12th > May > 2000 Archive

IBMs plunders copper mine for new RS/6000s

IBM has moved the switched SMP architecture it uses in its RS/6000 S80 down into its more affordable mid-range Unix servers. Three new lines – two six-ways and an eight-way – were rolled out today and as expected, all three use copper interconnects in their CPUs. In case anyone misses the point, IBM mentions the cu-word seven times in as many sentences in its announcement. But it's the switch that probably has the widest reaching implications. IBM has been clobbering Sun's E10000 with S80 performance figures – thanks in no small part to the I/O throughput – for some months now. However, starting at around $250,000 a pop, this has had pretty much a symbolic significance. Today's announcements puts similar bandwidth down into the $20,000 range. Of the three new lines, only the rackmounted two-to-eight way, M80 class uses the new switch, but IBM's Mike Mayes reckons this gives it half as much I/O throughput again as Sun's E10000, somewhere in the region of 18GBps. Compaq's Wildfire has the capacity to 20GBps, and has already clocked-in at 12GBps. IBM introduced one-to-six way rack-mounted H80, and the one-to-six way F80 line carry what IBM now names "RS64" Power CPUs at 450MHz or 500MHz. All use IBM's own system bus and a hot-swap PCI bus. The latter is enabled for remote I/O switching, so you can drop an extra 14-slot board in other part of the room. IBM also claims that its "Dynamic CPU Deallocation" routes around a failed processor – although this doesn't mean that the instructions are failed over. Hot-swap CPU upgrades for AIX are still out in the future, somewhere. Thanks to our friend Terry Shannon, of Shannon Knows Compaq, for consistently pointing out the IBM's sales of its S80 are a tad misleading. With many of the S80s being considerably smaller and cheaper configurations than the E10000s, IBM is, to an extent, cannibalising its own margins. But it's equally true that the latest 80 range benchmarks puts Sun further on the defensive. ®
Annie Kermath, 12 May 2000

Mice squeak and slugs have feelings

A mouse that squeaks is being heralded as a major breakthrough for sufferers of Repetitive Strain Injury (RSI). The touch-sensitive device, created by two university researchers at Loughborough University, looks like any ordinary computer mouse. However, it is equipped with extra electronics to make it a squeak like a real rodent if pressed too hard. "Studies have shown that the more anxious you are – you know, when you're very stressed or angry – the harder you are likely to press the mouse," Michael Macaulay, one of the brains behind the idea, told the BBC. "Changing a user's mouse-clicking habit would go a step forward to reducing the risk of Repetitive Strain Injury." The repetitive actions used to operate a keyboard or mouse can cause damage to body tissues such as tendons, nerves and muscles in the upper half of the body, and lead to RSI. The hands, wrists and arms are mainly affected, but it can also spread to the shoulders and neck. "If you wiggled a piece of electrical wire up and down, over and over again, for seven hours a day, five days a week, it starts to fray and break," said Bunny Martin, an RSI consultant. "The difference between a computer and a human being is that we're not robots and I can't unscrew your arm and re-wire your wiring." The makers of the squeaking mouse are now looking for finance to mass-produce their product and develop the accompanying software. In news from the animal kingdom, it appears that creepy crawlies may feel pain the same way humans do. All those times you crunched a cockroach under your boot, or pulled the wings off flies as a kid was the equivalent of doing the same thing to a kitten or bird, apparently. That's according to a survey mentioned in today's Telegraph, which claims that invertebrates have feelings too. "Cockroaches have the capacity to suffer," it cries. "If a chimp pulls its hand away after an electric shock, we say she presumably must have felt an analogous subjective experience to what we call pain. But cockroaches, slugs and snails – which are not protected by legislation – also reacted in the same way," said Dr Stephen Wickens, of the Universities Federation for Animal Welfare charity. Confirming the Brits' reputation of being a nation of animal-lovers, the Dr added: "And if they do feel pain, isn't that a welfare issue?" What next? The Royal Society for the Protection of Slugs (RSPS)? ®
Linda Harrison, 12 May 2000

World Online pays runaway girl's 900 Net bill

World Online has pledged to pay the 900 phone bill of Internet runaway Karen Churcher. To do so anonymously and without hype would have been a truly worthy gesture, especially since Karen fled her home after rowing with her parents over the bill. It's clear that this was a lot of money for the family to find. But to latch the ISP's product to the distressing events that affected this family is nothing short of cynical, manipulative and downright distasteful. In a statement Laurence Alexander, MD, Consumer Services at World Online, said: "The most important thing is that Karen is home, safe and sound. "With Freedom 24 we can hope that no-one ever again has to face the situation that Karen and her family found themselves in. "The Internet is such an integral part of so many peoples' daily lives, and is a crucial aid for students, that everybody should have access to the Internet for free. It appears that Alexander is happy to make capital at another's expense. Alexander - and who ever else was involved in this inexcusable episode - should think again, or get someone else to advise them on their PR. Is World Online going to bail out every teenager that gets balled at by their parents for running up a massive phone bill and then legs it? Somehow I doubt it. ®
Tim Richardson, 12 May 2000

Will BA pass on e-commerce savings to customers?

