18th > June > 2002 Archive

UK snoop charter: we're already getting all the data anyway

Last week's revelation that the UK government was planning sweeping extensions to RIPA (its snoop enablement legislation, the Regulation of Investigatory Powers Act) has provoked a furore and a mini-climb-down. Instead of attempting to give data seizure powers to every bureaucrat working for virtually every public body in the land today, the order will be put to parliament next Monday. And at least we've had the grace to rough out some boundaries to who will have the power to access personal data, and in what circumstances. For example, only the chief executive of local councils will have this power, and they will only be able to obtain data which is genuinely relevant to a legitimate enquiry. Allegedly. Thanks, though, to the reader who pointed us to to a failed exercise in counterspin engaged in by Home Office minister Bob Ainsworth on BBC Radio 4's World at One yesterday. Speaking to Nick Clarke Ainsworth blurted out that the various agencies being covered in the RIPA extension are already collecting data, and that anyway the government is doing "exactly what we said we were going to do." The latter, incidentally, is a giant, outrageous, blatant, prkie/untruth. The government only managed to get RIPA through parliament in the first place by stressing that it would only be applied if it were a matter of security, and that its application would be restricted largely to the security services. In one sense the government is doing what it said it was going to do, but Ainsworth is actually talking about something quite different from the matter listeners would generally think he was talking about. But we'll get back to that. Interviewer Clarke suggested that the extensions were clearly going to increase rather than decrease the amount of information the covered agencies could obtain, and Ainsworth answered, intriguingly: "No, it certainly isn't going to increase it... fundamental, that is the fundamental misunderstanding of what we are proposing." Clarke speculated therefore that "the Food Standards Agency will be less able to get information about dodgy food dealers than it would before under this legislation?" And here's where the blurt about existing practices comes: Ainsworth: "Allow me to say to you that there are people in the Food Standards Agency now who apply for, in what they think are appropriate circumstances, data about people's communications and they get it. They have no guidance. They are not told when they can and they can't do that and the purpose of the regulations that we're putting in is to say to them clearly 'You can only do that in these circumstances.'" Ainsworth is here referring to the widespread and uncontrolled snooping already carried out by the British authorities, and alluding slightly to the matter that helped invent RIPA in the first place. European legislation to which the UK is signed up makes much of this illegal, therefore it is necessary to regulate it, which is what he meant earlier when he said the government was doing "exactly what we said we were going to do." Characteristically, we're not going to get a lid on all the snooping - oh no, we're going to make it legal and extend it to all forms of electronic communication while we're about it. It gets more interesting. Clarke: "But under the current system, if any agency wishes to get hold of information about who emails are being sent to or from, and to the service providers to find out more about who's sending them, they have to go to the police or they have to go through the authorities, don't they?" Ainsworth: "No. No they don't. That, I mean, that is one of the most fundamental misunderstandings of what we're proposing. It is happening now. For access to the actual detail of what the email or telephone conversation contains you are absolutely right and that's only given access when we are talking about serious crime or terrorism or things like that. But data, the data, is provided now on a regular voluntary basis and we leave those people to take those decisions themselves. Parliament has not given them an effective framework to decide when they should and when they shouldn't make such an application." An elaboration of "provided now on a regular voluntary basis" would have been helpful, but sadly Bob does not provide one. However, given that the current legal position over "serious crime or terrorism" is relatively clear, the extension to bodies which surely cannot be concerned with such matters implies that Bob is confirming that they're given formal powers to demand whatever information they already get on this mysterious regular voluntary basis. If any ISPs would care to make a clean breast of it, incidentally, we're willing to listen. ®
John Lettice, 18 Jun 2002

Apache admins screwed by premature vuln report

There's a controversy brewing over the announcement of a new Apache vulnerability similar to the chunked encoding flaws in Microsoft IIS, which we reported here and here. On Monday, Internet Security Systems (ISS) posted their discovery to the BugTraq mailing list, without knowing the full extent of the flaw, and without giving Apache.org time to investigate and develop a patch or even propose a workaround. To sugar the pill ISS had developed its own patch, which Apache later said doesn't address all the issues. Another point in the ISS advisory which Apache disputes is a claim that only installations on Windows are vulnerable. As it happens, Mark Litchfield of Next Generation Security Software (NGSS) had made the same discovery, but contacted Apache.org and CERT/CC, so Apache did have an advisory in the works, which ISS' premature discharge compelled them to release. There was a posting at Slashdot suggesting that ISS was using the premature advisory as a publicity stunt; and while there's undoubtedly a lot to that, we have to wonder if there isn't something even creepier behind it. Here we see ISS publishing a vulnerability and a lame patch without so much as consulting the developer of an open-source product, but we've never seen them try to pull a stunt like that with Microsoft, say. According to ISS, they discovered the flaw during an audit of the Apache source code. Of course with Microsoft or Sun or Oracle they'd have to play nice to get at bits of material like that. Was there some calculation that publishing a gaping hole in a very popular piece of software without warning or an adequate patch could discredit the open-source community's mechanism for handling vulnerabilities and create the perception that Apache users had better sign up for a raft of ISS services because open-source developers can't take retaliatory steps to discourage the irresponsible release of vulnerability data? According to Mark Litchfield's brother David, Apache.org's decision to coordinate with the vendors was the right call because, "most people who use the Win32 Apache version do not have a compiler and so can't take steps to protect themselves. They're mostly relying on their Apache 'supplier' to produce a patch." And indeed, the ISS patch is geared towards Win32 and does require the user to build the binaries. Whether Litchfield's assumption that most users are going to be stumped is correct or not, the point is a fair one which makes the ISS 'solution' appear disingenuous. The flaw affects Apache 1.3 to and including 1.3.24, and Apache 2 to and including 2.0.36-dev, though in different ways. In the best case it can lead to a denial of service; in the worst, to remote exploitation. "In Apache 1.3 the issue causes a stack overflow. Due to the nature of the overflow on 32-bit Unix platforms this will cause a segmentation violation and the child will terminate. However on 64-bit platforms the overflow can be controlled and so for platforms that store return addresses on the stack it is likely that it is further exploitable. This could allow arbitrary code to be run on the server as the user the Apache children are set to run as," Apache says. In a response also posted to BugTraq, ISS insists that, "this issue is no more exploitable or unexploitable on a 32-bit platform than on a 64-bit platform. Due to the signed comparison, the minimum size passed to the memcpy() function is 0x80000000 or about 2gb. Unless Apache has over 2gb of contiguous stack memory located after the target buffer in memory, a segmentation fault will be caused. If you understand how the stack is used, you will understand that this is an impossibility." But this too is wrong, according to Apache.org's Mark Cox. "They missed a long to int conversion that happens later in the code. This is one of the reasons that they should have talked to us before relasing their advisory; we could have told them that their patch was insufficient and helped them understand the problem better -- that way users of Apache don't have to follow a silly flame war on BugTraq and can get down to what matters most; making sure they protect their servers," Cox told us. In any case the wind-up is simple: a malformed request can crash or even lead to the exploitation of your Apache server depending on the version, and there is not yet a comprehensive fix. ® Related Links ISS original advisory Apache reply ISS rebuttal
Thomas C Greene, 18 Jun 2002
Broken CD with wrench

