2nd > August > 2001 Archive

Senator's Net-legislation would jail school-kids

A low-brow publicity stunt masquerading as a legislative measure called the School Website Protection Act of 2001 by US Senator Robert Torricelli (Democrat, New Jersey) would define criminal hacking as any action, even a harmless action, which "affects or impairs without authorization a computer of an elementary school or secondary school or institution of higher education." Torricelli is tough on juvenile crime, and he adores schools. Get it, voters? The broadness here created by the word 'affects' is pure Kafka. This might criminalize a harmless prank, the installing of a game, or the sending of unsolicited e-mail. Violators could get shut up in federal prison for up to 10 years. "Computer hackers who prey upon unsuspecting schools, striking fear in the hearts of entire communities with threats of violence, cannot go unpunished," he declared. 'Striking fear in the hearts of entire communities' indeed. Because a New Jersey high school's Web site was recently defaced with a few Columbine-esque threats, Torricelli has seen an opportunity to whip up fear in hopes of attracting headlines and press coverage for himself. Naturally, we were only too happy to oblige. ® Related Links Torricelli's e-mail His proposed legislation
Thomas C Greene, 02 Aug 2001

And then there were two open source .NET clones

The first and original effort to make a software libre implementation of Microsoft's .NET runtimes is to join forces with one of the newcomers. Portable.NET will now co-ordinate its work with DotGNU, launched last month, under the GNU umbrella. That other major project to create an open source platform for the Microsoft CLR, C# language and class libraries is Ximian's Mono project. Let's hope the joined project work shows more inventiveness than went into creating the name: It'll be called "DotGNU Portable .NET". ® Related Stories .NET frenzy reaches Mac OS X Why it pays to embrace and extend .NET - de Icaza Mono to open source .NET by mid 2002 Call my bluff - how smart is reverse engineering .NET?
Andrew Orlowski, 02 Aug 2001
SGI logo hardware close-up

Civilians at risk from unexploded WAP 2.0 specs

Undeterred by the failure of WAP in Europe - and as a brand it's so poorly regarded that it appears to have sunk in transit across the Atlantic: WAP services are not branded as such in the United States - the WAP Forum on Tuesday published revision 2.0. It resembles the carpet bombing tactics used to demoralise civilians in World War II and Vietnam: 55 whopping individual specifications were unleashed by the WAP air force, resulting in a firestorm of PDF-related damage. The individual specs add up to new standards for XHTML, style sheets, for multimedia delivery via WAP services, push content and plenty more besides. But at least it's open, indeed much more open than the alternative, DoCoMo's proprietary iMode services. We'll begin to pick our way through the wreckage later today - always mindful of the danger of unexploded PDFs - but as we do so, can anyone tell us what's the point and where the demand for 'rich WAP' content is supposed to come from? Answers to the usual address, please. ®.
Andrew Orlowski, 02 Aug 2001

