16th > July > 2002 Archive

MS to ship Media Center ‘special edition’ of XP in Q4

Ah, the perils of automation. At 0512 GMT this morning a Reuters story headlined "Microsoft to release new multimedia edition Windows XP" winged its way to the company's customers. And then about 30 minutes later a bulletin from Reuters headlined "TECH-MICROSOFT-XP ADVISORY" seems to have headed to the same customers, saying, er, the story "is embargoed for publication until 1100 GMT on Tuesday July 16." The original story had of course already escaped, and currently graces the pages of Forbes and the Hindustan Times. We expect the good Reuters customers at ZD-CNET will be poised to join in just as soon as they're up, but remember, good customers at ZD-CNET, you're embargoed until 1100 GMT. We at The Register are not Reuters customers, so are not subject to even a scintilla of an embargo. How do we know about the embargo bit then? Well, the bots/nightshift at Forbes seem to have reacted to its issuance by just publishing it, here. Strewth, this sort of stuff doesn't half cheer you up first thing in the morning. You've all been very patient, sorry, you want to know about the XP story, don't you? Well, basically Microsoft has rechristened Freestyle Windows XP Media Center and proposes to ship it as a special edition of XP in time for this year's holiday season. It won't be sold separately, allegedly because it's "closely tied to the hardware." We do not, however, altogether understand this because although XP Media Center PCs come with a special remote control and all the hardware you'd need to make them audio-video media centres, it would surely not be beyond the wit of Microsoft to sell it bundled with a remote. But then it wouldn't be giving its special friends in the PC industry a clear run at this compelling package aimed at the youth market, and priced from $1,000-$2,000. The remote unit has a start button on it, and this gives you a special control display on the screen. This may well turn out to be the new UI originally promised for Freestyle. Yes, we fear it must be. HP, NEC and Samsung get the name checks in the Reuters piece, which also claims the 'new OS' will "debut in stores in the United States, Canada and South Korea in time for this year's US holiday season." So what did the rest of the world do wrong? We've no idea. Unless plans have changed XP Media Center software will also be bundled into XP SP1, so it'll be possible to have it without the new PC if you don't mind not having the special remote that produces the control display. So what is it, if you take these two away? We've very little idea of this either. XP with SP1 applied? ® Related stories: WinXP SP1 to combine new goodies with the fixes Gates pitches Mira and 'Freestyle' XP extensions in home
John Lettice, 16 Jul 2002

