According to the survey, almost all colleges and higher schools in France now have computers, and most are already connected to the Internet. Primary schools however are a more fertile field, with only one in four connected at the moment. ®
John Lettice, 08 Dec 1999
The Register breaking news

HP claims it will trash competitors on IA-64

IBM, Sun's and Compaq's IA-64 strategies are fundamentally flawed, a senior executive at Hewlett Packard said today. Cliff Loeb, European technology strategy manager at HP, claimed that his firm's approach, on the other hand, was consistent and simple. At the same time, he revealed that HP engineers have developed so-called dynamic emulation software, which would ensure a high degree of binary compatibility on the IA-64 platform with the 14,000 applications that currently exist for its PA-RISC machines. Loeb said that while the first IA-64 chip, the Itanium (Merced) was "a warm up" for the platform, HP's strategy was that the Intel technology will inevitably trounce the RISC-based competition on both price and performance. He said that the next generation of the IA-64 family, which Intel codenames McKinley, will achieve very high performance. "The systems will be volume systems," he said. Workstations using the extended floating point facilities of IA-64 would offer a big performance boost, he claimed. He said that HP machines would use HP/UX, Linux and NT64. "We have a full applications list already, all PA systems are binary compatible [with IA-64," he claimed. "We're the only company that will be able to offer that," he said. "IBM is having to ask its developers to help it on Monterey. HP will have the only high end Unix enterprise systems." However, that claim comes with a caveat, or "fine print" as Loeb put it. Only well-behaved applications will be able to use its dynamic translation emulation software, and that means that HP is close to releasing so-called code scanners, which will check software for compatibility. Loeb also admitted that the dynamic translation software, which works on the fly, had an overhead which could vary between 10 and 20 per cent on overall performance, depending on the type of application that was running. HP is pursuing a dual strategy of offering customers both PA-RISC and IA-64 systems, with the roadmap for the former lasting until 2003. It has developed proprietary chipset technology which will allow its customers to use either PA-RISC or IA-64 chips in systems during that transition period. Loeb claimed that Compaq Wildfire technology, which uses the Alpha microprocessor and which will be released in February of next year, is the last chance the company has to succeed in the enterprise market. He said: "I don't Compaq will keep Alpha going for long." Compaq's Tru64 Unix has a minute market share, he said. IBM's offering in the IA-64 will just be for the Netfinity range of servers, he said. He claimed that IBM's attempt to unify three separate operating systems in Monterey -- AIX, SCO and Dynix-- would be almost impossible. "In the history of computing that's never been done before," he said. Sun, meanwhile, while telling its customers that it will have an offering for IA-64 with Solaris, will not be offering its own Merced and McKinley boxes. Quizzed on the nature of the relationship between HP and Intel, Loeb said that the chip giant had to be seen to be offering a "level playing field" between different IA-64 vendors. Neverthless, he claimed, the two companies still had a strong relationship in developing future IA-64 processors. ®
Mike Magee, 08 Dec 1999
The Register breaking news

IDC names Hyundai top DRAM vendor, over Samsung

Samsung bosses have damned a report by market researcher IDC that claims the company will have lost its position as top DRAM manufacturer by the end of the year, falling to number three in the chart. Displacing the Korean giant is Hyundai, fresh from its merger with LG Semicon and chucking out those chips to take 23.5 per cent of the market. The survey, based on IDC's predictions on the companies' year-end results and unit shipments of 64Mb parts, names US memory vendor Micron as the number two DRAM supplier, with a marketshare of 17.6 per cent. That leaves Samsung not far behind, at 16.8 per cent of the whole. At least that's what IDC says -- Samsung reckons the figure is closer to 22 per cent, according to company boss Y W Lee, cited by Electronics Buyer's News. It argues that since its yields are better than those of Hyundai, even if its rival is punching out more parts, it is still making the most money out of the two. And, in any case, the company blustered, we're focusing our efforts on 128Mb chips, not low-end 64Mb parts. So yar boo sucks to you, IDC. Hyundai cited its increased capacity as the basis for its ranking in the IDC chart. Company execs also pointed to its decision to chase the DDR SDRAM business while Samsung has focused on Rambus. They expect DDR to be everywhere in 2000, while Rambus will be relegated to high-end PCs. Except that Rambus memory will also be sported by Sony's PlayStation 2, and that's likely to sell in such huge quantities that Rambus should end up with a little bigger share of the overall memory market than Hyundai's smug spokesfolks would have us believe -- they put its share as no more than five per cent, rising to eight per cent in 2001. ®
Tony Smith, 08 Dec 1999
The Register breaking news