Code Red Tribulation is nigh, Steve Gibson warns

The first Angel blew his trumpet, And there followed hail and fire mixed with blood, Which fell upon the Earth....    --Revelation 8:7 Techno-hypemeister and headline glutton Steve Gibson has joined the Electronic Pearl Harbor dog and pony show alongside numerous clueless mainstream press columnists, bellowing and trumpeting about lakes of fire to be ignited by the Code Red IIS worm which is due to return from dormancy this week. The worm went silent on the 28th, though a few machines with incorrectly set clocks will undoubtedly continue to scan, perpetuating the infection somewhat. However, according to Gibson's hysterical reasoning, this represents nothing short of a catastrophe. Referring to a report by CAIDA (the Cooperative Association for Internet Data Analysis), he borrows a few charts and graphs and technical-sounding phrases and runs us through the grease: "Be sure to notice that the vertical axis of Figure 3 is LOGARITHMIC, so that nice straight and linear 'growth line' is actually exponential!" he warns us frantically. He's saying that a handful of machines will manage to re-infect the entire Internet in short order. So to break it down: during this current period of dormancy, remnants of the first worm, along with a second strain possessed of a more random IP generator, have been scanning for and infecting vulnerable machines, and will continue doing so until all the infected machines begin packeting the former IP of whitehouse.gov on 20 August. This they will do mercilessly through the 27th; and during this electronic Tribulation the worm will devour enough bandwidth to bring all of Christendom to its knees. Now get this: the real burn here, Gibson reckons, comes from the presumption of a single IIS machine, or a small handful of them, with incorrectly set clocks, which will re-ignite the whole thing after 31 August, keeping us at the mercy of badly-set clocks for all eternity. "Note that at the start of NEXT MONTH it will only take ONE SINGLE MACHINE -- with an out-of-sync date whose infection threads have remained active in a mistaken belief that the date is < 20 -- to re-initiate an exponential growth starting at midnight of August 31st," Gibson writes. [hyperventilation original] The rational observation that this dependence on out-of-date clocks will greatly reduce the seed population has somehow passed through that scientifically-tuned and reputedly immense brain of his without effect. The rational observation that the media have been banging out Code Red headlines for all they're worth, and will continue (and so inspire a considerable patching of systems) has, similarly, failed to make an impression on the Digital Messiah's rarified gray matter. No, he's been far too busy to use his head: "This weekend I have been in dialog with eEye's Marc Maiffret, law enforcement agencies of the US government, NAI, cert.org, and others," Gibson informs us, bolstering that phony authority on which he trades so slickly. "After finally making time to examine the Code Red worm code, I have been trying to assemble a picture of the next 23 days," he claims. One wonders if he's even seen the Code Red worm code, much less 'examined' it. We wonder because he keeps telling us what others imagine it will and won't do next month. Damned sockets Naturally Gibson can't resist trying to persuade us that Code Red beefs up his absurd paranoia regarding Win-XP raw sockets. "Imagine if this powerful autonomous replication capability -- enhanced with Windows XP full raw sockets -- had gone out to the Windows XP audience -- as it almost did," he frets. "Oh well, everyone knows I tried hard to prevent it," the Prophet finally sighs. In fact, raw sockets have no relevance to this particular worm. I actually have examined it, and while I'm impressed by its compactness and power, and the speed with which it was hacked out, it's clear that the author wanted to know which machines it had infected. Packet spoofing would have frustrated that ambition perfectly. (Oh, and because the .IDA hole which the worm exploits yields system-level access, knowing which among thousands of boxes are infected is a whole lot nastier than any spoofed-packet flood could hope to be.) I'm not alone here. Vmyths founder Rob Rosenberger, who, like myself, has debunked Gibson at length before an ungrateful army of GRC patsies, agrees. "[Gibson] contends Code Red would've been more effective if it used raw sockets. I contend it would've been less effective. The router/spoofing RFCs would've negated some of the zombies by refusing to let them push," Rosenberger says. "Gibson is so overly paranoid about raw sockets that he can no longer see the obvious," he added. It's interesting to note that Rosenberger's latest column exposes Gibson's utter fraudulence in the area of virus research -- in particular his prediction nine years ago that the "Dark Avenger Mutation Engine" was going to make all anti-virus software permanently ineffective. It was, Stevarino assured us, going to spawn the Mother of all polymorphic viruses, because it involved "a sophisticated reversible encryption algorithm generator." And that's why we all depend on Steve Gibson's genius. He, unique among mortal creatures, can understand such techno-superstitious gobbledygook. ® Related Stories Internet survives Code Red IIS worm made to packet Whitehouse.gov Steve Gibson really is off his rocker Security geek developing WinXP raw socket exploit MS security chief talks raw sockets with the Reg Related Links The relevant MS security bulletin The Win-NT 4.0 patch The Win-2K Pro and Advanced Server patch
Thomas C Greene, 02 Aug 2001

Washington mobilises against Code Red resurgence

The Code Red worm is expected to re-awaken tonight (8:00 pm EST), and the media have been asked to help spread the word. During a press conference in Washington yesterday, Ron Dick, head of the FBI's National Infrastructure Protection Center (NIPC), gathered a panel of security specialists from various government agencies including CERT and SANS, along with Microsoft's Scott Culp, and asked reporters to warn the public to get their IIS systems patched immediately. Having covered this beat during the Clinton years, I was prepared to hear references to an Electronic Pearl Harbor. I heard none. I was prepared to hear slick appeals for legislation to give the FBI greater freedom to invade the privacy of Netizens in their pursuit of electronic evildoers. I heard none (though Congress seems eager to fork it over anyway). Dick even said that increased prosecution would be futile. Increased awareness and self-protection, he reckoned, is the way to go. Many computer users imagine their systems as inert boxes, he said. Too many fail to see that they "need to be constantly monitored and maintained....like a living organism". That comment should enrage MS critics who believe that it's the company's responsibility to ensure that the bloatware it's selling has all its holes bunged before release, which it is; but then Dick does have a point too. "The protection of the Internet requires a partnership with the government, private companies and the public as a whole," he said. In all, it was a reasonable, sober meeting between bureaucrats and reporters, which Dick moderated well. "The protection of the Internet requires a partnership with the government, private companies and the public as a whole," Dick added. "Because....the functioning of the Internet could be degraded by the Code Red worm, government and industry have come together in an unprecedented manner." I seriously doubt that the worm will wreak much havoc this month (it certainly didn't last month); but I was relieved to hear it discussed in rational language for a change. If this sort of outreach and liaison work is an example of what Dick sees NIPC doing as he attempts to rescue it from the gross mismanagement of his Clinton-era predecessor, Michael Vatis, then we're behind him, and wish him success. ® Get your patches here The relevant MS security bulletin The Win-NT 4.0 patch The Win-2K Pro and Advanced Server patch Note: the worm is memory-resident. You must re-boot after installing the hotfix.
Thomas C Greene, 02 Aug 2001