Sun delivers Cherrystone UltraSparc-III servers

Sun Microsystems Inc will today announce that its "Cherrystone" UltraSparc-III workgroup servers, one of the few missing pieces in its Serengeti lineup of Sun Fire servers, are finally ready to go to market, Timothy Prickett Morgan writes . The Sun Fire V480 server was previously known internally as the 480R and is the bigger brother to the "Littleneck" Sun Fire 280R dual-capable UltraSparc-III server. It fills in a gap between the Sun Fire 280R, which started shipping in September 2000 with the initial "Cheetah" UltraSparc-III processors, and the Sun Fire V880s, which were announced in October 2001. The V480 supports either Solaris 8 or the new Solaris 9 operating system from Sun and is aimed squarely at the four-way Intel-based server market where Pentium III Xeon and Pentium 4 Xeon processors are making headway running Windows 2000 and Linux. The V480 is a rack-mounted machine with a 5U form factor, which is a little fatter than the 4U form factor cases used in Intel-based servers these days. Whether or not this will matter to customers is unknown. What probably matters more is that the V480 comes with two 900MHz UltraSparc-III processor, each equipped with 8MB of L2 cache. The base V480 comes with 4GB of main memory (expandable to 32GB, which is twice what most Intel-based machines offer in this class), and two 36 GB Fibre Channel disks. The V480 has dual 10/100Mbit integrated Ethernet NICs, N+1 power supplies installed, and six PCI slots. This base configuration sells for $22,295. Sun reckons that an IBM x360 with two 1.6GHz Pentium 4 Xeon processors and a similar base configuration, including a $5,995 license to Microsoft Corp's Windows 2000 Advanced Server operating system, costs $27,537; a Dell PowerEdge 6650 costs $24,608; and an HP DL580 G2 costs $32,380. A base V480 can be equipped with a T3 disk array with nine 36GB FC disks in a special bundle that costs $44,595. A V480 with four 900MHz processors, 16GB of memory, and dual 36GB FC drives costs $46,995. This same machine configured with that T3 array goes for $74,595. A fully configured four-way V480 with 32 GB of memory and two 36GB FC drives sells for $99,995; this machine with the T3 array sells for $122,595. Sun also announced yesterday that the 900MHz UltraSparc-III processors are not supported on the eight-way Sun Fire V880 servers and that it has doubled the amount of main memory on these machines to a maximum of 64GB. This will enable the machines to offer more performance and scalability on OLTP and other enterprise workloads, and it will also allow Sun's V series line of machines to be differentiated from Intel-based servers because of the larger memories that they support. The V880s use 72GB Fibre Channel drives, not the 36GB drives used in the V480s, and up to a dozen can be put under their purple skins. © ComputerWire. The Register Server Channel
ComputerWire, 18 Jun 2002

Price war torpedoes Sprint forecasts

On the eve of its launch of 3G services in the US, Sprint Corp has warned that its full-year customer growth figures in its mobile phone business could be 10% to 15% lower than its original estimate of 3 million. The news, given in a financial update, led to its shares diving 29.5% to $10.58 last Friday, and puts the company in a weak position in the expected consolidation of cellular phone operators in the US. Sprint's pessimism on subscriber additions comes despite the fact that its plans to launch its nationwide 3G network with "aggressive marketing campaigns" and it expects this will weight customer additions to the second half of the year. Price-cuts by competitors have created an environment where Sprint said it is "challenging to provide long-term subscriber growth estimates with a high degree of confidence." Not all mobile operators have such a bleak outlook, and earlier this month Nextel Communications Inc said it was on track to exceed expectations for the current financial year. It said recent strength in monthly revenue, coupled with solid subscriber additions, is driving excellent top-line growth. Sprint has also lost subscribers after tightening up credit policies, and with competitors launching what it describes as short-term pricing promotions and business customers holding off purchases in anticipation of the arrival of 3G, it said it only expects to get 300,000 new customers in the second quarter. With lower growth ahead, Sprint has cut capital expenditure of its PCS group by $100m to $3.3bn. Its landline business also has problems. Instead of the low-single-digit decline in revenue it originally expected, it now expects a downturn in the mid-single digits. It is still confident that its FON group will report earnings in line with expectations of $0.33 a share, but this has been made easier by trimming capital expenditure plans by $100m to $2.6bn. © ComputerWire.
ComputerWire, 18 Jun 2002