British Airways - one the airlines behind a new on-line travel agency - said it would not necessarily reduce ticket prices for consumers, despite announcing that the new portal is expected to "significantly cut the cost of selling and distributing tickets for the member companies". When asked if BA would reduce airfares for online bookers a spokeswoman for the airline said: "Who knows?" So, there you have it. E-commerce is a money saver, but for BA at least, it's something it would rather not share with its customers. The yet-to-be-named portal is expected to attract a "significant proportion of total on-line travel sales in Europe within the next two years", the airline announced today. It will feature up-to-date fare information, including the airlines' lowest branded fares. Travellers will also be able to book hotels, car hire, insurance and other travel services through the site. The other airlines taking part in the standalone and quite separate e-venture are Air France, Lufthansa, Alitalia, KLM, Iberia, SAS, Aer Lingus, Austrian Airlines Group, British Midland and Finnair. Executives at e-bucket shop Lastminute.com are reportedly unmoved by the announcement and believe it will not impact its business selling cut-price flights and holidays. ®
Tim Richardson, 12 May 2000

NHS to ask average Joe what he wants

You know the NHS is tragically underfunded, overrun, inefficient and bureaucratic? Well, worry no more. Alan Milburn, secretary of state for health, is going to succeed where every other minister of health has failed since the 60s. How's he going to do it? By listening to doctors, nurses and us the public, of course. It's true. No, really. There'll be a Census Day at the end of the month with leaflets and everything; a one-day Public Forum in Leeds and London and, er, loads more, um, oh yeah a website (!) too. This prime example of how the National Health Service has entered the digital era can be found here. As you can see, it's a pretty fancy affair. Six pages, different colours and some of those clever hotlinks. And if you really want you can email your opinion to some email server and Doris will have a flick through now and again in between her 12-hour shifts (as long as no one beeps her when she's nearly dropped off to sleep). Despite the fact that this PR stunt is almost insulting in its limited effort to let the people say what they think, despite the fact that Mr Milburn has virtually no intention of listening to average Jo, what the hell does he expect to learn that he doesn't (if he's doing his job) already know? Normally this sort of PR wouldn't be offensive - the government is putting a large cash sum (20 billion they say, but it won't be) into the NHS and it wants a bit of positive coverage. But survival of the NHS has become a serious issue and the British public are going to like any smokescreens. If Mr Milburn wants our opinion: there isn't enough funding in the NHS, investment is too short-term, bureaucracy is too high, wages are too low so even good ideas are supposed to be implemented by low-paid (and fair to say, less intelligent than private sector?) managers, doctor culture needs utterly revamping, nurses need to be given more authority: the list goes on. And not one of these problems hasn't been known for at least ten years. That said, we wish him all the luck in the world. ®
Kieren McCarthy, 12 May 2000

Microsoft picks fight with Slashdot

Despite Microsoft's request to Slashdot owner and ISP Andover.net to remove postings containing technical details of its proprietary extensions to Kerberos, the open source authentication standard, they're still up there. A week ago, Microsoft made the details to the PAC extensions (privilege attribute certificate) public but only in a form which required users to consent to an End-User Licensing Agreement (EULA), limiting disclosure. Microsoft is unique in the industry in not releasing the source code to its Kerberos implementations. At the time of writing, Slashdot had not taken down the offending postings, and had published the Microsoft email notification – "Notice of Copyright Infringement under the Digital Millennium Copyright Act" - which helpfully lists exactly where to find the postings. Microsoft's email cites four posts containing its specification, and, incredibly, seven more containing links to further information, including advice on how to bypass the EULA. The PAC extension clearly is copyright, and the draconian DMCA makes the distributor liable for the copyright violation, and its resultant harm to the copyright holder. Trade secrets No matter how ugly it looks, Microsoft is within its legal rights to make the request. Whether the case gets much further is extremely doubtful given the lack of firm precedent in this field. Can Microsoft protect trade secrets that are freely "published", albeit protected via a EULA? Is the EULA a strong enough mule to carry such proections? Doesn't the precedent of previous, reverse engineered "trade secrets" kind of blunt Microsoft's charge? Or will the DMCA prove extensive enough for a successful prosecution? More, much more of this tomorrow, dear reader. But for now, let's not forget how pivotal these protocols are to the Microsoft business model. When a protocol is successfully commoditised the case for premium prices disappears – as almost anything else will do the job – unless of course the proprietary bits, or proprietary packaging to be more accurate, can offer some drastic ease of use savings. Sometimes they will, and sometimes they won't, and forever the packager, Microsoft has felt some pain here. It's seen plenty of its servers bounced out of shops where they’ve been deployed, pure and simply, as file and printer servers. Samba, which has successfully reverse engineered the Microsoft SMB file and print protocol for some years, has provided a seamless drop-in replacement in many cases. It's as important to the likes of Sun Microsystems, which through its Cascades projects seeks to make commodity NT servers redundant, as it is the Linux/BSD community. The threat Microsoft perceives isn't from Kerberos itself, but from the progress achieved by the Samba developers. The latest goal for Samba's developers is to replace Windows servers as Primary Domain Controllers capable of serving Windows 2000 clients. Equally, Microsoft wants to make its Windows servers compulsory in a Kerberos environment where Windows 2000 clients are involved, and it sees an opportunity to leverage that client base "This isn't intellectual property, it's a land grab on a previously open spec," is how Samba co-lead Jeremy Allison characterised it in a posting last week. Quite why Microsoft chose to pick a fight with a well-entrenched Unix industry standard using legal intimidation – now of all times – is puzzling indeed. Register footnote Threats such as this could become irrelevant if one of the less-remarked upon behavioural remedy requests made by the DoJ and the nineteen states gets accepted by Judge Jackson. The request calls for Microsoft to establish an independent Compliance Center, giving third parties (and that's loose knit organisations as well as more conventional ISVs) access to the source code. Remember, folks, the behavioural remedies take effect 30 days after the Final Judgement (expected in July at the latest), and are in force irrespective of the proposed structural remedy to break up the company into two. ®
Annie Kermath, 12 May 2000

