Transmeta has announced that it's entering the Windows CE business. Just as everyone else is leaving, you might jest. But the embattled chip start-up hopes that this avenue will give it a new lease of life. Transmeta has exhausted its financiers' patience, and has been told to get profitable by Q4 2003. That's seen 40 per cent of the staff axed already, and the company needs to trim expenses to $20 million from $27 million per quarter to achieve that goal [that's NOT 75 per cent, as we suggested in an earlier draft]. Although all the portable CE devices we know of use ARM-based or Hitachi chips, Transmeta CE support will be using an x86 version of the operating system. I bet you didn't know there was an x86 version of Windows CE. Well, neither did we. But bugger us, if it hasn't been there all along, right back as far as pre-MMX Pentiums. In a statement, Transmeta said it had worked closely with Microsoft in the development of the TabletPC. We're not sure if this is a clue - Transmeta has scored a win with the FIC Tablet PC, but that's running full blown XP, not CE. CE, or CE .NET, is used in many more embedded devices than PDAs: Windows dumb terminals, in-flight video screens, petrol pumps - we're always being told it's big in petrol pumps (and Mira - Ed) - and Transmeta can use volumes wherever it can find them. ®
A group of 10 Taiwanese electronics manufacturers has formed an alliance to share what are expected to be high costs, and considerable risk, in the development of system-on-chip device specifications for use in next-generation WCDMA handsets. According to Taiwan's Commercial Times, motherboard giant VIA Technologies Inc, and the world's biggest independent foundry operator, Taiwan Semiconductor Manufacturing Co Ltd (TSMC), will be part of the alliance, which is being lead-coordinated by the Ministry of Economic Affairs, and which will also feature participation from MediaTek Inc, Industrial Technology Research Institute (ITRI), BenQ Corp, Airoha Technology Corp, DBTel Inc, Inventec Appli@nce Corp and GVC Corp. Alliance members have chosen VIA to lead the alliance, the Commercial Times said. The newspaper also noted that, despite reports that it will participate, MediaTek, which did not attend the alliance's inaugural meeting, has not confirmed that it will take part, and insisted that it will push ahead with its own wireless chip program regardless of whether or not it will join the alliance. The Commercial Times speculated that MediaTek's position suggests it has yet to bury the hatchet with VIA, with which it recently quarreled over the provenance of optical disk player technology. © Computerwire.com. All rights reserved.
The IBM-backed Eclipse open source project consolidated its presence on the Linux platform yesterday. Fujitsu Software Corp announced availability of its NetCOBOL product for Linux, based on the open source application development tools framework. NetCOBOL for Linux is available at an introductory price of $999 from the netcobol.com web site until August 31. Thereafter NetCOBOL for Linux will be priced $1,800 in the US. IBM initially backed Eclipse in November 2001 as a workbench and framework to build Java-based tools, with IBM announcing support for Eclipse in WebSphere Studio. In January 2002 Linux made it onto the Eclipse roadmap, though. IBM and Raleigh, North Carolina-based Red Hat Corp donated a common interface, source code editor and debugger to further the project. IBM and Red Hat's move came as Scotts Valley, California-based Borland Software Corp announced its own, separate Linux plans with rapid application development (RAD) in C/C++ for Linux. Fujitsu Software joined the Eclipse board in May, and has since proved an enthusiastic participant in driving the project's Linux agenda. The company said Eclipse would deliver leading edge features and allow other vendors to add complementary functionality. San Jose, California-based Fujitsu Software said customer requests "mandated" NetCOBOL for Linux. "Linux has been long-praised for its stability - a feature that is also associated with NetCOBOL," the company's director of languages Ron Langer said in a statement. The NetCOBOL offering builds on IBM and Red Hat's initial work, having been tested on the Intel x86 distribution of Red Hat Linux. Features includes an Eclipse-based integrated development environment (IDE) and integrated debugger with standard NetCOBOL features including object oriented COBOL extensions, embedded SQL, data file maintenance tools and NEtCOBOL APIs for creating CGI internet applications. © Computerwire.com. All rights reserved.
T-Mobile, the Deutsche Telekom AG wireless unit which picked up the former Mobilestar Networks Inc's US wireless hotspot network when it bought VoiceStream Wireless last year, yesterday dusted off its windfall investment, and announced plans to go global with its partners Starbucks Coffee Co and Hewlett-Packard Co. Shortly before T-Mobile paid $50.7bn to acquire VoiceStream last June, the US GSM network operator had itself paid an undisclosed sum for MobileStar, one of the pioneers of the US hotspot scene whose disappointed ambitions had driven it into receivership. The jewel in MobileStar's hotspot crown at the time was the network of access points it controlled in 600 Starbuck's cafes across the US. Since then, T-Mobile has done little with its hotspot estate other than withdraw it from a bilateral aggregation agreement with HereUare Communications Inc, another US hotspot pioneer that has put itself up for sale ahead of imminent bankruptcy. Yesterday though, T-Mobile demonstrated that if it had any lingering doubts about the viability of the hotspot business, at least in the US, they have been overcome. In a joint announcement with Starbucks and HP, which is working with the two companies to provide equipment and develop applications to support their hotspot program, the companies revealed that having already expanded the original network to 1,200 Starbucks cafes across the US, they plan to grow this to 2,000 by the end of the year. Once this target is reached, the companies say they will be well on the way to meeting their target of having the first truly national US wireless hotspot footprint. The companies yesterday also announced the first hotspots in Starbucks outlets overseas. Located in the UK and Germany, the new overseas outposts are firmly within T-Mobile's corporate footprint, and like the US outlets will benefit from the in-house backhaul capability that comes from having a national wireless operator as a parent. In time, T-Mobile said plans are in place to spread hotspots to other Starbucks outlets across Europe, and for the German wireless operator to find new location partners to supplement its relationship with Starbucks. However, it is likely to be some time before the company's overseas footprint comes close to matching the scope of its US presence. "[In Europe] people are generally much less wireless LAN aware. They are less likely to already use WLAN technology in the office, and much less likely to be using it at home," said Neil Dagger, HP UK's iPaq and connected devices business manager. However, said Dagger, HP and its partners are committed to promoting interest in WLAN technology in the UK and Germany and will continue to offer free access to their new overseas hotspots for the immediate future. This, and other promotional measures planned for the rest of the year will be reinforced before Christmas by which time, Dagger said, HP will beginning to ship its first WiFi-enabled iPaq to corporate customers in Europe. © Computerwire.com. All rights reserved.
