2nd > July > 2002 Archive

New IE spy progie exploits DCOM

A group of Japanese security enthusiasts has developed a little tool called IE'en which exposes traffic between an IE user and any server he's contacting, including logins and passwords over HTTPS. The group, SecurityFriday, has made the tool available for download here. To use the tool it's necessary to log in as a current user on a Win-NT or 2K system. Of course if someone can log into your account they already have a great deal of your life in their hands and this is only going to give them a little bit more. What's interesting here is the ability to capture packets between the client and server by exploiting DCOM (Distributed Component Object Model), a Microsoft program interface allowing the mediation and exchange of program and data objects over a network, similar to CORBA. According to MS, it "enables software components to communicate directly over a network in a reliable, secure, and efficient manner." Well, reliable and efficient it may be, but 'secure' is clearly a bit of a stretcher. And as for a workaround, that's easy: make sure you have a strong password for your user account. If you think yours may be weak, or if you've shared it, then reset it. Ten characters involving a combination of lower and upper-case letters, numerals, and special characters will keep you safe from IE'en jockeys. ® Note: if you're having difficulty downloading the file, you might try this mirror.
Thomas C Greene, 02 Jul 2002

Cyberwar is Hell

Cyberwar is Hell, but never too hellish for feverish salesmanship. Take, for example, McAfee's recent botched attempt to sell the public on the merits of the fiendish "JPEG virus" said to be hanging over beloved digital stockpiles of family photos and Swedish pornography like the sword of Damocles. The corporate deployment of fear and loathing started strong but quickly fizzled. While the Associated Press fell for the McAfee news ruse, publishing a corporate mouthpiece's blank claim that "[potentially] no file type could be safe" -- few others were quite so impressed. The citizens of Slashdot, always edgy bellwethers of computer-geek tech and opinion, scoffed and revolted. A brief lynching-in-absentia party in honor of the anti-virus firm was held. A few loose cannons even went Oliver Stone, going so far as to toss around the old and much beloved conspiracy theory that the A-V industry is either hiring virus-writers or spreading their wares in order to massage sales. But even though the JPEG virus stunt fell flat, when cyberwar is threatening, no amount of potential ill will or discouraging word can stay the dedicated computer security shill from his work. So last week the Business Software Alliance emitted a "survey" which claimed many of its participants were convinced a major cyber-attack would be launched at the American government in the next twelve months. It was critical, wrote flacks for the BSA, that the Bush administration move swiftly and not shirk in its "financial and philosophical commitments" -- i.e., the accelerated purchasing of more security software and consulting services -- in order to secure the infrastructure of the nation against the approaching cyber-attack. Vendors camouflaged within the BSA press release emerged to beat their breasts and assert that they stood ready to do their duty to help protect against the foul strike they knew was coming. Hurry with those financial and philosophical commitments, though. "This survey accentuates the importance of network security and availability of solutions in the fortification of our homeland defense," said the president of Network Associates. It was insincere, stilted theatre but slightly superior, by virtue of vagueness, than the easily laughed off claims about the JPEG virus. (But will it be enough to make people forget about that unfortunate SEC investigation?) Pros were hired and separate public relations firms with names like Ipsos and Edelman were enlisted to take the word of cyber-strike to the press for their BSA clients. One foolish but very enthusiastic adjutant even wrote me to attest that security reps were alertly standing by to provide me with "color commentary" on the cyber-attack. He assured me that they would be able to tell readers and, by extension, government buyers what they should be thinking while preparing for the assault. They would know the right stuff, he indicated, because the clients had contracts with the Department of Defense, the FBI, the National Security Agency, and such. Since color comment is my specialty, there was no need to take him up on the offer. Then it occurred to me that the cyberwar on terror, just like the real war on terror, really was a new kind of conflict. It was obvious that the job of rallying the country against the virtual danger of viruses could not be left to amateurs. Only heavy-handed PR and other stealthy special operations were to be trusted with this task. The cyberwar on terror would only be won if we were treated like fragile mushrooms, carefully kept in the dark and fed a rich mix of manure on the nature of roving computer danger. Appeals to open the wallet in the name of patriotism and duty are common ingredients. The National Cyber Security Alliance is another obscurely named group of vendors that has tasked itself with this job. One of its websites, Stay Safe Online, purports to offer on-line "tech talk" on net self-defense. While the substantive talk is thin, the message is thick. "Protect Your Computer, Protect Your Country's Cyber-Infrastructure!" was the title of one safety chat, hosted by a Norton anti-virus salesman. "Your computer can be used to launch a cyber attack against the Web sites of other people and businesses, so make sure your computer has the proper Internet security software installed and help protect your country!" its introduction thundered. Infected chips sink ships! Beware of careless installs! Remember, Uncle Sam wants you ... to buy anti-virus software. © 2002 SecurityFocus.com, all rights reserved.
George Smith, 02 Jul 2002

Vodafone eyes up SFR in Vivendi fall-out

Vodafone Group Plc is expected to seize on the disorder at Vivendi Universal SA, following the departure of boss Jean-Marie Messier, by seeking control of France's number-two mobile operator SFR. Weighed down with debt following an over-ambitious expansion program, Vivendi will be looking to sell non-core assets and it holds a 44% stake in fixed line operator Cegetel SA, which is Vodafone's partner in SFR with the Newbury, UK-based company owning a 31.9% stake. Vodafone seldom rests happily with minority stakes in mobile operators and will seldom get a better opportunity to win control. Its one drawback is that Vodafone prefers to finance acquisitions with paper and its shares, which have been as high as 187.75 pence in the past year, currently languish as 90.5 pence. Vodafone's balance sheet has been bolstered by the completion of a 1.15bn euros ($1.1bn) deal to sell its German railway specific telecommunications business, Arcor Telematik GmbH to German rail group Deutsche Bahn AG The deal was announced in January and its completion gives Vodafone freedom to do what it chooses with Arcor's German fixed-line operations, a business Vodafone acquired as part of Mannesmann AG, but which senior management now believes is not core to operations. © ComputerWire
ComputerWire, 02 Jul 2002

DoubleClick exits US ad sales business, L90 takes over

DoubleClick Inc, once the leader in online advertising sales and representation, has sold its North American Media unit to rival L90 Inc for $5m cash and a 16.1% stake in the merged company, which will be known as MaxWorldwide Inc. MaxWorldwide will become the largest web ad sales company, leaving DoubleClick free to focus on developing marketing software and services. Last October, L90 got out of the technology business by selling those assets to DoubleClick, consolidating the ad delivery industry. Now it seems DoubleClick is returning the favor, its US sales and representation business allowing MaxWorldwide to aggregate more publishers into its stable, to be able to more effectively compete against the large single-shop powerhouses such as AOL, MSN and Yahoo. The combined value of the deal - 4.8 million shares and $5m - comes to less than $10m, but DoubleClick can receive $6m later if certain performance conditions are met. DoubleClick chairmen Kevin O'Connor will sit on MaxWorldwide's board. The firm will be based in New York. © ComputerWire
ComputerWire, 02 Jul 2002