Internet Explorer cookies leave you naked

Anyone who uses cookies for authentication or to store data like passwords could have that information exposed by Internet Explorer and intercepted by a malicious Web site, Peacefire.org reports. Using a specially constructed URL, a third-party Web site can read Internet Explorer cookies from any domain, enabling the operator of a hostile Web site to break into a visitor's Hotmail account; visit Amazon.com impersonating that user and access their real name, e-mail address and list of 'recommended titles'; grab an MP3.com user's e-mail address, and so on, Peacefire contributors Bennett Haselton and Jamie McCarthy say. All versions of IE for Windows are affected, but versions for Unix and Mac are not, nor is Netscape, the article says. Users of IE for Windows are urged to disable JavaScript until the world-class innovators in Redmond noodle out a proper fix. The Peacefire site includes a demonstration which will display cookie data for other domains to which you're logged in another browser window. ®
Thomas C Greene, 12 May 2000

Euro anonymous email plans are ‘unworkable’

Plans by Europe to ban anonymous e-mail are to be ditched because such a move would simply be unworkable, The Register has learned. Last month, the European Parliament's Committee for Citizens' Freedoms Rights, Justice and Home Affairs, said that banning anonymous e-mail would help thwart the activities of cybercriminals. But a source close to Europe claims that the Council of Ministers will ditch the proposals when it comes before them at the end of the month. It's understood that EU ministers believe such a scheme would be completely unenforceable. The plans have no support, one insider said. ®
Tim Richardson, 12 May 2000

Napster Metallica ban proving hard to enforce

Napster's attempts to block over 300,000 alleged Metallica pirates are proving rather difficult to enforce. Despite releasing an update to its MP3 'seek, locate, download' software that blocks those accused of copyright infringement, many blocked users are sneaking back onto the service - and they're spreading the word to others how they did it on the company's own BBS. Napster's response, according to CNet, has been to warn BBS users that anyone posting this information will be blocked too. Get real, Napster. If they're not going to use your own BBS, expect a host of Web sites and Usenet newsgroups to spring up in its place. And attempting to block individual IP addresses, as Napster is threatening to do, is doomed to failure when switching IP addresses is so easy - just use a different machine or sign up with an ISP that dynamically issues IP addresses on dial-up. As one user told The Register: "My account just stopped working, so I had to reapply with a new name, and happiness returned." That will provoke ever more draconian moves from Napster, and that could see its users increasingly turning against the company. Which is, of course, exactly what Metallica wants. Band drummer and chief spokesman Lars Ulrich has said that he'd like to see Napster shut down, and at this rate he may get his wish. Like MP3.com's MyMP3.com service, Napster has always been a hostage to fortune, and if Metallica hadn't sued, some other band - right or wrong; it's certainly a moot point - would have done so sooner or later. And there seems some confusion over who is and isn't a Metallica pirate. Our emailer wrote: "I can't stand their music. Is Metallica guilty of falsely inflating their own perception of their popularity by throwing all Napster users into a heap... and then labeling that [heap] as... 'metallica pirates'. If the term means 'I wouldn't pay for this crap', then so be it - I am a mettalica pirate. But please don't accuse me of actually liking them enough to download any MP3s by them. I used Napster that weekend, but wasn't one of the maybe five or so people that actually did download any metallica." Metallica submitted over 343,000 names. Napster blocked just over 317,000 of them, suggesting it found no evidence of piracy among the missing 26,000 - assuming it found the right 26,000. Right now, users' ire remains targeted at Metallica, not Napster, but the software company's actions, if they continue, could so easily turn that around. Particularly now that rapper Dr Dre is said to be preparing his own list of alleged pirates he wants Napster to block. In short, this is all going to get very messy indeed. ®
Tony Smith, 12 May 2000