Toshiba Chases HP iPaq Lead

By its own admission, Toshiba Corp is today only a "blip on the radar" of PDA market leaders Hewlett-Packard Co and Palm Inc, but its latest range is intended to catapult it into contention by embracing growing corporate demand for wireless handheld devices. The Tokyo, Japan-based company's latest e740 is among the first Microsoft Pocket PC-based devices to use Intel's 400MHz PXA250 Xscale chip, but its key differentiator is on-board support for either Wi-Fi or Bluetooth wireless communications. According to Jonathan Ferman, PDA product marketing manager for Toshiba Europe GmbH, there is clear demand in the market for both Wi-Fi and Bluetooth-enabled devices, but some of this demand is diluted by the weight and size constraints that today's add-on module-based approaches to wireless PDA systems impose on users. With the e740, Toshiba claims to have preserved the pocket-friendly weight and size dimensions that most PDA users want, while still incorporating one or other wireless flavors in the basic design. Built-in Bluetooth connectivity, which allows PDAs to be easily connected to the internet via a Bluetooth mobile handset, has certainly paid dividends for HP, whose Compaq iPaq H3870 model has enjoyed great success on the back of its standard Bluetooth capability. Toshiba is going one better than this with the e740, which is the first PDA to offer built-in Wi-Fi as an option. With the increased power of the PXA250 and onboard wireless, Ferman said the Wi-Fi variant of the e740 is likely to prove popular with users that want to combine portability with access to rich data sets such as engineering manuals. It is the Bluetooth variant of the e740 that Toshiba believes will be the most popular model. As Compaq's experience with the 3870 has shown, corporate customers are increasingly looking to Bluetooth to provide the gateway between handheld devices and the next-generation mobile phones that offer faster always-on connections via GPRS. When the e740 formally makes it into the market in the US and Europe in a month's time, Ferman said all three models (including one without any in-built wireless connection) will retail for under 500 pounds ($738). However, he declined to be specific about pricing. While Toshiba will have to run hard to catch up with Hewlett-Packard, the e740 may go some way to narrowing the gap. According to Ferman, as Toshiba steps up its PDA range, it will stick to the design principles enshrined in the e740, avoiding inelegant approaches that rely on bulky and expensive add-ons such as the so-called sledges used by Compaq, and also integrated standard interfaces wherever possible. In the e740, for instance, two expansion slots supporting Secure Digital and Compact Flash II are available, and USB is added via a plug-on module just two centimeters longer than the basic device, while having the same width and depth. The same module also supports a VGA port, and will retail for approximately 20 pounds ($30). © ComputerWire.
ComputerWire, 18 Jun 2002

Fast Search claims Google's size crown

Fast Search & Transfer ASA has made a play for Google Inc's reputation as the web's largest search engine, in an effort to create a better brand to drive its enterprise business, Kevin Murphy writes. Fast said its consumer-facing site, AllTheWeb.com, now searches an index of 2,095,568,809 web pages, just over 20 million more than Google claims. "What we've been doing for the last couple of years is focusing on the freshness and relevancy of our results, developing our technology," said Fast senior product marketing manager Jami Axelrod. "We decided four months ago we were very comfortable with the index's freshness, and decided to focus on size." Back in 1999, when Fast and Google first emerged on the scene as formidable players, search firms could have a 200 million-document index and claim the crown of largest. Today, they need over ten times that amount, and they still are not indexing the entire web. Fast's last major milestone was 600 million pages, back in November. Everyone is in agreement that size is not that important from a practical point of view. People searching for "Britney Spears" surely don't need the 909,000 results Google brings back, or the 3,013,365 hits AllTheWeb claims. But those searching for a more obscure phrase may find their only success comes from searching a large index. "We definitely welcome competition," said Google spokesperson David Krane. "But size is just one component used in the overall evaluation of quality." Freshness, speed and relevancy are all important factors that consumers and businesses use when making a search engine decision, he said Fast says a large portion of its index, the popular content, is re-spidered every seven to 11 days, with the remainder being spidered every month or so. Google says its most refreshed pages are spidered every 15 minutes, with the entire index getting a refresh every 28 days. AllTheWeb.com is not a huge revenue generator for Fast. "It's a showcase, an R&D sandbox," said Axelrod. Google is making inroads selling its technology boxed to web companies and other enterprises, driven somewhat by its strong online brand, and Fast wants to have similar successes. Being known as the web's largest search engine would be a good start to building a brand, although it seems unlikely Google will take this snub lying down. Spokespeople wouldn't comment on plans to expand the Google index by more than 20 million, to leapfrog Fast, though Fast seems to be expecting it. When WiseNut Inc claimed to beat Google last year, Google quickly updated its claims to remain the largest In the battle to sell search technology into enterprises, which is where the bulk of the revenue opportunity has been since the portal market collapsed, yesterday Google announced enhancements to its GB-1001 search appliance. The company said that both the 1001 and the GB-8008 have been selling well into enterprises. Recent customers include National Semiconductor, the University of Florida, Cisco, Boeing and PBS. The GB-1001, targeted at branch offices and smaller businesses, has been upgraded to scale to 300,000 documents, a spokesperson said. A key new feature allows the appliance to index documents addressable via dynamic URLs and cookies, such as those found in personalized or e-commerce content. Fast has been upgrading its web site, although many of the new features AllTheWeb contains have been used at Google for some time, such as the ability to do full-text searches on PDF documents. One feature Google doesn't have yet, but which has been championed by smaller rivals such as Ask Jeeves Inc's Teoma.com and LookSmart Ltd's WiseNut.com, is the ability to dynamically categorize content. AllTheWeb now suggests up to four possible categories when a user makes a query. Words associated with the query are suggested based on data scraped from AllTheWeb's query logs. For example, if your keyword is Saturn, AllTheWeb may suggest "Sega Saturn" or "Planet Saturn" or "Saturn Car", depending on what previous searchers have entered. © ComputerWire.
ComputerWire, 18 Jun 2002