FTC turns screws on Payola search

Federal regulators in the US have determined that several Internet-search engines are not properly informing Internet consumers when certain advertisers pay for a prominent placement in search results - which can give them a competitive "eyeball" advantage, unfair or otherwise. The Federal Trade Commission (FTC) is asking companies that maintain search engine sites to review their respective Websites to ensure that "any paid ranking search results are distinguished from non-paid results with clear and conspicuous disclosures". The FTC also made a similar recommendation for search engine service providers that offer "paid inclusion", a similar feature in which search engines freely mingle paid-listings with search results that are not paid. Paid search results are an increasingly common form of advertising on the Internet. However it is still unclear to many Internet consumers whether the search results they get are promotions or gathered through more objective means such as automatic indexing technologies. A survey by the advocacy group Consumers Union found that 60% of Internet users were oblivious to the fact that certain search engines received fees to feature some Websites more prominently. The recommendations can be seen as a delayed reaction to a complaint that was filed in July 2001 by a Portland, Oregon-based consumer-advocacy group called Commercial Alert, which asked the FTC to investigate whether several search sites were engaging in unfair or deceptive practices. The search sites under the spotlight included: AOL Time Warner Inc, Microsoft Corp, Ask Jeeves Inc's Direct Hit Technologies, iWon Inc, CMGI Inc's AltaVista Co, LookSmart (LOOK) Ltd, and Terra Lycos SA. While the FTC's recommendations do not carry any legal compliance requirement, it can be seen as a first step towards cleaning up some of the dubious practices being followed by search engine firms by pushing them to delineate paid listings from search results. © ComputerWire
ComputerWire, 02 Jul 2002

Xbox mod-chips still on the menu

Last week we reported on Xbox mod-chip group Enigmah's decision to withdraw its product from the market, citing a consultation with lawyers as its reason for pulling back from the legally delicate area of console modification. However, it transpires that Enigmah hasn't cancelled its mod-chip plans after all, and the team has merely renamed to "X-ecuter" in order to launch a new chip. This is significantly easier to fit than previous efforts – so easy, in fact, that anyone with a basic knowledge of soldering could do it (unlike previous Xbox chips or the PS2 Messiah chip, which required precision micro-soldering equipment to fit). So what are we to make of the statement about consultation with lawyers on the team's old site? After speaking to lawyers we feel that we must not do this project anymore. There are many other chips and methods for guys to play with anyway so have fun and good luck to everyone out there. PS: The software guys of enigmah team will still be doing free software titles for everyone - and as far as we know china is making enigmah chips for you to buy - just not us any more. According to one source, is nothing more than a PR stunt aimed at gathering some press attention – and at turning down the legal heat from Microsoft, at least for long enough to get their new chip out to market. More worrying for Microsoft than the resurfacing of this particular mod project is the claim that no mod chip at all is required to play pirate games on the Xbox. A number of our sources have pointed out that in fact, what most Xbox chips in development do is to replace the standard retail Xbox BIOS (the chip on the motherboard which tells the Xbox how to behave when it is powered on or rebooted) with a hacked version of the BIOS found in Xbox development kits – which, of course, will happily boot gold discs, copied DVDs and games from all regions. This requires no hardware modification to the console – someone with the appropriate equipment can open up the machine, alter the BIOS program in a procedure known as "flashing", and voila – one "chipped" Xbox, except with no chip. Unlike chipping PS2s, this process is innately illegal since it requires the use of a modified version of Microsoft's BIOS program and the encryption keys held within it, thus constituting a breach of copyright. However, legal issues aside, this loophole in the Xbox's security is a headache for Microsoft and, indeed, for any publisher or developer working on the system. So far, the relative expense of chipping a PS2 (it can cost upwards of £100 to install a Messiah chip) has kept the number of chipped machines to a minimum; however, should Xbox modifications become as cheap and simple as PSone modifications were at the height of that console’s success, a similar level of chipping and hence piracy can be expected. One source slammed claims of the Xbox mod chip makers to merely support the 'homebrew' software scene. "There are some major differences (with) the Dreamcast homebrew development scene. "Firstly, nothing illegal such as a modchip is required to boot homebrew on the Dreamcast. Secondly, the Dreamcast scene self-reversed much of the system so that they could use 100% legal tools, and Sega have unofficially condoned it... The Xbox scene is just using pirated/leaked Microsoft development kits. It is genuinely pathetic. That is not homebrew console developing. It's mere piracy." © gamesindustry.biz. All rights reserved. Related story Xbox hackers take legal advice followed by an early bath
gamesindustry.biz, 02 Jul 2002

