12th > July > 2002 Archive

USA Today swats hack attack – but not entirely

USA Today experienced a hacker attack last night, which took it out of service for three hours. The pub manfully 'fesses up in a front page piece here, wherein it says normal service resumed around 2am US Eastern Time. Um, up to a point, people. Unless the stolid scribes from AP have been smoking something, there currently remain at least two intruder-mangled stories on the site. One is what The Reg might class as a minor Flame of the Week (targets, Islam and France), with what appears to be a sig for the perpetrator attached. "The source of the intrusion was not immediately determined," says USA Today, but there's a clue for your IT gumshoes. The other one you'll find here if you're quick, but as it'll no doubt be gone fairly swiftly, it reads as follows: 9th ciruit court at it again California (AP) — This week the 9th circuit court has handed down another convtroversial judgement ruling that the shape of the Pentegon was unconstitutional due to its obvious similarities to the Star of David a religious symbol of Judism. Shape to be changed to rhombus. Copyright 2002 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
John Lettice, 12 Jul 2002

Dell ups Q2 forecasts

The markets were presented with a rare spectacle yesterday, when a tech company warned that its financial results will be better than expected. Dell Computer Corp announced yesterday afternoon that both sales and earnings for its second quarter will be better than it predicted in May. However, the announcement could still spell trouble for rival PC vendors. Round Rock, Texas-based Dell had been counting on sales of $8.2bn, with earnings per share of $0.18 for the quarter ending August 2. However, it now expects sales to be $8.3bn, up 9% on last year, with earnings of $0.19 per share. But while Dell may be seeing increased sales, that does not translate into equally good new for its PC rivals. The vendor said that it believed it was continuing to gain share "in the midst of weak overall demand." Throughout the PC downturn, which has now lasted nearly two years, Dell has continued to gain share, causing further pain for rivals already facing weak demand. The vendor said its strength in the market was broadly based, but particularly highlighted the consumer, education and government businesses in the US. © Computerwire.com. All rights reserved.
ComputerWire, 12 Jul 2002

Fujitsu plans cuts, predicts two more years to recovery

Fujitsu Ltd is planning job cuts and believes that the market will not recover for another two years. The Tokyo, Japan-based computer giant said the WorldCom scandal and concerns over the US economy, will almost certainly mean further restructuring this year, despite the fact that its profit target remains on course. Fujitsu chief financial officer Takashi Takaya said in an interview that one target for job cuts and consolidation is the company's US telecommunications equipment business, to which the company is heavily exposed. Also at risk is Fujitsu's domestic hard disk drive operations, with a consolidation of production facilities now under consideration. The demise of WorldCom has meant that the company will lose approximately $20m in orders, and it believes that the scandal will delay a recovery in the global communication equipment sector. Takaya added: "We have to slim down further in North America so that we can hold on until a recovery, possibly in about two years." Over the last year Fujitsu, like other Japanese chip and electronics giants took drastic restructuring steps by closing plants and slashing jobs when confronted by the economic downturn. It is likely that the proposed restructuring will include both headcount reductions and cutting facilities. Regarding the company's earnings performance, Takaya said the company is not thinking of cutting its operational profit target of 100bn yen ($857m), since the weakness in the telecoms equipment market is expected to be offset by strengths in other areas such as semiconductors. © Computerwire.com. All rights reserved.
ComputerWire, 12 Jul 2002

KPNQwest heads for final shutdown

The future of the KPNQwest network looks bleak, after the Customer Support KPNQwest foundation decided to withdraw its support for the operation from 23.00 hours tonight. The foundation was co-founded by Dutch carrier KPN NV to enable the bankrupt network to continue operating while possible buyers were found. Yesterday KPN said that much of the network had already been sold off and customers had found alternative options. Consequently, traffic had dropped and "the foundation sees no reason to continue supporting the network." Dutch incumbent KPN added that "the receivers and banks have still not responded positively to KPN's offer to take over the remaining sections of rings 1, 2 and 3 in of the KPNQwest network in Northwestern Europe". KPN added that as far as it was aware, its offer was the only concrete one. It said, "whether the Foundation's decision to stop support of the network leads to its closure depends on the receivers and the banks." © Computerwire.com. All rights reserved.
ComputerWire, 12 Jul 2002
server room