Karmas combine into single $1bn business

Fourteen Karma businesses have come together to create a $1 billion company in a joint MBO. The group of distributors, which includes Karma UK, signed the agreement to become Karma Group last weekend. The company now comprises Karma businesses in the following countries: Germany, Austria, Switzerland, the Netherlands, Belgium, Portugal, Italy, the Czech Republic, Russia, Greece, Turkey, Dubai, Singapore and the UK. The company will be based in Switzerland, with its central administration in Istanbul and logistical support in the Netherlands. The group's executive board will be led by Gottfried Hackbarth. Patrick Matzinger will head up buying and operations. Consolidated sales would be around $1 billion for 1999, the company said. Karma was started in 1990, and was bought by CHS Electronics in 1997. After CHS ran into trouble earlier this year, the management of Karma UK, headed by MD Andy Chandler, bought the company from receivers BDO Stoy Hayward. Chandler said he was "thrilled" with the announcement. ®
Linda Harrison, 08 Dec 1999
The Register breaking news

Tiny trims Web site

Tiny Computers is spending £3 million to give its Web site, www.tiny.com, fewer features. The site belongs to the UK PC manufacturer's Web arm, Tiny Online, and was yesterday relaunched to reduce the time and effort needed for punters to order online. It was designed by Domino Systems, and Tiny claims to have cut the amount of clicks needed to buy a product. Two clicks are now enough to get one of the 20 PC bundles into your virtual shopping trolley. We hope the company doesn't get it down to just a single click or it may find it's sued to bits by 1-Click e-tailer Amazon.com. "The purpose of the site is to provide a quick and easy way of buying PCs, not an 'experience'," said Colin Greene, Tiny Online's general manager. ®
Linda Harrison, 08 Dec 1999
The Register breaking news

BT dodges flak with unmetered move

BT admitted yesterday that its announcement concerning the introduction of unmetered dial-up access to the Net was planned to coincide with a meeting of backbench MPs.
Tim Richardson, 08 Dec 1999
The Register breaking news

08004u resurfaces -– crikey

It's nothing short of a miracle but ISP 08004u has reappeared -- at a different Web site and with different contact details. Gone is the flashy portal content. Instead, the site appears to be offering no nonsense Net access. Attempts to contact the ISP today failed although a notice on its site does say that the phone lines would be busy. Nonetheless, the service is back. ® Related Stories Still no sign of 08004u Lazarus act
Tim Richardson, 08 Dec 1999
The Register breaking news

Michael Dell nets $232m in share sale

Michael Dell and his directors were offloading shares by the truckload last month. The founder and chairman of Dell Computer sold a total of 5.7 million shares in November, Bloomberg reported. The 34-year-old sold 2.1 million shares on 17 November at $40.66 each, 1.9 million on 18 November at $40.20, and 1.7 million on 24 November at $41.25 each. This raised a total of $231.8 million, and added to Michael Dell’s other share sales earlier this year. In both March and June he sold eight million, and a further four million shares in August and September. These combined figures only account for around 1.5 per cent of Michael Dell's total share in the company. He still controls around 14 per cent of the direct PC vendor's 2.55 billion outstanding shares. But other Dell executives were also selling shares last month. Vice chairman Morton Topfer and CFO Thomas Meredith, along with senior VPs John Schneider, Joseph Marengi and Micheal Lambert, all shifted shares in November. ®
Linda Harrison, 08 Dec 1999
The Register breaking news