Turbolinux Inc has become the latest company to exit the Linux business after selling its Linux distribution interests to Japanese software house Software Research Associates Inc. The company has retained its proprietary PowerCockpit server provisioning software, around which it is planning to launch a new company name and business model. Turbolinux will now become a division of Tokyo, Japan-based SRA, transfer its headquarters from Brisbane, California to the Japanese capital, and continue to operate under the Turbolinux name. Financial details of the deal have not been disclosed. Meanwhile, the PowerCockpit server provisioning business continues under the management of CEO Ly-Huong Pham, but has yet to decide on a new name. Pham said that the formation and launch of the new server provisioning company would be announced over the coming weeks. A cross-platform tool for the provisioning and management of large server farms, PowerCockpit is a proprietary product that has been licensed to Hewlett-Packard Co for use with both its HP Blade Server products and Compaq ProLiant BL server blades, as well as Egenera Inc, for use on its BladeFrame servers. PowerCockpit supports Microsoft Corp's Windows 2000 and Windows XP Pro as well as the Turbolinux, Red Hat, SuSE and Debian Linux distributions. Founded in 1967, SRA is one of Japan's oldest software houses, with interests in customer software and systems development, with a specific focus on Java, Linux, networking and systems management. SRA says Turbolinux will continue to operate a US office, and is aiming to strengthen its position as the top Linux distributor in Asia. SRA has appointed the former president of Turbolinux Japan, Koichi Yano, as president and COO of the new Turbolinux, while Hajime Watanabe has been appointed CEO. SRA said that the company will continue to support all worldwide customers, and to maintain its commitment to the UnitedLinux initiative to create a single Linux distribution. Turbolinux was a UnitedLinux founder, along with Caldera International Inc, SuSE Linux AG and Conectiva SA. The sale of the Linux distribution business marks the end of a tumultuous period for Turbolinux. Rumors began circulating last month that the company's US operations were in a state of near-collapse after the company failed to land a fourth round of financing. No one was answering the phone at the company's US office, and it is believed that the US operation is down to a skeleton staff. Since the company was formed in 1992 it has eaten through $100m in three rounds of funding, but failed to make a substantial dent in the US market, which is dominated by Red Hat Inc. It still claims to be the number-one vendor in the Asia-Pacific region, however, which was responsible for 34% of all new Linux shipments in 2001, according to recent figures from IDC. In January 2001 the company announced that it was to acquire Linux services vendor LinuxCare Inc to boost its services portfolio and in March 2001 it canceled a planned IPO, citing difficult market conditions and the changed proposition of the merged company. However, after three months of working together as a combined entity, Turbolinux and Linuxcare called off the merger at the very last minute, with both sides citing differing goals and the effects of the market downturn. After a quiet period, Linuxcare announced its return at last week's LinuxWorld Conference and Expo with a new strategy based on proprietary server provisioning software for Linux on the mainframe. Ironically, the complementary nature of Linuxcare's Levanta and the PowerCockpit products probably now makes the two companies a better merger fit than they were last year. © Computerwire.com. All rights reserved.
The copyright infringement lawsuit filed against four major US backbone ISPs by the Recording Industry Association of America has been dropped, the RIAA said yesterday, after a controversial music download site went offline of its own accord. "In an apparent response to the extensive anti-piracy efforts of the international music industry, www.listen4ever.com has been offline since Sunday," the RIAA said in a statement, before adding: "The voluntary withdrawal of today's lawsuit does not preclude further litigation if www.listen4ever.com should reconstitute itself." The organization had sued AT&T Corp, Sprint Corp, Cable & Wireless Plc and UUNet Technologies Inc (a unit of WorldCom Inc) late last week, saying that the companies were in a position to block US internet users from access the site, which was hosted on servers in China. The case would have been the first test of a provision of the US Digital Millennium Copyright Act that allows copyright holders to force ISPs to block certain sites from their users when the site in question is hosted outside the jurisdiction of US law. Some critics fear this provision could ultimately mean an ISP copyright police force and slower international internet traffic. © Computerwire.com. All rights reserved.
'Other' browser developer Opera Software intends to go to first beta of its new version, Opera 7, soon, with soon probably meaning weeks rather than days or months. Bugs permitting, naturally. The new browser, which represents an extensive rewrite, will be out first on the Windows platform, but according to a spokesman this has at least as much to do with Opera's Linux developers being on overload as with any kind of favouritism. Tantalisingly, the other Linux work that's keeping them busy involves embedded development for the Sharp Zaurus, i.e. in the sector that's becoming far more interesting than the dull old desktop browser market. And although the desktop versions of the browser will likely constitute the 'shop window' for some time to come, the needs of the embedded market have been a major driver behind the 7 development. According to Opera communications director Pål Hvistendahl, the focus has been on the implementation of standards, particularly DOM (Document Object Model). This will be a major benefit for embedded developers. Increased speed will also be important for lower resource devices. Opera 7 will also feature a new layout engine, and Hvistendahl promises a competely new email client. Opera's email client so far has hovered somewhere in the 'adequate' region, so would-be Outlook refuseniks should start holding their breath now.