IBM sell first Regatta-H iSeries monster server

It might have the highest price tag of any OS/400 server yet built, but IBM Corp has already sold its first iSeries Model 890 "Regatta-H" server. The first iSeries Model 890 is going to Apria Healthcare , a home healthcare equipment and services provider based in the Los Angeles suburb of Lake Forest. One of the driving factors behind Apria's acquisition of the monster iSeries machine is that it wants to consolidate its data centers to save money. Apria is a $1.1 billion company with close to 9,700 employees. The company is public, and its shares trade on the New York Stock Exchange. Apria has three product lines. One line is involved in selling oxygen systems, home ventilators, sleep apnea equipment, and nebulizers (a sophisticated humidifier); another sells medical equipment for administering intravenous drugs, nutrients, and pain killers (this is known as home infusion therapy); and the other sells home medical equipment such as wheelchairs and hospital beds. Apria has over 1 million patients using its products and a direct sales force of about 460 people, who work from over 400 branch offices in the lower 48 states. These sales people coordinate with hospitals and doctors in order to supply patients with the equipment they need to receive treatment at home, rather than staying in a hospital. Sources at the company say that server consolidation is not a new thing at Apria, but rather something it has been pursuing for years. In the past few years, Apria has consolidated 175 data centers, using AS/400 and iSeries servers, down to 40 data centers. Eventually, the company wants to have only four iSeries servers. Apria runs a mix of enterprise applications from J.D. Edwards and SAP. Using fewer servers means that the a big portion of the business can be knocked out if a machine goes offline, which is why Apria has set up a hot backup site that mirrors corporate data stored on central machines. Apria has chosen Vision Solutions as its high availability clustering partner for its mirrored machines. Apria is one of Vision Solutions' main customers for beta-testing future editions of its Vision Suite software, the result of an alliance the two companies formed in August 2001. Such mirrored machines are mandated by the Health Insurance Portability and Accountability Act of 1996, by the way. Mirrored machines are not just a good idea in the healthcare industry; they are the law. Exactly what configuration of iSeries Model 890 server Apria acquired - or if it bought more than one - is unclear. IBM has been close-lipped about the prospects of sales of the Model 890 servers, but as I have said before, IBM can make them in a few weeks' time and I think there is potential - provided customers have the budget slack - for Big Blue to sell a few hundred of these big iSeries boxes this year. This will add hundreds of millions of dollars to iSeries sales in 2002. The Model 890 servers and OS/400 V5R2 officially start shipping on August 30. Copyright © Midrange Server, Inc. All Rights Reserved. © Computerwire.com. All rights reserved.
ComputerWire, 12 Jul 2002

Last call for Star Wars console competition

It's your last chance to win an original Star Wars console courtesy of AMD and Rackspace Managed Hosting. The competition closes at 10am GMT on Monday 15 July, so you'd better get your skates on. All you have to do is click here, and you'll be asked to complete a survey and then enter some details. That will suffice to enter you in the prize draw for this fabulous piece of kit. ®
Lester Haines, 12 Jul 2002

EMC And Accenture – The Switzerland of Storage

EMC and Accenture have joined together to create Information Solutions Consulting, a new business targeted at bringing "end to end, platform independent storage consulting services" to the market. The five-year agreement will see the new group set up as a new unit within EMC but separate from the core EMC professional services business. The new services are meant to extend the reach of EMC's services, not replace its service business. The unit will be seeded with around two hundred staff taken from both EMC and Accenture and will initially focus its efforts on EMC existing Global accounts in North America and Europe. The new venture will initially have four cornerstone offerings. The consulting services available will look at the areas of: Storage Infrastructure Strategy - to help companies reduce costs whilst aligning business goals with IT. Storage Management Optimisation - to supply tools, policies and best practise including financial modelling for charge-back mechanisms. Information Storage Consolidation - the design of storage infrastructures. Business Continuity Planning - to help design cost effective delivery of disaster recovery plans and strategies. The new unit is looking to combine EMC's technical knowledge with Accenture's consulting and service delivery skills coupled with both sides best practise methodologies. The unit will be an EMC unit using a "shared success" business model but EMC will be totally responsible for the strategic direction of the unit with all revenue flowing through EMC. There is no doubting the potential strengths of such cooperation between the two organisations. The new venture wants to position itself to provide platform independent consulting services, but it may prove difficult to persuade users of the real independence of the consultancy whilst it is effectively another EMC business unit. Interestingly, both EMC and Accenture will remain free to work with other partners. However, this may also pose challenges since many of EMC's existing partner base already attempt to offer such "vendor independent" services. There is a demand from the end user community for highly skilled, high value advice on how to build and manage heterogeneous storage systems. EMC is currently devoting a lot of attention to the heterogeneous storage space, especially through its AutoIS and WideSky software initiatives. If EMC and Accenture together can grab any sort of hold in the vendor neutral consultancy business there is clearly room to grow. We shall have to wait to see if the two together can win mind share as a "Switzerland of Storage" advice centre and build a thriving operation. © IT-Analysis.com. All rights reserved.
IT-Analysis, 12 Jul 2002