IT Directors rate data storage

For years, the enterprise storage industry has yammered on about the crucial role of enterprise storage, in the, err, enterprise. This message has filtered through to the UK’s IT directors, two thirds of whom say that storage is "extremely important" to their organisation, according to a recent Dell survey. And they spend a lot of money on storage – between two-fifths spending between 21 and 40 per cent of their entire IT budgets on storage this year. But 84 per cent say they don’t have an adequate disaster recovery strategy in place, and only 15 per cent have re-evaluated their disaster recovery strategy since September 11. According to Dell, this is surprising. But why? the survey is after all compiled from 138 IT directors within Dell's customer base in UK and Ireland. Not all of these will be based in tall buildings in prestigious locations. Sixty per cent of IT directors polled by Dell say their companies outside the IT department doesn’t understand the importance of data storage (more likely, the expense). The top three departmental issues for the year were identified as Storage Consolidation (29 per cent), Server Consolidation (21 per cent) and Disaster Recovery (20 per cent). ®
Drew Cullen, 18 Jun 2002

RNIB ‘disappointed’ in Macromedia

The RNIB - the UK charity that helps people with sight problems - has described as "disappointing" Macromedia's attempts to make its Web design software accessible to people with disabilities. Its assessment follows the recent introduction of Macromedia's Flash MX technology, which enables blind people to view Web sites using screenreaders. Earlier versions of the popular Flash Web design tool were inaccessible to blind. In a bid to test whether Flash MX was up to scratch, the RNIB commissioned Web outfit, Bluewave, to create an online game that would be accessible to blind people using Flash MX. The RNIB wanted to know just how accessible Flash files really are to people with disabilities. "We're disappointed with the results," said Julie Howell, Campaigns Officer (Internet) for the Royal National Institute of the Blind (RNIB). From the outset files created in Flash MX were only accessible to the latest version of the Windoweyes screenreader. And if other screenreaders were used, Flash files were still inaccessible, she said. Julie believes this situation is simply unacceptable and has vowed to continue to lobby Macromedia so that it can continue to develop products that can be read by all access technologies. "Macromedia needs to recognise its social responsibility - disabled people shouldn't be locked out of the Web," she said. While the RNIB is nowhere near satisfied with the progress made to date, it is calling on Web designers to use the new software. ®
Tim Richardson, 18 Jun 2002

BT to map broadband demand

BT is to create a nation-wide database to map demand for broadband in the UK. The monster telco wants punters and businesses to register their interest in receiving ADSL. If enough people in each area are prepared to subscribe to ADSL - then BT will go-ahead and upgrade exchanges for broadband. BT claims the database will create a "true barometer of demand" in areas where it claims that, up until now, it has not been commercially viable to upgrade to broadband. Said BT Wholesale chief exec Paul Reynolds: "People have been claiming that there is sufficient demand for broadband in their areas if only they had a way to channel their interest to us. Now we have created just such a scheme. "Businesses and consumers can register their interest with service providers who will record it on the broadband registration database. "The demand and the target levels will be clearly visible to all and will help individuals, communities, local authorities and service providers to have a direct impact on broadband roll out." BT Wholesale's broadband database will go live on July 1. It will also publish the threshold at which the level of demand makes individual exchanges commercially viable for broadband upgrade. Depending on the exchange, thresholds range from 200 to 500 user registrations. ®
Tim Richardson, 18 Jun 2002

Tell me why I don't like Monday:

Stop whatever you're doing, put down that coffee and prepare yourself for some news which will doubtless shake the corporate world to the very bedrock on which its foundations stand. Yes, its official: PwC Consulting is to split from accountancy giant PriceWaterhouse Coopers to emerge as, wait for it, Monday: Indeedy, they've taken a day of the week and stuck a colon on it. But it gets worse. If your nerves can stand it, proceed to www.introducingmonday.com, the most outrageous abuse of Flash and corporate buzz-word mumbo-jumbo since God created PR companies: MONDAY: WAKE UP EARLY EXPECT CHEMISTRY SHARPEN YOUR INSTINCTS KNOW WHAT COUNTS RELISH CHALLENGE CREATE IMPACT SHARE RISK INSPIRE CHANGE TELL THE TRUTH SLEEP WELL Tell the truth? OK then: W: T: F: IS: THIS: ALL: ABOUT: EH? ®
Lester Haines, 18 Jun 2002

