14th > February > 2002 Archive

Police arrest five over mobile phone blag

Five men were arrested yesterday after the recovery of thousands of phones taken during one of Britain's biggest ever mobile phone theft. Officers arrested five suspects after a raid last night on an address in West London. They recovered 9,649 Samsung A300 phones from the premises and a nearby parked van. The mobiles are among a haul of 23,000 phones, worth an estimated £4.2 million, stolen from a freight-forwarding warehouse in Hayes, Middlesex last Sunday. That leaves more than 13,000 phones still missing. None of the phones had a SIM card inside them and have reportedly been deactivated using the international serial numbers programmed into each handset, though Reg readers have expressed doubts about whether this was possible. The authorities were concerned that the phones might be reprogrammed by the gang and sold overseas, or on the black market here. Samsung is offering a £200,000 reward for information leading to the recovery of the mobiles. Police are continuing to question the arrested men about the crime. ®
John Leyden, 14 Feb 2002

NAI sells firewall business

Secure Computing has acquired the Gauntlet firewall and VPN business from Network Associates (NAI) for an undisclosed amount. Network Associates customers will be "transitioned" to Secure Computing, developers of the Sidewinder Firewall and VPN Gateway, under the deal which sees the transfer of NAI's technology, along with related customer support contracts. Secure Computing takes on approx. 4,000 Gauntlet customers and 100 resellers. Tim McGurran, Secure Computing president and chief operating officer, told us that the company will visit major Gauntlet customers to explain the deal (which completes next week), and gave us a broad idea on its strategy to combine the products. "Two years from now it'll be very disappointing if we're supporting two standalone application level firewalls. We intend to bring the best of both products, such as the embedded McAfee anti-virus software in Gauntlet, together in one firewall," he said. Secure Computing has merge five firewall lines into Sidewinder which give it the experience to manage the technology merger, according to McGurran. In October last year, NAI announced it was looking for a buyer for its PGP desktop encryption and Gauntlet firewall product lines, as part of a restructure. It announced development would cease on the products for sale (though support would continue). The rest of its PGP Security portfolio was to be integrated into the firm's McAfee and Sniffer product lines. In announcing the sale of its Gauntlet business today, NAI said that Secure Computing is well positioned to ensure "seamless support transition" for its firewall customers. Gauntlet is number four software firewall in the market with a share of around four per cent of the combined software firewall and appliance market. Jose Lopez, an industry analyst at Frost & Sullivan, said the deal is probably good news for customers asNAI was not committed to developing Gauntlet. "Secure Computing has a good product line but weaker branding, certainly it doesn't have much of a profile in Europe," said Lopez, who added that the acquisition will allow Secure Computing to sell its other products into Gauntlet shops. Both Secure Computing and Trusted Information Systems, which originally developed Gauntlet prior to an acquisition by NAI in 1998, began life as security firms under contract with the US Government, including the National Security Agency (NSA). ® Related Stories Network Associates puts PGP up for sale Virus plague fails to stem losses at Network Associates NAI belatedly joins OpenPGP Alliance PGP creator Zimmerman leaves Network Associates Gaping hole in NAI's Gauntlet firewall NY sues NAI so you can say McAfee sucks External links Secure Computing acquires Gauntlet Firewall and VPN business from Network Associates
John Leyden, 14 Feb 2002

Apple pushes Mobile QuickTime bundle, delays release of 6.0

Apple Computer Inc has announced plans to bundle up a package of software and services, to sell packages of streaming media software and systems to wireless operators. The company has formed a partnership with mobile handset and systems vendor LM Ericsson Telefon AB and server vendor Sun Microsystems Inc. Apple will supply the QuickTime streaming media server software, and probably streaming media clients to handheld devices and mobile terminals. According to a company spokesperson, Ericsson will take the lead in any contracts, doing the integration of the software and servers into mobile networks, which will be bundled under the name the Ericsson Content Delivery Solution. Ericsson is unsure about when it plans to make the first sales to wireless operators, because although video streaming is considered a key service, it only really makes commercial sense when the bandwidth is delivered by 3G mobile systems. Separately, Cupertino, California-based Apple has released the latest version of its QuickTime Streaming Server 4, which is the first product to support digital compression and presentation standard MPEG-4. The company has frozen distribution of the latest version of its QuickTime client software QuickTime 6.0, claiming that the licensing terms for MPEG-4 are unreasonable. The company claims that a plan by some of the MPEG technology providers, the MPEG-LA, to include both client and per use royalties for MPEG-4 usage is unreasonable. Although the company accepts that small royalties should be paid for every MPEG-4 client, Apple does not believe that content distributors should be forced to pay royalties every time they deliver a media stream. Apple said it will not distribute the completed QuickTime 6.0 client until the licensing terms have been changed. Apple claims that QuickTime is now the leading streaming media client, adding 80 million new users in 2001. © ComputerWire.com. All rights reserved.
ComputerWire, 14 Feb 2002