Australian telco Telstra is looking at Linux as a possible new standard platform for its 45,000 desktops, according to a report by ITnews Australia. Telstra at the moment is just considering Linux and Sun StarOffice as possible candidates for its corporate standard, but a deal of this size would be a major boost for open source on the desktop, particularly as, ITnews reports, Telstra is Microsoft's biggest Australian customer. Telstra recently opted for Sun and Java 2 as its web services platform, and of its existing suppliers, IBM, HP and Sun are all putting forward Linux over Windows. ITnews also reports that Telstra CIO Jeff Smith recently cited Sun's Scott McNealy as his most admired IT figure in a magazine interview. But hey, nobody's perfect. ®
Some while back, when the times were still good, Nokia was happily predicting that the reason mobile phone sales would continue to grow was because people would have several apiece. You know, the cool one for clubbing, the chunkier one for email, the waterproof one for scuba-diving... Well that all turns out to be far too unimaginative - why the blazes stop at people? The fiendish Fins (who else) at Benefon have developed mobile phones for dogs, and aparently convinced at least one vertical market that there's a compelling use for them. It's part of a co-development effort with Pointer, which makes tracking devices for hunting dogs, and it combines GSM and GPS, so you know where your dog is. But um, why are you phoning it? Well, you're telling it what to do, for starters, and (we really find this bit difficult to believe, but it's August) you can tell what kind of animal the hound's onto by its bark. We presume that if the dog's phoned you, then the phone has to be woof-activated. Big sales for it in September, when the Fins start going after elk. We can't seem to find any English language data on this at the Benefon site, and although it appears to us this story was first broken by AP, we can't find an English version of that either. But over at Yahoo! you'll find a German version, and the magpies over at the Press Association have an English version here. Lastly, how could we mention hunting without poking fun at our old friend Joachim Kempin again? Yes, we know they were deer, not antelope. Don't write. ®
BT Wholesale announced the broadband registration trigger levels for a further 169 exchanges yesterday, giving hope to yet more people that one day, maybe, just maybe, they too could get affordable broadband in their area. The telco claims the launch of its broadband registration system gives people a "direct influence on [its] rollout programme by registering demand against their local exchange". Once trigger levels (which mark demand levels for each local exchange) are reached it should prompt BT to upgrade an exchange currently not served by DSL. Of course, this cautious, demand-led approach is necessary because BT - and the market come to that - simply isn't in the position to invest the cash necessary to upgrade all its exchanges and make broadband universally available. However, the most telling part of yesterday's announcement is that a review of some 74 exchanges has concluded that demand trigger levels based on current costs "would not realistically be met given the number of lines served". In other words, it would cost too much to upgrade these exchanges with little hope that enough people would sign up to broadband. Instead, the telco is "investigating how to reduce the cost of enabling these exchanges and is looking at different methods of delivering broadband to these areas". Earlier this month BT Wholesale announced it would run a series of trials from this autumn that could bring ADSL to areas currently deemed not commercially viable. The "Community Broadband Concept" will use new broadband ADSL exchange equipment that can serve as few as 16 end users per exchange, making it ideal for areas where demand is limited. Industry insiders have told us that this could prove to be a very exciting development and one they intend to look at with interest to see how it develops. ® Related Stories BT enlists sponsors for rural ADSL trial BT sets broadband trigger levels for 88 more exchanges
The Recording Industry Ass. of America (RIAA) may have temporarily abandoned plans to censor Web sites available to American surfers, but they've still got their shock troops on heightened alert. Recently they've attempted to force Verizon.net to identify a customer they claim is making music files available for download. Verizon has refused, out of concern that it might expose itself to liability on privacy grounds. The RIAA has filed a second demand with the courts in Washington, DC, claiming that the customer's privacy rights are nullified by its superior copyright concerns. Apparently the presumption of innocence will be another casualty of that glorious crusade. In a related development, News.com's Declan McCullagh reports that the US Department of Justice (DoJ) is apparently salivating over the chance to make examples of file traders to send the "message that stealing is stealing," as US deputy assistant attorney general John Malcolm puts it. According to the article, show-prosecutions are being planned, though there's no official word on when the 'copyright-911' assaults will commence against the P2P pestilence. Recently nineteen members of Congress sent a petition to US Attorney General John Ashcroft begging him on behalf of their Hollywood patrons to crack down on P2P evil-doers. Apparently their prayers have been answered. ®
Last week AOL UK got a right old lashing following customer complaints about its broadband service. It was dire, said punters, even slower than slow old dial-up Net access. And this from a service that costs a wallet-denting £34.99 a month. At the time AOL UK apologised for the fact that punters were experiencing a "slower than desirable service" and said it was "working closely with BT, the network provider" to sort out the problem. So, has there been any improvement? Dunno, we've not heard a peep from punters. But the latest statement from AOL UK seems to suggest it might not have been to blame. "BT has confirmed that they have been experiencing problems with their network and in some cases, this has resulted in decreased throughput performance. Consequently, this has resulted in lower than expected downstream bandwidth for broadband users. "BT is currently testing possible solutions to this problem and we hope to have further updates for you over the next few days. Please be assured that we will continue to work with BT round-the-clock until AOL Broadband is back at optimum service levels." Problems at BT's end? Shirley shome mishtake... ®
Sheffield-based ISP PlusNet claims ISDN users are still under the impression that they have to pay through the nose to upgrade to broadband. Earlier this year BT introduced a scheme that enabled ISDN users to upgrade to ADSL for less than £30. If for any technical reason the conversion fails, BT will convert the line back to the original ISDN service at no cost to the end user. Punters are charged £27.99 (inc VAT) only after they've successfully moved to ADSL from ISDN. However, a spokesman for PlusNet said of this upgrade path: "The message is still not getting through". Earlier this month Nildram announced its ISDN migration path to ADSL. ® Related Story Nildram touts ISDN to wires-only ADSL migration
Server shipments in Europe, Middle East and Africa (EMEA) continued to decline in the last three months, with sales down by four per cent in Q2 2002. That's the somewhat depressing conclusion of the latest study by analysts Gartner Dataquest, who estimate total server sales in EMEA during Q2 2002 totalled an estimated 308,000. Gartner said server spending was significantly weaker due to both aggressive price competition and a continued move towards investment in low-end systems at the expense of midrange servers. Revenues declined by 14 per cent in Q2 2002, falling to $3.54 billion in the EMEA region. Systems in the less than $5,000 price brand and rack-optimised systems were the market hotspots, with volume growth of 16 per cent and 18 per cent respectively. From a revenue perspective, the combined shares of HP and Compaq gave the newly merged vendor a slight lead. "Although the combined company reached the number one spot, it suffered a big market share loss on the year ago period, and will be challenged to maintain this position in the face of increasing competition in the coming quarters," Gartner Dataquest notes. ®