UK gov runs up white flag over snoopers' charter

The UK government has run up the white flag over the proposed 'snooper's charter' extensions to RIPA (Regulation of Investigatory Powers Act). Last week it intended to put these extensions before parliament today, yesterday it was going to do it next Monday, and today Home Secretary David Blunkett admits he goofed, and is at time of writing telling BBC news, "when you're in a hole stop digging." We at The Register cannot help musing that Blunkett's uncharacteristically (for this government) graceful and honest climb-down might have something to do with who wants to be Prime Minister after Mr Tony. But we're cynical, ignore us. Anyway, Blunkett is now putting the measures on what is effectively indefinite hold, saying they will return after reconsideration and public debate. Given the level of outcry and scrutiny that was triggered by the initial move, it seems inevitable that at the very least the list of bodies that were due to be given access to personal data will be pruned dramatically. However, civil liberties campaigners may (and surely, must) press home the advantage they've gained through a surprisingly instant and spectacular victory. By keeping government snooping in the public eye they stand a good chance of belatedly reopening the whole RIPA debate. RIPA itself being in all probability unworkable and unenforceable could be a help there... ® Related stories: UK snoop charter: we're already getting all the data anyway Snoops a go-go: UK gov goes mad on privacy invasion
John Lettice, 18 Jun 2002

Apple's Jaguar – sliced and diced

ExclusiveExclusive You’d think Apple developers would have something better to do after a WWDC Beer Bash, than write to The Register. But instead of stumbling back to San Jose hotel rooms to be sick in a bucket, a number of you kind souls instead chose to tell us about "Jagwyre", the codename for the 10.2 release of Mac OS X. "Jagwyre" is definitely not a Harry Potter offshoot. It's Steve's private name for what Apple officially calls "Jaguar" but the stuffy and expensively-educated American trade press attending the keynote on Monday repeatedly sniggered at his pronunciation, which after deep consultation with you folks, we think is unforgivably bad manners. But after much to-ing and fro-ing we can exclusively give you a reasonably corroborated analysis of the new release, and we've garnered much more detail than we expected to on Monday. Why? Perhaps because you guinea pigs seem to be impressed. Very impressed. Jaguar gets an overwhelmingly positive verdict, even though Steve, in his campest tease-mode, claimed that this was “not even Alpha code” . A straw poll unanimously preferred the beta to the current public release, 10.1.4. Before we go any further we ought to add that beta software is traditionally cruftier than the final code - because it's full of debug symbols, and so equally you shouldn't draw any firm conclusions about performance gains. Blah, blah. That said, the performance gains are just what you users seem to be screaming about the most. “It’s got the usual bugs associated with a beta,” was the most downbeat comment we heard. What should gladden the hearts of the patient X faithful, if our correspondents are not engaging us in a vastly elaborate hoax: is that with Jaguar Apple has the performance issues nailed. “I get the impression Apple said 'we’re never going to let the user see the spinning cursor again',” said one Jaguar user, speaking – as all others were – on condition of anonymity. “For all practical purposes, it’s been eliminated.” Ah, but not quite, it seems. The notorious spinning CD-ROM cursor, also known as the beachball of death – and a legacy from the NeXT era - has been laid to rest. The wait cursor has morphed into an animated Aqua blob. If you’re unlucky enough to catch it, that is. Whether starting applications, switching applications or simply scrolling, the system remains responsive, say users, and one reported several hours use on a G3 system without seeing the wait cursor once. There are a number of minor changes too, which we can report in some detail, and you’ll find the screenshots helpful, we hope too. We’ll gather this blizzard of user reports into sections. Finder As announced in the keynote, the Finder now supports Services, as this screenshot illustrates. Services are a unique feature from the NeXT era - long before NeXT took over Apple in the mid-1990s. Think of Services as a global, context-sensitive paste board. Developers are particularly keen on another addition to the Services menu, "Network Utility". The swiss army knife utility has been made services aware, so you can highlight an IP address in TextEdit, and use the services menu to perform a Lookup, Ping or Port Scan on the address. It doesn't work from existing Carbon applications such as Internet Explorer or Word, you tell us. But Finder does address other grievances. The font size can be changed, down to 10 points, although this is by several accounts, is hit and miss. Users report that in this cut of Jaguar, fonts remain the same size, or labels get truncated, despite instructions to the contrary. We hope Apple fixes this, as font fascism one of the most popular grouches with X so far. Mac veterans who've used Jaguar report that the 'zoom' eye candy is back, with an Aqua twist. That's what you get when you open or close a file or folder: only MacOS's spinning rectangle has been replaced with a