Speech data mobile to cost less than $500

A mobile handset which uses Lernout & Hauspie speech technology and Intel's StrongArm chip, is set to debut before Christmas this year and will cost less than $500. Gaston Bastiaens, CEO of the Belgian-based company, refused to be drawn on which company would make the first device, but did say that his firm expected to license the technology to a number of players, including mobile manufacturers and consumer firms. The device, called Nak, after the first three letters of a Hawaiian word meaning echo, allows speech input and speech output, and also uses L&H speech technology to read out emails waiting in users' mail boxes. Initial models will have an active vocabulary of 30,000 words and Bastiaens said that the unit, which uses a 200MHz StrongArm chip and needs 128MB of memory, will also allow Web access. The display demoed by L&H does not use menu systems, and instead relies solely on a speech interface. Partnerships the firm will sign with other companies were likely to be the biggest factor in driving revenues, Bastiaens said. But L&H will also produce a model of the Nak unit itself, although it is likely to be manufactured by a third party. "We won't compete with the major players in telephony with it," he said. The major rollout for devices will be in the first quarter of next year, he said, and L&H is currently in the process of preparing software development kits and API specifications for customers. The device is OS independent, and Bastiaens said that while the product he was showing used the Linux operating system, it would work just as well on Microsoft CE platforms. "We'll support any operating system from any company that finds us interesting," he said. ®
Mike Magee, 12 May 2000

eBay seller suspended after caught bidding for own item

A scamster has been caught trying to push up a price on an eBay auction by bidding for his own item. The "GREAT BIG WILD Abstract Art Painting" went under the cyber-hammer for $135,805 last week. The seller, an unregistered user going by the name of 'golfpoorly' in California, said he got the piece of art at a "garage sale in Berkeley, California a LOONG time ago, back in my bachelor days". Sadly, his wife banned the said item from the house because "she says it looks like it was done by a nutcase". However, Mr golfpoorly never lost his affection for the three-foot long painting, which he claimed "used to wake me up in the morning. YIKES!". Yikes indeed, for it turns out that he loved the painting so much that he tried to buy it from himself and actually placed a 4,500 bid halfway through his own auction under a different user identity. eBay didn't see it that way. "It has been brought to eBay's attention that there was a questionable bid placed on the 'GREAT BIG Wild Abstract Art Painting'," the company said. "This practice, known as shill bidding, can artificially drive up the price of an item and is strictly against eBay's posted policies." "The bid in question was well below the final sale price and may not have materially affected the bidding. However, eBay's policy in these circumstances is to void the results of the sale and suspend the seller, which it has done." eBay added that it had released the winning bidder from their obligation to shell out for this "nutcase" art, but that they could still go ahead with the deal if they wished. ®
Linda Harrison, 12 May 2000

Win2k service pack 1 goes into beta

Microsoft has posted a beta of Windows 2000 Service Pack 1, according to Paul Thurrott of WinInfo. It's only available to Universal and Professional MSDN members, via the MSDN Subscriber Downloads site, and Paul reports that it's a chunky 190 megabytes, so don't all rush at once. The size and the territory covered suggests that SP1 is, as we suggested a while back, pretty closely synced in with development of next year's model, Whistler, which will effectively be Win2k 1.1. Last time, we heard Whistler was due for public beta in July, which makes it something of a Win2k bugfix in its own right. The close relationship is sort of good news and bad news, the good being that it'll tend to make it easier to clean up both OSes, the bad being that it'll probably mean the shipping SP1 will be excessively large, and that Microsoft will find it difficult to stay good. The company has been telling its customers that it's going to separate bugfixing service packs from updates and new features, but the notes for the SP1 beta suggest it's already starting to wobble. SP1 is a collection of "fixes and updates," but of course updates can blur horribly into what some people might call new features. It provides fixes for data loss and corruption, access violations and memory loss issues. It also improves setup, including cleaning up Windows File Protection (WFP) so that protected system files are updated properly with new SP1 versions. You'll also be able to slipstream SP1 install into a new installation, making it easier to set up new machines, and at last the system will be sufficiently aware of its service state for it not to be necessary to re-apply the service pack after a system state change. This is a sensible thing Microsoft should have done years ago. Paul also reports that it includes a new "Terminal Services Advanced Client" featuring a Web-embeddable ActiveX version, which sounds dangerously close to a new feature to us. ® Link Full details over at WinInfo
John Lettice, 12 May 2000