Nanotechnology may be over-hyped

Nanotechnology will require sustained investment over at least the next decade, as well as more commercial applications, if it is to deliver on its initial promise. Nanotechnology, which is the design and manufacture of extremely small electronic circuits and mechanical devices built at the molecular level of matter, has been touted as an emerging sector for some time now, but a white paper published on Thursday has said that the technology is over-hyped and a long way from delivering on its full potential. According to the report, which was published by investment firm 3i in association with the Economist Intelligence Unit and the UK-based Institute of Nanotechnology, nanotechnology is at the heart of applications that are making money, but it has not made the impact it should have in areas such as pharmaceuticals, clothing and artificial bone. To remedy the situation, the report called for increased investment in the technology over the next 10 to 20 years from governments. While the report noted that governments in Japan, the US and Europe have increased their financial commitments to the area, it said that more money needed to be pumped into the sector, particularly in Europe. According to a survey of leading nanotechnology entrepreneurs, investors, researchers and organisations, the US is a leading player in all nanotechnology areas, Japan is considered the global leader in electronic applications of nanoscience, while Germany is set to take the lead in chemical applications. The UK is regarded as of one of most sophisticated developers of medical/pharmaceutical devices. The report also recommended that the commercial sector should invest more heavily in the technology. However, it found that the biggest stumbling block to commercial nanotechnology developments was finding the right uses for the technology. Over a third of respondents to the survey said that recognising and discovering commercial applications of the science were the main roadblocks to nanotechnology progress. "Nanotechnology companies need to be crystal clear about the commercial benefits they can offer," said the report. "These include either new products with innovative functionality or improvements to existing products through faster and cheaper processes." It also said that nanotechnology start-ups should partner with larger companies in order to ensure the delivery of projects they can't achieve on their own, and recommended they bring in business people to "inject commercial reality into the science." The survey also showed that a third of respondents believed that smart paints, pigments and coating sectors show the most promise commercially over the next five years. But, the report warned that the idea that nanotechnology can fix everything would lead to a backlash against it. "Nanotechnology is a valuable and essential emerging technology," said Ian Lobley, director at 3i. "It is capable of providing the differentiating technology upon which to base a wide range of exciting, fast-growth business opportunities." He added that 3i believed the technology had a lot of potential and had indeed supported some businesses in the sector. A nanometer is one billionth of a metre. This is so small that three to four atoms can fit inside a nanometer. Nanotechnology is about building things atom-by-atom, molecule-by-molecule and potential uses include the development of stronger and lighter materials, nanobots that can explore the human body at a microscopic level, and shrinking massive amounts of information on to miniscule microchips. © ENN
ElectricNews.net, 12 Jul 2002

One in ten workers squeezed out at Juniper

Juniper Networks yesterday announced plans to lay off 10 per cent of its workforce following the completion of its Unisphere Networks acquisition from Siemens. The company, which is second-placed behind Cisco System in the high-end routing market, hopes to save around $7m per quarter through the redundancies. News of the job loses came as the company reported net revenues for the second quarter of $117m, down 42 per cent on the $202.2m for Q2 2001. Juniper's net income for Q2 2002, which includes amortization of purchased intangibles of $1.6 million and a deferred compensation credit of $8.0 million, was $6.2m, compared with a net loss of $37.1m in Q2 2001. Analysts expected Juniper's revenues to come in at around $110, so its results came as a pleasant surprise to Wall St, which was concerned the knock on effect a reduction in spending from scandal-hit WorldCom might have on Juniper. ®
John Leyden, 12 Jul 2002