Gweeds gets killed

LettersLetters My recent item entitled "Security industry's hacker-pimping slammed" has generated damn few page hits but a vast flood of e-mail. What I reported, essentially, is that my boy Gweeds stood up at H2K2 this past weekend and excoriated the security establishment for selling out 'old-fashioned' (possibly fictional) hacker ethics for a quick buck. But before we get to the dirt, which readers have supplied with glee, I should at least say this much: Gweeds' cynical angle on hacker sell-outs doesn't get enough play in the press, imho. It doesn't seem right that the public discussion should be so asymmetrical. I think it's healthy to play Devil's Advocate once in a while. That said, I believe I expressed a hint of a doubt that the blackhat community actually gives a rat's ass about social issues: "The rush to publish and take credit for discovering and patching a new ewxploit hobbles the positive efforts of blackhats with a social conscience (though admittedly no one knows how big a category that is)." It would be cool if that category would grow -- assuming it contains at least one, that is.... I never said that I believe what Gweeds claimed about @Stake or SD. I reported what he said, and said that I liked it. That's not to say that I believed it. Regardless of Gweeds' foibles, I maintain that his argument is worth presenting in The Register. Where else will you find stuff like that, after all? And finally, I have no loyalties other than my own, which are well-known to our beloved readers. I loathe Microsoft, adore Linux, loathe Feds, adore soldiers, loathe cops, adore firefighters, and would be delighted beyond expression to beat John Ashcroft, Billy Rehnquist and Little Dubya to death with a tightly-rolled-up copy of the Bill of Rights. And as for Gweeds, who suddenly seems quite easy to ignore in context of Presidents and Attorneys General and Supreme Court Chief Justices, I'll still gladly tear him a new one if the dirt sticks. Which it very well might.... ® Gweeds and Sir Dystic have a past - and there are many stories floating around about a fued between Gweeds and Sir Dystic over NewHackCity, a site Gweeds screwed up and is no longer. Are you sure that Sir Dystic works for MS? Or are you taking Gweeds word for it? Something tells me that MS wouldn't go and hire the programmer of BO knowingly. Nor would "programmer of BO, member of cDc" look all that good on a resume. If you do a search of the Bugtraq archives (I used both SecurityFocus' archive and Neohapsis) you will find only one post by Sir Dystic to the mailing list and its not even a security advisory. L0pht was invited to speak to congress by Senator Thompson not NIPC. I've read some of the L0pht testimony and have yet to see any FUD in it. Does Gweeds have any examples? Gweeds does not have the ability to know anything about @Stake government contracts. From what I can tell from coversations I have had with @Stake people Gweeds statement is false. Again, does he have any examples? I have interviewed with @Stake in the past and am pretty sure that they are not living off of lucritive government contracts - a simple phone call could also confirm this. It would also seem that Gweeds is somehow connected to the "el8" crowd as the following was taken from IRC recently (http://www.eurocompton.net/~fuk/el8.3.txt) *snip* Oh it just keeps getting better: Six degrees of seperation..This is the whois info for gweeds on IRC this morning gweeds (gweeds@ghettobox.eurocompton.net). Oh my goodness..the hostnames match..looks like Gweeds has a posse. As you might know, the el8 crowd has made it their mission to attempt to destroy the so called whitehats. To them, the legitimate hackers are a threat to their zero days and their fun. Is it just me or has the true hacker ethic always been about the quest to explore systems and gain knowledge? "L0pht went in front of Congress and testified at the behest of NIPC and talked about how they could get into any network in the United States. The result is that NIPC got increased funds for cyber-defense and FBI got more funding to fight cyber crime. And now L0pht (@Stake) enjoys federal security auditing contracts," Gweeds observed. L0pht testified at the request of Senator Thompson's office. No one from NIPC ever spoke to them. They testified because they thought the citizens of the country needed to hear the truth about the security of governmental systems and the critical infrastructure. I would like to see some evidence to back up the statement that @Stake now enjoys federal security auditing contracts. Any tiny bit of evidence. "They're making money, sure; but they're also increasing the reach of the Federal police state at the expense of fellow hackers who are being caught and put in jail." So if there is no evidence then this second statement is clearly untrue. So taken together these statements paint a picture that L0pht used its fame and knowledge to get in front of Congress so that they could get government contracts to help the government catch hackers. This is clearly bizarre. You would think if you were going to rewrite history so boldly that you would have sought out a comment from someone who was actually there. [I was there, and Gweeds' characterization, while not strictly correct, is revealing and worthwhile -- tcg] After reading your article it became important to me to express my perspective. I've sent it out to various channels, including the Security Focus forum related to the article, and only time will tell if SF deems it acceptable for publishing in the forum, and Gweeds. It seemed appropriate to send it to you directly also. You should be aware that I am close friends with Gweeds, Sir Dystic, and almost all the members of the L0pht, and an actual member of The Cult Of The Dead Cow, so that my bias and motivations are understood. I think it's great that you focused on Gweeds' speech, as it was probably the most significant session that happened at h2k2. There are ripples in the net as a consequence of the talk, your article being part of those ripples. Anyways, here's what I have to say about it. Over the past year I've spoken to many hackers who share a lot of the same sentiments that were expressed in "Black Hat Bloc or How I Stopped Worrying About Corporations and Learned to Love the Hacker Class War". However, it took Gweeds' courage to step up and lay it out to a live audience of hackers. I have to admit that I have been guilty of some of the same "exposure equals success" thoughts, and I have made attempts to join the big money computer security industry, unsuccessfully. Although, I would also have to say that my underlying intention was to make a career doing something I enjoy, hacking. Gweeds didn't hold back in his talk. There was no innuendo. Names were named. I think some of those mentioned, like Chris Klaus, deserved to be exposed. The evidence exists in the original ISS code. However, I think others were unjustly accused. To the best of my knowledge, Sir Dystic does not work for Microsoft, but if he did, doesn't that make sense? Aren't we always saying that Microsoft lacks the skill or talent to do things right, especially when it comes to security. Couldn't we use someone like Sir Dystic, on the inside, just like we have Andy Mueller-Maguhn on the inside at ICANN? I think I need to shed some light on Sir Dystic's history, to set the record straight, even though I also feel it is an invasion of his privacy. Sir Dystic never cared for money. There was never any spark of greed in him. He doesn't own a BMW, a Mercedes,.. he drove around in an old minivan he borrowed from his parents. He doesn't own a house. He never made any millions from company stock. He never joined any company that appeared to have great prospects. He was expressing that the industry made him sick while Gweeds was still at Macromedia, earning one hell of a salary for a 20 year old, plus stock options. Sir Dystic was mostly unemployed through most of the "dot com years", only doing enough to get by, and only trying to find something that interested him. There were long periods of time that Sir Dystic didn't see his friends, but instead was sitting in front of his 2 year old computer doing research and coding. And what would he do with what he found? Did he use vulnerability extortion to line his pockets? or parlay it into working for some big security firm? No. He shared it, openly. Even though most often I think in doing so it only caused him grief. Accusations of being unethical, and tons of email requesting for tech support and warez that can be used to hack shit up! I think we should all implore Sir Dystic, and other hackers to work at Microsoft. Maybe by being on the inside, change can be made. History has shown that Microsoft isn't going to go away, let's see if we can make it better. For me, if I saw that Microsoft was hiring our brethren, it would lend credence to their recent so called "Security Initiative". I think it was also unfair to call to the forefront the jealous laden cry of "L0pht has sold-out"! L0pht had no intentions of making a huge financial windfall through government contracts when they testified at congress. It was an amazing feat to finally have a chance for hackers to be heard and respected for their way of thinking. L0pht made attempts to point out the straight truth about security flaws in the internet, the way government and commerce handles information (including yours) insecurely, and that software companies should be held accountable for the flaws in their expensive software. History shows that the L0pht continuously freely released information and software. I'll also take this opportunity to point out that many years ago, when each new vulnerability didn't make the news, L0pht tried to speak to vendors and companies about their security holes, and got harassment and threats in return. L0pht, at great risk to themselves, released the information to all, long before the term Full Disclosure became a hacking political tool. In so many ways, L0pht is a shining example of what it means to be hackers. For that, they deserve our respect, not our usual need to tear down our own heroes when we're done with them. Although, I think Gweeds was off target with his slings and arrows, those arrows were true. I feel that I don't deserve to name names, lest perhaps my own envy show through. However, I can speak of things in general terms. The bugtraq Full Disclosure phenomenon comes to mind. Full Disclosure which was originally a means to share knowledge openly, alert everyone to a possible flaw, and force the vendor to provide a patch. This has instead become, as Gweeds said, about bragging rights and resume fodder. Also, while some focus on the problem of unethical hackers misuse of Full Disclosure, it is the security industry using this free information resource, to fuel their own expensive proprietary software, while spreading the word that hackers are evil, that turns my stomach. The ultimate example of this has to be the recent over-zealous release of the Apache chunked encoding vulnerability. I think that we do have to be concerned that our government is going down the wrong path again. Software companies are still not under pressure to promote quality and be liable for the lack of it. Instead of using technology to improve our lives and as a means to disseminate public information, it will be used to restrict our freedoms, and peer into our private lives. If software is made with less obvious well-known coding flaws, intelligent authentication schemes, and encryption there should be no need for the government to spy on it's own citizens. The good and bad things that have come out of hacking, involve people's motivation. We all have to explore our own motives and the motives of others, when it comes to hacking. There is nothing wrong with making a living, doing something in the technology field, even in the security industry. It should be based on a love of technology, the desire to improve things, and fact-based honesty, rather than fear and materialism. I have a couple comments about your article. "Hackers now work to expose security flaws with the specific intention of selling out and obtaining funding to become a security company, he said." Perhaps today that is true when you see s'kiddiots like PimpShiz going out and defacing sites then starting up his own security company but in the past this has never been the case. Today, you see a lot of high flash but low skill guys getting the money and yes, they are manipulating things but to compare these idiots with the true hackers and the true security professionals is offensive. "Security lists like BugTraq become the matter for resume stuffing. Post to BugTraq, become a well-known gadfly on the list, and, like Sir Dystic, get a high-paying job at Microsoft. It's an interesting progression: post a fix to a bug, work on the resume, release some software and then get offered a good job," Gweeds noted with sarcasm." Or like Gweeds, become an early Macromedia employee so that you can cash in on options and never have to work again. Who is he to point a finger at those of us who still have to work for a living? As someone who has been in senior hiring positions at a few security firms, there is no way in hell I would hire someone just based on Bugtraq posts. Of course if someone was to post a well thought out and well written advisory plus showed a high level of maturity when working with vendors his name is going to be remembered but it's the skill set that gets the job, not the "pimping". "L0pht went in front of Congress and testified at the behest of NIPC and talked about how they could get into any network in the United States. The result is that NIPC got increased funds for cyber-defense and FBI got more funding to fight cyber crime. And now L0pht (@Stake) enjoys federal security auditing contracts," Gweeds observed." Was any of this even confirmed by you? When did L0pht go in front of congress and when did L0pth become @Stake. What specific government contracts is Gweeds talking about and how would he even know what contracts @Stake has? I don't work for @Stake but I am in pretty constant contact with a lot of their people and I am willing to bet you would hear a different story if you checked with them for a comment. "They're making money, sure; but they're also increasing the reach of the Federal police state at the expense of fellow hackers who are being caught and put in jail." Now this is outright FUD. The morons that are being caught and put in jail are not even considered hackers. Script kiddies at best. What is wrong with the idiots who deface web sites being caught anyways? What makes Gweeds think that L0pht should have some sort of allegiance with idiots? It's the job of a security professional to protect their employers networks and respond accordingly to attacks. "Gweeds also believes that the window between when an exploit is developed by the underground and publicly released is shrinking as hackers turned security-knights hasten to pad their resumes with proppies on BugTraq. This may be good for the computing public at large, but when the purpose of hacking is to liberate information which may well be of concern to the public, then it's just another sell-out." I agree that the exploit window is shrinking and I even agree that there are a few unethical organizations out there that hack then chase the ambulance in order to get the work. But without proper proof is this just not more FUD? Gweeds couldn't find his ass with both hands let alone be able to talk about the security industry or what security professionals are doing. We have all heard the rumors of certain research groups going out and defacing sites then having their consulting arm make a cold call the next day -- but these are just rumors with no proof. I personally would love to see this proved especially with who is rumored to be doing it. "BlackHat brings together CEOs and corporate secuity people and government and military people, to tell them why they need to spend money on security services and products." They then learn about intrusion techniques from hackers who are there essentially to frighten them." Its not like the presentations at Blackhat are just high level doom and gloom scenarios that are designed to scare people. They are presentations on real risks that are really exploitable. How is this designed to scare money out of people? It is a forum to increase the awareness of the true risks. You know as well as I do from attending most of the BH/Defcons that if someone got up there and did a FUD presentation they would get chased out of the venue. Although this year I see iDefense is presenting so we will see. :-) The bottom line is, Gweeds sold you a bridge, he talks about nothing that he would even have the opportunity to offer evidence of and he is definitely in no position to point fingers when he himself sold out and cashed in on Macromedia. Some consider me to be a hacker, I consider myself to be a pretty good IT guy that likes security and therefore works in the security area, can you fault people like me for making a living? That would be like saying that Thomas C. Greene is a good writer but he has really sold out by writing for The Reg -- he should do it for free. Of course, when was the last time you've heard of a hacker releasing internal memos indicating unsafe products, discrepancies between a company's SEC filing and its own accounts, dirty dealings with local property owners, or any other routine crimes of corporations? Not recently, eh? Cynicism of the security industry is good and healthy, but please let's not give precious ink to such bullshit hacker mantras as "information wants to be free", which are nothing more than a lame excuse by pimpled kids and folks with no social skills to read your private email to a drug use mailing list and raid your porn image collection. Gweeds is a bitter little psycho who can't handle the fact that he never got famous enough, so he gets up on stage in front of hundreds of people and makes a speech about RUMORS of people who TRIED TO BE HIS FRIENDS, rumors that he only even heard because some people, in a misguided attempt at human caring, think that he will ever be less of a lying, petulant shit than he is now. When he picked SD and the L0pht as targets, it had nothing to do with the reality of the security industry and everything to do with specific personal vendettas against people who think he's a raging asshole and want nothing to do with him. I think that other respondents have said enough about his work history. I wonder if it was the deadening pace of cubicle life or the ability to live off the government and buy himself into whatever half-assed grimy underground scene will have him for well over a year that gave him the inner fire for his new crusade to destroy the private lives of the people on his personal enemies list in the guise of some kind of social crusade. There really ARE people working on positive, activist, subversive and cool projects, and a lot of them are the exact same people that gweeds saw fit to slam in his speech. Gweeds, and other lesser luminaries of hax0r scene shithead, are a poison on the whole culture (which is always going to be tangential to the actual business of security anyways), and are a sad secret of the scene for those of us who would try to make it more exciting. I understand your desire to cover gweeds' speech; a self-directed contrary view like that is way rarer than it should be at cons. But the content and purpose of the speech were totally perverted by the intentions & general anti-social tendencies of their creator.
Thomas C Greene, 16 Jul 2002

