18th > May > 2000 Archive

OS bug survey shows Linux, Win NT in dead heat

A statistical survey of operating system vulnerabilities from SecurityFocus shows that the much-maligned Windows-NT is only marginally buggier than the beloved and putatively superior Linux. Solaris gets very decent marks for security, with six vulnerabilities reported this year to date, compared with 30 for Linux and 34 for Win-NT, but that's to be expected as it's also been in use longer than most, and has been attacked most vigorously over the years. The numbers for Linux are an aggregate of most distros. Taken individually, Red Hat leads the pack with 17 vulnerabilities reported this year compared with six for Turbo Linux and five for SuSE. The stats should be interpreted with caution. "The numbers do not distinguish between vulnerabilities discovered in the wild and those found proactively by developers or security researchers... They do not take into accounts the popularity or impact of a vulnerability. A root shell vulnerability is treated the same as a disclosure of sensitive information," the report notes. Still, we're tempted to wonder how many vulnerabilities might turn up in Linux if it were ever to become as popular as Win NT, or as hated. ®
Thomas C Greene, 18 May 2000

Bill Clinton associates Love Bug with terrorism

Commander-in-Chief Bill Clinton fretted about cyber-security during a US Coast Guard Academy commencement speech which he delivered in Connecticut today. "This is a highly appropriate place to give what is, for me, a very nostalgic address. It is the last speech I will ever give as President to a graduating class of one of our military service academies," he said in his most polished tones of affected sincerity. He then launched in to the business of promoting his pet concerns: applauding the global economy, coddling China and praising its "working for human rights and political freedoms," and condemning the scourge of international terrorism, on which altar, naturally, anonymity and privacy in a wired world will have to be sacrificed. "I have requested now some $9 billion for counter-terrorism funding in the 2001 budget. That's 40 percent more than three years ago," the President boasted, and then solicited support to add $300 million on top of it. "To protect America from cyber-crime and cyber-terrorism, we have developed a national plan for cyber-security, with both public and private sector brains putting it together. We're asking for increased funding to implement this plan to protect our vital networks. That's something else I hope you will support." The extra money is earmarked for cyber-security initiatives involving Internet monitoring and forensic data handling, primarily by the FBI. "Today and for the foreseeable tomorrows we and especially you will face a fateful struggle between forces of integration and harmony and the forces of disintegration and chaos," Clinton told the cadets. "Technology can be a servant of either side, or, ironically, both," he warned. The President cited the Love Bug e-mail worm as an example of the new and horrifying threats to American national security looming on the horizon. "Today, critical systems like power structures, nuclear plants, air traffic control, computer networks, they're all connected and run by computers." "Two years ago, we had an amazing experience in America and around the world - we saw that a single, failed electronics link with one satellite [could] disable pagers, ATMs, credit card systems, and TV and radio networks all over the world. That was an accident. The Love Bug was not an accident." Heaven's no. It was a dastardly assault on the very underpinnings of decent civilisation. Imagine the damages: it caused e-commerce sites to slow; it forced sysadmins to wake up and filter malicious attachments; it even compelled Micro$oft to take time out from its heavy public relations schedule to fix its crummy e-mail client. Why, it was a veritable electronic Pearl Harbour. ®
Thomas C Greene, 18 May 2000

Love Bug suspects can't be charged

The Philippine Department of Justice has ruled that a law invoked against suspects in the Love Bug e-mail worm case can't be stretched to apply to hacking, the Associated Press reports. The decision will hamstring investigators, who were forced to scramble to find a basis to charge the suspects, since hacking is not a crime under Philippine law. After an extensive period of head-scratching, frustrated National Bureau of Investigation (NBI) agents settled on a 1998 law dealing with the fraudulent use of credit cards, account numbers and passwords. The law carries a ghastly penalty of up to 20 years in prison. Because the Love Bug gathered passwords from infected computers and forwarded them via e-mail, investigators thought the fraud law might apply. However, Chief State Counsel Elmer Bautista decided it was too much of a stretch. "Nowhere in the law is 'computer hacking'... and the effects thereof dealt with," Bautista wrote in a memorandum obtained Wednesday by AP. "The intention of a computer hacker... is not to defraud," so hacking "cannot be considered covered" by fraud legislation, Bautista wrote. The NBI said it would not question Bautista's decision. The investigation originally focused on a Manila flat where a telephone line, traced with caller ID, is thought to have been used to release the worm. One of the residents, computer enthusiast Onel de Guzman, has admitted that he might have released the bug accidentally. De Guzman recently failed to graduate from AMA Computer College after his thesis had been rejected as a method to steal passwords and enable free use of the Net, a feature found in the Love Bug. The bug was released on 4 May, the day before de Guzman would have graduated if his thesis had been approved. Investigators subsequently found a second virus on a floppy disk seized in de Guzman's flat. De Guzman denies writing it, and local authorities believe his classmate at the AMA college, Michael Buen, may have. The disk contained a warning, apparently written by Buen, saying, "If I don't get a stable job by the end of the month, I will release a third virus that will remove all files from the primary disk." Over 40 people received shouts in another file on the disk, most of them students from the AMA college which Buen and de Guzman attended. Buen graduated from AMA college on 5 May, the day after the Love Bug was released. He steadfastly denies writing or spreading it. ®
Thomas C Greene, 18 May 2000