smooth Aqua effect. Spring loaded folders, demonstrated by Steve Jobs in his keynote, are back, and they work in column view too, you tell us. "Check this out," writes one user. "When you hover the icon over the target folder, the target icon opens out, ready to receive the file." There's an extra addition to Finder views too, and for this one demanded (and got) photographic evidence. The Finder allows you to put labels to the right of the icon, rather than underneath. This illustration was the best we could garner of this effect:- Early birds report that editing an icon label no longer exhibits the jumpy behaviour of current X releases, but we noticed some alarm that in the WWDC Jag, users have lost the ability to change icons. Neither the mouse nor the keyboard, you tell us, can reproduce the cut/paste sequence that X honored, and that's been a feature of MacOS since fonts were chiselled in stone. We trust that this is a temporary adjustment. Dock "Andrew, I know you hate the dock but it's still here," writes one developer. Rats. Our bribes fell on deaf ears. "It it's any consolation they've made the divider between the apps half and the docs half really prominent!" Actually that's not all. Dock miniatures now have a little symbol indicating the application of origin. It's best illustrated by this screenshot we received. This caused us no amount of relief. When the first two or three reports came in, we assumed that Apple had resorted to dropping the application icon itself in the right hand side of the dock. Which would make as much sense as growing an extra head. Not at all. By the way, is that Uncle Fester's "Developers! Developers!" oratory playing in the video, there? Minimizing to the dock has proved pretty fruitless: all windows look the same over there, and X habits oblige us to hide, rather than minimize, open windows. This Jag feature might cause us to change our habits, as the minimized documents now have some differentiation, but we're going to have to wait for a public beta and a real hands on before we can say. It's certainly a promising move. Apparently you can now close windows right from the Dock, which should help Microsoft users switch to X. Some users swear it works, some don't, so consider this dubious. And another observation: "The default folders each have a shortcut," writes one brave soul. "There are shortcuts all over the place." On the negative side: no virtual desktops. Not much customization. And X still wears penal servitude stripes, like a prisoner. Why is this? I Was a Fugitive from a Chain Dock California has a weird fetish for locking people up. Really. It throws felons in jail at twice the rate of any other country in the world - twice as much as really bad, violent countries like Russia or South Africa, and at roughly eight times the rate of a European state. Pick one, you'll see. Steve Jobs clothes X in these horizontal penal stripes, although this gives Apple users moire-inducing headaches, therefore giving Apple users a uniquely bad experience. If you had someone out for the count, what would you do? All kinds of nasty things, we hope, and quite right too. But HORIZONTAL STRIPES? What is it with this guy and his fetish? There's a sickness, there, for sure. I mean, Steve. You have the same urges as the rest of us. But what's with stripes? Are you fucking sick? (Jag doesn't show any signs of recovery.) A Better X than X OK. Phew. What else is new? As an iBook owner, I've noticed that X aggressively runs down the batteries. I took my laptop to the desert recently, without any intention of opening it (in fact I made it through to ten days without going near a computer or the Internet, for the first time in a decade, and that was pretty damn weird) and after four days on sleep the blessed machine still had over 90 per cent of it juice running. Public X releases can wear half of the battery out overnight, but the long-promised optimizations seem to be kicking in, it seems. Early reports point to new features in the Energy Saver panel - "Processor speed:" has two options, "Normal" or "Highest", say testers. Early adopters are too busy partying to test the sleep rundown, but from your reports it sounds like it's much more in line with MacOS than the power-sapping X releases to date. And that's good news. Terminal junkies report a wholesale rearrangement of the application's menus. Transparency is officially "in", you tell us. And it no longer plays weird tricks when you resize the font. Oh, and in another sop to MacOS diehards, you can change the desktop background with a right-mouse button click. Aaah. The bad news, we conclude: X remains clothed in penal stripes: the hideous horizontals are still there. This pales into the consensus from Jag adopters that the many infuriating spinlocks in X have been ironed out of the system. That's a great leap forward, we conclude, and it means a long wait for the rest of us to get on with X as nature intended. For developers, the Jag experience remains under Non Disclosure Agreement, with fearful consequences. Apple should now give the rest of its loyal community a users a public release. If The Register's many friends in the community can be trusted, Jag delivers where X has failed. So let's say we get on with it? Our thanks to developers who contributed to this piece. ® Related Stories Apple announces first rack servers, P2P, chat, web services Apple walks tightrope, begins Jaguar hype
Andrew Orlowski, 18 Jun 2002