Guardian lauds our skeptical Code-Red coverage

Guardian Unlimited columnist Neil McIntosh shares our view that the Code Red worm will have little effect on the cyber-comings and goings of the average Netizen this month, despite dire warnings promulgated through much of the mainstream press. Indeed, CNN was reporting hysterically yesterday that all users of Microsoft operating systems are in danger, which is ludicrously false; and we've heard that the venerable BBC picked that error up and ran for their lives with it. (The worm affects IIS, so unless you're running default installations of Win-NT server or Win-2K server, or IIS over W2K Pro, you can just forget about it.) McIntosh isn't about to quiver in fear among the clueless wire drones. "I remain confident we can sleep soundly. Things might slow down a bit, some Web sites will be knocked out, but the on-line world will not end in the way some are saying it will," he writes sensibly. "As the IT Web site The Register [awww...shucks *blush*] has reported in credible coverage of the worm, the Internet met Code Red for the first time in the middle of this month. The result? There was increased traffic on the Internet and on their networks, and if you'd been sharp you would have seen the Net slow down just a little. But the predicted Network Armageddon due Friday July 20 did not happen." It seems he's been reading our friend Rob Rosenberger at Vmyths, too. "Indeed, there was greater havoc created by fear of the worm than by the worm itself. The US Air Force's network administrators showed rather less bravery than their airborne colleagues when they whipped all their Internet servers off-line in a precautionary move, according to Vmyths, a long-standing virus myth-busting site." We must say we admire his taste in Net security literature. ® Related Stories Washington mobilizes against Code Red resurgence Code Red Tribulation is nigh, Steve Gibson warns Internet survives Code Red IIS worm made to packet Whitehouse.gov Related Links The relevant MS security bulletin The Win-NT 4.0 patch The Win-2K Pro and Advanced Server patch Note: the worm is memory-resident. You must re-boot after installing the hotfix.
Thomas C Greene, 02 Aug 2001

Intel chalks up win for ultra-dense blade server

Transmeta isn't having it all its own way in the ultradense server market it's been pivotal in creating. San Jose start-up Amphus yesterday announced ultra dense 336-way servers based on Intel processors. Much of the preliminary work was done with Crusoe, but the press statement is very gung-ho about the choice of Chipzilla as CPU supplier:- "Intel processors allow true support of the x86 instruction set and do not suffer from some of the performance impacts associated with emulation," according to the statement. Transmeta's Crusoe's chips use code morphing to execute x86 instructions. It's not emulation, but it isn't "native" either, strictly speaking. The 'Virgo' servers Amphus has announced can pack up to 16 blades - each of which is an independent server - in a single 2U rack, and obviously 21 of these fit in a standard 42U case, hence the 336 maximum. Transmeta's star server OEM RLX puts 324 Crusoes in the same space in its confusingly named RLX System 324. Amphus' statement doesn't elaborate on what chips are being used. But there's a hint that future models will become SMP-capable in the future. When we caught up with Transmeta founder (and now CTO) David Ditzel at LinuxWorld he was all for multi-processing, but not the shared memory SMP variety. Crusoe can't do SMP, and we wonder how much longer it will continue to not do SMP. For these kinds of edge server tasks such as web serving, it probably doesn't matter too much. We'll see. Amphus will OEM the hardware to system builders. In June HP told us it was going to roll-out its own ultra dense blade-style servers, "definitely maybe" based on Crusoe, although they sounded more than a tad skeptical. ® Related Stories Intel's blades slice Transmeta's server party HP sharpens low-power server Blades Transmeta chief talks Crusoe megaservers with The Reg
Andrew Orlowski, 02 Aug 2001

Time outsources on-site support

Time Computers has outsourced its onsite support operation to Surrey based Linetex Computers. Time did have 14 field service engineers carrying out support, but made nine of them redundant on Tuesday 31 July. Lintex'says: "We don't support networks - we support businesses. "Our range of services is focused on the core support functions of modern businesses - computing and communications." Incidentally 'The Linetex computerised service desk is currently being upgraded to work over the Internet', but you can phone or email for support. ® Related Link Lintex Web site Related Stories Time Computers lays off more staff Time seeks £2.2m damages from C2000
Robert Blincoe, 02 Aug 2001