RIM unleashes more lawyers on Good

From Europe, it might look like two bald men fighting over a comb, but the fight between Research In Motion and Good Technology is deadly earnest. RIM escalated its suit yesterday against the new arrival - which in March began to produce an always-on communicator and middleware very similar to the successful Blackberry device and infrastructure - with a fresh look-and-feel action. Last month RIM filed suit against Good claiming the latter breached four RIM patents. But Research In Motion isn't just using the IP club against the well-funded Sunnyvale start-up: it's also decided to license the platform to OEMs. History suggests licensed platforms have a better long-term success rate than closed platforms, but RIM is up against a variety of ambitious players, including small players like Handspring (which doesn't have a proprietary back-end); Danger (which does) The Beast itself, and perhaps most ominously of all Nokia. Last year Nokia declared its future would be as a "software company", and half of its 20,000 engineers write are engaged writing software. All want a piece of the pie, and in the case of the latter two, as much as they can eat. Research in Motion is claiming injunctive relief and cash damages. There's no response in the "GoodNews" section on the defendant's web site yet. ® Related Argy-Bargy Email2Go - in-depth feature RIM propagates new BlackBerries Good Technology launches direct RIM competitor World+dog join mobile standards army Can Club Nokia thwart .NET? Steve Wozniak's smartphone adventure
Andrew Orlowski, 12 Jul 2002

MS to use PEAP for home wireless security?

A little bird suggests to The Register that Microsoft's "more secure than others" wireless products will be using Protected Extensible Authentication Protocol (PEAP). He further suggests that PEAP support will ship with Windows XP SP1, and although we hadn't heard that as a possible SP1 addition, Microsoft is a supporter of PEAP, and a while back said a "future version of the Windows client may also include Protected Extensible Authentication Protocol," here. PEAP would certainly be one way to beef up wireless security for small business, homes, and execs wireless hot-spotting out of range of the corporate network cops. According to Microsoft's paper (which incidentally contains several suggestions regarding the security content of "future" versions of the Windows client) PEAP "provides a mechanism for mutual authentication and session key generation in a roaming environment." It allows a client to establish an encrypted session with an access point and then with a server by setting up a TLS session, EAP being wrapped inside TLS. One advantage of this is that it allows the use of username/password challenge/response authentication rather than relying on certificate exchange. According to the IETF working draft, the protection of EAP within a TLS channel also gets round the deficiency of EAP whereby negotiation is unprotected, and hence vulnerable to attack. So will it be part of Microsoft's wireless security? Could be, and considering there aren't supposed to be many future versions of the Windows client (apart from Tablet PC edition, that is) for quite some while, shipping it in SP1 if possible, or as an add-on if not, makes sense. In any event, in order to be useful it would have to be available around the time of SP1, because shortly afterwards Microsoft will be needing it, or an alternative, for both home wireless and Tablet PCs. ® Related story: MS talks to self about not talking about home 802.11b range
John Lettice, 12 Jul 2002

Sharp Linux handheld in double bug alert

Sharp's Linux-based Zaurus handhelds have two security bugs. The first vulnerability could give a remote attacker full control of the Zaurus filesystem, including the ability to overwrite files and/or programs with trojans. The Zaurus SLD-50000D and SL-5500 devices are designed for consumers but if used in business, the vulnerabilty supplies a way in to get into corporate systems. The exploit takes advantage of a lack of authentication in the in-built FTP daemon used to synchronise data between a handheld and a users' PC, according to an advisory by Syracuse University's Center for Systems Assurance. And there's more. A second vulnerability affects the Zaurus passcode function, which locks the handheld so that no data can be input via the keypad and touch screen. Passwords are stored on devices in encrypted form, but this code can be broken by a dedicated hacker because of a lack of rigour in the cryptographic processes. Sharp has been notified about both issues and is working on a fix. As a workaround to the first problem, users who use Ethernet or PPP to attach to a network should either discontinue use of QPE, the default windowing system for the units, or place themselves behind a firewall until a patch for QPE is released. Fixing the second problem is dependant on Sharp introducing a more robust method of storing the passcode function. ® Related Stories iAnywhere Sharp deal gives Linux PDAs boost Sharp Linux PDA needs apps now! Sharp launches next-gen Zaurus, promises 3G wireless version
John Leyden, 12 Jul 2002