Linux goes Big Iron

IBM has announced the availability of Linux running natively on its S/390 mainframes, although general availability won't be until the autumn. SuSE and TurboLinux are acting as distributors and first call of support for potential users. Linux can either takes advantage of the mainframe's logical partitions to run natively, or as a VM/ESA guest operating system on G3 390s and later. IBM added similar capabilities to its AS/400 earlier this year. An implementation of IBM's Java 2 will follow in June, says IBM, and Big Blue has promised to eventually port WebSphere and Tivoli hooks to the platform too. It's not the first mainframe Unix: Amdahl's continues to update its venerable System V R4 port, UTS. But the two Linux ports - one inside, and one outside IBM - have progressed remarkably quickly. Since System 390 doesn't even know about ASCII natively, let alone TCP/IP, this is all very clever, but who'd want to use it? SuSE's HA architect Volker Weigand tells us that in addition to infrastructure uses such as running Apache or sendmail servers, he had customers waiting to evaluate it running SAP R/3. "It's just another platform for us that doesn't require special treatment" says Weigand. As it stands, S/390 Linux is a few screws short of the full toolbox. It's not possible to failover between partitions - that requires some kind of heartbeat code and IP takeover. Nor as we understand it can you yet perform the kind of load balancing between partitions that you can do with say Red Hat's Piranha. But on the other hand, that not might matter too much. There's plenty you can do natively on an S/390 that you can't do on a PC or even a lot of PCs. CPUs can be added or removed on the fly. And the System 390's I/O architecture allows you to connect to disks over IBMs fast fibre optic FIBON and ESCON interfaces to distances of up to 30 miles. Princeton's Virtual Penguin Project is taking advantage of such features, so mainframe Linux will gradually spawn some unique features. Oh, and thanks to the BOCHS emulator it even runs Windows. ®
Annie Kermath, 18 May 2000

L0pht uncovers Office 2000 ActiveX security hole

An ActiveX control in Micro$oft Office 2000 named "Office UA Control" used to script demonstrations for Office 2000 Help can be used to script almost any action that a user could perform from the keyboard, an advisory from L0pht Heavy Industries says. The ActiveX control is "incorrectly marked as 'safe for scripting,'" Micro$oft says. "A malicious Web site operator could use the control to carry out Office functions on the machine of a user who visited his site," the company adds. Actions can be scripted from any HTML page viewed with active scripting enabled, including both Internet Explorer and Outlook, L0pht reports. L0pht has a demonstration which will start Micro$oft Word, create a UA control and re-point a table frame to a word document URL with a macro, which will run without prompting. The demo is available here. The flaw could "permit the construction of a worm of unparalleled devastation, as it would be able to turn off macro virus protection and 'script' it's way to all of the people in your address book," L0pht says. Micro$oft has released a patch and a security bulletin related to the vulnerability. Not surprisingly, the company makes no mention of the worm potential of this little gem, following as it does so closely on the heels of the Love Bug. In the bulletin, Micro$oft gives shouts to Dildog at L0pht, who brought the flaw to their attention. A link is provided from there to the Micro$oft shouts policy page, where the company reminds us all that "the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it." "When you see a security professional acknowledged in a Microsoft Security Bulletin, it means that they reported the vulnerability to us confidentially, worked with us to develop the patch, and helped us disseminate information about it once the threat was eliminated. They minimized the threat to customers everywhere by ensuring that Microsoft could fix the problem before malicious users even knew it existed," the company gushed. Anyone care for a tissue? ®
Thomas C Greene, 18 May 2000