BT Broadband - the stripped down, frill-less (or is that "thrill-less") high-speed Net access service from BT Retail - is now a smidge cheaper. BT Retail has halved the activation charge for the service to £30 as part of a late summer promo. The catch is that if you want to take up this offer you need to order it before September 20 and get it installed before November 1. This offer comes even before the full, official launch of the service in the second half of September. BT Broadband - an ADSL product that costs £27 a month - has so few frills it doesn't even have email. Anyone hooking up to the product would need to obtain that separately. Oh, and you're only allowed to download up to around 1Gb of data per day. ®
CacheFlow, which made its name supplying hardware based caching devices to telcos, yesterday announced a change of name and a change of emphasis to security supplier. Blue Coat Systems, as the company will henceforth be known, has repositioned itself as a supplier of security appliances designed to combat the increasing number of Web-based threats targeting port 80 'holes' in the corporate security infrastructures. The new Blue Coat name (which sounds like something from the dire 1980s Holiday Camp sitcom Hi-Di-Hi) is the "culmination of recently announced strategic transitions, which include new channel business models, solution providers, strategic partners, products and services, all designed to focus resources on Web security," the company said. A slowdown in caching appliance sales to telcos and dot com firms has encouraged the vendor to evolve its product line towards becoming a security supplier to enterprise customers. All business previously conducted by CacheFlow will continue to be handled by Blue Coat Systems without interruption, the company said. Along with the name change, the company announced the first product to carry its new moniker - the Blue Coat SG800 appliance. The appliance is designed to perform multiple Web security functions that include Web-based anti-virus detection, content security and content-URL filtering, without imposing response-time penalties on end-users. The SG-800 supports multiple Web security applications through Blue Coat's partnerships with anti-virus providers Symantec and Trend Micro as well as alliances with URL and content filtering providers Secure Computing and Websense. ® Related Stories Web cache hardware launches DoS attacks, site claims Web caching tech boosts network performance 400%
Microsoft will produce a version of its MSN browser client for Mac OS X next year, the company said yesterday. The client is bundled with the MSN ISP, or available by subscription. Microsoft is probably looking in two directions here: Apple has decided to make its iTools and .mac email a $100-per-year subscription service, opening the door for other services. And the latest release of OS X demonstrates a close relationship with AOL: the new iChat program - AOL's first IM collaboration with a third party - is installed in the menu bar. AOL has also committed to an OS X version of its browser: unfortunately one that strips the no-pop windows feature from the Mozilla code base. Which AOL now admits repels its customers. So at least somebody believes Apple's "Twitch!" campaign - which targets computer neophytes dismayed by the Windows experience - could work: Microsoft. ® The Register Mac Channel
The UK's take on the "European DMCA" - the European Copyright Directive - will make criminals out of ordinary computer users, according to a new critique by the UK Campaign for Digital Rights. And it will also fail to protect researchers, says Julian Midgley who penned the report. "As it stands, the UK implementation of the European Copyright Directive will hinder research into cryptography (in contravention of the express intent of the Directive itself), make criminal current common practices of the music industry, give software companies unwarranted control over the creation of software products interoperable with their own, and provide an inadequate and entirely impractical mechanism for beneficiaries of the Directive's exceptions to obtain access to copyrighted works protected by technological measures," the report concludes. CDR recommends amendments to the consultation paper. "Academic research" isn't defined, for example, and Midgley notes that even the draconian DMCA had more detail on protections for cryptographic researchers than the UK's draft - even though those were insufficient to protect researchers from prosecution. The draft's proposals will also hinder music studios, broadcasters and software developers, who risk breaking the law when they decompile copy-protected software. The CDR's detailed critique can be found here or downloaded here [82kb PDF]. The Patent Office is taking comments now. Have they heard from you, yet? ® Related Stories Exemptions exempted in Europe's DMCA Alan Cox attacks the European DMCA Does new Europe law mean slammer for DRM crackers? UK campaigners call for anti 'anti-rip' CD day of action
Despite signing a recent deal with Microsoft, Sweden has become the latest country to investigate the benefits of free software. In a report entitled "The state wants to save money" in Swedish magazine Ny Teknik, the Statskontoret, (Swedish Agency for Public Management) is setting up a working group to investigate the value Linux could provide. The work is in the initial stages and it is too soon to see what the actual result will be, according to Irene Andersson, who is responsible for all software at the purchasing department in "Statskontoret". Contributors to the working party include the police, the unemployment agency and the tax office. Sweden recently signed a half-billion kronor deal with Microsoft to run two years. This encompasses central government and local authorities. (Thanks to Tomas for the translation - we thought about asking Linus, as his first language is Swedish, but he's very busy). Earlier this year Denmark announced it was considering moving 55,000 desktops to Linux, and the Norwegian government - a supporter of its indigenous Opera browser - recently cancelled a public sector Select contract with Microsoft. These are dwarfed by public sector IT decisions being made elsewhere, notably in Asia. 120,000 Korean public sector desktops are being migrated to Linux, and the biggest big government spend of them all, China, is developing its own, home grown distros. The call for software libre comes from all corners of the political spectrum: Norway's decision was encouraged by Administration Secretary Victor D. Norman, a conservative free marketeer. So it's a possibility that Bill might soon be booking a flight to Scandinavia bearing gifts. In which case we can help with pronunciation and cultural nuances . ® Related Link Ny Teknik story Related Stories MS gives New Orleans 'free' systems for City Hall, PD Peru mulls Free Software, Gates gives $550k to Peru Prez MS in Peruvian open-source nightmare The Microsoft Government Portal explained Microsoft welcomes UK govt open source policy E-Envoy and team schmooze Seattle with MS again UK Gov depts must buy MS servers for 2005 deadline Blair savaged over Microsoft visit German gov deal offers Linux great leap forward in Europe Danish local govt. rebels against MS license terms
Bill Thompson, whose Damn The Constitution polemic we published here , will take to the air on BBC's flagship Newsnight current affairs slot tonight. (10:30PM BST, 2:30PM Pacific Time) He'll be joined by libertarian icon John Perry Barlow, co-founder of the Electronic Frontier Foundation. You don't have to have a TV to watch them duke it out: the BBC's NewsNight page carries a link to the most recent program for 24 hours after its broadcast. But if the shooting war starts, it might be cancelled. Thanks for your responses to The Stuckist Net - a vision far less optimistic than Bill's, and we'll post a selection later today. ® Related Link BBC Newsnight Related Stories Damn the Constitution: Europe must take back the Web The MeatSpace Mailbag Bill Thompson answers critics The Stuckist Net - what is your post-Palladium future?