BTo in business broadband promo

BT Openworld - BT's mass market ISP - is offering business customers £130 cash- back for companies that sign up to any one of its three 'multi-user' Broadband PLUS products. The promo applies to all orders placed until September 30 with installation taking place before October 31. The offer covers the purchase of BTopenworld's Business 500PLUS, 1000PLUS or 2000PLUS products - suitable for office networking. To qualify for the product users must also sign up to its Internet Business Pack. Once all the necessary conditions of the offer have been met, and businesses have squeezed through all the hoops laid out before them, BTo will reimburse companies half the cost of their installation - which works out at a saving of £130. ®
Tim Richardson, 12 Jul 2002

Norwegian gov ditches contract with Microsoft

The Norwegian government has terminated its contract with Microsoft, with employment and administration minister Victor D Norman commenting that the deal had been "unfortunate," and that the injection of competition could mean cheaper and (cruel cut) higher quality solutions. The contract with Microsoft, as we understand it, covered both national and regional government and meant Microsoft was virtually the sole software supplier for public services. Norman told NRK Dagsnytt, the state-funded news channel: "We think that the contract we've had with Microsoft has in reality given them a monopoly in a field where we're better off getting competition." So the position is that Norway has opened up the field for competition to Microsoft, rather than kicking Microsoft out as such. Local hero Jon von Tetzchner of Opera Software told the channel that the cancellation was positive, and should open the field for alternatives. The full story in Norwegian is available here and here (although come to think of it we've only got the word of half a dozen Norwegians for that). Thanks to Bjørn Moe for helping us out with the content (although come to think of it, we've only got his word for that). ®
John Lettice, 12 Jul 2002

EU recycling rules to hit PC makers

A report by Gartner predicts that new EU recycling rules will raise the production costs of PCs and lead to faster consolidation in the European PC industry. The report refers to two recent EU directives aimed at managing electrical and electronic waste. The Waste from Electrical and Electronic Equipment directive requires manufacturers to collect, treat, recycle and reuse their electronic products and sets a date of December 2005 to begin collection of the waste. Meanwhile, the Restriction of the Use of Certain Hazardous Materials (RoHS) directive requires manufacturers to find replacements materials for lead, mercury, and cadmium, as well as for chemicals such as flame retardants that are used in circuit boards and plastic covers. The lead used in the manufacture of computer monitors is the only component exempt from the RoHS directive. The deadline for compliance is January 2008. Gartner, a US-based research company, claims that that the waste management directives would "raise production costs, reduce margins and accelerate consolidation among mid-tier and small European PC vendors." The new laws, which cover a range of electrical and electronic goods, from fridges to televisions, will affect huge multinationals such as Dell, IBM, Apple, and HP, as well as smaller indigenous PC makers such as Iqon Technologies, Osmosis and PC Pro. Gartner asserts that recycling programs depend upon large volumes in order to be economically viable and that most medium and small PC vendors will not be able to generate these economies of scale. Additionally, those vendors won't be able to invest in the R&D required to eliminate hazardous waste from the PCs, Gartner claimed. However, it has been suggested that compulsory recycling may create a profitable business opportunity for recycling specialists, who could handle the recycling at no cost to the manufacturer. It has also been suggested that because PCs are built from components that are mass-produced commodities, the original component manufacturers may ensure that all of the banned materials are eliminated prior to being shipped to small and medium PC assembly companies. The new laws will also affect US manufacturers, which annually export up to USD6 billion in consumer electronics. "If these manufacturers can't - or won't - comply with the directives, that export number could drop significantly," the report observed. © ENN
ElectricNews.net, 12 Jul 2002