Visual Studio.NET to expand economy – Billg

Microsoft Corp launched the long-awaited Visual Studio.NET and .NET framework yesterday, pitching the IDE as its most important product to-date for developers and as specifically designed for an economy founded on web services, Gavin Clarke writes. Redmond, Washington-based Microsoft told delegates at its VSLive! conference in San Francisco, California that Visual Studio.NET will increase the productivity of application developers by up to 50% and boost the robustness of applications. Company chairman and chief executive Bill Gates called web services "the key to productivity that will expand the entire economy" and positioned Visual Studio.NET as a pillar of that economy. "Visual Studio.net is the first tool written from the ground up to write those applications," he said. "[Visual Studio.NET] is one of the largest pieces of work we have ever done on tools in research and development. Product release cycles normally takes two years, this was three years," he said. .NET is consuming more than $5 billion in research and development, Gates said. Criticism, though, was immediately leveled at the suite by two major competitors. San Jose, California-based BEA Systems Inc said the the XML functionality in Microsoft's integrated development environment (IDE) merely catches-up with rival Java products - Visual Studio.NET allows developers to generate native XML code. BEA offered users of WebLogic Server the ability to generate Simple Object Access Protocol and Web Services Description Language (WSDL) in version 6.1, launched last year. BEA's principle technologist Michael Smith said: "The notion of the container and Java 2 Enterprise Edition (J2EE) has already solved that." David Lazar, Microsoft group product manager, accepted the company had lost ground to J2EE on XML, but said Visual Studio.NET's support is richer. "We have worked really hard with this version of the product and that enabled J2EE to get ahead. [But] we have baked in XML web services as part of the core of our platform." Palo Alto, California-based Sun Microsystems, meanwhile, said Visual Studio.NET re-enforced lock-in to the Windows platform despite the suite's support for more than 20 programming languages. Simon Phipps, Sun's chief technology evangelist, said: "Visual Studio.NET only plugs into Windows APIs and binaries. Its like asking for water in 24 different languages but if you ask for beer, you are given water. Languages are irrelevant today." He also dismissed benchmarks used by Bill Gates during his VSLive! keynote to highlight the performance of technologies contained in Visual Studio.NET. Gates quoted Doculab's Nile benchmarks for a combined ASP.NET, Windows 2000 Server and SQL Server offering on an eight-CPU server that served 4,004 pages per second. Gates claimed this bested JSP on an un-named "generic" J2EE application server and database running on the Linux operating system that produced just 1,395 pages per second. Phipps dismissed the figures as hard to provide, adding performance is an old issue. "There are no performance issues with our customers," Phipps said. Backing the Visual Studio.NET launch, though, were the usual line-up of customers who endorsed the suite's time-saving capabilities. Visual Studio.NET uses component-based development and integrates its 20-plus programming languages via the Common Language Runtime (CLR) which - theoretically - means that programmers can use existing skills to program web services for Windows. Cosmetics specialist L'Oreal claimed it had cut application development time by 50% and is now rolling out a new web site in a different geography each month. Investment giant Merrill Lynch used Visual Studio.NET to integrate legacy voice-based servers for its new 1-800-Merrill voice response service for customers to access different offerings. The company claimed a 20% reduction in development time. Also joining Microsoft were 190 partners who unleashed a storm of announcements for Visual Studio.NET add-ins and products. These included ActiveState - with Visual Perl, Visual Python and Visual XSLT 1.2; ComponentSource Inc with an XML-based interface to its massive Enterprise Reuse Solution; CompuWare Corp - with a version of its DevPartner analysis tools for Visual Studio.NET; and Fujitsu Ltd - with NetCobol for Visual Studio.NET. Away from the hype, though, Microsoft is likely to measure the long-term value of Visual Studio.NET by the way it drives uptake of its XML server and desktop products instead of pure revenue for the product itself. Company vice president for Microsoft's developer and platform evangelism group Tom Button said Microsoft expects just two million developers to adopt Visual Studio.NET as their primary tools during its first year of life. The suite's importance will come as it stimulates the adoption of the next planned version of SQL Server, BizTalk Server and Office - what he called platform technologies. "It's the platform technologies that are the important thing behind this," he said. "Tools are always a break even proposition. It's a way to get our design technologies into the hands of developers that makes them effective at writing for our platform technologies," Button said. Gates, meanwhile, used the rest of his VSLive! keynote speech to stress the need for vendors to refine XML web services standards. He took a swipe at rival Sun by listing the vendors who recently joined the Web Services Interoperability Organization (WS-I). He joked about Sun's absence from the list. "Look on there and you will see everybody, except one company up there. It's a forum, a lot of nice companies have decided to join the organization," he said to rising laughter. Separately, Sun said that its invitation to join WS-I came too late to be of practical use. Gates said the industry must also work on increased reliability, security and privacy for web services. These services should feature increased redundancy, self-management and auto recovery, secure "data fortresses" and user-controlled data usage and storage, he said. "We are talking about using web services to underpin how businesses is run. That means the industry has to step up to new issues like reliability and security and privacy... there will be a lot of hard work from Microsoft and the applications you develop will be a key part of the picture. There's a lot of work that has to be done to deliver on the promise," he said. © ComputerWire.com. All rights reserved. ®
ComputerWire, 14 Feb 2002