Web admins are faster at fixing flaws to conventional Web servers than SSL servers, figures from Netcraft latest Web site survey suggest. The study, released this Tuesday, found almost half of the 22 million Apache HTTP sites scrutinised are running Apache/1.3.26, whilst only around a quarter of the Apache SSL sites are running this version, which fixes a well publicised chunked encoding vulnerability. This flaw, which opens the door to potential DoS attacks or remote exploits on vulnerable servers, together with recent remote vulnerabilities in Microsoft Commerce Server and Microsoft-IIS, leaves a great many ecommerce sites vulnerable to direct attack over the internet, Netcraft gloomily notes. And that's before factoring in four remotely exploitable buffer overflows in OpenSSL or the effects of a recently demonstrated vulnerability in IE and KDE which potentially allows Web sites certified by Verisign to assume the identity of other sites, including widely used ecommerce sites. More than just events of this month alone, 2002 is shaping up to be an annus horribilis for Web security. ® Related Stories MS soft-pedals SSL hole KDE fixes SSL hole as MS dithers Trio of bugs bite MS Content Management Server OpenSSH trojaned!
Virus watchers have discovered the latest in a line of viruses targeted at file sharing networks. The Duload worm is spreading across the KaZaA file-exchange network, antivirus firm Kaspersky Labs warns today based on reports of infections from Italian internet users. Duload appears as a Windows executable written in Visual Basic either 18432 bytes or, in its compressed form, 7680 bytes in size. If the infected file is accidentally opened "Duload" copies itself to the Windows system directory under the name "SystemConfig.exe" and modifies the system registry so that this file automatically loads each time Windows is started. Next, the Duload worm creates a folder in the Windows directory called "Media" and copies itself to this directory under 39 different names, explained in more detail in Kasperky's advisory. Duload then once again modifies the system registry in order to make the Media folder accessible to all other KaZaA network users, with the aim of furthering its spread. One modification of the worm also downloads from the Net several Trojan programs designed to establish the unauthorised remote management of victim computers. Antivirus vendors are in the process of updating their tools to detect the worm. As always, the main advice remains to be vigilant about the possibility of downloading and running executable code from file sharing Web sites. File sharing services are increasingly becoming a target for virus writers. In June, KaZaA users became exposed to a virus called Backdoor.K0wbot.1.3.B, which followed the infection of the network by Benjamin worms only a month earlier. ® Related Stories GamesSpy and KaZaA infected by viruses Altnet wakes up as worm spreads through KaZaA Popular file-share utilities contain Trojans
The semiconductor sector received mixed news on Wednesday. Sales of equipment used to make chips were down again, but orders were up. Figures from industry bodies in Japan and North America showed that the sector has yet to make its long-awaited recovery, but indications for its longer-term future are positive. According to the Semiconductor Equipment Association of Japan, global sales of equipment used to make semiconductors fell for the sixteenth straight month in June. It said that the total amount of sales for the month amounted to $1.85 billion, which was an 18 per cent drop compared to June 2001. However, this slump was the smallest in percentage terms since March of last year. The organisation also said that orders, which become sales about six months after they are received, have started to increase as chipmakers begin preparing for increased demand for their products. Meanwhile, Semiconductor Equipment and Materials International (SEMI) reported that North American-based manufacturers of semiconductor equipment had orders worth $1.15 billion in July 2002. The $1.15 billion is a three-month average of worldwide bookings during the month. And although it represents a two percent fall from the month previously, it is a 50 percent increase from the $769 million in orders posted in July 2001. In addition, SEMI said that North American companies in the sector had a book-to-bill ratio of 1.16. This means that $116 worth of new orders was received for every $100 of product billed for the month. According to SEMI, the three-month average of worldwide billings in July 2002 was $995 million, which was seven percent above the figure for June 2002, but 17 percent below the July 2001 billings level of $1.19 billion. "The July bookings data likely reflects renewed questions about the robustness of the economic recovery and the prospects for the consumption of electronic goods," said Dan Tracy, director of industry research and statistics for SEMI. "The data is consistent with recent announcements of reduced capital spending plans by some global chipmakers and supports the consensus of industry analysts projecting market recovery in 2003," he said. Worldwide sales of chipmaking equipment have been falling over the last two years. According to SEMI, during the period, sales peaked in September 2000 at $5 billion for that month. However, there has been a dramatic slump since then. Although the fall in equipment sales is largely due to the poor state of actual semiconductor sales, it may also have to do with semiconductor manufacturers using their current machinery more efficiently. According to Semiconductor International Capacity Statistics (Sicas), capacity utilisation at semiconductor manufacturers around the world rose to an average 86.4 percent in the second quarter from a slightly revised 77.3 percent in the first quarter. Most chipmakers are profitable if capacity utilisation is above 70 percent, analysts said. However, the rise is not expected to last and analysts expect capacity utilisation in the third quarter to fall to around 70 percent. © ENN
LettersLetters Register readers are dreamers - but not schemers. That's the conclusion from your response to our story, The Stuckist Net - what is your post-Palladium future? - asking how a non-Palladium world might be sustained if the biggest names in the computer industry continue to capitulate to . We suggested that in India and China are two countries willing to capitalize on the PC industry's reluctance to face down the US entertainment lobby. Both India and China have indigenous populations, thriving local film industries, who would not feel Hollywood wrath as acutely. They'd also welcome the chance to lead a technology market, rather than become assemblers or service suppliers. "Maybe in a century or so, they'll ship charity-technology to the underdeveloped West", muses one correspondent. Lots of you want in, but far less of you responded to the challenge of describing the bits and pieces. What machines would we run? Who could control the pipes? For that matter, what pipes? A few of you put your thinking caps on. Is it even feasible? Practical Stuckism Here's how:- 1. acquire inexpensive, used equipment, primarily laptops, for parts... 2. Learn how to build ruggedized equipment by studying the innards of damaged ruggedized laptops (e.g. how to shock-mount hard drives so they don't crash when a laptop is dropped, how to shock-mount LCDs, how to waterproof a case, and etc). Design and construct a basic, easily customizable rugged frame on which any acquired parts can be retrofitted. In my case, I'm building molds with which I can cast as many parts as I need (I was into special effects when I was a kid, so I have a lot of fabrication knowledge, from clay sculpting to plaster casting, to plastic injection molding using household items -- no joke). 