Apple holds fire on iMac 2 until economy's right

Apple appears to be holding back the release of its next-generation iMac because the market just isn't ready for it yet. The completely redesigned consumer computer, equipped with a built-in LCD screen, was expected to be launched at Macworld Expo New York last month. Of course, claims that Apple is developing an LCD iMac have been doing the rounds for almost as long as the company has been shipping the CRT version. But the current iMac design is over three years old now and many observers consider it is in need of rejuvenation. High time, then, for a new LCD machine to replace the old CRT model. But not yet. As we suggested at the time, Apple's decision to hold back on the new iMac may well have been made simply because the consumer market isn't robust enough. Why release a flash new computer right at the point where its target audience isn't keen on spending money? And Apple really doesn't need another Cube fiasco. Releasing a sleek, stylish new box that almost no one buys could easily provoke a backlash against Apple's focus on designer computers. It's not hard to imagine Wall Street analysts' reaction in such circumstances: they'd see it as a sign that no one wants designer computers any longer, and downgrade Apple accordingly. With design being one of only two key product differentiators Apple can use - the other is the operating system - the company really can't afford to have its reputation tarnished this way. And that's pretty much what Apple's thinking appears to be. An anonymous posting at Mac OS Rumors claims: "I just came out of a meeting with our regional Educational sales rep from Apple, where we discussed our very large purchase of new desktops for the students in our district, slated for December.... "The rep said quite specifically that Apple will have iMacs in a new enclosure and LCD-based displays by January - that the economy (and sales of current iMacs) will play a big role in the timing of the announcement, which could come just early enough for us to make them part of our purchase if we choose." January is a likely launch date since, through Macworld Expo San Francisco, it's a traditional time for new Apple releases. But there's a sense here that the company is watching the market closely and if there's sufficient sign of an upturn, it could release the machine sooner, perhaps in time for the Christmas sales period. This would put it head-to-head with the millions of dollars that Microsoft will spend on promoting Xbox, so Apple may well want to wait for the fuss to die down. It's an interesting comparison: how best to market a consumer computer that reaches down (a little) into the console space against a console that reaches up into the consumer computer space. Whatever, Apple is going to need all of its marketing and market nous to time the iMac 2's launch right. ® Related Stories Apple unveils faster iMacs, Power Mac G4s Apple clubs Cube Next-gen 'iMac 2001' debuts on Web Apple refutes colour iBook claims Apple to add more colours, bigger screen to iBook Related Link MacOS Rumors: More on the new-form iMac
Tony Smith, 02 Aug 2001

Telewest signs up 1000 BB users a week

Telewest is signing up a thousand new broadband customers a week it revealed today. In the three months to June, Britain's second biggest cableco gained a further 13,000 subscribers bringing the total number of blueyonder broadband users to 38,000. Add on Telewest's dial-up consumer base and the cableco boasts almost 300,000 Internet users. What's more, these latest figures should receive a fillip once its joint marketing campaign with cableco NTL to promote broadband begins to stimulate demand. Details of Telewest's broadband gains were contained in its interim results for the six months to June 30. Turnover increased 24 per cent to £648 million from £522 million for the same period last year. Pre-tax losses jumped from £296 million in 2000 to £413 million in H1 2001. Despite this, the cableco remains confident about its future. Said Telewest CE, Adam Singer: "This is Telewest's fourth straight quarter in a row of subscriber growth, rising average revenues and falling churn, delivering strong ebitda [earnings before interest, taxes, depreciation and amortization] margins of 22 per cent and growing ebitda. "This provides evidence that we are in the execution phase of our business plan, with financing securely in place," he said. By mid-morning shares in the company rose ten per cent (7.25p) to 79.75p. ®
Tim Richardson, 02 Aug 2001

SirCam worm enjoys virus gang bang

Some copies of email attachments infected with the prolific SirCam worm also carry copies of other viruses, security experts have warned. MessageLabs, a managed services firm that scans its users email for viruses, said it has intercepted more than 100 emails doubly infected emails which have the potential to trip up the disinfection process of antiviral scanners. Incomplete or botched cleaning could, at least in theory, create modified versions of the SirCam virus that are hard to detect, it warned. This is noteworthy because the bandwidth-hogging, privacy-threatening SirCam worm is on its way to becoming the most common virus ever. MessageLabs has reported intercepting more than 100 doubly infected files, such as Sircam infected with FunLove, which infects applications in the Windows and Program Files folders; or SirCam infected with Kriz, a polymorphic Windows executable virus. Graham Cluley, senior technology consultant at antivirus vendor Sophos, said the possibility of a "cocktail" of different infections affecting the same executable has been known about for some time and does carry with it a small risk. "Normally an antivirus scanner will be able to strip off different layers of viruses. But when viruses mate together in a single file they can corrupt themselves," said Cluley. This is rare but if it happens vendors would need to update their antivirus signatures to detect the hybrid infection or, if appropriate, fix a bug in their own software. Double infections occur because users have got themselves infected with two viruses, the PC equivalent of contracting both herpes and syphilis. Users can most effectively protect themselves against viruses by practising "safe computing" - that is by regularly updating their antiviral protection and by deleting emails containing suspicious attachments. ® External Links Write up on SirCam by Symantec MessageLabs reports on SirCam Related Stories SirCam virus hogs connections with spam Rise in viruses within emails outpacing growth of email Symantec fails to stop SirCam Hotmail fails to block SirCam worm Magistr continues three month reign as top virus Users haven't learned any lessons from the Love Bug Microsoft security fixes infected with FunLove virus
John Leyden, 02 Aug 2001

Free Internet Group calms nerves over network disruption

The Free Internet Group (FIG) has moved to ease fears about the future of its ISP service. Users expressed concern after they received an email warning of "major disruption to [the] Internet service throughout August". They believed the email was effectively saying that FIG was shutting down for the month. Not so, FIG MD, Lister Park, told The Register. FIG is migrating its service to a new telecoms carrier as it adopts a flat-rate wholesale tariff, explained Park. The email is merely designed to let people know that they could face some disruption until the move is complete. "We will keep disruption to a minimum," promised Park. "But it is difficult when moving to a new telco provider," he said. ®
Tim Richardson, 02 Aug 2001