The world may well be a great big onion, but the Internet is a big bow tie

Those wacky funsters at AltaVista, Compaq and IBM reckon that the Web is like a bow tie. Attempting to explain the mysteries of life, the universe and everything, researchers discovered that the Web is Not as Connected as Previously Thought – in fact almost a quarter of web pages can't be accessed by links from other pages. The boffins claim that the World Wide Web is fundamentally divided into four large regions, each containing approximately the same number of pages and resembling a bow tie. The four distinct regions make up approximately 90 per cent of the Web (the bow tie), with approximately ten per cent of the Web completely isolated from the entire bow tie. The "strongly-connected core" (the knot of the bow tie) contains almost one-third of all Web sites. Web surfers can easily travel between these sites via hyperlinks, this large "connected core" is at the heart of the Web. One side of the bow contains "origination" pages, constituting almost a quarter of the Web. "Origination" pages are pages that allow users to eventually reach the connected core, but cannot be reached from it. The other side of the bow contains "termination" pages, constituting approximately almost one-quarter of the Web. "Termination" pages can be accessed from the connected core, but do not link back to it. The fourth and final region contains "disconnected" pages, making up approximately 22 per cent of the Web. Disconnected pages can be connected to origination and/or termination pages but are not accessible to or from the connected core. So now you know. ®
Andrew Thomas, 12 May 2000

Nvidia selected for Linux based X-Box rival

What's good enough for Microsoft is good enough for Linux, if Indrema's decision to base its own games console on Nvidia's GeForce - just like Microsoft's X-Box - is anything to go by. Little-known Indrema was formed earlier this year, and is apparently hard at work on its L600 Entertainment System, a slim-line vertical - shades of PlayStation 2 there - Linux-based games console-cum-Net access device-cum-MP3 player. It's based on a 600MHz CPU of unknown provenance and bundles 100Mbps Ethernet for ADSL connections. Curiously, Indrema doesn't say which Nvidia processor it's going to use - but it will be a "future generation" one, at any rate. To be fair, the company isn't expecting to ship for some time - pre-production models aren't due to appear until "late summer 2000". By the time the L600 ships, Nvidia should be offering - based on its own six-month roll-out schedule - the GeForce 3. The L600's graphics engine will be built onto a daughtercard, allowing newer, more powerful 3D chips to be added later. Some time will be needed in any case. Indrema's blurb reckons the L600 will offer "unbelievably realistic 3D games". Now Loki is doing sterling work bringing popular PC titles over to the open source OS, but Indrema is going to have to do some serious evangelism if it hopes to be able to offer a wide selection of titles for its own box. But then Indrema's support for open source world is curious too - it seems a definite 'want our cake and we want to eat it too' merchant. Consider this, from the company's latest press release: "Indrema believes that all operating system software must evolve in an open source environment, where application software may remain proprietary." In other words, 'we'll use all the free stuff, but keep our own material private'. So don't expect much of Indrema's own code to make it out under the GPL. ®
Tony Smith, 12 May 2000

Jobless Vista beckons for Alta Vista staffers

AltaVista Europe has said that job cuts in the US will not dent its recruitment drive programme in Britain and the Continent. On Wednesday the Webco sacked 40 employees - around five per cent of its US workforce - in a bid to cut costs and save money. AltaVista spokesman, David Emanuel, told CNet: "This is part of a calculated plan to control expenses and accelerate our path to profitability." A statement issued today by AltaVista Europe - which has its European headquarters in Maidenhead, Berkshire - said European operations would be unaffected by the move. "AltaVista Europe is continuing with its expansion plans, and will carry on hiring personnel to support the existing and planned AltaVista sites," said Mechtild Walser-Ertel, human resources director, AltaVista Europe. "AltaVista Europe's recruitment programme has not been affected by the job cuts at AltaVista in the United States," he said. Yesterday, the Webco appointed Pierre Paperon as President of AltaVista Europe. The former MD of AltaVista France will report directly to Rod Schrock, President and CEO of AltaVista. ®
Tim Richardson, 12 May 2000

How to beat the Napster ban

Banned by Napster? Want to get back on? According to Register readers, it's a doddle, and we're happy to pass the information on to anyone who feels they've been unjustly penalised by the software company and/or Metallica, the band who's lawsuit provoked the ban. It goes without saying - but we'll say it anyway - that we don't support the use of Napster to share copies of songs users don't own. Giving a friend a copy of a song, whether it's a Metallica track or not, and whether its on tape or encoded as an MP3, is illegal. So don't do it, kids, OK? Vulture Central does not like copyright infringers. But, in a spirit of scientific enquiry, here's the trick of it. We haven't verified that it works, and if you want to mess around with your Windows Registry, as it suggests, that's your own affair and nothing to do with us, squire. Especially, if anything untoward happens to your system. It's a cruel, harsh universe out there, and you're on your own... ® From Usenet: 1. Uninstall Napster 2. Delete all Registry keys that have NAPSTER in them. 3. Search for the following key: HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{CAD8C813-1F34-1B3E-00CEAE43FF0AAD} and make a note of the ID# value. This ID is what lets Napster know a banned computer is trying to log on. 4. Search for this ID# and delete all instance. 5. Install Napster. 6. Create a new login and use a different e-mail address. Don't use the same login ID or you may have to start back at step 1. 7. Only share dirs without Metallica and don't download Metallica. 8. Tell Metallica to go fuck themselves. And never buy Metallica again.
Team Register, 12 May 2000