SGI to develop MIPS chips for Origin, Onyx

The impending McKinley Itanium 2 announcement from Intel Corp has all the RISC/Unix vendors redrawing or at least coloring in their own product roadmaps, and workstation and HPC server vendor SGI is no different, Timoty Prickett Morgan writes. SGI is widely expected to make a statement of direction that will see the company push Itanium-based machines employing open source systems and middleware software along side its MIPS-based Origin servers and Onyx visualization systems (think of it as workstations created directly from slices of a parallel supercomputer and you'll get the right idea), which run the Irix variant of Unix. Company executives have been taking a tour with the press and analyst communities to explain that the endorsement of Itanium 2 machines and open source software has not in any way undermined the company's commitment to 64-bit MIPS processors running Irix as its core strategic platform. Quite the contrary, in fact. SGI believes that its core high performance computing market is expanding fast enough to support both types of platforms and that HPC customers will want to indulge in these two different platforms depending on the their capacity needs and budgets. When Silicon Graphics Inc got into dire financial straits a few years ago after a failed attempt to break into the Windows NT workstation market, the company in 1998 changed its name to SGI and spun out its embedded MIPS processor business as a separate entity. Many people believed at the time that SGI was getting out of the business of designing processors in its Unix machines and many still unwittingly believe this today (Maybe that's because that's what SGI was saying in 1998? Ed - Reg.) As the Itanium 2 processor looms large, SGI is taking the opportunity to remind those who have forgotten that it does in fact design its own 64-bit variants of the MIPS processors, as it has since the MIPS spinout, and that its chip fab partner, NEC Corp, is committed to cooking up these chips using the latest, greatest technologies so SGI can create powerful, dense workstations and servers for the demanding technical workloads that HPC users have these days. Like IBM Corp, Sun Microsystems Inc, and Hewlett Packard Co, SGI has enhancements to its variants of the R series of 64-bit MIPS processors scheduled regularly over the next four years, and is, like these other RISC/Unix suppliers, working on advanced chip and server designs beyond this time. SGI's job is somewhat simplified by the fact that its Origin 300 servers, which scale up to 32 processors in a single NUMA image, and Origin 3000 servers and Onyx 3000 visualization systems, which use NUMA to scale up to 512 processors in a single system image, are only targeted at HPC workloads rather than more generic commercial workloads like application or database serving. Because SGI is focused on HPC performance, where memory and I/O bandwidth is perhaps as important as clock cycles and caches, SGI does not have to crank up the clock speeds of the MIPS processors as IBM, HP, Sun, and Intel have to do with their machines to keep pace with each other as they target clock-hungry commercial applications. SGI wants to build powerful, dense HPC servers. This is why SGI is committed to the MIPS processors it designs, which the company believes will yield more powerful and, more importantly, more dense Origin servers and Onyx visualization systems than those that could be built using alternative chips like the Itanium 2, which runs at 1GHz but which throws off too much heat to be packed densely in the racks and racks of servers that dominate HPC centers. If anything, explains Addison Snell, product marketing manager for high performance servers at SGI, the company is committed to keeping the clock speed on its R series processors as low as possible. " SGI is focused on delivering sustained performance across a wide variety of technical workloads," he says. "We're purposefully not getting into the megahertz race. It is not appropriate for the high performance computing market." Snell says that at 600MHz, the core of the R14000A processor - designed by SGI and built using a 0.13 micron copper process by NEC - throws off about 17 watts of heat. He says that this is smack dab in the middle of the range of 15 watts to 20 watts that SGI targets for heat dissipation levels with each of its MIPS processors. By contrast, the Sun UltraSparc-III core throws off 70 watts to 80 watts depending on the clock speed, and that other RISC processors on the market and the future Itanium chips dissipate anywhere from 110 watts to 130 watts per processor core, according to Snell. This is obviously too much heat to tightly pack processors to create massively parallel supercomputers, or even dense minisupers. The R14000 processor from SGI, announced in July 2001, was the first chip the company designed that changed from 0.18 micron aluminum to a five-layer 0.13 micron copper process. The R14000 ran at 500MHz and delivered a peak 1 gigaflops of number-crunching power per processor. Like earlier R series processors, it has 8MB of external L2 cache. The R14000 was a shrink of the 400MHz R12000 processor, which delivered two floating point operations per second or 800 megaflops of power. In February 2002, SGI announced the R14000A, the current top-end chip in its servers, which uses a seven-layer 0.13 micron copper process that allows the MIPS core to be shrunk enough so it can run at 600MHz instead of 500MHz. Snell says that SGI's installed base has moved to the 500MHz R14000s and is moving ahead with the 600MHz R14000As. Sometime in 2003, SGI and NEC will move the MIPS processor to a 0.11 micron, eight-layer copper process that will enable the MIPS chip to run at 700MHz and deliver 1.4 gigaflops of processing power. This chip is code-named "N0" and may be branded as the R16000. In 2004, SGI will debut the "N1" processor, which will have two floating point units instead of one, an additional load/store unit, L2 cache memory (size unknown) on the chip die, L2 and L3 cache directories on chip, and a new microprocessor bus with four times the bandwidth of the current R series of chips. The quadrupling of bus bandwidth will be necessary because the N1 processor, which may be marketed as the R18000, will come in single-core and dual-core implementations. The N1 processors will be created using a nine-layer, 0.11 micron copper process and will have a core frequency of 800MHz. So a single core N1 processor will deliver a peak 3.2 gigaflops of power and a dual-core N1 will deliver 6.4 gigaflops of peak processing power. The "N2" processor that is set to debut in 2005 is still in the definition stages, and may be called the R20000. SGI says that the single core version of this processor will, at 1GHz or higher clock speeds, deliver a peak 8 gigaflops of floating point performance, and the dual-core version will deliver a peak 16 gigaflops. These numbers seem to imply that the N2 chips will have four floating point units, each capable of performing two instructions per clock, compared to the single FPs used in the R14000 and R14000A chips today. © ComputerWire
ComputerWire, 02 Jul 2002

NAI revisits McAfee.com takeover bid

Network Associates Inc has relaunched its bid to acquire the publicly held shares of subsidiary McAfee.com Corp it does not already own, having filed its restated financial results for 1998, 1999 and 2000 with the Securities and Exchange Commission (SEC) on Friday. Santa Clara, California-based NAI already owns 75% of McAfee.com and in April 2002 dropped its $224m bid to acquire the 25% it spun off via a 1999 IPO after discovering accounting errors in its own past financial statements. A review of the security and network management software vendor's past five years' worth of accounts threw up errors in its fiscal 1998, 1999 and 2000 statements. The accounting errors occurred when NAI was under previous management, and are also being investigated by the SEC. With NAI's internal investigation over, and the company's statements in the hands of the SEC, it has decided to launch a third attempt to acquire consumer security services vendor McAfee.com The original March 2002 offer of 0.675 NAI shares for each McAfee.com share was described by the McAfee.com board as "financially inadequate", and although NAI did not need the support of McAfee.com's board for the acquisition to go ahead, it upped the offer to 0.78 NAI shares in April 2002. McAfee.com's board then recommended that shareholders accept the offer before NAI's accounting problems caused the company to drop the bid. NAI has now repeated its offer of 0.78 shares per McAfee.com share in a fresh bid that will be filed with the SEC on July 2. The offer is conditional on NAI owning at least 90% of McAfee.com Class A shares after its completion. If that condition is not met, NAI may still press ahead with the deal if more than 50% of McAfee.com shareholders (excluding NAI itself) tender their shares. McAfee.com would then be merged with an existing NAI subsidiary. NAI is looking to acquire McAfee.com in order to reduce market confusion over its offerings. While the company spun-off McAfee.com in 1999 it retained the name for its McAfee Anti Virus Defense enterprise-focused software, McAfee ASaP managed security services unit and McAfee Consumer Products division. The vague distinction between McAfee.com's consumer security services and Network Associates' similarly named consumer and business services was further blurred when McAfee.com started offering services to small businesses. © ComputerWire
ComputerWire, 02 Jul 2002

Ebone to shut as sale falls through

KPNQwest's Ebone network could be on the verge of shutting down - again - following the collapse of a deal to purchase the high-speed network. A UK consortium - Oakley Investors - had been in talks to buy the 25,000km European data network. But according to insiders the deal fell through last night after the banks demanded that Oakley pay E45 million to keep the Ebone network running for another couple of weeks. Oakley, it seems, was only prepared to fork out E25 million. According to an email received by The Register: "At around 20:00 last evening, the last people from the NOC (Network Operations Centre) left the building and today a few people have gotten a contract to shut down the Ebone network." Of course, this isn't the first time that threats such as this have hovered over the future of KPNQwest. A quick glance through the headlines below shows just how bad it's been. Related Stories AT&T 'pulls plans' to buy KPNQwest KPNQwest network could shut today KPNQwest survives shutdown threat (no. 94) KPNQwest's Ebone to shut at 4.45pm today
Tim Richardson, 02 Jul 2002

Microsoft updates Java (in its own way)