HP overshoots on Q1

Does the fact that Hewlett Packard Co did a little better than expected in its first fiscal quarter mean that the $25bn merger with rival Compaq Computer Corp is a good idea, as chairman and CEO Carly Fiorina clearly believes, Tim Prickett Morgan writes Or does it mean that, as founder's son Walter Hewlett believes, the HP-Compaq merger is unnecessary? That's a good question, and one that Wall Street analysts, institutional investors, and HP and Compaq shareholders will be mulling over as they contemplate HP's first fiscal quarter financial results, which were announced yesterday after the market close. Fiorina was pretty emphatic in her interpretation of what the somewhat unexpectedly good numbers meant. "Walter Hewlett and I agree on one thing," she said during a conference call with analysts yesterday. "This is a strong company that is not afraid to take a bold step. I think it is clear that we are not distracted by the merger, and that our customers are not defecting." Fiorina eluded to the fact that many of HP's and Compaq's competitors had been rubbing their hands together, thinking that their respective installed bases would be easy prey in a tough economic climate. She says that rivals have not been able to use the merger as a lever to steal HP's customers. She went further to explain why this merger is not like other mega-mergers, and why it will work. "This is a merger of consolidation, not diversification. HP and Compaq are in the same businesses. We speak the same language. This industry is beginning to consolidate, and such mergers are not only necessary, they are inevitable." For the three months ended January 31, the company's first fiscal 2002 quarter, HP's overall sales were down 8% to $11.4bn. Even though earnings from operations declined by 19% to $625m, during last year's fiscal first quarter HP booked a $272m charge relating to a change in accounting required by the Securities and Exchange Commission that knocked net earnings down to $141m or 7 cents a share. This time around, net earnings came in at $484m or 25 cents a share. This seems like a big improvement, but without that charge, HP would have earned 20 cents a share this time last year. That said, any improvement in earnings considering this sluggish economy and HP's difficulties with the Compaq merger have to be seen as a victory. Revenue was off in every HP category except IT services, which saw sales climb by 2% to $1.6bn. HP's crown jewel, the imaging and printing business, saw revenue drop by 2% to $5.1bn. Sales of embedded and personal systems were off 13% to $2.5bn. HP's computing systems business, which includes all of its server and storage lines, fell by 21% in the quarter to just under $2bn. Financing operations declined by 6% to $342m. While HP booked a loss on operations in the HP server and storage businesses to the tune of $160m in the fiscal 2002 first quarter, compared to earnings of $58m this time last year, losses from the PC and embedded systems unit were drastically reduced and earnings from operations in the company's printing and imaging and services units improved considerably and allowed HP to bring some extra dough to the bottom line. What was exciting to Fiorina and HP CFO Bob Wayman was that first quarter revenues were up compared to HP's fiscal 2001 fourth quarter, which came in at $10.9bn in sales. Wayman said yesterday that HP usually has a seasonal downtick moving from fiscal Q4 to Q1, which contrasts with and roughly compares to the calendar Q3 to Q4 transition among HP's main rivals. Drilling down into the printing and imaging business, HP said that sales of digital cameras were up 30% in the quarter, and sales of photo printers was up 34%. Scanner sales were up 21% compared to fiscal Q4, but down 17% compared to last year's first quarter. Commercial printer sales were up 2% sequentially and declined 4% year-on-year. Home printer sales plummeted by 2% sequentially and by 23% year-on-year, and HP said that consumers are shifting to lower-cost, multi-function printers. Sales in the Computing Systems unit were off 4% sequentially and off 21% compared to last year. HP said that margins were adversely impacted by weak demand and severe pricing pressure. HP continued to see Unix server sales slip, with revenue down 7% sequentially from fiscal 2001 Q4 and down 21% from last year. Sales of Intel-based servers were down 21% compared to last year, too. Storage revenue was off 4% sequentially and off 13% compared to Q4 2001, and HP again attributed this to extreme pricing pressure, which Fiorina said was much worse for rivals EMC Corp and Compaq than for HP. As for the future, HP cautioned Wall Street and investors against too much optimism. In its earnings statement, HP said that conditions in the commercial and consumer IT markets continue to be unpredictable and that the company is uncertain as to when a real uptick in demand will occur. HP said that it continues to be conservative in its estimates, and warned that it was expecting sales in the second fiscal quarter to be down sequentially and gross margins and expenses to remain more or less flat. "Enterprise spending is showing no signs of an uptick," said Wayman. "We look at Q1 as something of a pleasant surprise, and we are not counting on anything." Fiorina echoed his caution, saying that spending in the telecom, airline, and high-tech manufacturing businesses remains very weak. "We do not expect a recovery in enterprise spending until the second half of the year," she said. "People are holding their budgets tight, and they are waiting for a clear sign to let go of their purse strings." © Computerwire.com. All rights reserved.
ComputerWire, 14 Feb 2002

Lover's Guide at a PC near you

Here's something saucy for Valentine's Day - a PPV streaming version of The Lover's Guide, the famously -ahem - educational video series. The latest sex education-packed edition is called "The Secrets of Sensational Sex" and you can see it at www.loversguide.com - but only if you are based in the UK. There are eight separate streamed sections or video clips. Users can 'sample' (that's what it says on the press release) a short clip of watch the entire video. You get four credits of 'tickets to view' for a quid, or 15 credits for £3. Providing the payment and streaming technology are our chums at culturejam.tv ( which handles Salmon Days for us). The billing mechanism is activated by a calling premium rate landline. In return you get a personal access code to stream the Lover's Guide direct to your PC. The Lover's Guide says it has good experience of PPV from digital TV. Make it easy to pay and make the price attractive enough, and the punters will come rolling in. Of course, some people find it embarrassing to buy adult content, albeit educational, in the shops. Streaming video is a discreet way of tapping into the red face brigade. ®'
Drew Cullen, 14 Feb 2002