3. Start ripping apart the used laptops, putting their parts in cheaply molded, ruggedized chassis' and build a set of computers that'll last twenty or thirty years and be able to be repaired easily as necessary. Basically, the goal is an eternal, nearly unbreakable computer. This is kind of a paranoid approach, but if you don't want to have Palladium shoved down your throat in a few years, you've only got around two years left to scrounge parts. I'm going to have a stack of nearly indestructible laptops running Linux hidden away in MY closet. And, I'll probably have to buy a Palladium computer at some point, but at least I'll have the real thing tucked away somewhere safe. In fact, I should have at least a dozen of them altogether, plus all the molds and measurements. Phil Perry OK, what about the processors? They could clone x86, or license a non-Intel instruction set such as ARM cheaply, or SPARC for no cost at all. That's the easy part. Manufacturing requires huge capital investment Not entirely true. There exist many large programmable devices (FPGAs and CPLDs) which are very capable of being programmed to act like microprocessors and microcontrollers, and the programmers for these chips can be as simple as a US$30 kit or a US$100 cable. Some require a bit more sophisticated devices, but development kits are almost universally available for less than US$1000, software and all. In the case of Xilinx FPGAs (and possibly others) the software's free. Granted they won't be quite as fast as a dedicated mask processor, and there will be some waste (unused gates, extra circuitry) but it is certainly not the prohibitive entry cost of an entire chip fab plant. It's also worth noting that masked ASICs can be had for only US$30,000 startup costs and maybe US$5 per chip. (Large FPGAs go for maybe US$50 per chip) (but then you have to find an ASIC maker (most are in Taiwan) who'll keep mum about what's in the chip. They all do - Not to do so would be business suicide). Here's where it becomes silly. Since they're 'digital devices' they must have copy protection built in, even into the FPGA (if certain laws are passed). So there'll be an area of the FPGA that you can't program anymore - But how is it ever going to be accessed? If you don't program any connections between such circuitry there won't be any connections. The pins can be left unconnected on the board. It can't enforce anything at the bit level - Unless a 1 or a 0 becomes copyrighted. If the incoming data is analyzed for copyright codes and checksums, scramble the bus, and/or set it to a different width. Ignore the bus pins entirely, and wire up the data to uncommited I/O pins. Use funky data alignment. Rewrite your program counter to use Gray Code. Everything's programmable, and will look like unmitigated garbage to a DRM circuit. And unmitigated garbage has to be functional, because how else are you going to process any generic mathematical function on any incoming data? The function c = a + b, if it is to be mathematically useful, must process any data for a, b, and c. It's going to look like garbage. As an aside, Lattice Semiconductor still makes programmable logic chips with only eight single-bit registers, and legally, they'd have to find a way to incorporate a DRM scheme into one byte of data AND program combined, and still leave some space for user-programmability? That would be fascinating to see. I'll bet they wouldn't write it in C#. And if there isn't any in these little chips, then several of them can be ganged together to make a half-decent 68000 clone. Faster, and Fritzfree... Circuit boards to mount these chips can be had for setup costs of ~$500 and $40 each from any of a large number of small vendors. One could, theoretically, build one's own Fritz-free CPU board for not too much money. Remember those '486 Accelerator' boards that used to plug into 386 motherboards? Same idea. No, they're not going to run at 2.53GHz, they'd be lucky to get 100MHz, but that's fast enough for Linux. Remember the HEAP gun from Neal Stephenson's Cryptonomicon? It would not be that difficult to make a HEAP computer. I have made a business out of making custom-built ISA cards for specialized industrial applications, and I'll be damned if I want anything to do with a Fritz/Palladium/whatever 'Hardware Certification Scheme'. It would cost me a fortune to have my cards certified even though they have nothing at all to do with copyrighted material! I. Stedman Larry Kollar has some interesting thoughs about free pipes:- Well, since I've been thinking along the same lines for a while, I have to agree with you (except that I've been calling it GeekNet). One minor disagreement -- I don't think hardware is much of a problem. Today's kit is fast enough for most purposes, especially when coupled with an efficient OS and a lightweight window manager. By the time all the new hardware goes on the Fritz, non-chipped hardware should be even more powerful. As the not-so-techie types "up"grade, I expect the "old, useless" kit to quickly become free for the taking. Communications may sound like an obstacle, but I'm old enough to remember when 2400 baud dialup modems moved a *lot* of mail and news around the world. The Stuckists could get started right now: wireless LANs for local links, V.90 modems and dirt-cheap long distance (at least in the US) or slower packet radio (ham) links for long-haul. In that scenario, I would expect UUCP to make a comeback for transporting mail and news over dialups; the packet radio links would be suitable for interactive, low-bandwidth connections like chat or telnet. A few strategic encrypted tunnels through the mainstream PigopolistNet might be possible, but I wouldn't want to rely on them. The result is certainly no Utopia. You would have islands of local connectivity, and selfish goobers could easily clog the long-haul pipes with large files (MP3s and the like) unless a local BOFH eradicates such folks quickly and mercilessly. But that same limitation would also work to the Stuckists' advantage: given its total unsuitability for media piracy, the government's corporate masters would see no reason to outlaw it. Meanwhile, geeks (who generally love a technical challenge) would work quietly to extend the effective bandwidth of those slow links. Who knows what kind of breakthroughs in compression, DSP, or encoding technologies could result in such an environment? Maybe it's time that geeks took their ball and found a new park. Count me in. Larry Kollar But for a Stuckist net and Stuckist PCs, the best option is going to be ARM - Linux already runs on it, and it's surely not beyond the wit of man to come up with a big version of the Sharp handheld, suitable for desk work - or even to hack one to get decent external graphics and USB disks and keyboards usable. Brian Greenway Domain names? The internet thus far has been based on all computers voluntarily following the same protocols in the same ways. As long as there aren't compelling reasons to break this universal consensus, it certainly simplifies things. But if the media companies get their way and create these compelling reasons, they will find the consensus to be a fragile one. Once the decision has been made to leave the standard internet to those who would strangle it, adding one more layer of abstraction and creating a universe of internets won't be that difficult. It won't require separate wiring or even the assent of those who own the wires: the IP doesn't care what is above it in the protocol stack. That users are free to pick and choose from numerous mappings from URLs to IP addresses will quickly become the new consensus, and those who would regulate how two computers they don't own should communicate will be back to square one. Sincerely, Jess Austin Firewall of China I see the "great firewall of China" being applied to every country along geographical borders... There WILL be a black market in general purpose computers, mark my words. (start stockpiling your old hardware now). Every time entrenched interests outlaw tools that increase personal freedom a black market develops. Firearms. Narcotics. Now computers. The USA in league with China...both veering toward fascism