Don't delay MS breakup, government tells judge

MS on TrialMS on Trial As expected the US government has urged the judge to toss Microsoft's proposed remedies out, but it is also pushing hard to have the company strung up sooner, rather than later. In a 70 page filing to the court yesterday the DoJ and states described Microsoft's request for a delay of up to six months as "a transparent effort to delay the determination and implementation of a remedy for its illegal acts as long as possible." Microsoft's recent efforts have indeed looked just a teensie bit transparent. The company wants to produce more witnesses to argue that the government's proposed remedies are extreme, wrong-headed and likely to destroy Microsoft, innovation, the US economy and the universe, not necessarily in that order. Microsoft also wants until December to carry on wriggling, if Judge Jackson does agree with the government and decides to go for a breakup. In its filing the government points out that Microsoft's violations have already been established, and that: "Liability is not in doubt, and relief should be as prompt as possible." Microsoft's argument of course is over the nature of the relief, and whether the sentence fits the crime (which it still denies, of course). One slightly puzzling aspect of the government filing, however, is that it argues that Microsoft should have been prepared for the breakup proposal, rather than coming over all shocked and stunned, because it "has known for several months about plaintiffs' interest in structural relief." But that kind of depends on how you count, and what you count, doesn't it? Breakup proposals were certainly being tossed around in the government camp months ago, but it's not clear that these ever reached the table during the aborted negotiation talks. As these were about to hit the buffers, the word was that the government was prepared not to go for a breakup in order to achieve a settlement. If the hawks from the states reintroduced this to the talks, they did so on 31st March, the day before it all fell apart. The way we count that, it's a month and bit, not several. Alternatively, further back down the line there were other breakup proposals put to Microsoft - be interesting to see what was in them. ®
John Lettice, 18 May 2000

Net privacy a tangled skein – FTC committee

A US Federal Trade Commission (FTC) committee charged with making broad Net privacy recommendations can't seem to step forward with any solid conclusions on the issues. After months of debate, several interim reports, a period of public commentary, and deep deliberations, the forty-member panel has generated a final report with a menu of options from which the FTC may choose. Following each possible choice are arguments for and against. The committee considered two chief issues: enabling consumers to review their own stored details to ensure accuracy, and ensuring that private information is held securely on the Web. Every potential solution is associated with a potential headache, cost, or technical flaw. For example, the committee notes that while cookies can be used for account authentication, and while they're cheap for Web sites and convenient for consumers, they're hopelessly insecure. "The computer may have more than one user. The consequences of disclosing information about an individual's use of a Web site or clickstream data to another person (family member, co-worker, other) could be damaging," the report notes. Not to mention that one might wish to access one's account from a computer other than that where the cookies are stored. Not to mention the inconvenience of recalling all of one's passwords following a fatal crash, when all those nice, convenient cookies have been wiped. To make things really secure, a Web site could "require [a user's] account name and password in order to trigger the sending of a one-time access code through a separate communication channel" such as to an e-mail address. This would be good for access to infrequently requested data, bad for routine access to an account. And so the report goes, finding a plethora of glitches to associate with each possible remedy, and not quite concluding that the Internet is simply not configured in its basic architecture for reasonable security or decent privacy protection. It's a conclusion no one wants to reach, with the stakes of e-commerce as high as they are. On-line advertisers and Web-based businesses have already projected themselves onto the Net with an overarching presumption that consumers get as much privacy protection as they deserve, and have invested lavishly in schemes based on that presumption. They whinge audibly about the cost of instituting privacy protections they ought to have put in place from day one, and throw money at anyone who shows the slightest bit of sympathy. But consumers are far from satisfied, and, most ominously, legislators across the US are gearing up. Something on the order of a hundred privacy bills are currently pending in American state legislatures and in Congress, and new ones are proposed on an almost daily schedule. It will now fall to the FTC to machete its way swiftly through the IP jungle and cut them off at the pass with something that industry, the public, and the politicians can all live with. Of course the Commission could also continue to exercise the better part of valour, and leave it to the squabbling interested parties to slug it out in the legislatures and the courts. And after perusing this report, and noting all its palpable contradictions and switchbacks, we have to allow that they could hardly be blamed for doing precisely that. ®
Thomas C Greene, 18 May 2000