The second prong in Microsoft Corp's Java developer strategy has come into play, with the launch of its latest .NET programming language. Redmond, Washington-based Microsoft opened its TechEd Europe 2002 conference in Barcelona, Spain, yesterday releasing Visual J Sharp .NET - an update to Visual J++. Visual J Sharp.NET plugs programmers using Visual J++, Microsoft's version of Java, into the Visual Studio.NET development environment and the .NET Framework. Microsoft called Visual J Sharp.NET the industry's first Java language tool with XML support. Visual J Sharp.NET is not approved of by Sun Microsystems Inc, includes no Sun technology and does not plug into a Java framework. Analyst Gartner predicts Visual J Sharp.NET is unlikely to attract more than five percent of Java programmers. The majority of the Java community use non-Microsoft versions of the language for its cross-platform capabilities and independence from Microsoft. Instead, this launch represents the second prong of a strategy highlighting Microsoft's love-hate relationship with Java. That first prong is designed to get developers off of Microsoft's version of Java and onto C Sharp - the company's entirely new programming language. Microsoft hopes to do this via the planned Java Language Conversation Assistant (JCLA), currently in beta, which migrates Visual J++ to C Sharp and Java Sever Pages to Active Server pages. Microsoft's partner ArtinSoft is backing this part of the strategy, with the Java Language Conversion Assistant Enterprise Edition (JCLA EE). This converts J2EE 1.3 source code and Enterprise Java Beans (EJB) 2.0 to C Sharp. Microsoft said it is giving .NET developers increased choice. Tony Goodhew, Microsoft .NET framework group product manager, said: "People may elect to move some components to C Sharp and leave the bulk in Java." Goodhew said Microsoft remained committed to its version of Java. The company's Java Virtual Machine, to be re-instated in Windows XP via that operating system's first service pack this summer, will be cancelled after 2004. Microsoft blamed its settlement with Palo Alto, California-based Sun in January 2001 which it said meant the company's Java technology licenses from Sun could not be updated after this date. Unlike the JVM, Goodhew said Visual J Sharp is safe because it does not use any of Sun's technology. "Planning has already started on the next version of Visual Studio.NET. We think Visual J Sharp .NET is going to be very attractive in the academic communities. This is not a transitional product." © ComputerWire
ComputerWire, 02 Jul 2002

European antitrust chief concerned over MS Palladium?

The European Union antitrust investigation of Microsoft is going to take forever, and Europe has now added Palladium to the list of issues it's not going to focus very hard on for a very long time. We jest, of course, because this isn't quite what Philip Lowe, incoming EU Director General for Competition, told the American Antitrust Institute yesterday, but he did indicate that Brussels is not going to move on Microsoft until the dust has started to settle on the US case, and that this could easily take until the end of the year. The European Commission has the power to act swiftly if it wants to, and towards the end of last year it was signalling that it could come to a decision early this year. It clearly has not done so, and the most plausible explanation for this is, as Lowe says, that it is shadowing the US antitrust authorities. If the MS-DoJ settlement had stood unchallenged, or the challenge from the dissenting states had been neutralised swiftly, then yes indeed we might have had a resolution in Q1, and then the way might have been clear for the Commission to move. Neither of these things happened, and depending on Judge CKK's next move, the US case could still have a way to run. Lowe says Europe won't be in a position to take action until there is "more clarity" on the US side. He also says there will be discussions with the US authorities on the matter. He didn't elaborate on the nature of these discussions, but they're quite likely to be heated. In May US DoJ head Charles James made menacing noises about the European investigation, and if he finally manages to get the setttlement (or something close to it) through, a serious clash with Europe looks on the cards. And Palladium? Lowe says that Europe will ensure that Microsoft's competitors aren't locked out by the new security system, which you might think is something of a mixed blessing. If Europe starts keeping an eye on Palladium and related developments now, then it stands a reasonable chance of making sure there's a level playing field, meaning that lots of companies can offer Palladium/TCPA systems. Er, do we want this? On the other hand, European scrutiny will be likely to address the Open Source issues associated with Palladium/TCPA, and European focus on the system's privacy issues could also be helpful. This latter isn't of course Lowe's bag, but it is on another part of the Commission's turf. Aside from potential antitrust issues raised by Palladium, there are also going to be problems over the trustworthiness of the companies who select themselves to look after your personal data, so Brussels' inclination to regulate them might be helpful. But maybe you'd best not hold your breath, considering the context. Lowe's remarks on Palladium were made to a small group of journalists, in response to a question from AP's Ian Hopper. So really, Lowe was simply responding in fairly general terms to a 'what if' scenario put to him by a journalist, and has as yet no specific views or intentions as regards Palladium. Hopper has mailed us requesting credit for the creation of this story, and we are of course happy to oblige, as always. Aside from delivering some interesting answers to questions, the reason Lowe was actually at the American Antitrust Institute was to deliver a speech on Competition Policy in the European Union. This is, frankly, dull but worthy. If however you'd like some explanation of the diffrences between the US and Europe in this area, you'll find the speech here. ® Related stories: MS Palladium protects IT vendors, not you - paper MS to micro-manage your computer MS DRM OS, retagged 'secure OS' to ship with Longhorn?
John Lettice, 02 Jul 2002

Indymedia.nl loses anarchist hyperlinks case

In April this year, Deutsche Bahn sued Google over links to a German anarchist website which showed how to sabotage a railway. It wasn't Google's fight: the world's favourite search engine firm promptly removed the offending links to the website of Radikal, the aforementioned anarchists. Deutsche Bahn had already gone to court to bar German web ISPs from linking to the sabotage articles. When this didn't work, the company went to the Netherlands and sued the Dutch ISP XS4ALL, host of the Radikal pieces - under the EC Ecommerce Directive of 8 June 2000, Statewatch reports. "The Directive defines the liability of ISPs in a very precise way. The implementation deadline was 17 January 2002, as this date had passed a Dutch judge had to rule on the case. Proceedings were initiated on the 10 April and the case was heard on the 15 April, giving XS4ALL little time to prepare. The judge ruled that the content, having been banned in Germany was indeed illegal under the terms of the Directive and XS4ALL had to remove the pages." Dutch Courage So now the Dutch arm of Indymedia, the radical newsgathering collective, enters the fray, producing a page containing links to mirror sites which have popped up all over the Web. On 23 April, indymedia received notice from Deutsche Bahn demanding the removal of the pages. Indymedia.nl refused. The case went to the Dutch courts. And on 20 June, the news organisation duly lost its argument that by linking to mirrors, it was not linking directly to illegal material (at least three clicks away) and therefore it broke no Dutch law. Our knowledge of Dutch law is, err, zero. We also understand Deutsche Bahn's desire to expunge a primer teaching people to blow up its railroads. But this action should have been scrutinised properly, instead of by the proxy of EC consumer law. The EC Ecommerce Directive has been much criticised on the grounds that consumer rights enshrined in its philosophy are unfair to etailers and ISPs and may retard online trade. But who spotted its potential as a backdoor cross-border censorship tool? Possibly not even the EC. In December 2000, the Commission wrote: The (ECommerce) Directive clarifies that the Internal Market principle of mutual recognition of national laws and the principle of the country of origin must be applied to Information Society services. This will ensure that such services provided from another Member State are not restricted. The Indymedia.nl ruling seems to have exactly the opposite effect to that contained in the above sentiment. ® Related links/stories Indymedia.nl page with links (now removed) Statewatch article Indymedia press release conceding defeat Reg article on Deutsche Bahn and Google EC Ecommerce directive (PDF) EC welcomes Electronic Commerce Directive
Drew Cullen, 02 Jul 2002