Yahoo! censors portal, kisses Beijing's ass

Yahoo! has caved in to Chinese government intimidation and agreed formally to refrain from "producing, posting or disseminating pernicious information that may jeopardize state security and disrupt social stability" or spreading "superstition and obscenity," such as religious beliefs, say, or fair political analysis. The spineless pimps have decided to accommodate repression and censorship in hopes of expanding their empire of triviality, embracing the Chinese "Public Pledge of Self-discipline," according to a report by the Associated Press This means that Yahoo! will not make available any Web content which the local Mandarins find inconvenient, regardless of its value to the populace. And worse, local people who defy the ban on forbidden ideas will be turned in eagerly by Yahoo! staff for redeeming bouts of imprisonment and torture and received right-thinking. So Jerry Yang knows what Jiang Zemin's ass tastes like, and apparently he digs it .... most likely because a billion penniless consumers made it sweet, and because Bill Clinton's breath is still discernible in that peculiar place. ®
Thomas C Greene, 16 Jul 2002

Peru mulls Free Software, Gates gives $550k to Peru Prez

The Register's department of strange coincidences can't help noticing that yesterday Bill Gates met Peruvian President Alejandro Toledo, and graciously donated around $550,000 worth of money, software, and consulting to be used by Peru for education and e-government. You may recall a while back somebody impersonating the Prime Minister of Canada had a great deal of trouble even getting Bill on the phone, Bill being a bit sniffy about the level of head of state he's prepared to give airtime to these days. But heads of state who want a summit with Bill, and even a nice jpeg of the ceremony put up on the Microsoft site, just have to set the correct alerts flashing. Peru, you see, has been threatening to outlaw Windows by mandating Free Software in government departments. And seriously folks, it is not widely known (or at least, not widely enough) that when major Microsoft contracts or customers are in peril, Bill is frequently deployed as the Ultimate Weapon. You may think he's supposed to be piloting Longhorn to completion these days, but he still has plenty of time for being a supersalesman. Where President Toledo's education and e-government deal leaves the Free Software initiative is not clear. But as we must surely now have a contract with Microsoft, it likely complicates it a tad. Oh, and The Reg itself feels moved to threaten to pull the NT 4.0 machine that's been sitting in the corner of the office not doing anything for four and half years now, and replace it with a drop-in Linux box we're working on. We're free next week, Bill. You? ®
John Lettice, 16 Jul 2002

TFI wants suspended ISP service ‘to be sorted’

A director of UK ISP thefreeinternet.net (TFI) has told The Register that he is doing everything he can to resume a Net access service for his customers. The ISP suspended its service last month leaving tens of thousands of users without Net access. TFI blames the downtime on a dispute with its carrier, NTL, and insists it is not responsible for disconnecting its punters. The dispute is currently in the hands of lawyers and TFI declined to comment on the case. A spokeswoman for NTL said: "The service was suspended due to non payment of sums due." But Gerry Kavanagh, a director at the ISP, insists that he is doing everything he can to resolve the matter. "My first priority is to get this sorted," he said. That could mean trying to find an alternative carrier to provide a service for TFI's customers. But if that fails then TFI could also look to find a buyer for the ISP or its customer base. Kavanagh also denied some reports that the suspension of the service was a result of TFI being forced into liquidation. The Free Internet Ltd is in liquidation, he admitted, -but the ISP's customer=base is owned by another company, 1st Free Ltd. The liquidation of The Free Internet Ltd has no bearing on why the ISP is not providing Net access, he said. ®
Tim Richardson, 16 Jul 2002

O2 security bubble pricked

O2 has plugged a serious security hole which left its customers' account and billing details open to attack. Users logging onto O2's (formerly Genie's) Web site are led to believe that their user name and password are sent securely using HTTPS. However, Paul Mutton (aka Jibble) yesterday created a Web page which provides evidence to the contrary. User name and passwords are sent in clear text over the Internet, screenshots on the page show. Although a subsequent page, used to view contact and bank details of subscribers after entering a separate four digit PIN, DID properly encrypt data, Jibble notes that the protection of sensitive data has been dramatically reduced. With a password in hand, attackers could attempt to brute force the ID number with dramatically increased chances of successfully obtaining access to the goodies, he notes. Since O2 emphasises the need to keep passwords secure at all times its own failure to keep this information secure is a serious gaffe. The data on Jibble's page appears genuine, but tests by security consultants Information Risk Management, show that the problem has now been fixed. IRM's technical director Neil Barrett told us: "The story told on the Jibble page looks kosher - as though the submit commands were to a non-secure link - but we've just gone over this with a similar fine-tooth comb and it looks like it's been fixed now," IRM believes that the problem arose because the form input CGI was originally specified as HTTP rather than, as now, HTTPS. O2 is investigating the issue, and wasn't able to come back with a detailed response this afternoon. A spokeswoman for O2 said that it took security seriously and expressed surprise at the lapse. Technical staff at O2 are looking into the issue to find out what happened and when, she added. ®
John Leyden, 16 Jul 2002

Fears emerge over Intel job cuts

The weak outlook in the PC market could lead Intel to announce layoffs and cost cutting when its Q2 figures are released on Tuesday. According to a report in the Wall Street Journal, Chief Executive Officer Craig Barrett is scheduled to speak to Intel employees after the close of the US stock markets, just as Intel discusses its second-quarter results in a conference call with analysts. The speculation is based, in part, upon comments made by Barrett last autumn. At that time he said that although Intel's revenues were roughly the same in the years 1998 and 2001, the company now had 20,000 more employees. Observers are inferring that because revenues have shrunk rather than increased over the past nine months, Intel may choose to reduce its costs. Intel has given no indication that the speculation is true. It is also worth noting that the Wall Street Journal acknowledges that Barrett may have other plans for the speech to employees, such as pay cuts or he may simply wish to offer encouragement to his employees. Intel lowered its revenue guidance for the second quarter in early June, citing lower-than-expected demand in Europe. It reduced its estimates from between USD6.4 billion and USD7.0 billion down to between USD6.2 billion and USD6.5 billion. In the same quarter last year, the world's biggest chipmaker had second quarter revenues of USD6.3 billion, down 24 percent from the corresponding period in 2000. Intel had about 83,000 employees worldwide at the end of the first quarter. In Ireland, the company employs 3,150 workers based in Leixlip, with a further 1,000 in permanent employment with long-term subcontractors to Intel. There are also a further 82 people employed at Intel Communications Europe, located in Shannon. It is thought that if any cuts are made, Intel will still remain a major employer in Ireland as the construction of Fab 24 moves ahead. Construction, which had been delayed for a year, resumed on the new facility in April creating over 1,000 construction jobs, with 1,000 Intel workers to be employed there by 2005. If Intel does cut jobs as many industry watchers suspect, the news would follow on a string of bad news from the semiconductor industry that includes Intel's own profits warning. Additionally, in early July, chip manufacturer AMD cut its second quarter sales estimates for the second time in a few weeks, reflecting the weak global market for personal computers. Other bad news came from NEC, the Japanese computer and chipmaker, who in June cut 7,000 jobs. Still, there has been good news as well. According to the most recent data from the Semiconductor Industry Association, chip sales reached USD11.37 billion worldwide in May, a 2.8 percent increase from April, although sales in Europe dipped by 2 percent. SIA also pointed out that this figure is down 20 percent on the USD2.82 billion reported this time last year. © ENN. The Register adds The channel checkers at Fechtor Detwiler, the Boston investment bank, hear that Intel's Fab 17 plant in Hudson, Massachusetts, "is in trouble". In a note yesterday, it reports understaffing on the P4 production lines, poor yields, poor staff morale and low output - an estimated 3700 wafer starts a week, against a target of 6,500 a week. And where have all the P4 staff gone? Reassigned to the Alpha line, according to Fechtor Detwiler, which notes 'indications' that Intel is ramping up production for the so-called Legacy Chip. This will ensure sufficient inventory to meet customer orders for the doomed chip through to 2004.
ElectricNews.net, 16 Jul 2002