Dobedo.com ruled offensive by watchdog

Once a month the Advertising Standards Authority (ASA) produces a report on the complaints it has dealt with and once a month we get to learn about the dodgy tricks that IT companies have used to sell more boxes. All the cases below have been upheld by the ASA and we hope that they're all ashamed. Dobedo.com Aiming at 16 to 25-year-olds, dobedo reckoned that its saucy tube adverts were humourous. Not everyone agreed. The nightclub DJ and sexy-looking female clubber, both with superimposed cartoon heads, offering the respective lines: "I've got a 12inch. Wanna play?" and: "I've lost my virginity. Can I have yours?" were deemed offensive by someone in Essex and the ASA agreed. It's traditional British saucy humour, dobedo cried. C'mon if you do get them (and young kids won't) they you can't help but raise a grin. Hogwash, replied the ASA. Consider yourself told off. LineOne Tut tut tut. LineOne has been caught not once but twice up to no good. "The UK's largest FREE content provider," it told the world. This, it said, did not mean it was the largest content provider that you didn't pay for as some had understood it - it only said that it provided the largest amount of free content of any ISP. Bollocks, said the ASA. Trying to be too clever for its own good, LineOne then designed a banner ad which had a yellow warning sign, "OK" and "Cancel" buttons and a "Please wait, analysing your system" progress bar. Some hapless fellow didn't recognise this is an ad and clicking on the cancel button only lead him to LineOne's site. Naughty, said the ASA. Slammer.com Slammer.com claimed "The price you see is the price you pay!" Of course, this didn't stop it informing one customer that Flight Sim 2000 Pro had - would you believe - just gone up to 49.99 from the 38.00 it had advertised. Bloody cheeky, the ASA decided. DSG Retail (Freeserve) AOL got a bit angry when it saw an ad offering 10 hours free Internet surfing a month if you spent 10 or more a month on national calls ("You don't need to change your BT line." it said). AOL said the offer didn't make it clear that ONLY BT customers could take the offer; that its conditions were not clear; and it mislead people into believing free time would be carried over into the next month. True, true and true, the ASA ruled. Direct Mobile Phone A magazine scratchcard offered various Orange phone prizes: "1000,000 worth of Orange mobile phones to be won". Of course, it didn't tell you that you'd have to sign up to a 12-month contract to claim your prize. Bad boys, tutted the ASA. Polar Technology Selling a 433MHz PC, Polar mentioned that it had a "DVD/CD drive" - just not one that would play DVD films. For that, you'd have to buy another DVD drive. One unlucky punter took exception to this and the ASA backed him up. Hutchison Telecom (Orange) Hutchison made big play of the fact that their pay-as-you-talk vouchers had no expiry date while its competitors' did. Unfortunately, this was a big fat whopper - the initial had exactly that - 30 days - and the company reserved the right to disconnect you if the voucher wasn't used by a certain time. Oh, and it omitted to say that to get its super cheap rate you had to buy the 50 voucher. The ASA was not amused. Cartridge Express "UK's lowest prices. If we fail to deliver our promise, we will supply you with the items completely free of charge." As long as you don't ask them, that is. One customer found some ink cartridges that were cheaper but he did get any free goods or a refund for the full cost. Cartridge Express will have to run the next ad through its Copy Advice Team. And that's all for this month. More Legal, Decent, Honest and Truthful tactics in four weeks. ®
Kieren McCarthy, 18 May 2000

SGI to shower shareholders with MIPS stock

Troubled SGI is to rid itself of its remaining shares in MIPS, the processor company it founded and spun off some years back, in a move not unlike 3Com's upcoming Palm Computer stock giveaway. SGI currently owns some 25 million-odd MIPS shares, which amount to 65 per cent of the semiconductor company. SGI plans to distribute them among its shareholders on 20 June, following a dividend distribution on 6 June. The cost to SGI is near $485 million, which is effectively what the company would have saved by not having to pay tax thanks to its loss-making status. SGI will now have to stump up tax dollars to the tune of $485 million at the end of its fiscal year, which occurs on 30 June. Unlike 3Com, which this year decided to give its post-IPO stake in Palm, SGI's giveaway has apparently been on the cards since the company reorganised (again) back in August 1999, so the move is essentially about paying SGI shareholders not to sell out: 'Hang on in there and we'll give you stock in a company that's actually worth having a share of.' ®
Tony Smith, 18 May 2000