Microsoft enlists Psycho Killer to promote WinXP

Microsoft will bundle music by former Talking Heads front man David Byrne with Windows XP. The song 'Like Humans Do' is culled from Byrne's solo album 'Look Into The Eyeball'. Byrne has also recorded a live concert at Redmond in The Beast's WMP format, to be broadcast here later today. Byrne doesn't take his own endorsement too seriously:- "If it all works well, [streaming media] will, of course, revolutionize our viewing habits. I know I wear my own viewing habit on most days," he says. Microsoft used the Stones' Start Me Up as the theme music for the Windows 95 launch, but in one of the most sudden fade outs in ad history, the soundtrack fades before the line 'You make a grown man cry'. Wouldn't Psycho Killer have been more appropriate, with its opening line "I can't seem to face up to the Findings of Fact"? [are you sure? - ed.] Or even the song Road to Nowhere? Or Don't Worry About The Government, from the first Talking Heads LP? We couldn't say, and since we only know the first four awesome Heads LPS, throw ourselves on the mercy of you, dear readers. ®
Andrew Orlowski, 02 Aug 2001

ATI preps A3 alternative to Nvidia's nForce

ATI will launch against Nvidia's nForce chipset in Q4 with a graphics-oriented offering of its own, codenamed A3. So the company has told mobo makers, or so claims Web site Xbit Labs, citing information leaked to a second, Ukrainian site. According to that data, A3 will support the Pentium III and AMD's Athlon. Maybe, but we reckon the Pentium 4 might be closer to the centre of ATI's sights. The company has a P4 licence, granted it by Intel earlier this year. Intel itself is now driving the P4 very hard, to the extend that it will introduce preferential pricing (over the PIII) later this month. In such circumstances, ATI would be daft not to factor the P4 into its plans, particularly while Nvidia still has no P4 licence of its own and won't be geared up for a P4 version of nForce until mid-2002. But that's our take - now back to the leak. Apparently, ATI is only working on the Northbridge - it's recommending parts from Acer Labs. A3 will support PC1600 and PC2100 DDR SDRAM. There's an integrated clock too, it seems. Despite sporting integrated graphics, A3, will also support an external AGP slot. The built-in graphics will be based on the cut-down version of the upcoming Radeon 2 core - RV200, the chip that is expected to power ATI's Radeon 2 VE card. The RV200 has only two rendering pipelines; Radeon 2 (aka R200) has four. With the Radeon 2 going into mass production now for a late September release and the RV200 due a little further down the line, the timing of A3, as per the leaked data, fits nicely into that schedule. And about time, really. ATI first discussed a move into the chipset market way back in April 1999 (see ATI move on chipset market targets Intel) - a move that may have influenced Nvidia's decision to target that market rather than the other way round. ATI's move followed its acquisition the previous year of system-on-a-chip developer Chromatic Research, and was geared to drive the company into the information appliance market. Conveniently, it also helped it shore itself against Intel's plan to ship integrated chipsets. ® Related Stories ATI Radeon 2: more specs leak ATI confirms Radeon 2 to ship late summer ATI Radeon 2, 3 details leak ATI unwraps DirectX 8.1-based Smartshader ATI move on chipset market targets Intel Related Link Xbit Labs: ATI's A3
Tony Smith, 02 Aug 2001

Sony censured for fair-trade violation

Sony's bottom was smacked today by Japan's Fair Trade Commission for breaking the country's trading regulations. The FTC censured Sony for forcing retailers to stick to Sony-approved prices and to buy product through Sony-approved distributors. The consumer electronics giant also tried to stop distributors selling direct to the public and retailers from selling to other retailers. The FTC asked Sony to behave, and Sony said it would. Not, like a guilty schoolboy, that it didn't try to wiggle out of it. "We respect the FTC's stance and will make sure that our policy of not setting resale conditions on wholesalers for PlayStation hardware and software is observed," the company said in a statement. In other words, it wasn't Sony that was in the wrong, but others who flouted its "policy of not setting resale conditions". It wasn't me, sir, he made me do it. ®
Tony Smith, 02 Aug 2001