IBM sends Shark into feeding frenzy

IBM yesterday unveiled the latest iteration of its Enterprise Storage System, commonly known as Shark. The product has been comprehensively upgraded since the last release from the firm. But this isn't the time to judge technical competence between the vendors, this year it's all about price. And IBM is coming out fighting. Its Enterprise Storage Server Model 800, the ace in the Shark pack, has had a complete overhaul. Processing power has been tweaked, the cache is now up to 64Gb, Raid 10 is in there as are 2Gb Fibre Channel/FICON host adapters. It'll scale up to 27.9Tb - and it's got a turbo option. That's all very nice, very timely stuff. But is it enough? Possibly. The latest upgrade will, arguably, give IBM a nose hair's breadth of technological advantage over the competition. But that's too close to call, given the array of configurations you could utilise. The fact is all enterprise storage boxes in the market right now are pretty similar. IBM's Shark product first came to market a few years ago after, what one can only describe as, a long and laboured birth. When it finally got there the market was in turmoil, plummeting and as rough as we've seen, which didn't help. Still, IBM claimed some market share. In 2001 it was estimated that IBM had as much as 14.2% of the market in 2001. That put it in a clear third place in the market, well behind EMC's 30% share. Part of the problem that IBM has suffered is catching up with its rivals, technically and in terms of market share. Nowadays things have changed. IBM's Shark, EMC's Symmetrix, HDS's Lightning - they are all pretty well balanced technically with not a lot between them. It's a very unusual situation too for the storage market, which is more used to glaring holes in technical ability between the vendors. And it changes the game considerably. This year you can expect to see a raft of upgrades, new systems and re-badged efforts from vendors as they each try to squeeze a nose ahead of the competition. As far as buyers are concerned though, this could be a great opportunity. With all of the vendors touting nigh-on replica devices, the fight for market share will probably be in the pricing strategies and purchasing arrangements - and that could prove fruitful for the IT department. © IT-Analysis.com.
IT-Analysis, 16 Jul 2002

Reg Hackerettes – The jury delivers its verdict

Thanks to all those Hackerettes who answered our call regarding optimum sizes for a women's-fit Hacker t-shirt. And very entertaining reading it made too. Firstly, shame on all those men who insist that the ideal size is tight, and preferably wet. That's hardly constructive, is it? Neither is advising us to order size sixteen and call it a ten on the grounds that women are "prone to self-flattery" when it comes to delaring their size. Those are not my words, by the way. The bottom line is this: Reg Hackerettes come in a range of sizes, and we're going to act accordingly. So, we've decided to scrap our original plan to produce just one size, and go for no less than three: Small - UK size 8/10 - To fit bust 30/32" Medium - UK size 12/14 - To fit bust 34/36" Large - UK size 16/18 - To fit bust 38/40" It gets better - we've identified a top-quality v-neck shirt with 5 per cent Lycra. Oh yes, the shirt won't be black, but you'll have to wait two weeks to find out exactly what is the new black for Hackerettes. Watch this space. Bootnote We'll have full details of how the UK sizes relate to other international standards when the shirt is released. As promised, five of our correspondents will be rewarded for their participation when the shirt hits the shops.
Lester Haines, 16 Jul 2002

Banks seal Energis takeover

A consortium of banks has bought ailing alternative telco, Energis, it was confirmed today. Chelys - a company chaired by Tory MP and one-time ASDA boss, Archie Norman - has bought the UK business of Energis plc after it ramped up debts of £690m. As widely reported in the press over the weekend, Chelys will pump £150m of cash into Energis to finance the development of the business. The new owners claim that Energis' UK business is sound. In the last three months Energis won new sales orders valued at more than £41 million, including contracts with Virgin Mobile and Eurostar. Chelys will trade under the Energis name. Said Archie Norman in a statement: "This is a business with very strong customer support and committed employees. "When approached I said I would be keen to help but only if there was financial security for the business and the prospect of building a great team. "Chelys delivers both and provides an opportunity to rebuild a strong business for the customers, employees and investors." Related Story Archie Norman lined up for Energis as banks take over
Tim Richardson, 16 Jul 2002

Microsoft lifts veil on Corona media platform

Doing the dance of the seven veils with its technology as usual, Microsoft Corp released a few more details of its "Corona" streaming media platform yesterday, saying the public beta of the software will be launched in Los Angeles on September 4. And, in an announcement that required no drum-roll, the company revealed Corona's official name - Windows Media 9. The suite will consist of new versions of the Windows Media Player, streaming server, better audio and video codecs, encoder and software development kit. An end-of-year shipping date is expected. Microsoft has been hyping Corona as the biggest streaming leap to date since the platform was first announced last December. WM9 promises to virtually eliminate buffering when users first launch streams, and to help cut out the jitter and blocking caused by latency by fully exploiting a user's bandwidth. In regular video or audio streams, a file encoded at 100Kbps, say, will be delivered at that speed, even if the available bandwidth is much greater, which causes network congestion to have a noticeable effect on the quality. There will be buffering for the first few seconds as the start of the stream is downloaded. By using client-side caching and by eliminating handshake information, Microsoft hopes to eliminate these two problems. An additional feature for content providers is playlists, which allows companies to maintain a sequence of streams to be delivered at the server side, allowing broadcast-like segues between shows and commercials. Microsoft also claims WM9's server, actually Windows Media Services for Windows .NET Server, will be twice as scalable as previous versions. In a recent test at MSNBC (the cable TV station joint-owned by Microsoft and NBC), a WM9 server farm running at 23% capacity served the same number of streams as a same-sized Windows 2000 streaming server farm running at nearly full capacity, Microsoft said. © ComputerWire
ComputerWire, 16 Jul 2002

Liberty Alliance unveils secure sign-on specs

Liberty Alliance duly unwrapped its version 1.0 specifications yesterday, outlining a standard for federated network identity sign-on as a secure method for identifying individuals using any manner of internet-connected devices. The first phase of work undertaken by Liberty Alliance in its first year has focused on the use of so-called opt-in account-linking so that businesses and customers can share and re-use recognized sign-on procedures and preferences. Once users' accounts are federated, they can log-in and authenticate at one linked account and navigate to another linked account, without having to log in again. This single sign-on feature is deemed critical to the future success of e-commerce and the concept could play a significant role in the development of web services. Federated online identities are expected to provide businesses with increased opportunities on the internet, by enabling them to maintain ownership of their customer databases while still being able to work closely with business partners to share customer leads and customer data securely over any access device. The Liberty version 1.0 specifications do not involve the exchange of personal information. Instead, they involve a format for exchanging authentication information between companies so the identity of the user is held safe, without specific details having to be shared. The user could choose which account or accounts should be linked, but could opt to maintain separate identities in different locations while still benefiting from use of a seamless sign-on. The version 1.0 specifications will enable consumers to choose their identity provider and benefit from the convenience of simplified sign-on when navigating the internet from any device. Version 1.0 also takes "a first stab at the problems of authentication context," Timo Skytta of Nokia Mobile Software and chairman of the architecture board for Liberty Alliance confirmed to ComputerWire. This is a method that allows companies linking accounts to communicate the type and level of authentication that should be used when a user logs in to different accounts. Authentication context may incorporate the use of attributes or data such as a mobile telephone user's call number, a digital signature, a user name and password, or some other combination. It will also account for user preferences and whether access is via a fixed or wireless device. It is an ambitious plan: "It is an issue that has not yet been tackled fully by the security vendors," Skytta confirmed to ComputerWire. The Liberty alliance includes large organizations such as General Motors, American Airlines, and Hertz, and achieving federated identity will require some agreement on standards among these commercial businesses as much as collaboration among numerous hardware and software technology vendors. As a demonstration of the specifications' acceptance among the 65 or so Liberty Alliance member organizations, several concurrently announced plans to deliver Liberty-aware products and services. These vendors include Communicator, Entrust, NeuStar, Novell, OneName, RSA Security and Sun Microsystems. The first products are expected to be available by the end of 2002 and industry-watchers will want to track vendor-specific "enhancements" to the specification carefully, as first-edition standards will inevitably be inadequate for many requirements and will necessitate vendor-specific approaches to overcome some security concerns. © ComputerWire
ComputerWire, 16 Jul 2002