ICO emerges from Chapter 11…

Satellite networking company ICO Global Communications - or New ICO, as we're now supposed to call it - has thrown aside its Chapter 11 bankruptcy protection. Actually, we're probably going to have to call it ICO Teledesic. As we predicted last year, having invested a pile of money - a cool $1.2 billion - into ICO, Teledesic boss Craig McCaw is now getting the companies ready to merge. It works something like this: having unified his Teledesic and ICO assets under a single holding company, ICO-Teledesic Global (ICO-TG), itself a subsidiary of McCaw Eagle River Investments, McCaw last week persuaded Teledesic's board to approve merging Teledesic into ICO-TG. That merger is subject to regulatory and shareholder approval, but it's hard to see said bodies rejecting the proposal, especially since the next step is to merge New ICO into it too. As we said, that effectively leaves the two companies as one. Both of them specialise in providing high bandwidth data networks via satellite - something Teledesic has always been focused on, but which ICO only got into last year after Iridium's troubles persuaded it that satellite-based mobile phone services weren't such a good idea after all - so a merger makes sense. It allows both to share resources and cut their costs. Building a satellite network is expensive enough without the two of them building two networks independently. ICO is already hard at work on the conversion of its 12 cellphone satellites (ten for operational work, two as back-up units) into packed-based network hubs, and upgrading its ground installations. "The enhancements to the New ICO network have been made in its ground infrastructure, which will make it possible to upgrade and evolve the network over time and even to switch among different technologies in real-time," said ICO's acting CEO, Russell Daggatt. The merger would also make life easier for McCaw, who is already chairman of ICO-TG, ICO and Teledesic. Why take three chairs into the shower, when you only need take one? ®
Tony Smith, 18 May 2000

Sun hits back at Unix vendors' FUD

The propaganda war waged by HP, IBM and Compaq against Sun has caused a senior executive at McNealy's firm to rebut claims that it is misleading customers. Far from his company misleading customers, said Chris Sarfas, UK product manager at Sun Microsystems, the other Unix vendors were effectively pulling the wool over the eyes of corporate customers. Earlier this week, at the WildFire launch [I've already told you to stop using that codename once - Ed], a senior executive at Compaq accused Sun of misleading customers by not telling them that they would have to swap out tin when products based on UltraSparc III started arriving. And, a week earlier, a senior HP executive made a virtually identical accusation. Sarfas said: "We don't understand their point. At some time, you have to change platforms. Will HP's Superdome product be a minor upgrade? We all know it will be based on a PA Risc chip and HP is committed to moving to Intel IA-64 technology." He said: "HP is changing both operating systems and microprocessors, and that will be a major change." While HP said that it was committed to binary compatibility between PA Risc and IA-64 technology, it very much remained to be seen whether third party software application vendors, such as Oracle, would support that model. "We're not changing our binary architecture in UltraSparc III," he said, which would become available in the next 12 months. "When we announced Solaris 8 in January, we said that this was an OS that will run on UltraSparc III." The software was available to all Sun customers running Solaris 7 and the firm will actually change the OS to make sure there is binary compatibility. "We will guarantee applications will work if they run on Solaris 7," he said. "We have a single strategy and we have guaranteed compatibility, which is far more than anyone else has done. They're trying to mislead people." He said it was understandable, given the financial results of Compaq, IBM and HP over the last quarter, that they were trying to put forward this misleading point of view. "We're the clear market leader and you expect competitors to say that they will displace you. I do say the aggressive tactics have become highly questionable. On the ground, the situtation is completely different." He said that he had noticed that Compaq, at its WildFire launch, had claimed that its platform was half the price and double the performance of Sun boxes. But, he said: "A Skoda is half the price of a Ford, but that doesn't make Skoda the market leader." ®
Mike Magee, 18 May 2000

FSA hit squad probes for dodgy financial sites

The FSA is to probe more than 50 Web sites targeting UK users following an undercover "surf day" into Internet scams. A top surveillance squad of 31 FSA staff spent a day browsing more than 600 sites for signs of dodgy financial market activity. The search turned up 53 sites that warranted "further investigation", with the FSA vowing it would "take action where necessary to put a stop to unauthorised activity". The surf day was an worldwide event co-ordinated by the International Organisation of Securities Commissions on 28 March. The FSA was one of 21 regulatory groups from 18 countries taking part. The unlucky sites earmarked for further investigation included those which appeared to offer unauthorised investment advice or investment deals, or which advertised investment products in breach of the law, the FSA said. "We and our colleagues have identified a number of sites that might be trying to mislead consumers," said Dan Waters, FSA director of enforcement. But Waters urged consumers to check with the FSA that firms were authorised to do financial services business before parting with their hard-earned cash. "The Internet brings many benefits, including access to markets and information, but consumers must remember: if it looks too good to be true, it probably is," he said. For the past few months the FSA has been warning investors to be wary of trying to make a quick buck out of the Internet. ®
Linda Harrison, 18 May 2000