Three domain name scams

Barely a day goes by when Vulture Central doesn't receive an email from readers warning about some domain name scam or other. Like haemorrhoids, these cons are a pain in the arse. Trouble is, no matter how painful they are, they're a part of Net life. So, here's El Reg's guide to the top three domain name scams - just so as you know. 1 The Good eSamaritan (Scam 'A') A punter gets a phone call from a domain name company warning them that someone is sniffing around looking to snap up their domain. The phone conversation goes something like this ... Cold Caller: Ah yes, hi there, sorry to trouble you but I was just calling to let you know that someone was trying to register your domain whateveritisdotcom. We thought we'd let you know just in case you wanted to buy it yourself. After all, there are some very dodgy people out there on the Net - some real crooks (nervous laughter). Cybersquatters, con artists, don't you know. Terrible people. Anyway, just wanted to let you know that this was on the cards. When we found out we thought it was only right that we let you know, you know, just in case. Of course, I suppose if you wanted the domain before it was snapped up I could try and register it now for you ... Punter: Oh that's terrible. If we'd lost this domain my boss would have killed me. Gosh, thank you so much for letting me know. That's so kind. What a blessing you called. I'd have really landed in the doo-doo if you hadn't called. This must really be my lucky day. You've really saved my bacon. How would we have managed without ...(reaches for credit card) 2 The Good eSamaritan (Scam 'B') A punter gets a phone call from a domain name company warning them that their domain is up for renewal, and unless they cough up for it now they could lose it, and their Web site, and their email, and the sun might not even rise the next day either… Cold Caller: Ah yes, hi there, sorry to trouble you but I was just calling you to let you know that your domain name registration is about to expire. Trouble is, if you don't hurry up and renew it you'll lose it and that will be that. No Web site, no email, no nothing. You're lucky, I came upon this by accident but thought it was only right I should let you know. I'd hate for your site to disappear just because of some administrative oversight. After all, we're only human. Anyway, I don't usually do this but like I said, I noticed your site was up for renewal. After all, there are some very dodgy people out there on the Net - some real crooks (nervous laugh). Cybersquatters, con artists, don't you know. Terrible people. Anyway, just wanted to let you know that this was about to happen. Of course, I suppose if you wanted the domain before it runs out I could try and register it now for you... Punter: Oh that's terrible. If we'd lost this domain my boss would have killed me. Gosh, thank you so much for letting me know. That's so kind. What a blessing you called. I'd have really landed in the doo-doo if you hadn't called, etc (reaches for credit card) 3 The Directory Sting This is a new take on the fax directory sting in which punters are sent bogus invoices worded in such a way that makes people think that unless they cough up the cash, they will lose their domain. In fact, the invoice is a charge to be included in a Web directory, not the registration of their domain. Advice The advice from the experts is treat all such demands - either written or by phone - with caution. If unsure, contact your ISP for clarification. ® Related Stories Beware of 'bogus' Web site renewal invoices Beware the bogus domain sellers
Tim Richardson, 12 Jul 2002

Calling all Reg Hackerettes

The success of the Vulture Central Hacker range of IT leisurewear has led many female readers to request, nay demand, that we produce a shirt specifically for women. Well, we've tracked down a suitable women's fit t-shirt and the screen-printing presses are ready to roll. However, there's just one minor snagette: What size should we do? The said shirt is available in 10-20. We reckon that the average is about 12-14, but what we males know about such matters could be easily accommodated on the back of a small postage stamp. So, could any reader interested in such a product tell us their preferred size? Realistically speaking, we can only do one, so we'll collate the data and go with the majority. You can email me direct here, and as an added incentive, we'll give away five of the new shirts (as soon as they're ready) to a random selection of correspondents. Thanks. ®
Lester Haines, 12 Jul 2002

UK broadband take-up doubles

Three per cent of small and medium-sized businesses (SMEs) in the UK have signed up to broadband, according to the latest stats from telecoms regulator Oftel. According to Oftel, 8 per cent of businesses that currently access the Internet do so by using a DSL or cable modem connection - that's around 3 per cent of all SMEs. On the home front, around 6 per cent of users with Net access use broadband to get online. Throw it all together and what have you got? Well, at the end of June it seems 709,000 people and businesses in the UK were accessing the Net using broadband. Cable modem access continues to lead the way with 419,000 end users by the middle of June. DSL is still lagging behind with some 290,000 punters using the technology to access the Internet. Oftel reckons the take-up of broadband in the UK is growing substantially with the number of broadband users more than doubling since the end of last year. Which is nice...if you live within a spit of a BT exchange or cable franchise. ®
Tim Richardson, 12 Jul 2002