Police bust global Net pedo ring

Police have arrested 50 in co-ordinated international raids this morning aimed at breaking up a ring of paedophiles trading indecent pictures over the Internet. Operation Twins was lead by the UK's National Hi-Tech Crime Unit, which has investigated a group called the Shadowz Brotherhood for over a year. Scores of computers and discs were confiscating during the raids. The Brotherhood is believed to have a membership of around 100 and operated through a Web site which gave paedophiles secure access to how to 'groom' children for abuse and advice on how to escape detection. Six of the 50 arrests were made in Britain, and 31 in Germany but the investigation spanned the globe involving officers in seven countries in North America and Western Europe. Many of those arrested posted images of their abuse of children on the Internet, Police believe. Sixteen people have already been arrested worldwide as part of the same case and one of those - a US Air Force officer - committed suicide, the BBC reports. "In terms of the kinds of material they are posting and allowing access to it's the worst group I have encountered," said Detective Chief Superintendent Len Hynds, Head of the UK National Hi-Tech Crime Unit, told the BBC. "This group were using highly sophisticated technical means to continue their criminal activities and to avoid detection." ®
John Leyden, 02 Jul 2002

EC greenlights PSINet Europe sale

The sale of PSINet Europe to a consortium including ClearBlue Technologies, Israel Corporation and Infinity Holdings has been given the green light by the European Commission. In May a US bankruptcy court gave its approval for the $9.5 million sale to go ahead after its parent, PSINet Inc decided to auction off the business. Following the clearance of this hurdle R Scott Arnell is to step down as president and COO of PSINet Europe. He will be replaced by Richard E Williams as PSINet Europe's new CEO. Williams has worked in the telecommunications, computer and software industry for over 34 years and is the former founder, President and CEO of RSLCOM Europe Limited, part of Israel Corporation. He also served as a founding Director of WorldCom (UK). PSINet Europe generated revenues of around E180 million last year and boasts operations across 12 European countries. ® Related Story PSINet Europe sale gets US green light
Tim Richardson, 02 Jul 2002

Akamai wins Digital Island patent injunction

Akamai was granted a permanent injunction against rival Digital Island's content delivery service by a Federal Court in Boston yesterday. In a statement, Akamai welcomed the ruling said Digital Island cannot effectively operate its content delivery service without violating key aspects of a disputed patent. In December last year, a jury found DI's Footprint service infringes the parts of US patent 6,108,703, the so-called "Leighton-Lewin patent", which cover a "two-level DNS" method used by both Akamai and DI to route web traffic to edge-of-network caches. However Digital Island dismissed the ruling as a "legal technicality" about a legacy part of its content delivery network. Customers will be unaffected by the injunction, it says. Judge Rya Zobel has retired to establish the final wording of the injunction to be granted against Digital Island's Footprint service. Digital Island, despite downplaying the significance of the injunction, has pledged to appeal to the Federal Circuit Court of Appeals. Both parties expect the case to go to trial next year. ® Related Stories FBI raid sparks Akamai v. Speedera court battle Akamai tightens legal screws on Digital Island
John Leyden, 02 Jul 2002

$200k prize offered for getting Linux to run on Xbox

An anonymous donor has offered a total of USS200,000 as prize money for getting Linux to run on Microsoft's Xbox, legally, by the end of this year. The prize money is intended to be awarded in stages as parts of the project, which is being run via the Xbox Linux Project, are completed. Is this for real? According to Michael Steil of the Project, the identity of the donor "is known to the project leaders and well-respected," so there seems at least a possibility that the money exists and will be paid up. And finding "a simple and completely legal way to run Linux on the Microsoft Xbox" before 1st January 2003 could be a tall order. The project consists of two sub-projects, each of which is worth $100,000. Project A is for porting Linux to a modified Xbox, and consists of development of a PC-style bios, for which the prize is $55,000; kernel and XFree drivers ($25,000), and FATX and bootloader work ($10,000 apiece). Project B is just one big $100,000 nightmare - Development of a CD image that makes an unmodified Xbox run any unsigned code from the CD. Call us pessimists, but we'd guess at least half the donor's money is perfectly safe. You can find more details here, along with the competition rules. These state, among other things, that information must be shared, work must be submitted via Sourceforge, it's all got to be documented, that it's all got to be GPL, and that everybody should work together. Which sounds sort of like everybody on the project ends up getting an equal share if it succeeds. But maybe we misunderstand... ® Related stories: Xbox mod-chips still on the menu
John Lettice, 02 Jul 2002

CNET sniffs Silicon.com

CNET is in talks to buy Silicon Media Group, the European online tech publishing business, for up to £30m, Les Echos reports, by way of the FT. Neither side are talking, the paper reports. No surprise there, and the leak is not particularly surprising - there have been mutterings in the UK about a CNET/Silicon tie-up for a few months now. The question is: will Silicon go for anything like £30m and will CNET pick up the company or just the assets. At the peak of the dotcom bubble, Silicon was valued at a heady £800m - only it never made it to IPO. The company was very successfu though in raising funds from private equity sources and venture capitalists - around £27m in three rounds according to our rough estimate (although there may be some double counting with some of round two's £11m paying off some of the private investors who chipped in £5m or £6m in round one). The company had two big USPs - a broadband TV station (now effectively mothballed) and a personalisation/targeting software platform called Bladerunner. Rumours are that Silicon is preparing to junk this software. The last financing round in 2000, saw Silicon raise £14m to establish France and German operations, money which with hindsight could have been spent better elsewhere (anywhere but the torched online ad market of Germany). While the UK is profitable - turnover is an estimated £5m a year - Germany and France are not. This puts a strain on finances. Lack of an exit also puts a strain on the three dozen or so shareholders, many of which are looking for an exit, even one that will see them lose money. So let's assume that CNET does buy Silicon or its assets. A combination of the firm's ZDNET UK sub and Silicon would be comfortably the UK's biggest online tech publishing operation by turnover. (But not by page impressions or readers - take away ZDNET UK's Gamespot, typically quoted in audience figures, and it looks a whole lot smaller). Silicon UK has an online events tech directory service and a recruitment business, which would fit neatly enough into ZDNET (although the latter would see ZDNET waving goodbye to TotalJobs, its tech job provider). As for Silicon France and Germany? Hmm. CNET is the world's biggest tech publishing outfit, but in corporate finance terms it is a relative minnow, compared with the likes of the traditional media firms. Last week, it announced 200 job cuts, taking the headcount down to 1,700 in the third round of redundos since its takeover of ZDNET in 2000. ®
Drew Cullen, 02 Jul 2002
SGI logo hardware close-up