Handspring files for cautious IPO

Palm clone maker Handspring disclosed details of its cautiously optimistic IPO this week. It will offer ten million shares - eight per cent of the company - priced between $19 and $22, which is just under what Palm itself is currently trading at (around $26) following the April collapse of hi-tech stocks. The IPO - whenever it takes places; no date appears to have been set yet - will be an interesting test of Wall Street's attitude to loss-making IT companies. Handspring's Securities and Exchange Commission filing reveals it lost $21.5 million in the three months to 1 April well up from the $1.89 million it lost in the same period a year earlier. Of course, at that stage it wasn't shipping product, with all the marketing expenses and the cost of sale that that process involves, so the quarters aren't exactly comparable. For the 1 April quarter, Handspring recorded revenues of $34.3 million, up from $15.8 million in the previous quarter, so it's certainly shipping product, and now that it has added wider retail channels to its own, initially-flaky Web-based direct sales operation, revenues should continue to grow. Retail sales didn't begin until the first week of April, so its too early to see how they will have affected Handspring's quarterly figures, but the company's Visor product quickly established itself as the top-selling Palm-based PDA. In short, the signs are good for continued revenue growth. That, in turn, suggests Handspring shouldn't be quite so far from profitability than are the dotcoms and Linux companies that inflated the hi-tech stock bubble. But Palm's example implies that we shouldn't expect Handspring to buck the trend, and its shares will probably settle a little above the initial sale price. Handspring's filing says it reckons the shares will go for $20.5 apiece, netting the company $190.2 million after expenses. The underwriters have an option on 1.5 million extra shares, available for sale if the demand is there, and if it is that would add some $219 million to the IPO's proceeds. Handspring will trade under the symbol 'HAND'. ®
Tony Smith, 18 May 2000