Cash'n'Carrion down for stocktake

Sincere aplogies are due to all our customers this weekend as our Cash'n'Carrion Reg shop is shut down for a frantic weekend stocktake. After one year of relentless e-commerce, we need a couple of days to take stock and recharge our merchandising batteries before bearing the Vulture Central banner once more unto the breeches of online apparel. We thank you for your patience. ®
Lester Haines, 12 Jul 2002

Ogg Vorbis goes gold

Ogg Vorbis, the open source audio compression format, went gold today. With the release of the first full version, developers can create hardware or software products to encode or decode music files without restrictions, royalty payments, or limits on distribution. For music fans the hope is that major hardware vendors will back the format, which is promoted as offering higher quality playback in less space than MP3. Using Vorbis means your player and encoder choices aren't bound by licensing terms. Although Vorbis is supported by players already (such as Winamp 2.80), some have questioned whether Vorbis offers a great enough performance leap to spur defection. News of the release came to us in an email from Reg reader Douglas Gore, who told us: "Ogg Vorbis officially become version 1.0 today as announced on the developers mailing list, they haven't announced this officially yet as they are preparing it for full release, but the code is in the CVS and already people have compiles of the final code floating around in the Internet." There's no official comment from Xiph.org Foundation, the driving force between Ogg Vorbis for now, but we'll update you when this arrives. ® Related Stories MP3 owners get stroppy with open source coders
John Leyden, 12 Jul 2002

RedHotAnt boss jailed for 5 years

Kevin Wall - the former boss of ISP RedHotAnt - was jailed today for five years for his part in a £1.3 million VAT fraud. Wall, 29, of Hythe in Kent, was also disqualified from being a company director for ten years. JAK Productions Ltd was forced into liquidation by MCI WorldCom, which was owed £5.5 million for telecoms services. During the three-week trial at Canterbury Crown Court it also emerged that JAK Group owed £6 million to Level 3 Communications and £1 million to Cable and Wireless. The ISP was also subject to an investigation by Trading Standards. Said Customs and Excise spokesman Nigel Knott: "Fraud on this scale is nothing more than theft from the taxpayers. "Investigations of fraud are complex and time consuming, but customs are committed to identifying and prosecuting fraud cases to protect the public revenue," he said. ® Related Stories RedHotAnt claims police raid 'rash' Police raid RedHotAnt offices
Tim Richardson, 12 Jul 2002

Linux attacks on the rise?

Attacks on Linux and open source Web applications appear to have risen sharply this year, while attacks on Windows systems are markedly down. That's the conclusions of a study by security consultancy mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and "information from automatic robots". Sites such as Alldas.org make no attempt to suggest that their data is comprehensive, and it's questionable if mi2g's figures can be used as a metric to compare the vulnerability of different operating systems. But then it's very hard to get solid figures on this kind of data so mi2g's figures may be indicative. On the other hand, Windows may come out of the survey well simply because we haven't had a Code Red or Nimda this year - yet. The study also makes no mention of of Unix system vulnerabilities. Here are the headline findings. According to mi2g the first six months of 2002 saw 7,630 overt digital attacks on Linux systems, significantly higher than the whole of 2001 (5,736). Overt attacks on Microsoft Windows/IIS based online systems taking place in the first half of 2002 fell 20 per cent to 9,404, from the 11,828 in the first half of 2001. The total number of overt digital attacks taking place in the first six months of 2002 rose 27 per cent to 20,371, from 16,007 in 2001, according to mi2g. Attacks on government systems are down though, a factor mi2g controversially attributes to tougher government legislation, such as the Cyber Security Enhancement Act (CSEA), acting as a deterrent to crackers. DK Matai, mi2g chairman and chief executive, told us the playing field in security between Linux and Windows is levelling out. Many attacks on open source systems are successful because of vulnerabilities in third party apps on Linux (such as portal software and PHP scripting) enable attacks into the heart of corporate environments, he said. mi2g reckons weak configuration management is the reason many systems are penetrated. Well-known vulnerabilities are not being patched fast enough and continue to be exploited by hackers to gain control of the systems hosting the insecure application. ®
John Leyden, 12 Jul 2002