from different directions...gentleman's agreement so those in power stay in power (we'll pretend Tianeman sq. never happened if you pay us to build your great wall)...just wait until the hackers realize that makes the bedfellows with the hairy armpit anti-G8 protestors... r graber Boycott! We need an active campaign on the lines of "We're NOT buying CDs from the pigopolists. We're NOT going to the movies", writes David Cefai along with many others. There needs to be a concerted effort to stop these laws and by concerted, I dont mean an internet boycott or similar. It has to be made public. If there is a public boycott world wide, everyone saying that for 1 week there will be no purchases of software, DVD's, CD's etc. When these companies lose a couple of billion dollars because people do the only thing that they can legally do, which is decide to NOT buy a product, then we might see these laws and these moves stopped. Vishal Vashisht I think the Western companies/governments continued failure to adopt Linux and Open Source solutions could very well be their undoing. While you see countries like china eagerly adopting this new model, and improving it, most European and American companies pretend it doesn't exist. If this trend continues, the balance of power will shift radically. Students in 'progressive' countries will have access to specifications of protocols, programs and hardware. While their Western colleagues are stuck with a box they can't open, with no technical documentation. Messing with it is a greater offense than murder. This will create a generation here that is technologically illiterate. Sure they can play 'snowwhite', but compiling a program, improving a protocol? These kids will never have 'played' with computers like many of us did. On the other hand, countries that turned away from closed systems will have a breed of techies that grew up with systems that came with full source-code and RFC's. Ready to help their less-proficient fellow-humans. Maybe in a century or so, they'll ship charity-technology to the underdeveloped West... My gut-feeling is that we're moving to an all-out war between the Open-communtity and the establishment. I think we'll either see the demise of Microsoft and the like (which I'm hoping), or the demise of open systems in Europe and America. The fight could last for another couple of years or so, with some remaining splinter-groups afterwards, but I think it will shift one way or the other. Quite possibly by shifting the balance of political power in the world too. Guy Van Sanden Where do I sign up? Seriously, this is a big deal. We're heading fast towards a totally regulated environment in which casual website use is tracked and every email sent/received is monitored, in which the efficiencies of the internet are lost (no p2p applications, only centralised hierarchical systems that log every activity), and in which one has no privacy even in one's own home. A world in which you can't buy general purpose devices, only TIVOs and PlayStations. It's amazing how blase folks are about this: folks are unwilling to articulate the arguments against something they are see as inevitable. Either that or they are in denial - they can't believe it will happen. But it is looking more & more likely as time goes by. Speaking as an info-sec professional: the governmental argument (that the measures proposed will defeat terrorism & crime) is specious. One can't help but suspect the agenda is both simpler and more sinister: that government fundamentally does not trust the populace, and it is determined to monitor/control what the populace sees & does. The film & record industries are of course entirely happy to be part of that as they continue to push the argument that the internet is eating into their revenues(*). It is horrifying to see all this coming to pass. I am not a "political" person but this is driving me to become one. Paul G Smith I think that Sony et al will get what they want. The US will lose its edge, there was a .dot com that just announced they are moving their coding to Bangalore for the lower cost. WSJ 08-19-2002. The anti crypto laws will reduce the flow of knowledge anyway, to the NSA even. But then what do you expect from doddering old fools like Hollings Peter Marschall It was a rude awakening for me when you mentioned the threat of of the Internet becoming a one way medium. I realize in many ways it is because of the combination of limited IP address space and OSes that are totally insecure by default. I have already helped to many friends with "securing" ADSL connections. Currently the safest way to connect a windows machine to the net includes either a NAT or a firewall, making the machine unable to work as a server dishing out information, instead it passively sucks whatever it can of the net. RIAA might just as well lobby for laws that requires Internet connected computers to be NATed and firewalled, and P2P will effectively be killed dead. Outlaw the odd socks proxy as a circumvention device, finishing touch, and the net will lay at the feet of giant media. To counter this we need more IP addresses, IPv6 anyone ? Frank A. Stevenson Leave us alone - all we want is pizza In a brilliant letter, Brian Hurt writes:- Paraphrasing Sun-Tzu, don't ever fight the enemy on ground of his choosing. Fight the enemy on ground of your choosing. So long as there exists an option, even if it is that old, obsolete 2.4GHz P4 whose only benefit is that it isn't Palladium-crippled, then eventually freedom will win out. 94% of House races and 85% of Senate races are won by the cannidate with the most money Here's another statistic for you: The top 1% wealthiest Americans own well over 50% of the nations wealth. The best we can do is drive the price to buy a politician up. Temporarily. We can't outbid them, they have money than the rest of us put together. In any case, even if you disbelieve this highly pessimistic opinion of the US political scene, one other thing to remember is that Microsoft, Intel, and Disney are overtly, openly, plutocracies. The only votes you get are the ones you explicitly buy- hint, they're called *shares*. And you can buy as many votes as you like, all you can afford. They don't need Holling's bill (as anything other than an excuse, and simply *proposing* it is enough of an excuse) to impose to impose an Orwellian (in the strictest sense of the world) regime on us. Simply defeating the Hollings Bill isn't sufficient. We have to actively outlaw what they're doing. We have to pass an anti-Hollings bill. In this era when an American's right to representation and a fair trial seems to have been repealed (search under "Unlawful Combatant") our chance of getting such a bill passed makes that hell-bound snowball look like a sure thing. Leads into libertarian wet-dream. The problem with the 'Candide-like' geek population (/.ers, war chalkers, whatever) is that many of them cannot believe that such an apocalyptic situation as Palladium (i.e. various major labels/hardware and software co.s) owning mainstream PCs utterly, and the complete demolition of fair-use rights. One of the key symptoms of the problem you describe is that (as usual in any impending spod-related disaster) one can divide the vocal geek populace into three groups - those whom are gloom mongering, those whom are being cynical about the situation, and the those whom are being cynical about the gloom mongers. The fact is that most people whom are up on current geek affairs (Reg readers, aforementioned /.ers, etc) already have at least a good clue as to what is going on. There's no point poking at those palid lumps of lard. The real mission should be breaking out the message outside of the geek enclave and out into the mainstream, whilst avoiding FUDish scaremongering. Christophe Dupont, UK Well here's the Candide case put succinctly 1) My feeling on the Pigopolists' intention to restrict the Internet by controlling protocols is that it just plain won't work. I have sufficient faith in rebel hackers that they will always find a way of defeating blocks based in firewalls & routers. In any case there are _indirect_ ways of (ab)using IP protocols to carry data outside of the official data content part of the packet. These will be exploited... 