MS Kerberos assault – Slashdot's defence avenues

Microsoft's Kerberos letter to Slashdot was sent from its "designated agent" JK Weston, but he's no cloak-and-dagger man. The US Digital Millennium Copyright Act requires a designated agent to be appointed, which Microsoft appears to have done, and the details to be filed with the Copyright Office at the Library of Congress. The DMCA implements the provisions of the WIPO treaties that the US signed in 1996. The Online Copyright Infringement Liability Act, passed at the same time, clarifies the legal liability of ISPs for copyright infringement and creates safe harbours to make it possible for ISPs to escape copyright liability claims in certain circumstances, such as when they act like common carriers - which Slashdot does not, in the sense of having editorial control over its content. One remedy might be for Slashdot to provide hyperlinks to a web site outside the US that had the information that Microsoft wants suppressed, but to remove the alleged offending content from its own site. The European Union Copyright Directive does not cover the liability by online service providers. The DMCA does prohibit measures to circumvent security features like encryption or an anti-copying feature, but it is lawful for security measures to be circumvented if the sole purpose is to identify and analyse the interoperability aspects - but here's a possible catch - only if this does not involve the infringement of copyright. But since Microsoft is not trying to stop disclosure, but merely to impose licence conditions, then in the absence of some judge-made law, the risk of an unfavourable outcome and adverse publicity of any case might well result in Microsoft baring its teeth but slinking away from a fight. Slashdot could alternatively argue that the reverse engineering for interoperability and security testing provisions of the DMCA justifies what has happened, because making it possible for developers to improve interoperability and for Microsoft's Kerberos security provisions to be tested. As for why Microsoft wanted to protect its Kerberos extension, one reason is probably that it is another anti-Unix move. Kerberos was developed at MIT as an open standard, with the source code for Unix and Windows being released and the standard being administered by the Internet Engineering Task Force. Microsoft's trick in its extension was to make it possible for Windows access to Unix with Kerberos - but not the other way round of course. Microsoft claims the extension is a trade secret, but this is unlikely to help Microsoft since there is now no secret, and the details will always be available in some corner of the Internet. It is unlikely that Microsoft would wish to wave its EULA in court, as it is far from certain that it would prevail - particularly outside the US where unfair terms in contracts are treated more seriously. Despite the ".ORG" that Slashdot uses, it would not be able to take advantage of additional legal protection available to certain not-for-profit bodies. Slashdot was acquired by Andover.Net last June, and there was an IPO in December. In February it was announced that VA Linux was acquiring Andover.Net for what would then have been around $1 billion. ®
Graham Lea, 12 May 2000

Windows, the next generation to show in June – for rent

Microsoft is to release details of its next big project, Next Generation Windows Services, at Forum 2000 in Redmond on 1st June. NGWS is the big project Bill Gates allegedly stopped running Microsoft to supervise, but since it was first mentioned in his resignation release in January, very little information on the project has escaped, and the grand announcement itself seems to have slipped a bit. But although we don't know much about the nuts and bolts, the concept's really not a secret. Microsoft intends to present NGWS (or whatever it's really going to be called) as a Web-based services platform, and as we said back in January, this means spreading what you call Windows out into a far broader set of clients and platforms that's all held together by the good old, MS-owned back end. And it's also something you're going to have to rent, not buy. That's not all we know. At a Gartner conference last October Steve Ballmer cunningly went quite a distance in describing NGWS three months before Microsoft mentioned the tag, and last month both Ballmer and Gates came up with more information in an interesting Newsweek piece by Steven Levy, although the NGWS content of the article wasn't particularly widely noted. Price is maybe one of the better bottom lines for us to start with, and here's what Ballmer told Levy: "Believe me, if you give customers a good experience they will be happy to pay. I'm not sure they'd pay 30 or 40 bucks a month, but they'd pay 10 bucks a month." And Ballmer's definitely talking about NGWS here. This is how Levy, who seems to have been well-briefed by execs in addition to Ballmer and Gates, describes NGWS: "The Microsoft vision is to replace the bulk of its software with a collection of dynamic 'services' that makes it easy for customers to access and manipulate information spread out over the Web... By making use of ... XML... it's possible to use that data as smoothly as you can massage the numbers in your own little spreadsheet at home. A whole new set of possibilities open where minutiae stored in the bowels of Web-connected databases get integrated into your life." So the client Windows OS you use today becomes less relevant or even disappears, and "Windows" becomes a large pile of cross-integrated service platforms out there you have to rent. At $10 a month per user, that amounts to a tidy sum. Say you buy a new PC every two or maybe three years, and the revenue MS gets from the PC company is $50 a pop. That works out at $17-25 per users per year, whereas a wholesale switch to NGWS rental would deliver $120 per user per year. To be fair, NGWS has got to include a lot of services that you'd already pay for over and above your OS licence, but it still looks promising, revenue-wise. Here's Levy again: "Microsoft engineers are busily rejiggering familiar programs like Windows and Office so that your software itself, and even the information you once kept snug in your disk drive, will be spread over the Web." There, you're getting really worried now, aren't you? This stuff is actually the same stuff as Ballmer talked about at the Gartner conference. Then, he said Microsoft would move from a packaged software sales model to a service one, and as we noted at the time, the service model he envisaged was not the traditional one, but one that would depend on a high level of automation and integration. If the client software can heal itself, get its own updates and so on, then Microsoft just has to keep the servers running and haul in the money. This is clearly not about on-site service. Then, Ballmer said he wasn't sure whether to charge a monthly rental or for use, but now he seems to have made up his mind. In October he didn't give a time scale, but he's likely to do that next month. And bearing in mind that NGWS isn't a new OS, but a tying together of practically every product Microsoft has, it could kick off in some form quite quickly. The Newsweek piece suggests, interestingly enough, that MSN will turn into a launch platform for NGWS, so actually some of it has probably engaged already, without anybody noticing. But even though the components are a lot more 'there' than you might expect, it'll still be a tricky one to announce, given the other stuff that's going on around it. A next generation Web platform that ties together everything that Microsoft does is really going to impress the antitrust authorities in Europe and the US, isn't it? ®
John Lettice, 12 May 2000