MS claims breakup will kill next-generation Windows project

MS on TrialMS on Trial In an extraordinary covert filing by Microsoft in the antitrust case, the company claims that it would be too risky to develop Next Generation Windows Services if Microsoft is split into two companies. The exact wording is: "Microsoft cannot undertake such a risky venture [developing NGWS], which will cost more in constant-dollar terms than Boeing's development of the 747 or NASA's first mission to the moon, unless Microsoft can call upon all of the company's resources in seeking to make it a success. Those resources include people and technologies on both sides of the bright line the government seeks to draw through Microsoft's tightly knit organisation." Microsoft then goes on to claim that: "Consumers will suffer if Microsoft no longer has the ability to undertake ambitious projects like Next Generation Windows Services, which (if successful) promises to transform the way in which consumers use the Internet, to the benefit of the entire economy." This was contained in a brief entitled "Defendant Microsoft Corporation's summary response to plaintiffs' proposed final judgment" which Microsoft chose not to publish at the same time as the other five documents that we previously considered, although it was filed with the Court at the same time. The most likely explanation is that Microsoft did not want this one discussed too widely in the media, because of the wild statements in it. On the whole it adds up to being Microsoft's ranting and raving response to the DoJ proposed remedies, and it looks as though it was produced more as a cheerleaders' manual for faithful Microsoft supporters rather than for judicial purposes - but Microsoft may be numbering the judges of the Court of Appeals amongst its supporters. But the threat to NGWS probably is real. The radical plan to evolve Windows into an all-encompassing Internet services platform is due to have some flesh put on its bones at the beginning of next month, but from what's known already it seems pretty clear NGWS will further blur, possibly even abolish, the lines between OS and app, and that much of it will fall into the judge's definition of middleware. Microsoft argues that NGWS is innovation, while the judge and the government are more likely to see it as the mother of all antitrust violations. So blocking NGWS, from the government's point of view, would be a good thing. No meeting of minds here Microsoft suggests that the DoJ proposal "threatens to eliminate Microsoft as an effective competitor, slowing the pace of innovation in one of America's most successful industries" and goes on to claim that "Windows is very important to the Nation's economy". Microsoft is arguably saying here that if illegal, anticompetitive (and therefore anti-consumer) behaviour some how helps the economy of the country, it should be allowed to continue unfettered. That's a rather serious suggestion. There's also what could be a joke when Microsoft says: "The government would stop Microsoft from offering price reductions on Windows", supposedly to encourage OEMs to provide support; to improve the product offerings; and to combat piracy. This is a sanitised argument for maintaining market development agreements, which were so clearly seen to be Microsoft's control mechanism for keeping OEMs in order, and maintaining its monopoly. Microsoft's pricing practice with Windows has been to put up the price of obsoleted Windows in order to strong-arm OEMs to adopt the new version, so a claim to be prevented from making price reductions is misleading. At one point when discussing the suggestion that MS Office be ported to Linux, Microsoft wails that Linux users would resist paying for software, and that it would need considerable effort and expense to achieve it. So why did Microsoft produce IE free of charge, when it could perfectly well have priced it? As was so clear from the evidence, we know that Microsoft thought that IE could not have won against Navigator at that time. Microsoft quotes two concepts that it claims to have invented - toolbars and clipboard functionality - and says that it was only as a result of teamwork between Windows and Office developers that these came about. We'll have more to say about this, especially as it's serious stuff and misleads the court. Very hurt by dirty tricks claims, ahem... It's amusing to find Microsoft saying that "The government's implicit assertion that Microsoft may take adverse action against companies that provided testimony against Microsoft in this case is unfounded and offensive" and it's puzzling to think how if OEMs were allowed to "disassemble Windows and substitute third-party software for important components of the operating system. At best, such requested relief would cause Microsoft's innovations in operating systems to grind to a halt. At worst, it would fragment Windows, destroying its value as a stable and consistent software development platform...". Using terms like "disassemble" for an OEM offering a choice of default browser, offering users other choices, and flashing the odd splash screen during booting does seem to be a trifle over-the-top. On the intellectual property front, claiming that "What the government is asking the Court to do is order Microsoft to hand over billions of dollars of intellectual property to companies like IBM and Sun Microsystems which will use such proprietary information to gain an unwarranted competitive advantage vis--vis Microsoft" is again an attempt to mislead the Court. Microsoft has already given IBM access to the source code of Windows at its Kirkland, Washington facility where IBM does its work to extend the scalability of Windows, and deal with bugs found by its customers. As we previously reported, IBM's said its objective there is to make IBM hardware "scream with Microsoft software". It's also very hard to see what Sun could gain by poring over Windows code. It is a common Microsoft claim for the benefit of non-technical people like judges that Microsoft's crown jewels would be lost if any competitor had "unfettered access to huge amounts of Microsoft's proprietary information that they can use to clone innovative features and functionality of Microsoft's new operating systems". But Microsoft's real secrets are in its marketing plans and deals. Microsoft also objects to the proposed requirement that Microsoft should provide access to "all interfaces and protocols" rather than what Microsoft calls "external interfaces that Microsoft publishes for use by software developers". History has shown the extent to which Microsoft applications developers had access to and used undocumented calls, and how this was exploited to get better performance and easier programming. Unless there is a blanket provision, there could be no certainty that Microsoft would not keep a few important calls out of the limelight. Windows famine to bring industry to its knees Microsoft says that "It would take several years and hundreds of millions of dollars for Microsoft to redesign its existing operating systems and the resulting products would be far inferior to their existing counterparts. In the meantime, Microsoft apparently would have to halt distribution of all non-compliant operating systems. That would bring the worldwide personal computer industry to its knees, causing severe economic dislocation." Anybody with a development background will question the truth of the assertion that a "far inferior" product would normally result, or that the PC industry would really be crippled. What is true though is that "Microsoft spends large sums of money each year providing product support to its customers. Given the complex interaction of hardware and software products on even the most basic personal computer, it is often difficult to ascertain what is causing the particular problem a customer is experiencing. A substantial amount of time is thus spent on product support calls determining the configuration of the customer's machine in an effort to isolate the source of the problem." It's called bug fixing, and the bugs and design flaws do create serious problems every day. In most cases it is not an esoteric combination of hardware that exposes the problem, but quite simply poorly-designed, inadequately-tested code. Understandably, Microsoft does not like the provision that it would have to keep operating systems available for three years. Most smaller companies would prefer to use one operating system to keep support costs down, and the requirement merely helps customers but does not further enrich Microsoft prematurely by forcing upgrades earlier than otherwise desirable if an OS is withdrawn. It is not surprising that Microsoft is none too happy that it would have to keep its emails for four years, and that this would be "burdensome". After all, any ethical company would have nothing to worry about, and the storage requirement even for "tens of millions of emails" is trivial. Microsoft expressed its concern that "Our system of laws does not merely tolerate Microsoft's desire to proclaim its innocence in this respect; it enshrines the company's right to do so. No act challenged in this case was malum in se [bad in itself]; none involved an allegation of moral turpitude..." That's a value judgement about which there will be more than one opinion. In years to come, Microsoft will be judged by the maturity of its response to its self-inflicted wounds. On the showing in this filing, the analysis by future legal scholars (as distinct from paid lackeys) is unlikely to be favourable. ®
Graham Lea, 18 May 2000