Microsoft backs Web services security standard

Microsoft Corp is supporting a multi-vendor web services security specification, opening the door on interoperability with rivals, Gavin Clarke writes. The Redmond, Washington-based company said it will adopt Security Assertion Mark-up Language (SAML), officially launched yesterday, as it relates to WS-Security - developed by Microsoft and IBM with VeriSign Inc. SAML was developed by 12 members of the Organization for Advancement of Structured Information Standards (OASIS). SAML support raises the possibility of interoperability between systems based on WS-Security and specifications from the Sun Microsystems Inc-backed Liberty Alliance Project, the first version of which were also launched yesterday. Microsoft architect Kim Cameron disclosed Microsoft's plans at the Burton Group Catalyst 2002 Conference in San Francisco, California, yesterday. Adam Sohn, .NET platform strategy group product manager, said Microsoft would support multiple assertion types in WS-Security and so too - ultimately - would Windows and Active Directory. Other assertions that could also be supported are PKI, Kerberos and XRML, Sohn said. He said Microsoft's backing for SAML "boded well" for future interoperability with Liberty specifications, given Sun's recent support for WS-Security's submission to OASIS. Sohn supported SAML following last year's Catalyst conference. Members of OASIS are already working on extensions to SAML that work with WS-Security. It is unclear whether Microsoft would work through OASIS or the Web Services Interoperability (WS-I) organization, which aggregates specifications. SAML provides security assertions - which identify a user. WS-Security provides a framework for different security assertions and certificates, such as SAML, Kerberos, 501 certificates and PKI to operate and exchange data in a standards-based way. SAML is the basis for the Liberty specifications, version 1.0 of which were launched at yesterday's conference. Version 1.0 outlines a standards-based way to exchange user identity across different web sites, domains and servers. Version 1.0 of Liberty builds on SAML with additional features. These are ability for a user to link accounts held by different service providers, once a user's accounts are linked ability to authenticate across these accounts, ability to communicate information between accounts, log-out across all sites, and a client. Unlike Microsoft's .NET Passport, data is not held by a single company or service provider but remains with the user or multiple service providers - like banks or retailers. Vendors are already lining-up behind both Liberty and SAML. Seven vendors announced Liberty products, including Sun which plans product announcements today, Novell Inc which announced Project Saturn to Liberty-enable versions of its eDirectory and iChain this year, and RSA Security Inc which plans products that create and provide Liberty identities and consume identities. Those backing SAML include Baltimore Technologies, CrossLogix, Entegrity Solutions, ePeople, Novell, Oblix and Sun and Sigba. Version 2.0 of Liberty is expected in 2002. That version will focus on privacy and enable users to specify what types of personal information they share between sites, such as name, address, or credit card. © ComputerWire
ComputerWire, 16 Jul 2002

Unisys takes high and middle roads with new ES7000s

Enterprise server maker Unisys Corp will today unveil that it has broken the ES7000 server line into two separate product streams so it can better target midrange and enterprise customers who have different scalability and pricing needs. Unisys, which was the only major server vendor offering servers based on processors from Intel Corp that scaled up to 16 or 32 processors, is starting to see competition from IBM Corp with its four-way xSeries 360 and 8-way xSeries 440 servers, which will soon scale to up to 16 processors. These IBM machines, which all employ the "Summit" EXA chipset, are designed to compete against the entry ES7000 servers from Unisys, and IBM even took potshots at Unisys in the Summit launch to prove that this is one of the real marketing targets of the Summit machines. Unisys is probably also concerned with any vendor - such as Hewlett Packard Co, Dell Computer Corp, Bull, Fujitsu Siemens Computers, or NEC Corp - that has plans to roll out big midrange and entry Wintel and Lintel servers that will not only compete against Unix servers in the same power class, but also the ES7000s. You might think that Unisys would be particularly concerned about Intel's plans to foster big midrange and small enterprise servers using its E8870 (formerly known as the i870) among its competition, which is a reasonable thing to surmise. And this is why Unisys has beaten its competition to the punch by endorsing the E8870 chipset within the ES7000 and spawning a whole new 8-way and 16-way product line that can be upgraded into the full blown ES7000 servers, which can scale up to 32 processors in a single system image and which may eventually scale even further. Unisys is now selling two classes of ES7000s. The "Orion" servers are based on the Unisys Cellular MultiProcessor (CMP) chipset created by Unisys. CMP is a derivative of technologies employed in the company's mainframes, and it allows four-way server boards using Pentium III Xeon, Pentium 4 Xeon, and Itanium processors to be connected together to offer from 8 to 32 processor configurations with a single system image. The CMP architecture also allows for partitions to be created for each server board, or spanning multiple server boards. Unisys supports Windows NT 4.0, Windows 2000 Advanced Server and Datacenter Server, and the beta releases of Windows .NET Server on these machines as the host environment or within individual partitions. The company also supports SCO's UnixWare and Caldera International's Open Unix 8 as the host environment or with partitions as well. These environments can be mixed and matched on a single machine. The first Orion server was announced in mid-March as the ES7000/200, and because of Intel's delays with the Itanium 2 "McKinley" processors and E8870 chipset (we presume), Unisys held off on announcing all of these other machines that debuted yesterday and just went with the Orion machine that used its chipset and the then-new "Foster" Pentium 4 Xeon processors. The ES7000/200 includes 16MB of L4 cache per four-way cell using Pentium III Xeon processors, and 32MB of L4 cache for every four-way cell using Foster or Itanium processors. Main memory in the box scales up to 64GB using 2GB memory blocks, and the server has a sustained memory bandwidth of 20GB/sec. The ES7000/200 supports 96 PCI slots and has an aggregate sustained I/O bandwidth of 5GB/sec. The Orion ES7000/230 is tuned to support only the Xeon MP processors, and supports up to 32 processors, up to two partitions, up to 64GB of main memory, and up to 96 PCI slots. The Orion ES7000/130 is based on the E8870 chipset and supports one or two 16-way servers in a single frame; its base configuration is a single 16-way machine. The Orion servers in a workable configuration, including operating system, main memory, and disk storage, sells for between $140,000 and $700,000, according to Mark Feverston, vice president of enterprise server marketing at Unisys. The Aries product line targets a lower price point, but it offers less scalability than the Orion line. The Aries ES7000/130 server supports up to 16 McKinley processors, up to 64GB of main memory, and up to 16 I/O slots. The Aries ES7000/230 server supports up to 16 Xeon MP processors, up to 32GB of main memory, and up to 48 I/O slots. Configured Aries machines range in price from $75,000 to $300,000, says Feverston. Feverston says that the Aries machines are upgradeable to the Orion machines and that customers will not have to do a box swap to move between machines, even though they are based on different chipsets and different architectures. These servers will also support future "Gallatin" Xeon MP and "Madison" Itanium processors when they become available. He also indicated that Unisys was exploring the option of putting a 32-way Orion using 32-bit Intel chips under the same server skins alongside a dual 16-way IA-64 configuration to create a 64 processor enterprise server that could be administered as a single machine even if it did have three different system images. This capability could come later this year. © ComputerWire
ComputerWire, 16 Jul 2002