MSN Messenger worm entices the unwary

A relatively benign but effective Internet worm attacked users of Microsoft's MSN Messenger service Wednesday by exploiting a bug in Internet Explorer that was reported last year, but was only recently patched by Microsoft. Dubbed the 'Cool Worm' by an early discoverer, the worm arrives as an MSN instant message that reads, "Go To http://www.masenko-media.net/cool.html NoW !!!" Clicking on the link opens a Web page with malicious Javascript code that rifles through the victim's MSN Contacts list, then messages every contact with the same "Go To..." invitation. The code also sends e-mail to the address mmargae@wanadoo.nl. "It ripped through the office," says Drew Smith, network administrator at an online gaming firm that was hit Wednesday afternoon. Smith, the first to report the worm to security mailing lists, says his twenty person office was completely saturated within thirty seconds. "We're in a support office, so everyone sits in front of a computer. Most of the time everyone is bored, so they're going to click on it. It's going to go straight through everyone." The malicious Web site was no longer operating Wednesday night, but another version of the worm was still spreading in the wild. This second variety arrives marked "URGENT" and refers victims to a Web site hosted by a Belgium ISP, with a URL ending in "dark.angel/cool.htm". That site was still operating at press time. The Cool Worm spreads through the Microsoft Internet Explorer Same Origin Policy Violation vulnerability, reported by a security researcher called "ThePull" on December 19th, which went unacknowledged and unrepaired by Microsoft for months. Microsoft's reluctance to acknowledge the bug was criticized by many in the security community. Last week, in what they described as an effort to spur Redmond to action, security gurus Tom Gilder and Thor Larholm released a demonstration of how a properly crafted Web page could exploit the unpatched bug to take over a user's MSN Messenger program. The example code was not a worm, but may have inspired the Cool Worm's author. "This example has been made public to put pressure on MS to patch their vulnerabilities, that they are fully aware of," Gilder wrote. Microsoft released a patch for the vulnerability on Monday. Installing the patch reportedly blocks the Cool Worm. © 2002 SecurityFocus.com, all rights reserved. Related Stories IE bug allows full MSN Messenger hijack MS issues monster IE security fix
Kevin Poulsen, 14 Feb 2002

Comcast promises not to track subscribers

A little brouhaha started last week with a post to the Vuln-Dev mailing list, in which a contributor called J Edgar Hoover observed that Comcast's cable Internet service was using an Inktomi traffic server capable of recording the individual comings and goings of its subscribers. Several days later the Associated Press' Ted Bridis ran the story after doing some legwork, but unfortunately neglecting to credit the original source. We didn't see a great deal in this story beyond speculation, or you'd have read it here back on the seventh, when J Edgar stepped forward. To us it appeared to be an oversight by Comcast, whose techies probably didn't even realize what their new equipment was capable of. The questionable equipment isn't necessarily a problem, though it could be if it were misused. ISPs and NSPs routinely use caching hardware to serve pages more quickly and balance traffic loads. Companies also gather aggregate traffic data which they sell to the ever-inquisitive advertising industry. This is all routine, and relatively harmless in and of itself. The upshot is that Comcast has publicly stated that it wasn't tracking individual users' surfing habits and wasn't selling user-specific marketing data. The company further issued a guarantee that they won't do any such thing in future. "Comcast reassured customers Wednesday that the information had been stored only temporarily, was purged automatically every few days and 'has never been connected to individual subscribers,'" Bridis writes. Meanwhile, on the strength of the AP story, US Representative Edward Markey (Democrat, Massachusetts) got his privacy-advocacy knee a-jerking (not that it takes much to effect this phenomenon), and contacted Comcast warning them that they might or might not be in violation of federal law, depending on what they were or weren't doing with the data, which of course no one knows, and now probably never will. But if we look at the Comcast subscriber agreement, we get the feeling that they wouldn't dream of collecting user-specific data, unless they happen to feel like doing so. "Comcast considers the personally-identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personal information that Comcast maintains related to Customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need, or pursuant to a court order or order of any regulatory body having jurisdiction over matters which are the subject of this Agreement." Mostly that's a lot of idiotic legal boilerplate meant to discourage frivolous lawsuits. The fact is there are laws which make it a crime to intercept a person's communications without their knowledge and consent; and subscriber agreements aren't quite at the point where they absolve companies of responsibility for criminal activity. Not yet, anyway. ®
Thomas C Greene, 14 Feb 2002

Enjoy our Valentine's Day computer books love-in

Romantic opportunityRomantic opportunity It's that time of year when the daffodils are bursting forth from the cruel earth, the sap is rising, and a young man's thoughts turn to romance. For today is Valentine's Day - a time to celebrate matters of the heart. It's also, by an amazing co-incidence, an ideal moment to stock up on computer reference books, courtesy of IT-minds.com bookstore. Sadly, we can't offer you two dozen red roses. But what we can offer you is a whopping 20 per cent off two dozen selected IT titles from Reg associate IT-minds.com and the chance to win one of three "chocolate laptops". What on earth, you are doubtless thinking, is a chocolate laptop? Well, according to our resident confectionary expert, the spec includes a state of the art array of chocolate components, together with an external mouse attachment (includes a back-up mouse in case the first one gets tired!). Incredible. Who said romance was dead? Now, all you have to do is proceed directly to IT-minds, buy one of the discounted titles and you'll automatically be entered for the chocolate laptop draw. Simple as that. This offer is for today - 14th February - only, and expires at midnight GMT. Winners will be notified next week and the goods dispatched post haste. And if the prospect of chocolate doesn't set you loins astir, remember that IT-minds offers discounts and special offers to Reg readers all year round. ®
Lester Haines, 14 Feb 2002