Java runs like the clappers on HP Superdome

HP yesterday claimed a Java performance benchmark record for its flagship Superdome server, beating high-end servers from Sun Microsystems. In a SPECjbb2000 benchmark, a 64-way HP Superdome server with PA-8700+ processors scored 614,538 Java applications per second, narrowly outshining a 104-way Sun Starfire 15K which recorded a mark of 602,270 in the same tests in April. HP's result also is 80 per cent better than IBM's p690 server, HP boasts, but since the 339,484 mark set by that server is for a 32 processor machine its questionable if anything can be read into that particular result. In tests designed to test the performance of high-performance technical or scientific computing systems, the 64-way HP Superdome server's SPEC OMP Medium and Large results were 20 per cent and 40 per cent faster than all previous 64-way submissions, respectively. The fact that of rival server vendors, only SGI has submitted 64-way machines (its Origin 3800) for equivalent tests rather takes the shine off this statistic,. This is a busy time for benchmarketing. Over the last week Dell, IBM, Sun and HP have released various figures casting favourable light of the performance of their boxes. ® Related Stories Sun joins the benchmarketing season My dad's server's bigger than yours IBM says Intel eServers trounce Dell, challenge Sun
John Leyden, 02 Jul 2002

Court freezes lawscot.co.uk, owner claims unfair trial

The Law Society of Scotland is attempting to reverse hijack the domain www.lawscot.co.uk, claiming that its current owner, Mr Tommy Butler, is "passing off" and wrongly receiving private and confidential emails. Mr Butler and the UK domain arbitrator Nominet have both been served with a 10-page court order, suspending the domain until the court has reached a decision. However, Mr Butler is determined to fight the case, claiming that not only are the grounds against him false but that the problem has been created by the Society's own doing. Mr Butler also claims his rights under EU law are being infringed since a request for the case to be heard in an English court has been refused. The problem lies in the fact that both Mr Butler's solicitor and the judge in any case will be members of the Society itself. Not only that but the Society's solicitors previously represented Mr Butler is a disconnected case. All parties claim there is no conflict of interests. The Society has also so far failed to comply with a request to hand over any material mentioning the lawscot.co.uk site under the Data Protection Act. The Law Society's claims that Mr Butler is "passing off" are likely to hold little water since Mr Butler registered the domain in November 1999, and the word "lawscot" is a generic name. Equally, the assertion that he is wrongly receiving emails intended for the Society are undermined by the fact that the Society has falsely advertised Mr Butler's domain and email address as it own on its own website at www.lawscot.org.uk and in its journal of December 1999. Mr Butler has promised to forward on wrongly addressed emails without looking at any details and claims to have spoken to some of the senders, many of whom have said they found the email address from the Society's own site. The Society's case therefore rests on the trademark "lawscot" that it applied for in September 2001 and which was registered in March this year. That action was long after Mr Butler claims the Society approached him with a view to buying to the domain. He refused on several occasions since he intends to build a legal portal on the domain, linking to several other generic legal domains he possesses. In Mr Butler's eyes, the court order is far more malicious than simple concern on the Society's part. "Why is it that they have gone straight to court rather than through Nominet - which is what everyone else uses in domain disputes?" he asked us. "And how come is that if this trademark is so important that neither lawscot.org or lawscot.com or lawscot.net have been approached? Is it something to do with the fact that out of all of them, I'm the only one that isn't a lawyer?" Is it hard to see this case as anything but a heavy-handed attempt by the Scottish Law Society to get hold of a domain that it wants. Unfortunately, it is less keen on answering questions put to it about the case. "We don't want to prejudice the trial," a spokeswoman told us. "It's an ongoing situation and so we can't go into it at this moment." ®
Kieren McCarthy, 02 Jul 2002

Internet privacy campaigner to become MS privacy officer

Caspar Bowden, who resigned as director of the Foundation for Internet Policy Research to 'return to industry' earlier this year, is due to pop up at Microsoft this week, our sources inform us. Bowden was involved in establishing the FIPR as a campaigning think tank on Internet and privacy issues, and was heavily involved in the fight against the Regulation of Investigatory Powers Act, so his new role as privacy and security manager for EMEA at Microsoft promises to be interesting. We are not entirely clear whether this is poacher turned gamekeeper or vice versa. But presumably Bowden will see his new role as being to keep the Beast honest, while the Beast itself will see the appointment of such a prominent campaigner as proof of its intent to be honest. We say "presumably" because we've asked Microsoft to explain its thinking, and we've tried calling Caspar too. To no avail. But we expect there'll be a formal announcement along in a minute, and the FIPR is now advertising his old job here. ®
John Lettice, 02 Jul 2002