HP, Casio, Philips sued over PDA patent

Ohio company Khyber Communications confirmed today it has taken legal action against major PDA vendors HP, Casio and Philips over an alleged patent infringement. Khyber contends that electronic organisers made by these companies, as well as Everex and Uniden, breach a 1997 patent it holds, issued on 9 December 1997. The patent in question covers organisers that have the ability to store and non sequentially retrieve audio messages using handwriting on a PDA's screen. The machines in question are the HP Jornado, the Casio Cassiopeia, the Everex Freestyle, the Philips Nino and the Uniden Unipro. Said Khyber CEO Raj Kumar: "For a small company like us it is unfair that after making such a substantial investment, we are being pushed out by the giants in the field." Khyber is attempting to recover damages from the companies, as well as put an injunction on the particular machines which are alleged to infringe the patents. ®
Mike Magee, 08 Dec 1999
The Register breaking news

Merced-Itanium PCs expected October 2000

Sources close to Intel's plans have said that the first workstation and server systems using its 64-bit Merced Itanium chip are not now expected to hit the streets until October next year. It was hoped that some systems would be on sale by August of next year, but our source said that a more realistic assessment is now October. The reason for the delay -- if it is indeed a delay -- is because hardware vendors want to stringently test machines before they go out of the door. An Intel representative said that the Merced-Itanium project is on time. Its roadmap shows Merced machines appearing in the second half of next year. Meanwhile, the same source confirmed that Intel's current plans are to make its IA-64 a desktop choice by 2003, by which times the machines will have started to achieve realistic volumes. ®
Mike Magee, 08 Dec 1999
The Register breaking news

Further memory problems dog Caminogate

Once the Intel VC820 boxed mobo becomes available, and that won't be until next week according to channel sources, people prepared to pay the exorbitant price of Rambus RIMMs also need to watch out for a number of factors. Although Intel engineers solved the problem by shutting off one of the sockets with a terminator, there is an additional factor which you will need to take into account if you want to populate the beastie. If you use two RIMMs and they are from different manufacturers, you can expect problems, according to very reliable sources. That will mean that if you are buying or specifying a system that uses the VC820, be very careful that you use the right kind of memory. And in further i820 news, dealers are reporting what they describe as "serious problems" with CC820 i820 systems. One dealer said: "One piece PC-100 128MB memory seemed to run file, while two pieces easily crashed the system. Intel engineers vehemently claim that there is something wrong with most manufacturers' memory -- they told me 'most of them are more interested in making a buck than in making PC-100 memory according to specs'". Intel engineers told him that "there are some serious timing issues that will be resolved in later revisions of the chipset". But, the dealer said, systems using BIOS PO5 did not work well, while systems built using the older revision, PO4, worked well with Apacerand Siemens memory. He said that Intel has pulled PO5 from its site and only the production PO4 BIOS is now available, suggesting that the problem may not be with the memory manufacturers at all. But...there is some good news on the Intel front. The channel is now awash with BX chipsets. ®
Mike Magee, 08 Dec 1999
The Register breaking news

Gates on media: ‘I have a stream’