Quark denies making ‘bug-free’ claim for Carbonised XPress

Quark says it never promised that the next version of Xpress would be bug-free, as Macworld UK reported, and that it's all a terrible misunderstanding. Macworld's Jonny Evans tells us that production gremlins were to blame for the claim that appeared before Macworld Expo, and no Quark rep said that. Here's what Quark's Glen Turpin told us: In paragraph 3, you wrote: "Going back to create a Carbonised version would have put us way behind schedule," Quark's Glen Turpin told Macworld UK in a preview yesterday. Actually, I told that to MacCentral in January. While those comments were true six months ago, they do not reflect the current state of affairs, so to present those statements as if they were made recently is misleading. Quark stands strongly behind Mac OS X. We are hard at work Carbonising QuarkXPress, and the version of QuarkXPress immediately after 5.0 - dubbed version 5.X - will be a Carbon-native application, as we demonstrated in the Apple keynote address at Macworld Expo. Rest assured that our commitment to Mac OS X is firm, and that a Carbon-native version of QuarkXPress is in the works. You said: Turpin also offered one of those awful hostages to fortune by promising that Quark 5 would be "bug free". Bookmark this page now, we suggest, and we'll see you in six months. I never made that statement. I believe you mis-read either the MacCentral article by Dennis Sellers or the Macworld UK article by Jonny Evans. Both those articles attribute that statement to my colleague Brett Mueller, who was in fact in London previewing QuarkXPress 5.0 at the Total Publishing exhibition on July 11, and who did speak to Mr Evans on July 12. I cannot confirm or deny whether Mr Mueller made that statement, since I was not present. Quark's goal is to ensure that QuarkXPress 5.0 will be extremely stable software, and that our customers will be able to implement it in their workflows with confidence. Software by its very nature is not bug free. No software works flawlessly for all parties in all environments. Quark is tested extensively prior to release. Quark is conducting a very extensive pre-release testing program with hundreds of businesses with demanding and complex workflows. This testing program will grow by degrees as we move closer to the final release, and we hope to identify and fix any bug that affects the majority of users in a material way. Fair enough. We're happy to set the record straight. And call The Reg next time you're in town, Glen, OK? ®
Andrew Orlowski, 02 Aug 2001

Buffer overflow bug shakes Quake

A security flaw involving the server software that allows Quake III players to play the popular shoot-them-up over a network has been reported. According to a posting on respected security mailing list BugTraq, a buffer overflow vulnerability in Quake III Arena Server could allow a malicious users to crash a system hosting the game. The issue, which has been reported to id Software which developed the game, has the potential, as with all buffer overflow bugs, to allow an attacker to execute arbitrary code on a server, potentially enabling him to take control of a machine. Both Quake III Arena 1.29f and 1.29g are affected by the problem, and earlier versions of the software are believed to be safe. A beta version of Quake III 1.29h, which addresses a "server crash exploit" and improves game play had been released by id Software, which is recommending that users of Quake III Arena 1.29f and 1.29g should upgrade. ® External Links Quake III arena Discussion of the security problem from BugTraq Related Stories BOFH: How to upgrade your Quake Server
John Leyden, 02 Aug 2001

Visioneer PrimaScan Colorado 2600U

ReviewReview The PrimaScan 2600U offers an excellent combination of price, ease of use and quality. It may never live up to the quality settings of the more expensive models, but it performs well enough given its hardware specifications. The 42-bit colour depth is impressive and the 600x1200dpi (dots per inch) optical resolution ensures detailed scanned images, although colours can be a little washed out. Another advantage is high-speed scanning. We scanned a colour A4 image at 600dpi in just 58 seconds, making this one of the fastest scanners we've looked at. Anyone interested in getting a first scanner can't go wrong with this bargain. It's very simple to operate, fast, relatively good quality and - best of all - cheap. ® Info Price: £50 Contact: 01483 445 480 Website: www.visioneer-europe.com Specs Warranty: Two-year Maximum scanning area: A4 (216x297mm) Colour depth: 42-bit Interface: USB Optical resolution: 600x1200dpi Graphics software: MGI PhotoSuite All details correct at time of publication. Copyright © 2001, IDG. All rights reserved.
PC Advisor, 02 Aug 2001

June chip sales slide

Worldwide chip sales slumped to $11.60 billion in June, down 8.8 per cent on May's $12.71 billion. But compared with June 2000 sales of $16.74 billion they bombed 30.7 per cent according to the Semiconductor Industry Association (SIA). Economic slowdown and excess inventories are blamed for the lower sales. In Europe seminconductor sales slipped 10.6 per cent from May to June, $2.83 billion down to $2.53 billion. Sales were down 26.8 per cent on the previous year. The Americas market was down 12.9 per cent - $3.34 billion in May, $2.91 billion in June. It fell 45.1 from June last year. ® Related Link SIA press release
Robert Blincoe, 02 Aug 2001

IT companies urged to help human rights in China

A human rights group has called on computer and Internet companies involved in the 2008 Olympic Games in Beijing to use their influence to bring about reform in China. Sidney Jones, Asia director of Human Rights Watch (HRW) said: "This is one area where human rights and corporate interests should coincide "More people will use Internet services, e-mail, and related technologies if they don't have to worry about getting arrested." "As the Olympic momentum builds, Chinese Web sites are going to proliferate. "The corporate sponsors are going to have to choose between helping China open up by getting these controls removed, or abetting repression by giving the government the technology for Internet censorship," he said. In its report Freedom of Expression and the Internet in China HRW points out that the Chinese authorities have introduced more than sixty sets of regulations to govern Internet content since the government began permitting commercial Internet accounts in 1995. Describing the conditions suffered by Net users in China, the report singles out the Beijing-based Feiyu Internet Cafe in Beijing. There, employees of the cybercafe routinely peer over people's shoulders and check their screens to ensure users are not accessing illegal content. A note on each monitor reads: "The Feiyu Web Bar Warns its Clients: Please do Not Download Web Pages with Illicit, Violent or Reactionary Content…" The report also details the plight of 14 Net users who have either been arrested or detained by the Chinese authorities. Chi Shouzhu, for example, is currently in Lingyuan Prison, Liaoning Province, after being detained by police in April for downloading "political" articles from overseas Web sites. And last August, school teacher, Jiang Shihua, was sentenced to two years in prison after posting a number of articles criticising the Government on a bulletin board, the report said. ® Related Story China shuts down 2,000 cybercafes
Tim Richardson, 02 Aug 2001