Corporates! Give your PCs to Africa

Yesterday we wrote about the real Digital Divide, and we promised to run a charity appeal on behalf of Computer Aid International. We asked for details of other refurb PCs-for-developing countries-charities, and we've received several, which we'll run tomorrow, along with a couple of domestic IT charities, running in the US and the UK. Today, the field is clear for Computer Aid, the world's largest non-profit supplier of computers to developing countries. There's huge demand for end-of-life PCs, but corporates are wary of donating PCs to charities. It's time to change. Computer Aid has teamed up with sundry firms to supply logistics services. Unfortunately, it's limited to the UK and except for very large donations, limited to the south east. Here goes: Computer Aid International is calling on corporates and public sector organisations to donate their end-of-life PCs to schools and community groups for worthwhile projects overseas. The charity is seeking Pentium PCs and aims to source 50,000 of them from UK businesses for shipment to developing countries. There is enormous demand for refurbished computers for developing countries and there is a yawning Digital Divide. In developing countries, 99 per cent of children leave school without ever touching a computer in the classroom. In Nigeria alone, state schools require 50,000 PCs and this severe shortage applies to most developing countries. Are your company's old PCs skipped and landfilled - or refurbished for re-use by children in developing countries? In the West, organisations consign millions of usable PCs to the scrap heap each year. These could and should have a useful second life. New computers in most developing countries are rarely cheaper, and often more expensive, than in the West. The price for one new PC is prohibitive for schools and groups in most of sub Saharan Africa. For the price of just one new PC, Computer Aid International can supply 20 quality, refurbished machines. Tony Roberts, Director of Computer Aid International comments: "End-of-life PCs are worthless to most companies - but invaluable to school children. Companies have written down the value of their redundant computers to nil, and all they see is a headache in getting rid of their old kit. We can take care of the headaches, while at the same time ensuring that the PCs go to very good causes." This is a good time for corporates and the public sector to consider the way they dispose their PCs. According to PC market researchers, the corporate upgrade cycle is hitting an upswing for the first time since the last pre-Y2K PC buying rush. That means record numbers of decommissioned PCs will become available for recycling and re-use over the next 12 months. But getting rid of old PCs can be expensive and cumbersome, especially when complying with product liability and data protection laws. Historically, most old PCs - many perfectly usable - end up in landfill sites - up to 1.5 million a year in the UK alone. But this is dirty and dangerous. Computer monitors contain between 4lb and 8lb of lead each, according to the Silicon Valley Toxic Coalition. The new green laws And soon this will become illegal, with tough new UK legislation following in the wake of the EU's Waste Electrical and Electronic Equipment directive which passed its second reading on 10 April and is due to come into force in the UK by 2005. Over a third of companies interviewed by Selway Moore, an IT recycling company, claim that they are not aware of the directive and over a third of UK companies still use a 'scrapping' policy that will become illegal. Through its partnership with Remploy, UK's largest employer of people with disabilities, Computer Aid International can offer a one-stop end-of-life shop. It can take care of all the logistics headaches associated with disposing old PCs, including collection and data wiping to military standards. Computer Aid International is equally happy to work with other recycling firms. Call to Action To launch this IT Appeal, Computer Aid International has opened a dedicated Hotline for donor enquiries - 020 7281 0091. Please call for further information about how you can help this good cause. Computer Aid International can collect computers from within the M25 catchment area but would be delighted to hear from businesses further afield if they could deliver to their London headquarters or from those companies who could contribute to the delivery costs. For further information about Computer Aid International, please see computer-aid.org or email it at info@computer-aid.org. Established in 1998, Computer Aid International is a registered charity (no 1069256) and the world's largest non-profit supplier of refurbished computers to schools and community organizations in developing countries. Based in London, Computer Aid International tests, refurbishes, packs and ships donated Pentium computers from the UK for re-use in the not-for-profit sector overseas. Computer Aid International is committed to providing the highest level decommissioning service to its UK computer donors and delivery of the highest quality refurbished computers to its recipient partners overseas. The success of these twin aims is reflected by the fact that Computer Aid International has been donated over 12,000 computers from corporates, universities and councils, which have in turn been shipped to over 916 educational institutions and 690 community groups in over 60 different developing countries in just 4 years. These figures have been achieved because Computer Aid International has developed strategic supply partnerships with leading companies such as Warner Bros. and Ford (Credit Europe) in the UK and strategic demand partnerships with overseas partners such as SchoolNetAfrica. ®
Drew Cullen, 02 Jul 2002

PDA makers snub Dell handheld plans

Dell has been knocked back by three of the four Taiwanese handheld makers lined up to tender for the contract to make its first handheld PDAs. The cut-throat price demanded by Dell left little profit margin, the firms which pulled out of the bid concluded, Digitimes reports. The newswire names High Tech Computer (HTC), Wistron, Compal Electronics and Mitac International as the four companies involved in the final stage of the bid (which has been going on over the last month), but doesn't reveal which of the four is still in the running. Quoting unnamed sources involved in the bid, Digitimes said that Dell plans to price its first PDA at around $299 and release it in time for Christmas. It asked manufacturers to come up with a device similar to Compaq's iPaq but without specifying the device's configuration, something which reportedly did little to improve its prospects in striking a deal. With only one company left considering its options, Dell's handheld plan appears close to floundering. This would leave Dell with little option other than to delay the launch or resell products from other manufacturers. Dell itself has made no comment about its possible plans to enter the handheld market. Although the launch of PDAs represents a natural extension to Dell's brand the PDA market is a different animal from the PC market that Dell has taken by storm. True PDAs are becoming increasingly commonplace but the scope for Dell to commoditise the market, and cut out the middleman, is more limited than with computers. Whichever way you look at it backlit colour LCD screens are expensive, added to which the manufacturing process is more complex and involved. The market is also rapidly reaching maturity, which is among the reasons PDA vendors such as Handspring are looking towards smartphone style device which bring together the functions of phone and PDA to drive the next stage of their growth. In January last year on a visit to London, Michael Dell downplayed the important of handhelds to company in particular and the overall IT market in general. He did, however, say that handhelds would get more interesting once wireless technology is embedded in Palms and PocketPCs. Well that time is now and the question is whether Dell can get anyone interested in its business model for the handheld market or whether it will have to compromise on either functionality or cost in its bid to find a suitable partner. ® Related Stories Dell disses handhelds and Net appliances Redmond's Tablets don't work - not for Dell, anyway Dell sales mask true horror of US PC market Michael Dell does not wear cowboy boots
John Leyden, 02 Jul 2002