BOFH and the God of Workplace Harmony

Episode 14Episode 14 BOFH 2002: Episode 14 "..and so we're looking to identify problems in the workplace that could lead to illness, injury or personal discomfort," the Human Resources Health and Safety Droid burbles happily to the majority of the IT Dept. Sigh. It's the same thing every year - we're obliged to attend an Occupational Health and Safety Course and identify risks in our environment that need to be addressed. Failure to attend means you're marked 'absent from school' and get docked a day's pay, thanks to the stooley nature of the HR Droid concerned. The rows of vacant faces are a testament to how well this works after the low attendance last year... "Obviously, this is good for both you and the company," The Droid continues, "because we reduce the incidence of accidents to you and lost revenue to the company!" "Didn't we already do this?" The PFY murmurs quietly, remembering something similar from days past. "Yes," I respond. But it hasn't escaped the attention of the HR department that whilst accident reports for us two remain at a static ZERO, accidents in our area just keep increasing." "Oh. So you mean they wanted us to identify areas which put OTHER people at risk?!?" "I believe that was the purpose, yes." "Ah! Now I get it! I did think they were paying a lot more attention to our wellbeing than they normally did." "Indeed." "DO YOU HAVE SOMETHING TO SHARE WITH EVERYONE?" the HR Feeb snaps in a distinctly annoyed manner. "Well, yes," The PFY replies. "This identifying danger areas - would this be like the Danger of getting shut in a tape safe over the weekend?" "Well YES, I think that would be a valid danger!" he responds, pleasantly surprised that someone was listening for once. "And so from that danger, or potential accident, we would work back to the cause, and ways to prevent it." "Oh. OK, well I suppose the cause would be annoying me, and ways of preventing it would be locking my office door and taking the phone off the hook." "No, I think you misunderstand. We're talking about ways to prevent the accident occurring - or getting worse - like perhaps fitting a safety release to the inside of the door." "Oh," I interject. "We actually used to have one of those, but it was removed to ensure that in the unlikely event of someone being trapped in the tape safe it would provide enough air to sustain life." "You mean the safe is airtight?" "Well it HAS to be airtight to work - otherwise the heat of a fire would penetrate the safe and destroy the media." "Ok, but thinking back a step, wouldn't the safety release remove the need for an air hole?" "Ordinarily yes," I concur, "but in the UNLIKELY event that a large filing cabinet was ACCIDENTALLY leant up against the outside release mechanism, it would still provide the air needed for the person inside." "I think you're multiplying slight probabilities here, and the likelihood of this happening as you described is extremely small." "But still a possibility," The PFY responds darkly. "But not one which would lead to anyone endorsing the removal of a safety feature in a device. Tell me, who removed the lever concerned?" "I did," The PFY responds tersely, obviously thinking back to that couple of hours of feverish activity before the torch batteries ran out... "Well it's not recommended, and as an Official Safety Agent of the Company I'm required to ask you to replace it - but how would someone even get trapped in a tape safe?" the HR Droid asks, really starting to labour the point now. "Surely it has shelves, and tapes, in it?" "Well there's no point in putting tapes in it if they're not going to be safe from fire," I respond, deciding on the recursive approach, " what with that air hole in it and all." "But if you put the door release back, then replace the shelves, there'd be no possibility that someone would get locked in the safe!!!" he cries triumphantly. "But then there'd be no air in the safe," The PFY blurts, playing dumb. "You don't need it!" "You do if you're trapped in it over a Bank Holiday Weekend just because you won too many games of Unreal Tournament and your Supervisor is a poor sport!" The PFY replies. Perhaps I'm being oversensitive, but I may have detected a slight touch of annoyance in The PFY's voice - almost as if he still bears a grudge about the lost weekend last year. I momentarily consider advising him to just let it go, but decide to play it safe and say nothing. "But you can't get lock in there if the lever and shelves are in there!" "I'm not sure I follow you," I say, joining the discussion.. "It's simple," he explains, going to the whiteboard and drawing pictures frantically. The rest of the audience look on silently - knowing what this means - the God of Workplace Harmony requires a sacrifice... "I'm not sure I follow you either," one of the IT geeks speaks up, remembering only too well the reduced pay packet he encountered this time last year. "Perhaps we should actually see it in-situ, as it were." . . . >SLAM!< . . . God of Workplace Harmony appeased, good fortune soon to follow... ® BOFH: The whole shebang The Compleat BOFH Archives 95-99 BOFH is copyright © 1995-2001, Simon Travaglia. Don't mess with his rights.
Simon Travaglia, 12 Jul 2002