Fujitsu bows out of desktop hard drive fight

Fujitsu is ditching the desktop hard disk market to concentrate on the notebook and server sectors where it believes it can make more money. The company will quit making desktop hard drives later this year. Mike Chenery, VP of Fujitsu Computer Products of America, acknowledged things had been difficult because of low margins, the markets' slow growth, and because Fujitsu hadn't been one of the first players competing in the sector. Fujitsu's competitors are IBM, Maxtor, Seagate, Western Digital, and Samsung in the desktop drive market. Interestingly, back in May, Paul Griffin, IBM's EMEA VP for its Technology Group, predicted it would be Samsung and Western Digital which would bow out of the sector first. He felt Fujitsu had deep enough pockets and technology ownership to last out the margin fight. Fujitsu had lost market share in the first half of 2001, and was in fifth place with to nine per cent. ® Related Stories 7200RPM are the platters that matter for Western Digital Hard drive bloodbath (who's left standing?)
Robert Blincoe, 02 Aug 2001

UMC reports first loss in over ten years

Taiwanese chip foundry UMC saw profit turn into a massive loss during its most recently completed quarter, the second of its current fiscal year. And the company warned of worse to come. UMC lost NT$1.85 billion ($53.36 million) - NT$0.16 a share - during Q2. Factor in profits and losses from various subsidiaries, a one-off inventory reduction charge of NT$1.57 billion, and the final bottom line loss balloons to NT$2.28 billion. Looking ahead, UMC chairman Robert Tsao warned that Q3 will produce an even deeper loss, down 15-20 per cent on Q2's figure, as a slight recovery in prices will be more than offset by rising depreciation costs and a low utilisation rate among UMC's fabs. Tsao said that sales should pick up during Q4, reining in the expanding loss, but with no real upturn anticipated through 2002, the company doesn't expect a return to 2000's level of output until 2003. ®
Tony Smith, 02 Aug 2001

IBM's low pay drove me to start stripping

Kitten Natividad, buxom star of the Russ Meyer's films Up!, and Beneath the Valley of the Ultravixens, ditched work at IBM as a key punch operator in 1969 to start stripping. "I discovered that the sister of one of my neighbors made a living as a stripper and earned $300 a week which was twice as much as I made," she writes here. She bagged the IBM gig after a year's course at trade school. Other highlight's on Kitten's CV include winning Miss Nude Universe in 1973, and stripping at Sean Penn's stag night in September 1985. Do any Register readers know of any other people who've gone onto bigger and better things after a spell working for a major IT player? Write and let us know. ® Related Link "Kitten's autobiography
Robert Blincoe, 02 Aug 2001

Code Red hysteria – $8.7bn in damage estimated

Countdown to ArmageddonCountdown to Armageddon The Reuters wire service is reporting that Code Red has already cost an estimated $1.2 billion in damage, and may top out at an incredible $8.7 billion when its bitter reign of destruction finally ends. Citing one Michael Erbschloe, vice president of research at IT efficiency clearinghouse Computer Economics, Reuters reckons that the cost of patching systems and losses in worker productivity will skyrocket. We hate to point out that patching systems is what IT staff do, so we don't quite see the dreadful loss of productivity here. One might as easily say that police lose productivity when they have to interrupt their doughnut runs by investigating crimes, or that doctors lose productivity when they have to abandon the back nine to treat patients. And as for the cost of clearing the worm from an already-infected system, this is accomplished by re-booting. It's hard to imagine billions going down the drain here, either. Erbschloe previously estimated the damage from the Love Bug at $8.7 billion and the damage from the Melissa virus at about $1 billion. "In my opinion, $8.7 billion [in damage from Code Red] is not ludicrous," Reuters quotes him as saying. And thus Reuters got the sensationalist quote they wanted from an 'expert'. ®
Thomas C Greene, 02 Aug 2001

Tomb Raider maker apologises to real-life archaeologist

Eidos, the publisher of the Tomb Raider series of games, has been forced to apologise through the pages of French newspaper Le Monde to French archaeologist Jean-Yves Empereur for giving a character in the game almost the same name. Tomb Raider IV features a French archaeologist called Jean-Yves, apparently. Empereur has done a lot of work digging up Egypt, and the game's star, Lara Croft, meets the digital Jean-Yves in Egypt. Clearly the developers were thinking of moi, reasoned l'Empereur. Not at all, claimed Eidos, which took a page in Le Monde to tell the world - or at least the Francophone part of it - as much. We're surprised they needed to. Following a landmark legal case in the early days of cinema, movies have always included the well-known disclaimer that "any similarity between persons living or dead and characters in this motion picture is entirely coincidental" (or words to that effect). You'd have thought Eidos would have fallen back on that old safety net. Empereur himself joins a long list of folk who believe they have been alluded to by software developers. Our favourite is the late Carl Sagan, who sued Apple for giving one of its first PowerPC-based Macs the codename Sagan. Carl accused the company of trading on his name, even though the codename was never made public - not officially, at any rate. Apple agreed to change the codename. It chose BHA - entirely coincidentally the abbreviation for Butt-Head Astronomer... ®
Tony Smith, 02 Aug 2001