2) It's clear that what the Pigopolists want is for the Internet to be turned into yet another home shopping channel. I think it is unclear that there is a need for this channel; in any case, IP is a very messy way of providing it. Technically the best way to tackle this argument is to provide a set of protocols more suited to "entertainment" and to allow these to be heavily filtered/monitored/Fritzed or whatever. Though I think there should still be plenty of mileage in use of the courts to preserve traditional consumer freedoms. 3) I fail entirely to see how the Pigopolists are going to prevent home-based wireless networks merging into area & regional networks, when _consumer_ wireless equipment becomes common enough & people start using their computer systems as routers in order to enable them to interconnect with each other. Even if there are means to keep these nets from being connected to the Internet trunks, WAN connections could be provided by ham radio - though personal experience with University networks, and the corporate demand for home access to "secure" corporate networks suggests that interconnection at many, many points is inevitable. This idea goes right back to the original spirit of the Internet ... a network entirely owned by and operated by its users ... BT, ATT etc. will no doubt whinge, obfuscate and try to obstruct the development (because there is no place for them in this structure) but I think it is inevitable. The recent development of "warchalking" is just the first primitive step in this direction ... in the long run, freeloading onto commercial wireless nets won't work because effective access controls will be deployed, but freeloading onto a ubiquitous uncontrolled network owned and operated by its users is unstoppable. The phrase "stuckist net" tends to give the impression that such a network would be in some ways frozen in time - in fact the Pigopolists' network would be the one with frozen protocols; the phrase "stuck pig" (as in "bleeding like a") springs to mind. The correct phrase for the new network would be "the open internet", or simply "freenet", assuming that trade names can be reclaimed. 4) Those of us who care enough are already stockpiling "open" hardware. Personally I probably have enough to last out my natural life already. Regards Brian Beesley To which I responded- I think you're in denial :-) Two points 1. It doesn't matter what the "rebel hackers" produce if it can't run on the hardware that 99 pc of the population use. Palladium will mark it as unsafe. Is that a victory? 2. You can only warchalk as far as your pipe allows you. If it blocks content, you're fucked. I appreciate your romantic view of things, but can you address the issues in the article? It discusses new hardware to run this on, etc. The "rebel hackers" don't appreciate the magnitude of the problem yet - working on the assumption that PCs will remain open, and routers will remain neutral. It's worse, one academic points out:- With all the focus in The Register as of late on the effects of Palladium and TCPA on the business and communications sectors of the computing community, perhaps you neglect the ill affects on the more meager sectors of the computing community which will undoubtedly loose big. I personally speak of the high-performance scientific computing community, which relies heavily on both the ability to modify at will our resources without reliance on imposed certification and the freedom to communicate software and datasets with worldwide collaborators. Scientific members of the Stuckist Net, as you see it, will be effectively walled off from a variety of interactions that both those within and outside of the Stuckist Net heavily rely on for scientific discourse and innovative research. First off, members of large institutions like universities will most likely be forced to comply with the computing standards adopted by their host institution. Noting the aversion to litigation American universities rightfully suffer from (not to mention bad memories from a long history of being an easy target for crackers), it will be likely that many such institutions will require Palladium or other TCPA certification of its computing resources. At this point, one might envision an administrative nightmare for the scientific computationalist who is forced to conform to a TCPA. Will every memory upgrade, motherboard replacement, or RAID card crash cost me countless hours of recompiling home-brewed scientific software, or worse, terabytes of binary data that no longer can be used since my hardware configuration has changed and the embedded ceritifcation is no longer good? Never mind the cost to scientists who rely on custom hardware to certify their IC boards with Palladium or other TCPA standards (this would make many current scientific efforts simply not cost effective). Second, assume I successfully fight off administration attempts require TCPA compliance and avoid surrendering precious CPU and memory to an OS whose overly bloated, non-modifiable kernel sucks some of the life out of my ~200 compute nodes. As a member of the Stuckist Net there will be no easy (possible?) way for me to share binary data from my modded machine with TCPA'ed collaborators, submit scientific documents to TCPA'd online journals, or apply for grants through TCPA'd government websites. I will loose access to many commercial software apps (IDL, high performace compilers, etc.) or even many stand alone hardware products (nice switches, oscilioscopes, etc.) which may require TCPA of the computers they interface with. At this point I will certainly be stuck, forced to choose between the cost of high quality, non-TCPA research (that I have control over but that will be difficult to bring out from the basement) or overly expensive, worse performing, TCPA compliant research (that I have to recertify at an unknown cost four times a month). Either way, I don't look forward to it. Sincerely, Brant Robertson Graduate Student, Dept. of Astronomy, Harvard University Radio hams isn't a great metaphor to choose, point out several readers:- Ham didn't really die out (not that it's dead by any stretch of the imagination) because of regulations, etc. There are just far simpler and less expensive ways of communicating. The die hard ham users are still there, and I would bet that they are quite happy that not just anybody can or will just jump on a radio and start broadcasting whatever idiotic rubbish comes to mind. Which is true. The analogy is that with the circumvention tools underground, and requiring expertise beyond what the average Joe is prepared to learn, it could resemble amateur radio. After all, all PCs will be safe appliances. Who'd want to mess around with wires and aerials? Bill Softky is brings us back to earth:- I'm really not sure how much TCPA will be capable of really doing what the bad guys want to do. If TCPA restricts how I can save and open Word documents, can't I just cut-and-paste the content into an email to leak to a respectable (cough, cough) journalist? If TCPA restricts copying MP3s or CDs, can't I just put the microphone of my home CD-burner in front of the loudspeaker? If TCPA restricts DVD playing, can't I just aim my home video camera at the monitor during playback? Only if TCPA finds a way of blocking content by its true *perceptual* signature (independent of font, sampling rate, screen resolution etc) will I worry about it as a threat rather than an annoyance. Thanks for your letters and the huge response. I'm still reading them. Don't miss Barlow vs Bill this evening, via BBC2 or Real Player. Related Stories Damn the Constitution: Europe must take back the Web The MeatSpace Mailbag Bill Thompson answers critics The Stuckist Net - what is your post-Palladium future?