BSD ‘3 times as popular as desktop Linux’ – Apple

BSDConBSDCon BSD is now three times as popular on the desktop as Linux, Apple's Ernest Prabhakar told attendees at the annual USENIX BSD Conference here yesterday. That's thanks to Mac OS X, of course, which is a BSD-based Unix (although much of this remains hidden). Prabhakar was summing up Darwin developments for a BSD State of the Nation panel at which the five major tribes summarised what's been happening, and what to expect in the near future. We'll give you a full report on the other contributions tomorrow, but unusually two of the panelists were Apple staffers: Jordan Hubbard, who talked about FreeBSD, and Parbakar himself. According to Prabhakar, Apple has acquired "a lot of talent" from Bay Area companies: "we have Eazel and Sun refugees, and even a frew freaks from FreeBSD." Apple has one of the biggest gcc compiler design teams in the world, he reckons; he is working to get optimizations developed at Apple integrated into the main code tree. It sounds like Hubbard has had an influence on the Darwin development. Prabhakar says that synchronization between Darwin and FreeBSD is still really important. The goal is to bring it up to FreeBSD 4.0 status, although this task is like porcupines mating - "you have to be careful". Future Apple development would focus on looking for a better threading mode, and more Kerberos work including interoperability with Microsoft's Active Directory. Speaking of which, he reminded attendees that Microsoft now has Office running on a Berkeley UNIX. The relationship between Darwin and the rich NeXTish layers isn't easy, he acknowledges: there are two namespaces and two forms of package management. But it is a unique adventure, for sure. "The Macintosh has always been very fascist, but we're now starting to embrace the diversity of BSD. We'd love you to bring your X11 application to Mac OS X." He cites XFree86 4.2 as a model of a Mac-friendly BSD app. More from BSDCon tomorrow. ®
Andrew Orlowski, 14 Feb 2002

Anders Heljsberg on what's next for C#

According to ancient scriptures, Anders Heljsberg "journeyed to the wilderness, and wept and wailed and cried out unto the Lord, saying: 'Shall I spend the rest of my days tinkering with a Pascal compiler I wrote 15 years ago? Couldn't I have a go at something else?'" And he did have a go at something else, leading the design for C#. We caught up with Anders at the launch of Visual Studio DONT [shouldn't that be 'DOT NET?' - pedantic ed.] in San Francisco where he filled us on what he's up to right now, starting with a bit of history on the language. "We started in January 1999, a really capable design group with four or five of the best people I've ever worked with," he told us. "We met every Monday, Wednesday and Friday and worked all afternoon, going through all the issues that as language designers we needed to work on. Within a year we had a working implementation" "There's no such thing as a perfect language, You sit in front of a big panel and twiddle all the knobs. You can add more but it becomes less productive. We're pretty happy with the balance." What came first then, and in terms of the runtime was there already? "There were the beginnings of the CLR, some of the beginnings of the class libraries" We asked how the specification C# would avoid getting bloated, an accusation levelled at C++ and Java? "Yes, it's easier to make the first specification clean, but I'm sympathetic to their plight. But C# was designed as a general purpose language. We're not going to have specific extensions that deal with this or that corner. We'll always try to find a way to implement things in a generic fashion." According to Anders, generics (parametic polymoprhism) is one of the directions in which C# would evolve. Microsoft already has a prototype of the runtime in generics. "The trick is to proceed with caution," he advises. He is examining more declarative programming languages. (This was slightly embarrassingly for us - at the time we couldn't remember the name of the best known of the post-Prolog declarative languages, Mercury, which has been recommended to us very warmly, and for which Microsoft is helping develop a .NET back end. Not wanting to refer to "that Australian one" we didn't solicit his opinion on Mercury itself.) "You've got to get there without taking away the tools people have today. The problem with declarative languages is that they've been domain specific. The trick is finding a combination of declarative and imperative, and that's not impossible." Imagine, he says, HTML as an imperative language: you'd have to declare a HEAD, then assign a value to t_HEAD, etc. Six degrees of indirection We couldn't help asking at what stage in the language design he'd decided that pointers were a necessary evil. Java doesn't support pointers... "When? That was pretty early on. It all boils down to interoperability and leveraging code you've already written - so many APIs use pointers. That was the concept we had to work with for twenty years. "So we could sort of look at this in one of two ways - either you have to rewrite everything and make it pure and wonderful, or you can focus on interoperability as a discipline, one that's important to our customers. It gives them ways of making these unsafe operations that are known to be unsafe. So although we support unsafe code in the security model we will never let you execute that code." "But compared to something like JNI - JNI can get you into a lot of trouble. You can fall off the cliff: you have to remember to pin an object before you can address its data, and, oh my god, you get these random errors" We asked what the team thought of Miguel de Icaza's desire to move to base GNOME on the .NET frameworks, with his open source Mono project. "It's great." David Treadwell, the .NET frameworks manager, predicts that there'd be multiple implementations - although we did point out that the Mono Project's "clean room" approach recommends that developers who've seen the Microsoft "shared source" CLR should not join Mono. Rather modestly, Anders downplays the design of the language in the bigger scheme of things. After all, he says, learning the API now takes up 97 per cent of the programmer's craft: learning the language takes up three per cent. This was a group interview, but Peter Monadjemi, a German freelancer filing for Computerwoche, asked a humdinger of a question. Which was - how did Anders feel about wanting to develop the language, even though such decisions were now in the hands of ECMA, a standards body. You'll have to read Computerwoche to find out his final answer, but for a second he knew what a good question it was, and we knew that he knew, too. ® Related Stories Official: Microsoft C# iscool Microsoft describes its Java killer Microsoft pulls stealth release of Java for .NET
Andrew Orlowski, 14 Feb 2002