At the Streaming Media West meeting in San Jose yesterday Bill Gates gave what is fast becoming his identispeech, but with a few new modules. He said that "PC sales have really surprised all the analysts" - but is that really true? Isn't Gates' message that he wants the home and workplace PC to be dominant, and not other devices where MS is encountering some tough competition? Of course PC sales were "partly due to lower the price that we've got with the powerful hardware" - but he omitted to mention the contribution of Windows prices. Statistically, 91 per cent of Windows 98 second edition users (presumably in the US) were using the Internet for 40 hours/month on average, he claimed. When it came to streaming, less than half of Internet users used it at home. Some 15 million people had bought music online, he said, but "probably more people" had listened to music online (and pirated it, was the sub-text). Gates claimed that "one of the great things we've done that has brought piracy rates down is just made it easier to buy the software", which sounded more than just self-serving, and thin on detail. "Digital rights management is a deep area on its own, and we've got a lot of work integrating that into the software," he added, warming to the theme of whatever helps combat music piracy would perhaps help software piracy. The impression remained that had Microsoft had a monopoly in streaming, it would have included tougher restrictions on downloading music. In identispeech mode, he used again the component on Microsoft's vision change to empower people and "make sure that everyone has the enabling software". But it soon became clear that this was Ballmer's vision, far removed from Gates' personal empowerment to have music and video access "anywhere you go in the house". Clearly live music making, social and sporting activities had little interest for him, but he was "very bullish on wireless networking". Microsoft was to be the great enabler by providing the infrastructure, in the shape of the Windows Media Open Platform he announced, but "our goal is not to be a media company ourselves". Gates personal desire still seems to be to be able to receive video on demand. His desire for the world to be PC-centric encompassed having photographs, and video clips all computerised. It would enrich the producers of colour ink cartridges, and Microsoft of course, but the thought of the family schedule on the fridge door with the time of printing that version given to the second is rather chilling. What must remain in doubt is whether all this PC-based media format changing will really take off. As usual, Gates had little to say about streaming media at work, other than to mention that Microsoft itself was amongst the 9 per cent of organisations using it. He stuck his neck out and forecast that over the next three years most companies would be using streaming media, and that it would be "of critical importance". It was rather unconvincing when Gates said that "top of the list" of enabling elements "are the new shipments of Windows, Millennium which will include the movie making capabilities... and of course Windows 2000". Then came a surprise when he said, "That should go final in the next month." Go figure. ®
John Lettice, 08 Dec 1999
The Register breaking news

MS scores Ericsson deal over wireless browser, BackOffice

Microsoft at last scored a major victory in the wireless market today, with the announcement of a joint venture company with Symbian co-founder Ericsson.
John Lettice, 08 Dec 1999
The Register breaking news

MS COO defends ‘right to innovate’

MS on Trial Microsoft COO Bob Herbold said yesterday in Philadelphia: "We have to have the right to listen to consumers and modify our products and take our chances in the marketplace. That's called the right to innovate, and that's a right that's worth fighting for." Herbold, generally reckoned to be number three in the Microsoft power structure (although Allchin could be a challenger) was being interviewed by the Philadelphia Enquirer when he was in town to talk to the Eastern Technology Council. Herbold said, referring to Judge Jackson's Findings of Fact: "We believe that this is an incredibly dynamic and fast-moving and innovative industry, and to see it portrayed in the manner it was portrayed disappointed us." It seems a trifle misleading to suggest there was a slur on the industry as a whole, rather than on Microsoft's conduct. Herbold concluded that "We are confident that we are on the side of the angels" and hoped that a settlement could be achieved. DoJ lawyers met Judge Posner this week in the same private club in Chicago, but this time without anybody from Microsoft being present. Presumably, he will meet Microsoft lawyers without the DoJ being present in due course, in order to let them know about any flexibility in the DoJ's terms, so far as a consent decree is concerned. ® Complete Register Trial coverage
Graham Lea, 08 Dec 1999
The Register breaking news

Novell takes pirate to task

A Scotsman is starting 300 hours of community service after being caught selling pirated Novell software online. Over $250,000 of goods were seized at the West Lothian home of John Hadlow by Lothian & Borders Fraud Squad. Hadlow had been illegally copying Novell NetWare onto CDs and then selling them through his bulletin board "The Realm". He was finally sentenced at Edinburgh Sheriff Court on Monday. It took Novell four years to track the pirate down. "The UK has a relatively lower than average rate of piracy within Europe, but remains a key focus for our investigations because of the increasing number of Internet users," said Simon Swale, Novell anti-piracy investigator. According to a survey by the Software & Information Industry Association (SIIA) in August, 60 per cent of software sold through online auction sites is illegal. ® Related stories: Novell makes pirate walk the plank
Linda Harrison, 08 Dec 1999