NAI sweetens McAfee.com bid

Network Associates Inc said yesterday it is prepared to raise the amount it is offering to buy the 25% of McAfee.com Corp it does not already own by 15.5% in order to get approval from a Special Committee of the anti-virus firm's board. The company said it is prepared to offer 0.9 NAI shares, versus the previous offer of 0.78 shares, for each of the 12 million publicly held McAfee.com shares, representing a little over $137m based on yesterday's closing price. But the increase in no way guarantees McAfee.com's committee will recommend the offer to its shareholders when it makes its first official statement on the matter today. The committee rejected a bid made in March as "financially inadequate", despite the fact that the offer was at a premium to McAfee.com's closing price the previous day. This latest offer equates to about $11.47 per share, based on NAI's closing price yesterday, which is 53 cents higher than McAfee.com's closing price of $10.94. McAfee has traded as high as $40 this year, but has spent the last few months hovering around the $15 mark. Earlier yesterday, NAI disclosed in a Securities and Exchange Commission filing that CEO George Samenuk emailed committee members over the weekend, saying he was prepared to offer 0.85 shares per McAfee.com share. But with the subsequent share fluctuations, that would have actually represented a discount on McAfee's market value. Samenuk's offer to raise the offer price was based on the Special Committee "favorably" recommending shareholders accept the offer, and that McAfee.com does not execute a so-called "poison pill" or shareholder rights plan, which makes an unsolicited acquisition financially difficult to carry out. Since NAI's third tender offer was announced at the start of the month, bad news out of NAI and good news out of McAfee has seen the deal look less and less attractive to McAfee.com shareholders. The offer of 0.78 NAI shares per outstanding McAfee.com share meant the offer was worth less than McAfee.com's actual share price. Some think that McAfee.com's share price could be trading higher, were it not for the threat of NAI's bid being accepted, following its good earnings report last Wednesday. The company beat analysts estimates by three cents per share and CEO Srivats Sampath said he expects business to accelerate in 2003, the company tripling its subscriptions. Conversely, NAI revised its full-year guidance downward, and said the third quarter will be roughly flat, disappointing investors. Late last week, NAI's stock was punished, dropping from about $18 to about $14 following its earnings announcement Thursday morning. McAfee.com shares were dragged down along with it. The Special Committee comprises the two directors that do not have potential conflicts of interest or are otherwise tied to NAI - Frank Gill and Richard Schell - and will issue its decree on the tender offer today, in the form of a D9 SEC filing. The committee has previously rejected one bid of 0.69 shares that they said undervalued the company, and accepted a second of 0.78 shares that was subsequently withdrawn when NAI discovered accounting irregularities in its own books. © ComputerWire
ComputerWire, 16 Jul 2002

HP pulls plug on enterprise software lines

Hewlett Packard Co finally yanked the plug on its doomed NetAction Java and web services middleware yesterday. Palo Alto, California-based HP said it will discontinue the HP NetAction Application Server, NetAction Web Services Platform and Web Services Registry products. HP cited "heavy losses" for its decision to exit. HP also re-iterated support for San Jose, California-based BEA Systems Inc's WebLogic Server in a preferred partner deal for Java 2 Enterprise Edition (J2EE) customers. The move confirms Computerwire's report in April that HP would ditch its application server software for WebLogic Server. NetAction, formerly Bluestone, was acquired for $470m in early 2001, and has just single-digit market share while WebLogic Server is a market leader. Yesterday's decision appears to indicate, too, HP's failure to secure a buyer for the application server and web services portion software. Peter Blackmore, executive vice president of HP's enterprise systems group, said in June the company would "retire" some products. HP chief executive Carly Fiorina said the company was in partner discussions, but refused to provide details at the time. Redwood Shores, California-based J2EE application server competitor Oracle Corp was at one point reported in the frame to buy NetAction. The reports appeared to receive credence as Oracle bought J2EE application server technology from defunct Stevens Creek, California-based WebGain Inc last month. It is unclear what support or upgrade options lie in store for HP application server and web services customers. One BEA executive speculated recently his company would put in place incentives to move HP customers to BEA's platform. HP was unavailable for comment. © ComputerWire
ComputerWire, 16 Jul 2002

Nvidia intros nForce 2

Nvidia today unveiled its second-generation AMD-oriented nForce chipset, codenamed Crush 18. The product is aimed specifically at a low- to high-end PCs, but it also gives an interesting picture of the second-generation Xbox's capabilities. The nForce 2 family comprises four parts: two versions of Nvidia's Media Communications Processor, and re-engineered upgrades to its System Processor Platform (SPP) and Integrated Graphics Platform (IGP) Northbridge chips. Central to these last two parts is Nvidia's Dual DDR technology, a revision of its earlier TwinBank dual memory controller set-up, but which is not only sports a better brand name but supports 400MHz DDR memory. Or, rather, will do when it becomes widely available - in the meantime, nForce 2 will handle 200, 266 and 333MHz DDR SDRAM - up to 3GB of it. Memory makers are offering samples of DDR400 memory, but it's not yet widely available. Like TwinBank, Dual DDR connects the host PC's AMD CPU to two 64-bit memory controllers running concurrently to halve memory latency and double system throughput. CPU, memory and AGP buses are all clocked asynchronously, ensuring the operations of one are not dependent on the completion of tasks by the others, says Nvidia. Clever logic ensures all the right data arrives where it should, in the right order. The new architecture, plus faster 400MHz memory, allows nForce 2 to offer a maximum memory throughput of 6.4GBps, up from the previous generation's 4.2GBps, Nvidia claims. Real-world benchmarks will be required to show just how close it comes to the theoretical maximum. The new IGP sports a GeForce 4 MX graphics core, an upgrade that delivers a 50 per cent improvement in performance over the old nForce 420 chip, according to Nvidia's own Quake III Arena benchmark results. The SPP, on the other hand, connects to an AGP bus with 8x performance. Both parts connect to either of the two MCP parts across an 800MBps HyperTransport bus. The standard Nvidia MCP offers the usual sound and I/O facilities, but introduces support for USB 2.0 and ATA-133 to the chipset. So does the MCP-T, which also brings IEEE 1394 to the feature chart. It also contains a second, 3Com-designed 10/100 Ethernet controller, in addition to the Nvidia controller it shares with the regular nForce 2 MCP. Both can operate simultaneously, allowing the host PC to operate as a mini-hub. Nvidia's target application here are small office and home servers, or a home's prime PC, all of which can then share a single broadband Internet connection with other machines. It's a neat idea, though while consumers continue to show almost no interest in buying home computers, it's time has yet to come. Perhaps it never will - by the time consumers start buying again, they'll arguably be able to do a lot more with faster, cheaper wireless networking kit to be interested in PCs with two Ethernet ports. Corporates may take a different view, and we wonder to what extent nForce 2 is paving the way for Hammer-based Athlons aimed at business users. Hence the incorporation of 3Com technology rather than a second Nvidia design, to stress compatibility with existing networks. More immediately, both the IGP and the MCP-T may point the way toward the roles Microsoft foresees its second-generation Xbox fulfilling. Whether it's called Xbox 2 or Homestation, it is expected to be based, like its predecessor, on an nForce-based chipset. Rumours and speculation about the box centre on a shift away from a pure games machine to a broadband-connected home digital entertainment appliance. And the MCP-T specification certainly adds weight to that picture. The Nvidia part delivers the connectivity (1394/Firewire/iLink to hook up consumer electronics, USB 2.0 for PC peripherals) and networking functionality (home gateway) a more media-oriented Xbox will need. At the same time, the IGP's GeForce 4 MX graphics will allow Microsoft to improve on the Xbox's graphics - it doesn't want to move too far from gaming. And all the Dolby Digital stuff in the MCP-T will appeal to home cinema/DVD buffs. The PC-oriented version of nForce 2 will go into volume next month and should be available immediately on mobos from Asus, Chaintech, MSI, ABIT, EPoX and Leadtek. Nvidia is presumably hoping more big-name PC suppliers will choose nForce 2 than chose the previous version, but it admits that since most AMD-based systems - around 74 per cent of them - come from less well-known manufacturers, its OEM successes may be limited. ®
Tony Smith, 16 Jul 2002

US Congress approves life terms for crackers

The US House of Representatives has approved a bill which raises the penalty for computer crime to a maximum of life imprisonment. Crackers who put lives at risk, either knowingly or through "reckless" behaviour, could be sent to jail for life under measures in the Cyber Security Enhancement Act, which the house yesterday passed an overwhelming majority by 385 votes to three. The bill also seeks to impose tougher sentencing regimes for computer criminals. Controversy, however, centres on measures designed water down ISPs responsibility to protect their users data and turn into government snitches. The bill encourages ISPs to report suspicious activity on their networks (whatever that might be), even if it poses no immediate threat, and shield them from lawsuits from anyone objecting to such privacy intrusions. Service providers are also required to keep customer records, including emails, for 90 days, under the bill. Civil liberties groups are concerned that the Act will erode Internet privacy because it could give law enforcement agencies leverage in obtaining records from service providers without the tedious business of obtaining a search warrant. The bill has to go to Senate, where it is expected to receive little opposition, before becoming law. ®
John Leyden, 16 Jul 2002

MPEG 4 is go (licence fees capped)