Dell plans for Red Hat Linux Itanium boxes get disappeared

Yesterday Dell announced, and then swiftly unannounced, that it would be in the first wave of companies delivering servers and workstations based on Itanium. It didn't exactly say that these would run Red Hat Linux, but given the context (a Red Hat press release) that was kind of implied. So what happened? The Register's beady eye was drawn to Dell's on/off commitment by version two of the Red Hat announcement that it was releasing an Alpha version of Red Hat source code for Itanium. Whenever we see a release headed "Corrects and replaces" we naturally go scurrying off to the original to see who goofed. Aside from forgetting to mention VA Linux's contribution to the IA-64 Linux Project (formerly Trillian), on which Red Hat's distribution is based, version one had a whole paragraph of supporting good cheer from Dell VP and general manager, enterprise server products, Bob Van Steenberg. But Bob's relatively innocuous words were ripped out of version two. Here's what he said (or didn't say, we don't know): "We continue to work closely with Red Hat, Intel and our strategic independent software vendors (ISVs) to speed development of 64-bit e-commerce solutions that are optimised on Dell systems... As a world leader in Internet commerce and infrastructure products, Dell is on track to be among the first to deliver to its customers Dell PowerEdge servers and Dell Precision WorkStations based on Intel's 64-bit Itanium processors." See what we mean? He doesn't precisely say they'll be running Linux, but given the context, and the fact that we all know Dell's going to be in the front rank with the hardware, that's surely the message his words are supposed to convey. Undoubtedly, the quote was supplied to Red Hat by Dell. It's possible that it escaped without proper approval, and it's possible that People On High within Dell who're known to be good buddies with Bill decided to disapprove. That doesn't mean what Van Steenberg said/didn't say won't happen, but it does indicate that Dell is still performing a tricky little balancing act between the Linux and Windows camp. For what it's worth, we can't find a previous commitment by Dell to be early to market with "e-commerce solutions" running on Linux Itanium systems. The juxtaposition of these three things, of course, would not be likely to spread good cheer among Dell's good buddies in Redmond. ®
John Lettice, 18 May 2000

Fujitsu Siemens: ‘Everyone’ wants Win2k for IA-64

Fujitsu Siemens yesterday rebranded its server products in a bid to establish a global presence. Intel-based products will now carry the Primergy label, while the company's Unix offerings will be named Primepower. The thinking being that Fujitsu will use the brand in APAC, Amdahl in the US, and Fujitsu Siemens in Europe. The first three Primergy boxes feature four 550MHz Pentium III Xeons and will offer Cascades PIIIs at 700 and 800MHz 'within the next few weeks'. Cascades will apparently deliver a performance boost of around 20 per cent. The company's VP of strategic marketing, Joseph Reger, also sais Fujitsu Siemens is beefing up its Unix range with the introduction of a 128-way, 256GB Sparc box before the end of the year. "We'll have a 64-way, 128GB system available for shipment by September, and we've already taken an order for a 64-way, 64GB machine from a German customer," he claims. "The systems use a switch developed in Japan for Fujitsu supercomputers which will deliver an increase in performance of 60 per cent over existing products." But Reger denied Unix was dead on the company's Intel boxes: "What we're seeing is a definite shrinking in demand for low end Unix systems, and that shrinkage is moving into the mid range too. It's at the high end that Unix's future lies." The company also yesterday outlined its plans for Intel's forthcoming entry-level 64-bit Itanium and apparently already has around 60 customers trialling four way Itanium servers. "Most users want Windows 2000, others ask for Linux, but hardly anyone is interested in Monterey," said a Fujitsu Siemens source. Reger restated the company's ambitious aim to become the number one IT supplier in Europe by 2001. "In the NT sector, we're currently lying in fourth place on 10.8 per cent, behind Compaq on 36.2 per cent, IBM and HP." ®
Andrew Thomas, 18 May 2000

New Rambus validation service from Kingston

With Intel's blessing, Kingston Technology has set up a new independent testing lab, Advanced Validation Laboratories (AVL) to help DRAM manufacturers, PC OEMs, motherboard manufacturers, system integrators, and module manufacturers bring their products to market faster. "The one-stop validation service will enable faster time-to-market and ensure tighter compatibility between validated products," said Abid Ahmad, Intel's director of Semiconductor Enabling. "The services offered by AVL will benefit Intel's customers by simplifying the listing process on the Intel validated product Web sites." "Our goal in working with Intel on the establishment of this lab is to make the validation process easier for all customers, while helping to reduce costs through the consolidation of services," added Kingston Technology co-founder David Sun. "The time-savings alone will aid in strategic decision-making, such as the critical decision to initiate wafer starts to start volume production of the new DRAMs." AVL has received certification from Intel to provide PC133 SDRAM, PC 133 SDRAM RLC and RIMM validation services. This certification is required for module vendors to be listed on Intel's system validated web site. "By having Advanced Validation Labs provide RIMM and PC 133 System Validation services worldwide, the listing process for the Intel validated web site has been simplified for memory module suppliers," said Intel's David Zimmerman, memory validation and test manager. ®
Andrew Thomas, 18 May 2000