Apple announces first rack servers, P2P, chat, web services

UpdatedUpdated Apple seeded developers with "pre alpha" code of Mac OS X 10.2 at the WorldWide Developer Conference in San Jose today, which many had predicted. What no one expected was a slew of bold software initiatives across the board - many more than a typical Jobs keynote - and as a teaser for an announcement next week, word of Apple's first ever rack mount servers. A glimpse of a silver case was all we saw of this, which for the first time brings Apple consumer design talents to the most utilitarian of backroom computers: the rack. Jaguar, or "Jag-wire"* as Jobs pronounced it, includes new utilities and important changes under the hood. A new service called Rendezvous automatically discovers other Mac users and drops their shared playlists into iTunes' Source panel. Jobs showed one Mac notebook streaming to another. Apple said it will contribute the discovery and federation mechanism - which offers similar functionality to the low level services of Sun's JCP-controlled Jini, and Microsoft's UPP - as an Internet open standard. "You want computers to discover each other and just share stuff" said Jobs. Apple has co-authored the dynamic device discovery specification that underlies Rendezvous, ZeroConf. We stand to be corrected on the precise relationship between the two: Apple itself says they're one and the same thing, at the Jaguar preview page posted since we went to press. The IETF working group page can be found here, and the IETF charter (and recent minutes) here. So we'll hazard that the most accurate description is that Rendezvous is an implementation of ZeroConf protocols. (Perhaps Apple can help.) This could bring Apple into conflict with the RIAA, but will give it a popular USP. Apple actually thought its new AIM-compatible messaging client, based off official AOL-TW, was worth higher billing: as it merited its own press release. Fine though it is, Jagwire's Rendezvous features are ground breaking for any consumer appliance, and a spur to the rest of the industry to make such obvious, end-user functionality so easy. Jagwire also takes a few leaves from Be Inc's back pages. The OS will use a common address book format open to client applications. It will be "tied into Bluetooth, for Caller ID and SMS" promised Jobs. "It will be syncing with Palms and other devices - probably Bluetooth phones too - by the end of the year," he said. BeOS included both a common address book format (using extended attributes) and a common underlying e-mail engine. Echoes of Be can be heard in the new, lean-and-mean file finder, which has a BeOS-like query builder. (Both Pavel Cisler, who authored Be's GUI shell, Tracker, and BFS author Dominic Giampaulo are now at Apple). So Sherlock itself has been radically overhauled, and in version 3.0 evolves into the client for web services. The version demonstrated has channels for AppleCare, Yellow Pages, Pictures, News, "Packages", Translation and a Dictionary. Why not use Google's API, a nearby Doc Searls asked me. A good question, Doc: the Internet search example didn't seem to gather hits from Google. Web services integration was also evident with the new address book - it can go out and grab a location map from Mapquest. "We've been working with AOL for some time," said Jobs, "piping some features back into the AOL client code." He introduced it by saying "this is the first time AOL has let anyone in under the tent," and said you don't have to be an AOL subscriber to join. It's mostly familiar, but the neatest innovation is location awareness: you can create ad hoc buddy lists from users within range. We guess that leans on the Rendevous discovery service for gathering the information. It is a shame it isn't based on Jabber, the excellent open source IM service which telcos have begun to adopt because of its presence features, but Apple judged compatibility with the installed base was more valuable. After all, that's where the folks are. In another important announcement, Apple said Jagwire would enable modern graphics cards to take much of the load by "pipeling" Quartz via OpenGL to the card. Thus, "Quartz Extreme", as it's called, relieves the main CPU of drawing the eye candy, but will only be available on machines with AGP 2X and 32MB of memory and above. Rage 128 systems don't cut it. "We had some misunderstandings before," said Jobs referring to the current lawsuit on behalf of G3 users. To demonstrate Quartz Extreme, Apple showed a slow motion genie fade of a streaming video. Other announcements include a handwriting recognition service called Inkwell, available to applications right now, which perhaps paves the way for tablet-based Macs in the future. The Finder and QuickTime see improvements - the latter was demonstrated applying scubbing and freezes on a video stream, and it certainly appears much more responsive than the current sluggish X client. The Finder at long last gets services, spring loaded folders, and the new search feature can be added to the toolbar. High end features have been added to the built-in mail client, Mail, including a heuristics-based spam filter, and viewing and searching across a "union" of mailboxes. Jobs began by consigning MacOS 9 to a coffin. "It isn't dead for our customers yet but it's dead for you, the developers he said." Although both the slide, and Jobs obituary gave 1998 as its birthdate, rather than 1999. It's obviously stuck around far longer than Apple wanted. Jagwire will ship in "late summer" promised Jobs. ® Bootnote: No, it we weren't being snotty. Jobs' pronounciation caused recurring titters from the (almost entirely American) press corps, and Webster's confirms that in the US it's pronounced "Jag-you-are" or "ja-gwär". In the North of England, we pronounce it "Jag-wer", with the second syllable disappearing faster than a free pint of Holts. But if "Jag-wyyyyre" is good enough for Steve, it's good enough for us. He's the boss. Obey.
Andrew Orlowski, 18 Jun 2002

Ex-DoJ economists pitch late for tougher MS remedies

Six economists who formerly worked for the US Department of Justice (which seems to wear them out pretty fast) have flung themselves under the wheels of Judge Colleen Kollar-Kotelly with the filing of a friends of court brief arguing for tough controls on Microsoft. According to a report in today's New York Times, the six ask that the court casts "a wide net, looking for rules or actions that will increase competition today by lowering entry barriers." That would seem to suggest they're arguing for strict conduct remedies that will actually stop Redmond reoffending. We're not currently in a position to bring you the substance of their arguments, as the whereabouts of any public posting of the filing is as yet unclear to us. Daniel Rubinfeld, formerly of the DoJ during the Microsoft case, however tells the NYT that he feels that during the remedies debate "some of the broad principles that we hope the judge will take into account when she makes her ruling haven't been addressed." That list of DoJ economists in full is: Timothy Bresnahan (Clinton), Daniel Rubinfeld (Clinton), Richard Gilbert (Clinton), George Hay (Carter), Bruce Owen (Reagan) and Lawrence White (Reagan). Bush economists of either vintage seem not to have joined in. ®
John Lettice, 18 Jun 2002

What the hell is Hyper-Threading?