A few weeks ago Apple effectively signalled that it had agreed licensing terms over MPEG 4, when it released a 'preview' of Quicktime 6.0 (which incorporates the video standard) in advance of any public accord with the MPEG-LA. Now, the full version is out, to coincide with the publication of the definitive license terms, and definitive prices for MPEG 4. MPEG-LA, the collective of patent holders for MPE4 video streaming standards, has published, has devised a new set of tariffs, following much wrangling with boycott-threatening content producers. Fees are capped at a million dollars a year, and companies which pay this upfront do not have to audit their streams to MPEG-LA. The license fees apply also only to fee-charging streaming services and no charges apply for the first 50,000 subscribers per year. And then? For Internet users the price is $0.25 per viewer per year or $0.000333 per minute of MPEG-4 video. Also "where the content provider’s remuneration is not directly from subscriptions (e.g., advertiser-supported services), MPEG LA will work directly with Licensees to come up with a consistent method of counting subscribers that works with their business models". Higher charges are applied for cable TV and stored video apps. Previously, no pricing distinction was made, much to Apple's disquiet. But is it all too little, too late, the EE Times asks? The MPEG 4 codec faces challenges from Divx, Real Networks and H.264. And the standard is not exactly cutting edge anymore, it reports. Rob Koenen, president of the MPEG4 Industry Forum, said: "It's make or break for MPEG4. The standard was frozen three-and-a-half years ago, and licences should already have been available." Related stories and links MPEG-LA press release EE Times: MPEG4 licence may have come too late Apple outs Quicktime 6 - without MPEG 4 deal
Drew Cullen, 16 Jul 2002

UK2.net suffers outage

UK2.net - which claims to be the "UK's biggest host" - fell over yesterday afternoon, causing disruption for thousands of its customers. According to a statement on its message board, the company suffered an "unusually long network outage [yesterday] afternoon between, roughly, 1:45pm and 4:15pm." "This was caused by an as yet unexplained simultaneous failure of a number of critical routers in our network," it said. The result is that UK2.net's customers lost their Web sites and email - and many aren't happy. The company has apologised for the "inconvenience this may have caused [its] customers" and claims this is the "first major outage in the uk2.net network…for at least a year". One UK2.net user told us that yesterday's outage was so severe it was "like they [UK2.net] had been abducted by aliens". Despite attempts to contact the Web hosting company no one at UK2.net was available for comment. ®
Tim Richardson, 16 Jul 2002
Cat 5 cable

Soft landing for firms caught in Web host fallout?

A US technology consultancy firm is touting a 'soft landing' for companies whose web hosts have gone tits up or fled the scene. RampRate offers to "identify and weave together disparate, best-of-breed infrastructure technologies" to enable rapid migration from Web hosting companies that have abruptly left the business, to established, stable service providers. In recent weeks, the Web hosting market has been rocked by the sudden departure of some of the industry's biggest players. Metromedia Fiber (MFN) has filed for Chapter 11 bankruptcy protection, LoudCloud sold its hosting business to EDS, and Intel announced its departure from the market. Given the continuing financial woes of WorldCom and telecom provider Qwest, and let's not forget KPNQwest and Global Crossing, concerns remain that the worst may be yet to come. RampRate has pinpointed and partnered with vendors in domain management, content delivery network, disaster recovery and storage, to provide migration solutions for enterprises at risk of their supplier failing them to make a smooth transition. Together with its research partner Tier 1, RampRate reckons it can match client needs with vendor capabilities (looking at factors such as SLA agreements offered, pricing and technical capabilities). Despite the sector's woes, RampRate reckons there are still an abundance of financially sound players RampRate said that its services are typically free to the client, so it makes its money as a sales channel for the service providers (it has more than 100 on its books) it recommends. Although it lists Miramax and Microsoft among its clients, RampRate will have to get overcome a possible lack of its awareness of its brand in persuading users to let it make sourcing decisions on their behalf. It will also have to persuade firms of the merits of best of breed rather than all-in-one solutions. ® Related Stories Worldcom, Level 3 stung in UK ISP collapse Chapter 11 looms For WorldCom EDS tightens grip on UK gov with Loudcloud buy
John Leyden, 16 Jul 2002

PC makers to start taking the Tablets

The punters are not buying desktop PCs; they are beginning to lose interest in buying notebooks; corporates are still flocking to Dell but staying away in droves from PC resellers. What is a poor PC maker to do? Answer, according to In-Stat/MDR, is to extend into new markets with different format mobile devices - tablet PCs, Internet terminals(?), and Microsoft Mira-powered displays and the like. Tablet PCs, the Next Big Thing for ooh a decade and then some, are characterised by In-Stat as "a promising technology that is coming onto the market at a bad time". Corporates are the key target buyers and they and they won't unlock their purses in a hurry. Also people will have to get used to pen input. Upshot, take up will be slow at first, ramping up to rapid growth come 2005-2006. Mira displays, on the other hand are "an interesting concept that combines the PC with the Web Tablet, allowing consumers to access their PCs via wireless displays." But they are going to be pretty rudimentary at first. Wait until the next-gen devices out in early 2004 and capable of handling video streaming and other multimedia apps. These will "convince consumers to take a serious look at this product". We're unsure why Internet terminals are bandied with tablets and Miras, - not particularly mobile and not particularly new. The market for consumer Internet terminals, once seen as promising, has failed to develop, as In-Stat points out. "Internet Terminals reached a low point in 2002, with most of the initial products introduced by the likes of Compaq, Sony, and 3Com, already off the market." The analyst firm forecasts modest growth for this class of device through 2006 by targeting vertical markets and niche business apps. OK, so will these new devices save the downtrodden PC maker? Well, different formats worked for Apple, the only major PC maker apart from Dell to make a profit lately. It's done this on the back of good-looking cases and monitors, but then it too has stumbled in recent weeks, overestimating demand and piling up inventory. As IDC's Roger Kay told Bloomberg: "The problem with being a Milanese fashion show is you need to have a hit every season. It's a risky strategy." And Apple is good: if it's a risky strategy for Apple think how much harder it will be for the design donkeys who run most PC system builders. Maybe the different-shaped kit will carry higher margins - at first - and maybe there will be less competition -at first (until the Taiwanese factories get into full swing). But If your core PC business is in trouble, how will it be saved in the long-term by making, or more likely rebadging from Taiwanese OEMs, different-shaped kit. Which looks the same as all the other different-shaped kit peddled by your rivals. ®
Drew Cullen, 16 Jul 2002

IBM, Intel, telcos mull US-wide WLAN service

IBM and Intel are drawing up plans with telecom companies to set up a network of wireless data hot spots in the US, according to reports. Talks about Project Rainbow, which would allow laptop and handheld users easy access to the Web from public places like airports, have been underway for the last eight months, the New York Times reports. According to the paper, the talks (which involve AT&T, Verizon and Cingular) have led to a plan to create a "company to deploy a network based on a single standard known as 802.11 (sic)" - by which we're pretty sure it means 802.11b wireless LANs. It's unclear whether the plan can be taken forward to develop a viable business model and unnamed industry sources tell the NYT that a decision on whether to go-ahead with the project, or not, is still some months off. Neither IBM nor Intel is discussing the plan publicly. The idea of the project is significant, though, because it suggests a possible game plan for luminaries in the industry to expand into the wireless LAN hot spot market, which is expected to grow significantly over the next few years. WLAN users are expected to reach 147m worldwide by 2007, according to a recent survey by analysts ARC Group. ®
John Leyden, 16 Jul 2002

We don't need no stinking ID cards

On July 3, the Home Office began a six-month consultation (PDF) on whether or not ID cards should return to the UK. So, come December, we can expect the consultees to conclude that there is overwhelming support in the country for the introduction of ID cards, or entitlement cards, in govspeak. The Register is agin it, four man and square. But then we have lots to hide. A rather more reputable bunch is Privacy International which has compiled a useful FAQ on the ID card. There are links to activist organisations, Home Office press releases, and advice on how to get make representations to the Home Office. If you are against the introduction of ID cards, now is the time to start joining. ®
Drew Cullen, 16 Jul 2002