Cellphones build IM bridges

The "Wireless Village" initiative started by the three dominant mobile phone companies Nokia, Motorola and Ericsson yesterday showed off the IMPS initiative which ought to bridge the gap between SMS text messaging and PC-based IM. IMPS, or Instant Messaging and Presence Services, is touted as an open industry specification. It actually does more than messaging, allowing users to create virtual bike sheds in phonespace, behind which users can go and smoke a crafty virtual cigarette. There's scope for sharing and storing content in these virtual lockers, too. The Big Three published version 1.0 of the specification, and the supporter list includes more than a hundred names. Absentees include: the open source Jabber project; Microsoft; and the other two major desktop PC IM vendors, Yahoo and AOL. But the backers say that IMPS is compliant with the two IETF Internet standard drafts for presence and messaging, RFCs 2778 and RFCs 2779. It ought to be a shoo-in for the existing IM networks to incorporate such bridges, as it doesn't require any modification to their jealously-guarded existing protocols. AOL already offers a bi-directional SMS gateway in the Windows version of its ICQ client, and it works very well. Getting the Stateside cellular networks to interoperate with each other, let alone with PC IM services, is another question. ® Related Link Wireless Village
Andrew Orlowski, 14 Feb 2002

Former Corel CEO back in frame as regulators toss deal

Former Corel CEO Michael Cowpland is not not guilty of insider trading after all. Earlier this week he appeared to have escaped the slammer via a strange deal whereby his personal holding company peaded guilty and paid the fine, but Cowpland himself escaped, sort of. But this was part of a negotiated settlement which has now gone up in smoke, as the Ontario Securities Commission has now decided to junk it. Aside from having the charges against him dropped, Cowpland was going to be reprimanded and barred from being a company director for two years. An OSC judicial panel has now however decided to reject the deal as not sending a strong enough message. Quoted in the Globe & Mail yesterday, OSC vice chairman Paul Moore said there must be "real consequences" to illegal actions, and that the financial settlement should reflect the financial circumstances of the accused. Cowpland's lawyer now says that he's "entirely and deeply contrite." He is also now headed back to the negotiating table, no doubt... ®
John Lettice, 14 Feb 2002

Keygen routine producing valid WinXP product keys?

A cracking system for Windows Product Activation publicised this week may present Microsoft's anti-piracy system with its most serious problem yet. It takes the form of a key generator which appears to produce valid activation keys for Microsoft products, and if this really is the case, it is difficult to see how Microsoft can differentiate between keys issued with legal product, and keys generated by the keymaker. It sounds too good (well, depending on your outlook) to be true, but while forum operators are in general managing to keep a lid on people posting locations for the program, it seems clear from discussion threads on several of them that it is indeed producing keys that work. The keymaker first gained widespread publicity earlier this week at Heise.de, which tested it and says it generated 25 keys for XP Home overnight. Heise's report, in German, can be found here, while Neowin.net has a translation of the important bits here. Judging by the time taken to generate keys there's a significant amount of crunching going on, but on the other hand as this is precisely the sort of thing Microsoft must have anticipated when it devised WPA, it's not nearly as much crunching as you'd expect. If one morally questionable teenie can successfully generate one operational key by leaving their home PC running overnight, then Redmond has quite clearly blundered. 25 in a night counts as blundering big-time. Prior to the keymaker WPA had been cracked, although that rather depended on what you meant by the word; as Microsoft has heroically argued, being pirated wholesale and being cracked are in fact two different things. Philosphically, anyway. Patched versions swiftly became available when the software went gold, but essentially these can be termed unauthorised distributions/variants of the software, and although it means people can get it for free, Microsoft has the capability of zapping their installations as a side-effect of service packs and similar. As yet the company doesn't seem to have used Windows Update to deactivate warez systems, but it's possible. The other major circumvention of WPA is via leaked keys for corporate versions, which are unlocked simply by entering the key, rather than it being necessary to activate over the Internet or by phone. Again, Microsoft can invalidate these keys at service pack time, and it has done so at least once in the past. So the question as regards keymaking software is whether or not Microsoft has any way to differentiate between generated keys and the ones it has issued itself. If not, this generation of WPA is now surely toast. ®
John Lettice, 14 Feb 2002

Compaq seizes bootleg components

US marshals raided the premises of a Bow, New Hampshire computer parts wholesaler, and found a thriving counterfeiting operation. They seized large quantities of counterfeit Compaq memory parts and hard drives from Hardware 4 Less, as well as well as "counterfeit Compaq labels, packing materials, warranty booklets, and software licenses". Compaq says it will seek damages of 'several million dollars' from Hardware 4 Less, as punishment for making and distributing counterfeit Compaq goods. All the seized goods are lodged with the Federal Court of New Hampshire, where future proceedings will be heard. ®
Drew Cullen, 14 Feb 2002