The Register guide to beating the Love Bug. Not

Special reportSpecial report When we wrote about how not to defend yourself against ILOVEYOU yesterday, we thought there were quite a few dumb people out there. But we were wrong. We asked Register readers for their virus war stories and - sheesh - there's a virtually infinite number of dumb people out there. And they're even dumber than we could have possibly conceived. We'd been kidding ourselves that the BOFH was a somewhat fictionalised account of our dear Simon Travaglia's career too, but no - that's got to be 100 per cent true as well. Furthermore, it seems our BOFH sector readership sings in virtual unison of the folly and stupidity of their managers, users and the companies they work for. Wow. So we thought we'd better not name anybody. A fine effort people, for which much thanks. Any more good ones out there, go ahead and send them and we'll update. Oh, and a special mention to those of you who sent us messages with added Microsoft smartquotes - these things are viruses, doncha know? But anyway here, in no particular order, is what Register readers did in the Love Bug War: Disproportionate violence: Special BOFH Award #1 We didn't get hit, mainly due to the fact that after the last vbs mailer to go around, we (in BOFH-ish fashion) stalked around the office, waving tire irons and shouting "DEATH TO THE ATTACHMENT OPENERS!" and pummeling those who appeared in our inboxes with "Check this" as a subject header. Well, that's what we imagined we were doing when really just politely reminding people "if you could not click wildly on anything that lands in your inbox like a monkey on crystal meth, that'd make my job much easier, see?". Forget virus scanning. It's all about luser "re-education". Preferably in the parking lot, with said tire iron. Get the cure wrong and wipe out your own Intranets When I got to work that morning at 5:00 AM, the virus had not yet hit in a big way, so there was not much noise. Of course, it wasn't long before there were a couple hundred ILOVEYOU messages in the ol' inbox (because of the way our company likes to handle internal mailing lists, everyone got at least THREE virus messages from EACH person who opened the attachment. With a company of over a thousand employees, you can imagine how that went... Being a very proficient VB programmer, I proceeded to go through the virus line by unformatted line, and came up with a list of everything the virus did. I gave the list to the IS manager when he came in around 8:00 AM, and after a few minutes the message came down the line: a new EXTRA.DAT (McAfee virus definition file) would be copied in the login script, so reboot and log back in. Of course, if the manager had actually read the list that I gave him, he would have realised that the virus runs on startup, BEFORE the login script runs... So, after another round, someone develops a "serum.vbs" that they have the login script copy into the "StartUp" folder, and later on a "serumII.vbs" showed up there too. The effect of these two horribly-written scripts is to remove the registry entries that run the virus on startup, and to delete EVERY js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, or mp2 file that exists on any drive accessible from the system. Imagine as 200 users log in sumultaneously and each start a script that chuggs through the network share of 889 MBs (25,000+ files) that was already slow. It was an interesting time. Not to mention the fact that, again, if someone had read my list (or had any common sense at all) they would know that .jpg and .jpeg files aren't infected, they're DELETED and replaced with .vbs files, and that .mp3 and .mp2 files are HIDDEN and .vbs files are created in thier place. Nevertheless, our fearless and unthinking IS departement did the safe thing and wiped out many a intranet website... Viruses only come out at night My company decided it would let the mail servers run for the day and then take them offline at night to avoid the virus. Brilliant plan wouldn't you say!? I eventually got a Board member to tell them to terminate the inbound internet email. Close down via a self-administered DDOS attack I was dismayed to receive multiple copies of this in response to some automated emails one of my systems sends out: -8<------------------------------------------------------------------ Date: Sat, 06 May 00 20:34:16 -0700 From: WSM Administrator Subject: Daily Digest of General. Parts/Attachments: 1 Shown 10 lines Text 2 Shown 1.1 KB Message, "Daily Digest of General." 2.1 Shown 0 lines Text ---------------------------------------- Because of PACCAR's Computer Virus Prevention Policy, your email has been rejected. We are doing this to ensure PACCAR is not at risk for newly discovered viruses. When the virus risk is acceptable, we will discontinue this email rejection policy. If this email has business critical requirements, please contact the recipient directly for alternative communication options. We apologize for any inconvenience this may cause. -8<------------------------------------------------------------------ As a sys admin, I've always felt it's best not to respond to an emergency by shutting systems down -- many crackers would love to shut you down anyway, so why do it for them? It's a denial of service attack in its own right, a bit like VAG (US) shutting down their web servers over the new year in case... ummm... some Y2K bug shut down their web servers over the new year :-) I love the bit about "when the virus risk