Be sacks 28 staff

Ailing alternative operating system developer Be is ridding itself of a third of its workforce, a week after reporting apparently improved quarterly results. Some 28 staff will be sent pink slips. Workers being give the old heave-ho include what's left of Be's sales and marketing teams, and some admin and engineering positions. Be sacked 27 staff - a quarter of the workforce - back in April, part of a plan to rein in its overheads following a shift away from its desktop BeOS to the Net appliance-oriented BeIA operating system, hoping to make more money licensing the OS then they did selling it as a boxed product. That plan has largely failed, with the one notable exception of Sony, which has licensed BeIA for its eVilla information appliance. Indeed, Be's most recent results showed a leap in revenue believed to be almost solely down to work done for Sony getting the OS to work on the eVilla hardware. We noted then that if Be can't find other companies to join Sony it will be in trouble, and this week's job cuts suggest we might be right. The sackings leave Be pared right down to product development staff and a handful of admin folks. Without sales and marketing people, the company can do little to promote its appliance OS, suggesting that its principals have given up on the company as a going concern and are making it a better candidate for takeover. ® Related Stories Be revenues rise 615% to $715,000 Be axes 25 per cent of staff Be quarterly revenue falls to $16k
Tony Smith, 02 Aug 2001

DoJ can't block WinXP launch

Both Microsoft and the US Department of Justice (DoJ) were disappointed Thursday, as the US Court of Appeals for the DC Circuit denied their separate motions prior to their return to do battle in district court. The Department had sought to have the case expedited so that it could get MS into court soon enough to seek an injunction blocking the release of the controversial WinXP. The court, however, saw no reason to alter the natural course of Justice to accommodate the release of a commercial product. Microsoft also got shot down after having asked for another go with its arguments against the finding that bundling its browser and OS is monopolistic. The appellate court reckoned it already understood the issues well enough and declined further enlightenment from Redmond shysters. The company is naturally eager to see that troublesome bundling bit reversed, because so long as it stands, the logic of a structural remedy can't be ignored. Unless MS decides to ask the US Supreme Court for a review, which we reckon would end up as nothing more than a delay tactic, the case will proceed as scheduled, with a new judge to decide the appropriate remedy. MS says it's "open to resolving any remaining issues in this case as quickly as possible," but also that it's still contemplating dragging things out further by requesting a Supreme Court review. We'll know within a week which side of their mouths they're talking out of. ®
Thomas C Greene, 02 Aug 2001

Microsoft drops eleventh hour app blocking into WinXP

Although Release Candidate 2 (RC2) of Windows XP is billed as a bug fix, it actually implements a long-promised feature that disables current versions of some users' most trusted software. At the eleventh hour, Microsoft has turned on "Driver Blocking", and RC2 refuses to install a host of third party applications including Black Ice, Zone Alarm and AOL. Users will need to upgrade their applications to Windows XP-compliant versions. The authors of BlackIce and ZoneAlarm assured us that versions will be updated to take account of the major networking changes in WinXP. "We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us. Graham is chief architect at Internet Security Systems, which acquired NetworkIce in June. Graham said version 3.0 of BlackIce would be released shortly which will be XP compliant. ZoneLabs, authors of ZoneAlarm, told us that users need to be using 2.6.214 of the software, and ensure they haven't upgraded from Win9x. Microsoft alerted software authors and device drivers writers to the changes earlier this year that, and this Word document [1.25MB] describes what's necessary. Software needs to carry the XP compliant logo to run. "That's just the way the world works," shrugged Graham. "When you're working with firewalls you're mucking about with system internals and that's always going to change." But not everyone's happy. Several Register readers are alarmed that Microsoft has launched a proscribed list, likening it to the closed world of games consoles. "If Microsoft got into the business of deciding which programs you may run on your system, that's a pretty scary thing. Most companies don't have the time or resources to go through the 'Microsoft certification' program," writes one concerned reader. And even though it's doubtless there for the best intentions the move echoes the anticompetitive behavior Microsoft engaged in against Digital Research's [later Novell's] DR-DOS. Users running early versions of Windows on DR-DOS ran into spurious error messages that Microsoft later admitted were generated at the request of product managers to create instability concerns amongst users, where genuine no stability issues existed. Anxious readers should check the following file in a hex editor in WindowsXP Release Candidate 2: go to \WINNT\AppPatch (or the directory AppPatch under whatever %systemroot% is pointing to) and open the binary file apphelp.sdb. The proscribed applications should be clearly readable. That's not a misprint:- the file really is called "apphelp".® Related Story How MS played the incompatibility card against DR-DOS
Andrew Orlowski, 02 Aug 2001