Cisco protects against IP telephony security risks

Cisco is introducing a major refresh of its security product portfolio, adding new features to safeguard IP telephony. The new PIX 506E and 515E firewall platforms increase traffic throughput by a factor of two and a half, according to Cisco's internal tests. Select PIX 515E firewall models now come with an integrated hardware-based VPN acceleration, offloading work from the devices central processor. There's also an update of the PIX operating system to version 6.2, featuring tighter integration with Cisco Secure Access Control Server (ACS) making firewalls and VPNs easier to administer. PIX version 6.2 also introduces Voice-over-IP (VoIP) and multimedia support providing what Cisco describes as "defence in depth" to securing converged voice and data networks. New features include Port Address Translation (PAT) services for Session Initiative Protocol (SIP) and H.323v2 protocols, and the addition of a protocol called stub multicast routing, which is designed to make multicasting more secure. The Cisco PIX 506E and 515E Firewalls are available immediately starting at $1,695 and $3,495 respectively, with Cisco PIX OS version 6.2 will be available within this quarter. Cisco PIX is a widely deployed firewall platform, counting as the second most common firewall product behind Check Point's FireWall-1, according to security testing specialists NTA Monitor. ® Related Stories Protocol switch security risk in Cisco IOS SSH hits the fan for Cisco on security
John Leyden, 14 Feb 2002

Senators' stock options move could cost MS billions

Four US senators are proposing legislation that would stop companies using stock options to window-dress their earnings statements. The proposed Ending Double Standards for Stock Options Act would require companies to treat employee stock options as an expense for book-keeping purposes if they want to claim them as an expense for tax purposes. The current situation in the US allows companies to effectively hide the cost of stock options (which in essence are a part, in cases such as Microsoft a major part, of the compensation package) while substantially reducing their own tax liability. The senators have tried this one before, in 1997, but according to a statement issued yesterday by Senator John McCain "the special interests with a vested stake in the status quo prevented this legislation from seeing the light of day." But post-Enron they're likely to have a better shot at it. "According to one recent report," says McCain, "almost half of the earnings of the typical chief executive officer of a top company reflects stock options. Why shouldn't the value of this compensation package be included in calculating a company's earnings? How can stockowners evaluate the true value of employee compensation if the value is just buried in a footnote somewhere in the annual report?" The system is widely used by companies as a financial engineering weapon, with Microsoft being one of the prime exponents. As we noted over a year ago, in fiscal 2000 Microsoft claimed $5.5 billion as a tax benefit against stock options, and if it had paid compensation as wages, keeping staffing at the same level would have cost it an extra $16 billion, thus resulting in the company chalking up a $7 billion loss. Long-time critic of Microsoft financial practices Bill Parish describes this as getting employees to prepay their own wages (you get paid less for taking bits of paper you have to hold onto for a couple of years until the options mature) and points out that the effective misrepresentation of company performance causes inflation of share price. Given that this results in Microsoft stock having a strong presence in pension portfolios a collapse of the pyramid (which he predicts imminently) would result in major financial damage to American savers. Parish covers this and much else, in much, much detail, here (section 4 in particular). Whether or not Armageddon beckons if the tax regime isn't changed, the adoption of the Stock Options Act would certainly, one way or the other, lop billions off the stated bottom lines of Microsoft and similarly engineered operations. McCain points out that Enron used options to reduce its tax payments, although he says it is not as yet clear whether the company used the current disclosure rules to hide its financial problems. Bill Parish tells us that Enron CEO Ken Lay boasted about using Microsoft's "playbook," and while we haven't been able to nail down a quote in quite those terms, we do find the BBC reporting: "'We like to think of ourselves as the Microsoft of the energy world,' Mr Lay has been quoted as boasting." So was Enron ahead of the curve, or did it just, as Parish says, not understand how the financial engineering was structured? ®
John Lettice, 14 Feb 2002

Nildram chips away at ADSL prices

Nildram, the Aylesbury ISP, has cut ADSL connection fees to £29 per month plus VAT, helpfully pointing out that this is a saving of £140 a year over the previous tariff. Installation still costs £50 and there's a 12-month contract period for the service which is based upon the Home500 Wires Only ADSL service. The company says that Home500A is intended for consumer use, with a contention ratio of up to 50:1, a download speed of up to 500kbps and an upload speed of up to 256kbps. In other words, there are faster ADSL services around, but few cheaper. Nildram is the 'preferred bandwidth supplier' of Jolt, a popular Games ISP service for lovers of massively multiplayer games. ®
Drew Cullen, 14 Feb 2002

Weird escort/temp service ‘cybersquats’ UK estate agents

Here's a blast from the past: a cybersquatter is leveraging off the names of other companies to generate online traffic for its own service. At least that's what we think temptations@work is trying to do. Temptations@work is a "brand new form of global staffing agency... a mix of traditional Secretarial & I.T temping agency with Escorts, Hosts, Translators creating our famous "SEXETARIES" "Staff supplied include: MAIDS/CLEANERS/COOKS/CHAUFFERS/HOSTS/ESCORTS/TRANSLATORS/DINNERDATES/WEB DESIGNERS/SENIOR SECRETARIES/JUNIOR PROJECT MANAGERS." Bizarrely, temptations@work is piggybacking off British estate agents ,of all organisations - and not well-known ones at that. We have identified three "squattees" so far, courtesy of Stuart Grove, of Brainstorm Systems, a design outfit that specialises in building web sites for property sector clients. But where there's three, there could well be more. These are Helas Wolf, Swan Lettings and Temples.co.uk. And we have included links to their real web sites, just in case you are interested in buying and selling property in the Leatherhead, Weybridge, London, East Anglia areas (and Cork). Here are the stunt URLS, all pointing to Temptations@Work Helas-wolf.com Swanlettings.com Templesproperty.com. A quick whois: reveals the same registrar in all three cases, a certain Telmex Management Services, based in the British Virgin Isles, and which is also the domain name registrar for Temptations@Work. Updated 17.15pm: shortly after posting this story, we received an email from David Rousseau who says he is general counsel for Telmex. Here is what he says For the avoidance of doubt, your posting contains a number of inaccuracies and incorrect assumptions, namely: [1] Telmex Management Services (BVI) , Inc purchases, creates, develops and maintains in excess of 45,000 dot.com domains on behalf of it's 11,500+ clients based world-wide. [2] All of the domains you have highlighted in your posting are the exclusive property of Telmex's clients. [3] None of the said domains have attempted to pass off as any other business/ entity [4] Temptations@Work is one such client. [5] All domains under development, or awaiting development point at random to any website in the Telmex portfolio. [6] Therefore T@W benefit momentarily as do many other Telmex clients from additional URL's pointing towards their own particular web activity, which we bear no responsibility for directly. Consider yourself on notice. Regards David Rousseau And who is Temptations@Work? There's no information on the site and the code contains only the following message. "This content brought to you by directNIC domain redirection" CONTENT="directNIC domains for $15 a year. Free redirection!" However, Temptations@work is registered as an agency on the Computer Contractor Web site. The London-based business gives an address at 34 Borough High Street in London, and a contact name - Serena Bebe - and a mobile phone number. Which is attached to an answer phone. We've left a message, but we're not holding our breath. ®
Drew Cullen, 14 Feb 2002