is acceptable". Translates as "when we've got bored of this game and everyone's forgotten about it, we'll stop pissing you off". Another gotcha is the bit about "please contact the recipient directly for alternative options". By the time you've phoned him, you may as well just tell him, 'cos you certainly can't email him about the problem. Don't let anybody tell you about it When the news of the mutation appeared I tried to send my IT security department an email with the "Warning - ILOVEYOU mutations are loose". I received a nice little automatic message saying that the virus name was detected in the title of the message so my message had been deleted. Clever clogs rapid reaction - Special BOFH Award #2 As it happens, we had installed an e-mail virus scanner a day or two previously (since all our users have finally been switched to Exchange mail and Outlook, I thought it was high time we did *something* to protect the corporate network, and as half the IT team, I have a pretty free hand as long as I don't need to spend any actual money). We had nine copies of the virus arrive, get disinfected, and get passed on to the addressees as a "castrated" virus. No problems at all; I do have one user who wanted to know if he could copy the virus to a floppy disk (without activating it) so he could take it home and send it to someone else. As I was a bit tired and muzzy by that time, I simply told him it was harmless by the time he received it. In future, should the question arise, I'll give him a live one (suitably modified to contain his real-world name and address) on a floppy, and call the FBI about an hour after he leaves work. Bloody users... Retro computing - utterly invulnerable Absolutely nothing. I am stuck administering a network of win3.1 clients and VMS servers. We just got a whole lot of attachments to delete. For some reason I don't feel overly happy about my savior from the virus, strange. Use a dud service provider I'm happy to report that at the Brunts School, Mansfield, we had absolutely no problem with the ILOVEYOU virus. In fact, we couldn't possibly have any problem with any Internet virus. BT Internet had employed the most effective firewall possible and crashed. And not only that, but soon the entire network was taken down by a repair technician. Result: one thousand annoyed pupils unable to access coursework and all-important "Record of Achievement statements". Intercept it, but reproduce the effect anyway You wanted submissions for the stupid things companies were doing? Well, you will get a kick out of what my company did. They configured NAV to scan every message for ILOVEYOU virus, but instead of it just discarding the message...it sends a notice to all recipients that a virus was detected in their e-mail! While it was keeping the actual virus from spreading, it was still having almost the same effect because of the loads of virus notifications being sent out to everyone! Death by filtration My company (a major software house) sent an e-mail around giving step-by-step instructions on how to set up a filter in Outlook to remove any and all e-mails with those words in the title. It worked brilliantly, even going so far as to delete the e-mail with the instructions (and a few other innocent virus-related messages). Of course, the filter only moved the messages to the 'Deleted Items' folder, somewhat akin to sweeping them under the carpet. Gratuitous piece of Unix smuggery YOU also may be interested in another variant of the virus currently running around linux user groups here (quoted below): Subject: Unix variant of "love bug" This virus works on the honor system: If you're running a variant of unix or linux, please forward this message to everyone you know and delete a bunch of your files at random." Alerts are an unexpected side-effect of our product (advertisement) We make a product called MailSecure which is a plug-in for Outlook which does full-strength S/MIME crypto. It will optionally prompt you on whether you want to sign and/or encrypt a message. I received this email this morning from one of our sales guys: "I heard a good story from a customer. Whilst going through his mail his mailsecure dialogue box suddenly appeared prompting him to sign his message, what message? He hadn't written one. The penny dropped and he shut down his machine killing the Luv Bug." Hide for three days, then all hold hands and crash the network To stop the spread of the virus into and out of the internal net they disabled all external links for 3 days, then proceeded to tell everyone to use Norton liveUpdate, an internet service, to update Norton antivirus !!?! I believe many an hour was lost with people waiting for liveupdate to finish before carrying on with their work ;o) Clever clogs #2, Special BOFH Award #3 You wanted to know what Admins did the day the bug came? Easy: Nothing. Sit back, relax, and laugh about all the myriads of idiots out in the net. Complain that the damage routine of the virus was way too weak to force the idiots to learn this lesson. We have patched the email frontend more than a year ago to look for all sorts of potentially harmful code, and when there is an attachment like .exe, .vbs, .com, .vbe, .js, (and many more), they have to click through so many requesters (in bold red large letters!) to get at their mail that it comes down even on the dumbest of our users that this email is in a certain way special. And, we don't use Outlook. But I think this is obvious from my rant, isn't it? ®
John Lettice, 12 May 2000