Sun UK resellers under email siege

Sun Microsystems' hard-pressed UK reseller channel suffered another indignity today, when the company messed up its email group pricertool_external_emea@sun.com, apparently by making it an outside-world addressable alias. We'll let one reader take up the story: It all kicked off when Sun sent an email warning of an impending outage to the alias. One person replied with an unsubscribe or remove message, and since then I have received a few hundred similar messages, some quite amusingly irate. One individual has also apparently subscribed the alias to a p0rno list! (Another reader sent us a copy of this particular email.) I also received the email below (which most idiots seem to have ignored, probably due to them being in sales!), but despite sending a mail to the address listed - suggesting they remove the alias immediately, or failing that, remove me from it - I am still getting the mails, along with presumably hundreds or thousands of others. Fantastic way to advertise your technical competence and keep resellers happy.... I you wish to be removed from this email DO NOT respond to pricertool_external_emea@sun.com. ****** Respond to Me ********************* (Name deleted) ********************* Please do not fill up other people's email boxes. This alias is for the pricertool application to notify users of outages or changes. Regards Sun Microsystems Inc IT Application Support - Sales and Marketing So why are Sun's UK dealers hard-pressed? We have a copy of one email from the pricertool_external_emea@sun.com group holding two attached files which are, we suppose, notifying resellers of change. These contain scans of two hard-hitting articles from Microscope on Sun's attempt to stop its UK resellers from buying their kit cheaper from the continent. Up to 25 per cent of Sun resellers could have their accreditation taken away from them, the UK channel paper reports. Sun says the clampdown has nothing to do with parallel imports. Restrictive distribution within the EU is of course illegal. Here is the Microscope scoop. ®
Drew Cullen, 16 Jul 2002

Frethem worm poses as Password file

If you get an unsolicited email today regarding 'Your Password' resist any temptation to click on the attachment. It's more than likely to contain a variation of the latest email-aware worm, Frethem. Frethem, is a family of email-aware worms, which normally arrives in an email with the Subject line: "Re: Your password!", a text file and an infected attachment "decrypt-password.exe". The virus has become a common source of infection since the release of two fresh variants last weekend, and attempts to exploit an Outlook bug in order to run automatically when the mail is read. As usual, you are advised to update your antivirus protection to protect against the infection. You are also encouraged to regard unsolicited attachments with suspicions at all times. ®
John Leyden, 16 Jul 2002

Govt unveils plans for eDemocracy

The Government is looking at ways it can use technology to reform the way people influence the running of the country. Publishing a consultation paper today, the Government hopes it will "invigorate debate" and "enhance citizens' involvement" in the democratic process. The document In the service of democracy examines two areas for Government action - the way people can interact with Government using technology, and e-voting. Said Robin Cook, Leader of the House of Commons: "Our strategy for e-Democracy offers new ways of participating and seeks to complement rather than replace existing structures. "The paper sets out our aim of using new technologies to promote, strengthen and enhance our democratic structures," he said. However, the think-tank iSociety claims the Government hasn't been bold enough and has called on it to be more radical in the way technology can be used to enhance the democratic process. Said iSociety spokesperson James Crabtree said: "This paper is an important step-forward, and puts Britain in pole position to capitalise on opportunities to use new technology to improve the workings of democracy. However, the Government now needs to think even bigger. "eDemocracy needs to be more than an elastoplast for sickly politics. Without genuine new thinking and changing the way that politics is run, technology will not help to improve participation. "Basically, if people don’t want to vote, and aren’t interested in participating, the fact that they could do it online will make no difference at all," he said. The Government's consultation paper is available at www.edemocracy.gov.uk.
Tim Richardson, 16 Jul 2002

Snouts in the honeypot

[SCENE: A small but elegant office. Vivaldi's "Four Seasons" plays softly in the background. A man in a red power tie sits behind a solid oak desk, gently rubbing the top of a Montblanc pen across his upper lip while peering intently at his computer. The early afternoon peace is broken by heavy footsteps. A highly agitated man wearing a t-shirt reading "Windows Blows" barges into the office.] JIM: Hey, Boss! BOSS: [pained expression] Yes? JIM: We need to get a honeypot! BOSS: A what? What do we need a honeywagon for? JIM: No, not a honeywagon, a honeypot. It's a special computer you put out on the Internet to attract and catch hackers. We make it easy to break in, so we’re sure to get lots of 'em. BOSS: I'm not sure I understand. Why would we want to attract more hackers than we’ve already got? I thought we were trying to discourage them. JIM: That’s the nice thing about the honeypot. The hackers go there and sort of rummage around. Then we watch ’em! [cackle] We’ll see everything they do. BOSS: Don’t we know what hackers do already? They’re trying to break into our e-commerce server, put their girlfriend’s naked picture on our home page, and steal our customers’ credit card numbers. Besides, we get that monthly newsletter with all the details on what the third world hackers are planning. You know, from that group staffed by all the ex-government spooks? I know what they are up to. Besides, we just renewed our half million dollar contract with IncredibleDEF, and I get an exclusive daily update on the status of all the third world hackers. They just told me that a gang of Indian cyberpunks is working together to deface Pakistani web servers. Who knew? Great material for our risk reports. JIM: Yeah, that’s cool stuff, but if we had a honeypot, we wouldn’t just read about the hackers. We could see ’em ourselves, sorta like a digital ant farm. We can learn just how they work. When we know what vulnerabilities they take advantage of, then we’ll know what to fix on our servers. BOSS: Wouldn’t it be cheaper and easier to buy a book? JIM: Well, yeah ... but then one of us would have to read it ... BOSS: Good point. But I'm still not convinced. I don't want to be the first one to get one of these honeymucker things. IncredibleDEF says this gang of teenagers from Trinidad have been performing denial of service attacks using calypso music. What if the hackers use our honeypot to launch an attack into someone else’s system? I can see the headlines now, “Steel drum attack traced to Acronomia Inc. server. CSO claims it was a hijacked honeydew.” JIM: Can’t happen. Besides, Threelettria Corp. has had one for six months, and their CSO just got his picture in Wired. (The Boss silently mouths a ‘wow!’) I was just talking to a consultant from Friday, and he said that honeypots are best practice now. All the leading firms have one. (pause) You know, I’m worried that we might be losing our competitive edge ... (raises eyebrows) BOSS: OK, it's starting to make sense to me now. Can you talk to Friday about doing a feasibility study for us? JIM: I already did. They said that planning the development, implementation and operation of a honeypot was one of their core competencies, so they’ll be able to do it for only $50K. BOSS: Hey, that’s reasonable. And once I’ve spent $50,000 on a complete plan, I won’t have any trouble justifying the hardware, software, and staff. I’ll do the deal with Friday on the golf course tomorrow. Good save, Jim. Thanks. Oh, and can you have someone from Marketing Communications come up? I want to talk to them about a press release. ®
Jay Heiser, 16 Jul 2002

HP suspends 100+ UK staff in email porn probe

ExclusiveExclusive HP has suspended more than 100 employees on full pay in the UK and Ireland pending an investigation into the misuse of its corporate email system to circulate pornographic material. Fifteen people were dismissed on Tuesday morning for gross misconduct, sources told us. HP, however, tells us this figure is inaccurate and that "less than five" people have been dismissed as part of the investigation. Suspects in the investigation were escorted from the building and those with laptops and desktop PCs had them taken away for investigation. An investigation of the circulation of inappropriate material at the computer giant was initiated by HP’s UK board, after the issue was forcibly brought to its attention when one of its directors received pornographic material in his email, we understand. HP confirmed that it was investigating the misuse of its systems but said it was unable to comment in detail on the situation, beyond sending us a prepared statement, until its investigations are complete. “HP can confirm that it is currently investigating the misuse of the company email system that contravenes its internal policy for all employees. HP can confirm that this involves the viewing and sharing of unauthorised and inappropriate material. This matter is being addressed with the utmost urgency through HP's internal investigatory procedures.” “HP takes any allegations of the misuse of corporate resources extremely seriously and has acted swiftly to initiate an internal investigation. Once the results of the investigation are available, HP will, where necessary, apply its standard disciplinary process and take appropriate action.” ®
John Leyden, 16 Jul 2002

Ballmer 'fesses up to Linux/Windows cost FUD

Windows is a lot more expensive to run than Linux, Microsoft CEO Steve Ballmer has finally confessed. Despite Redmond's heroic efforts to defeat common knowledge with elaborately-rigged total cost of ownership 'studies', innuendo, FUD and outright distortions, the rhetorical power of common experience has become too powerful, even for a marketing behemoth like MS. According to an article by VARBusiness, Ballmer now concedes that MS execs "haven't figured out how to be lower-priced than Linux. For us as a company, we're going through a whole new world of thinking." Interestingly, an old page on the MS Web site claiming that the lower costs of Linux are "a myth" has been removed. In its place is a more reasonable item cheerfully touting the many wonderful features in Windows which Linux, it's said, lacks. So it seems MS is going to stop defying common sense and take an approach we could sum up as, 'it costs more because it's worth more'. This too will probably not survive informed criticism or daily experience, but it's certainly easier for the company's flacks and salesmen to say with a straight face. ®
Thomas C Greene, 16 Jul 2002