Mac users to MS: your Right to Left defence is Upside Down

LettersLetters Some, but not too much sympathy for Microsoft Mac boss Kevin Browne from readers wanting Hebrew and Arabic support on the Macintosh. Dear Mr. Kevin Browne, I have just read the correspondence between you and Mr. Andrew Orlowski of the Register concerning the question of supplying Hebrew and Arabic versions of IE and Office, and I would like to add my appeal to his and the many others who have expressed their dismay with the current situation. I am an economist, so I do appreciate your appeal to the question of profitability. But as Mr. Orlowski has noted, the nature of investment is that one bears costs up front in order to realize a profit stream into the indefinite future; it is the present value of that stream that counts. Now I know you understand this idea, I am merely restating it as a point of reference. Mr. Orlowski has suggested that you may be overestimating the costs of making this investment (which the Israeli vendor has offered to help defray, and which a community of interested programmers would be happy to help with, I am sure), while also underestimating the benefits that will flow from it. Macintosh is the superior platform, and time will continue to tell that story. If MacBU does not make this investment in a Hebrew/Arabic IE and Office, then that part of the world will be fenced away from the Mac platform, because your products are just that important. It is as if you would be cutting their oxygen, both for the present generation of Macophiles, and for all future (and larger) generations. I would urge you to take another look at the potential demand in Israel and the Arab world for your superior products, keeping in mind the growth our platform will surely experience and the significance of the present value calculation (we are likely to remain in the present low interest rate environment for some time to come, so the future counts importantly in that calculation). There are two other factors to consider, concerning matters of goodwill; I hope you will not take my mention of them amiss. The one concern, mentioned already by Mr. Orlowski, is the message you send to the world concerning the second class status of the Mac platform, with a subtext that Microsoft intends to use its monopoly position to keep things that way. This may not be part of your thinking, but as a Mac user long sensitive to such perceptions I can tell you that this is surely the way it will be seen. If I were Mr. Ballmer, I would want to head off any such perception, given the legal situation and climate the company is still dealing with. Nor would I be concerned about Apple's drive to double its market share. MSFT is simply too big and powerful to be concerned about that. The second concern is that MacBU will be seen to be less than a good eclectic citizen, both of the cultural community of our own great country and of the world at large. The three great monotheistic religions are significantly represented at home and in the Middle East. Don't you think you could turn a decision to offer Hebrew and Arabic into a very nice public relations coup? You could explain it by saying, "we decided to think a bit differently about this issue, and we are happy we did." I hope you will continue to think about this, because I truly believe it is the right thing to do for many reasons, not the least of which is the profit potential it represents for MacBU. By the way, I do think you make "great products." Sincerely, Michael Balch Iowa City, IA Microsoft has walked away from its earlier investment in Arabic support, according to one reader: Why the Microsoft Mac BU exec would flinch at a question regarding support in Hebrew or Arabic just shows how unaware he is of this. Zeine Technologies in Jordan Arabized earier versions of the MacOS and Office for Mac. Furthermore the company also produces a competing Arabic word processor. Furthermore, to make the matter worse, Microsoft Middle East recently invested in Zeine and One World Software (www.owss.com) to create a joint venture known as Estarta(www.estartasolutions.com)... More irony and more on how the Microsoft MacBU makes "smart and informed" decisions and moves... Maybe what the MS exec failed to say was that his unit's "smart and informed" decisions and moves reflect the level of piracy in a region. Israel alone has as much piracy as the rest of the Arabic speaking Middle East, when counted in monetary loss. But I dare say that had Microsoft itself ever taken that as the base of its strategy, Windows would be no where it is today with regards to market share and desktop dominance. Furthermore, any decent business planner will tell you this: finance based plans are a flop. I personally shed my trusty 5300CS cause of the late Arabic releases! So to second The Register editor's cry: sod off and buy windows! Kind regards, Ahmed Naser I covered the Jordanian IT sector in its prime back between 1996 to 1999 and I now do business consulting so I know what I am talking about! But Apple should be doing much more to help its biggest ISV:- I think you're missing the point to the response letter. MS is directly relating the support for the different language as a direction Apple has taken (or not taken). MS will follow suit, should Apple deem that they will actively solicit for the additional market. You should be asking Apple why they are not marketing specifically to the Hebrew contingent. When the market becomes viable for Apple, MS will have to respond. Apple is currently paying LAN Admins and giving them free computers to appear in commercials about switching from Windows to Mac; surely, they can redirect some advertising dollars toward supporting your cause. Rod Trent Microsoft.MVP.SMS Thanks for the interesting coverage of the Hebrew scholars vs. MS Mac BU dispute... just thought I should point out that this issue goes far beyond Hebrew and Arabic -- Office on Mac simply doesn't support Unicode at all, as far as I can see. Whilst that obviously affects R-L scripts, it also means Mac Office is useless for many European and other roman-script languages. In my case that's Welsh -- where 'W' and 'Y' are vowels, which often need to be accented. So I can't type simple words like "water" (dw^r) and "house" (ty^) in MS Office on my Mac. I think MS saying that it's Apple's fault is rather misleading, since OS X's Unicode support seems fairly extensive. Apple's basic TextEdit.app copes fine with Welsh, so I really don't see why Office can't... Whereas Microsoft's Kevin Browne states (with merit, I admit) that the Mac's small market share in Israel and other countries does not justify the cost of localization, enabling support for such languages is something that can be done relatively easily. Mac OS X includes such support (although sometimes incompletely) and I hope that Mr. Browne will consider adding support for languages such as Arabic/Farsi/Hebrew to MS Office. In my opinion, until Apple does it's part to increase marketshare for the Mac OS, localization of software is a bit extreme for such small markets. Enabling features already within the OS, on the other hand, is not too much to ask for. Sincerely, Neema Aghamohammadi Go away and buy a OS that supports Hebrew and Arabic languages... like Linux... Luis Ferro Maybe there should be a write-in campaign for Apple to support Hebrew? Thanks for listening, Rob Schweitzer Orlando, FL We've heard from Apple's Israel representative Yeda that Hebrew will be supported in Jaguar. Can anyone confirm? Kevin Browne has his defenders:- I think Kevin's on the level here. I think it really is too expensive. There's still a lot of work to be done on Office v.X (I know, I run it...) My impression is that under the skin, OS X is as rough as guts. They really are having problems coding to it. Taking on RTL languages when Apple's support is both slight and mushy would have to be a new name for business suicide. WorldCom may be able to fudge its cash flow, but Mac BU can't :-) I know the RTL people are vocal: they yell at me too. But not many of them: I am only aware of two or three. Sure, they make a lot of noise, but there really does not seem to be many of them out there. Just my thoughts John McGhie, Consultant Technical Writer I think your criticism of Mr Browne was rather unfair, He is running a departament which is probably resented within MS. He probably faces a tremendous amount of flak every day in his job. I am sure that he would love to support the Mac platform fully, but us working within strict budgetary constraints [Microsoft has $30 billion in cash - ed. and that he MUST make a profit. I feel it a shame that the MBU is vilified from within parts of the Mac community , their job seems to be a thankless one. They have brought us Office for X, without it Apple would be in serious trouble in the education market and any pretence to enter the desktop business world would be dead in the water, Yours sincerely, Paul Reading Actually Paul, we made this very point earlier: Microsoft's Mac software is very good. And heroic, considering what they have to work with. (I'm thinking of the state of the Carbon APIs last year, when the MBU was porting Office to X). But is this a decision that's in Browne's hands? The way this issue has been handled in the press so far leaves a lot of people (myself included) with the belief that the decisions about language support may be coming down from "on high" (ie Bill's paranoia). Thanks for your time, Philip R. Ershler The KDE project, unfunded, was able to release KOffice 1.2beta2 on June 27 in 56 languages simultaneously. RTL, LTR, the works. If Microsoft is so talented, has so many resources, and so much cash, you would think they could easily outdo that. I don't understand why they don't have their software translated to 150+ languages. Hmm, unless they think they can charge extra $$$ for the localised version. http://dot.kde.org/1025176121/ George Staikos
Andrew Orlowski, 02 Jul 2002

Bug puts Unix servers in a BIND

Security watchers are warning that a security flaw affecting Domain Name System servers running Unix could prove difficult to fix. A buffer overflow vulnerability in DNS Resolver Library represents a serious risk to many Unix system using the BIND or BSD resolver libraries, CERT warned last week. It warned that a remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable systems. As explained in greater detail in CERT's advisory here, multiple implementations of DNS resolver libraries are affected by the problem and users are been encouraged to update to versions BIND 9.0.x or BIND 9.1.x, which are immune to the fault. Unfortunately the problems don't stop there. The resolver library performs such a central role in networking, that manufacturers may need to make substantial changes to OS binaries. Security integrators Integralis warn that IT departments will have a mammoth task in administering these upgrades and protecting themselves in the event of their network becoming compromised. Historically firms are often slow to react to problems involving DNS servers. A recent survey by DNS specialists Men & Mice found that at least 14 per cent of Fortune 1000 companies have DNS servers with BIND versions that contain known flaws, making the companies vulnerable to Internet attacks. The survey was carried out of week after a previous vulnerability with BIND 9 came to light. ®
John Leyden, 02 Jul 2002