Cisco and Intel split on high speed wireless futures

Cisco and Intel are at odds over which emerging standard for high speed wireless LANs offers the best migration path for users. At a briefing in London yesterday, Cisco came out heavily in favour of 802.11g; this standard is backwards-compatible with existing 802.11b-based networking kit, and works in the existing 2.4GHz spectrum. The (other) next generation standard, 802.11a, which sits in the 5GHz range, involves more work in migration, but Intel (among others) believes it will arrive earlier and attain a lion's share of the market. Both standards offer theoretical data transfer rates of up to 54Mbps, compared to the 11Mbps delivered by existing 802.11b kit. Martin Cook, a business development director at Cisco, argues that 802.11g offers a more straightforward migration path, as a jump to 802.11a will mean swapping out client cards and carrying out another site survey. 802.11a can be used in the US and Asia, but European regulators are yet to give it the stamp of approval, and this may take years, he argues. 802.11a is "hype", certainly as far as Europe is concerned, he says. Not so, says David Bradshaw, Intel's EMEA head of Wireless LAN product marketing. ETSI, the European regulator ETSI is pro-approval, while the UK Radio Authority is firmly on-side, he says. Opposition to approval for 802.11a, which occupies the 5GHz part of the spectrum, comes largely from satellite operators and the military (radar works at a similar frequency). The technical objection to 802.11a is that it does not include Dynamic Frequency Selection, which allows devices to change channels to avoid interference, and Transmission Power Control, which reduces power as a device gets closer to a base station. Both standards are mandatory in Europe, and are being incorporated in 802.11a. However Bluetooth, mobile phones and microwave ovens also use the 2.4GHz spectrum, so 802.11a and 802.11g is not without potential interference issues either. Cisco argues that interference with Bluetooth is "minimal" but admits that the "jury is still out" when it comes to interference. 802.11g will be part of Intel's product offering but Bradshaw said that although the standard has been ratified a specification won't come out until Q1 2003 and 802.11g product won't be delivered till the middle of next year. By that time 802.11a will be the incumbent, he said. To prepare for this, Intel is shipping a dual standard access point that will take either 802.11a or 802.11b cards, so when European countries approve the technology (it won't all happen at once) users can slot in high-speed cards. Leaving aside differing views on future standards, Intel and Cisco are united in saying THAT firms can achieve productivity gains and drastically simply network set-up using existing 802.11b networking kit. ThIS view is supported by Alan Hughes, a network infrastructure analyst at Reuters, who said that his company has seen marked productivity gains from a 1,000 user wireless LAN rollout for a "relatively low cost" of investment. WLANs are easy to set up and avoid the need to roll out yards of cable and duct tape; for Reuters' users there are benefits in freeing staff from their desks. This enables sales reps to demo products in cafes or busy execs to catch up with email during lulls in conference room meetings, for example. Such benefits are difficult to quantify, Hughes said, but do show wireless LANs are helping in Reuters' overall mobility push. ® Related Stories Intel poised to roll out 54MBps WLANs in Europe IEEE sets 802.11g (sort of) Synad builds dual mode WLAN chipset 802.11b market grows To be or not to 802.11b Proxim doubles 802.11a wirefree bandwidth to 108Mbps Rocky road to wireless networking nirvana
John Leyden, 14 Feb 2002

Slashdot editor proposes on front page

Here's a romantic story for Valentine's Day and there's an IT angle (sort of). Commander Taco, the legendary founder of Slashdot, the town hall of the opensource community, proposed to his girlfriend today - by way of a posting on the front page. Here it is in full. Posted by CmdrTaco on Thursday February 14, @09:25AM from the typed-with-one-pair-of-sweating-palms dept. Kathleen, I wanted to do this in this most potentially embarassing way possible, and I figured doing it here and now, in front of a quarter of a million strangers was as good a way as any. I love you more then I can describe within the limits of this tiny little story. We've been together for many years now, and I've known for most of that time that I wanted to spend my life with you. Enough rambling. Will you marry me? Update 15 minutes 30 seconds later: Subj: "Yes", message body: "Dork. You made me cry. :)" Hazah! I'm getting married! :) Isn't that nice? You may leave your congratulations here. ®
Drew Cullen, 14 Feb 2002