Server BriefingServer Briefing Announced last autumn, Intel's Hyper-Threading technology has finally made it to market, courtesy of the latest Xeon processors. Hyper-Threading is a clever way of making a single chip operate like two separate devices without implementing two cores on one die. That, claims Intel, makes for higher performance without having to resort to significantly larger chips or even adding a second processor to the system. So how does it work? HT is Intel's implementation of a technique known as Simultaneous Multi-Threading (SMT), a technology originally mooted for the cancelled EV8 Alpha processor. It's also going to be implented in IBM's Power5 processor, due 2004. Programmers have long known that some applications will run more efficiently if they're coded into a series parallel tasks, called threads. Modern multi-processing operating systems can then schedule those threads to operate on each of a system's two or more CPUs, just as it schedules the applications and other processes themselves. Intel's technology essentially fools the operating system into thinking it's hooked up to two processors, allowing two threads to be run in parallel, both on separate 'logical' processors within the same physical processor. The OS sees double through a mix of shared, replicated and partitioned chip resources, such as registers, maths units and cache memory. According to Intel, less that five per cent of the Xeon's die area is taken up the SMT-enabling circuitry, primarily because most of the functionality is provided by chip components that would otherwise be standing idle. The chip maker estimates that a single instruction thread only uses around 35 per cent of a processor's available resources. Running a second thread allows those otherwise idle circuits to be do some work. So if one thread is busily hacking away at a list of integer values, the floating-point units are free to crunch numbers for a second thread. Such a smooth division of labour is uncommon, alas, so the best HT can do is increase certain applications' performance by up to 30 per cent, according to Intel, though it admits the average gain is more like 10-20 per cent. That clearly isn't going to allow a single Xeon MP to match the performance of a HT-less multi-processor rig, but it does provide a significant boost. Equally, there's a small performance hit when the OS switches from one thread to two, but these events occur infrequently, Intel claims, and the pipeline is cleared in far less time than it takes the OS to manage the switch. And whatever performance increase HT brings, it does so at almost no impact on power consumption and heat generation, Intel claims. The bottom line, then, is Xeon's delivers more bangs per buck. Of course, server owners will need an HT-aware operating system - Windows XP for certain and possibly Linux by now - and applications recompiled to avoid some performance-sapping pitfalls. Presumably that's one reason why Intel hasn't made as much of HT as it might have done. Another reason is that HT undermines Intel's reliance on clock frequency as the be-all and end-all of processor performance. HT clearly shows that you can boost processing speed without increasingly clock frequency, which is, of course, AMD's argument. ® The Register Server Channel
Tony Smith, 18 Jun 2002

BSA in Euro piracy crack-down

The Business Software Alliance (BSA) is tocrack-down on even more businesses using illegal software. The BSA's decision to get tough with a "hard core of businesses" which think they are "beyond the law" follows hard on the heels of a report into the alleged global rise of software piracy. In particular, the BSA wants to target those criminal organisations that are using increasingly sophisticated methods to distribute illegal software on the Internet. Said Mike Newton, campaign manager for BSA in the UK: "This is a strong response from the European software industry, whose tolerance levels have been tested considerably with a growing piracy rate. "Clearly ongoing education and public policy work is having an impact but we cannot ignore the fact that a hard core of businesses using pirated software believe they are beyond the law." Last year the BSA undertook enforcement actions involving 6,500 European companies, but says this barely scratches the surface. Last week the BSA claimed that global software piracy cost the industry almost $11 billion last year. ® Related Story Software pirates cost industry $11 billion
Tim Richardson, 18 Jun 2002

MS restores Java (but not as we know it) to WinXP

After a short layoff, Microsoft is growing the polluted Java again. Boxed in by Sun's lawsuit the company decided not to ship its JVM (old, and pending resolution of the dispute, getting older) with Windows XP, but now it's going to ship it with XP SP1, which will be with us in a few months. It will also, bizarrely, be discontinuing downloads of the thing. Why the change? We know not, but we do know that it is not entirely correct (or indeed, even correct at all) to say that Microsoft has resumed shipping Java. Because, as Sun has been saying with the aid of batteries of lawyers, it is not Java as such. And it's a bit old as well, given the totalled state of Microsoft's Java licence with Sun. By strange coincidence, Sun has been offering downloads of the real thing (we are right here, because like it or not, and many of you don't, Sun reserves the right to say what the real thing is) here, and more importantly, mobile phone companies have virtually univerally espoused Java as the Next Big Thing. So maybe they're wrong, but they're desperate - and you're not going to have a product to offer them in their desperation, you say? Unfortunately, Microsoft's JVM is not that product. This is not so much thinking on the hoof as thinking with it. Go download the Sun one. ®
John Lettice, 18 Jun 2002

Disney embraces HP Linux for animation

HP today announced that something called Walt Disney Feature Animation had fixed on HP Linux workstations and servers as components (we'll italicise the weasel words) in its next-generation digital animation production pipeline (oh screw, no we won't). HP winning Disney for Linux is of course a massive victory, but if you pick through the release it's all a bit vague really. We've got a "broad range of products and services" including something that renders in an Opera browser on Win2k as "Intelâ Xeon-powered HP x4000 workstations" (goodness only knows what it looks like in Mozilla on Linux, a configuration we appear not to have handy) and "high-density HP IA-32 based servers for rendering." So how many machines, how much money? Such releases tend not to mention these things, and we fear nobody will tell us. But there's an intriguing mention of something called the "Leadership Graphics Program," which HP is also delivering to Disney. This "allows participants to partner with the leading graphic card vendors and graphics software developers to provide the broadest choice of graphic solutions for the entertainment industry." And we are no doubt both cynical and entirely erroneous in presuming that this is a cunning dodge to get graphics vendors to gouge one another's margins into the red zone, thus reducing the cost for both parties. Enough. Almost. HP tells us that: "In 1938, Disney became one of HP 's earliest customers after purchasing eight HP Model 200B resistance- capacity oscillators from founders Bill Hewlett and Dave Packard. At the time, Disney was seeking a way to produce their new movie 'Fantasia' with lifelike sound by weaving works from Tchaikovsky, Beethoven, Stravinsky and others to produce an early version of SurroundSound in exclusive theatres around the country." Note that the critical role of said oscillators in Fantasia is not clearly identified. Note also how impressed Disney was by whatever it was said oscillators did: "More than 60 years later, Disney is again turning to HP technology to drive innovation in animation." Time's a great healer. Some guy from HP called (no, we're not making this up) Martin Fink reinforces this by telling us: "Disney and HP have worked together at very pivotal points in history -- at the inception of the companies and now as the digital animation industry approaches a key turning point." And that, really, is enough. ®
John Lettice, 18 Jun 2002