11th > October > 2002 Archive

Sendmail Trojan looks familiar

The Trojan horse discovered in a distribution of the Sendmail open-source e-mail server has striking similarities to a backdoor planted in OpenSSH last summer, according to security experts who've analyzed the code. But missteps in the alerting process may have given the culprits a chance to cover their tracks. The sophisticated backdoor came to light Tuesday through an advisory from the government-funded Computer Emergency Response Team (CERT) Coordination Center. CERT warned that copies of version 8.12.6 of Sendmail downloaded between September 28th and October 6th from the Sendmail Consortium's public FTP server contained the backdoor. Once downloaded, the victim unwittingly activates the backdoor by compiling Sendmail from source code. The malicious code then establishes a secret control channel to a particular Internet host over TCP port 6667, according to the CERT advisory. That's the same general technique used by a backdoor discovered last August in another popular open-source package, OpenSSH, a free implementation of the SSH standard that lets users encrypt their communications over the Internet. That similarity is more than skin deep, according to Erik Parker, a senior security analyst at San Antonio-based Digital Defense who analyzed the code in his spare time. Parker found that the Sendmail backdoor was controlled by a simple trio of one-letter commands: 'A' to kill the exploit, 'D' to execute a command, and 'M' to put the Trojan to sleep. The same syntax, possibly an insider's nod to the hacker group ADM, was used in the OpenSSH backdoor, according to an analysis by the OpenSSH development team at the time. The analyst thinks the same hacker pulled both stunts, but admits that the similarities in code don't prove it. "It could have been a copycat," Parker says, "or somebody could have ripped that code off because they didn't know how to code it themselves." Files Erased Parker says he came by the Trojan horse the old fashioned way -- he was one of the estimated 200 people to unknowingly download the backdoor from the Sendmail FTP server before it was discovered, though he didn't compile the package. When the CERT advisory came out he and co-worker Forrest Rae ripped into the code and examined the malicious add-on. In addition to the "ADM" commands, Parker pulled out the Internet address that was programmed into the backdoor as the control host, and contacted the owner, Denver-based network engineer Eli Klein. He was surprised to learn that Klein, apparently himself a victim of the hackers, hadn't already heard from the Sendmail Consortium or CERT. "I thought that was irresponsible of them, because his box is still out there," says Parker. "It seems like it would be more responsible for them to let him know so he could shut down the box." Klein says the machine, appropriately named "aclue.com," is a FreeBSD box in his basement used by himself, his wife, and half-a-dozen friends with guest accounts. When Parker contacted him, Klein was skeptical that the computer had been hacked, but began blocking port 6667 in his Internet router as a precaution. It turns out that wasn't good enough. Wednesday evening found Klein scrambling to recover gigabytes of files -- everything from intrusion detection logs to years of personal financial records -- that he says the intruder deleted in an apparent effort to cover his or her tracks. "Whoever it was that hacked Sendmail probably did have my box owned at some point, and decided to clean up," says Klein. "All of my files were on this PC. I lost everything from the last seven or eight years." Parker says Klein should have taken his machine offline the moment he learned of its alleged role in the hack, but he also faults CERT and the Sendmail Consortium for not warning Klein before issuing an advisory. In an interview, Marty Lindner, CERT's team leader for incident handling, said he doesn't remember the identify of the control host, and referred further inquiries to the Sendmail Consortium. Sources involved with the advisory say miscommunication between the Sendmail Consortium and CERT is to blame for Klein being left out of the loop -- each thought the other would notify Klein before the alert was issued. "That's basically correct," confirms Eric Allman, a member of the Sendmail Consortium and chief technology officer of Sendmail Inc. "Mistakes were made, let's put it that way... I want to apologize to him for the way this happened to him. It wasn't supposed to happen that way." Because the files on Klein's machine were merely deleted, rather than being thoroughly wiped from the hard drive, the prospect of eventually recovering them -- and retrieving some clues from aclue.com -- are good. Allman says details of the hack's execution are still scarce, but it appears that the hacker managed to modify the FTP program that serves up the files, so that one out of every ten downloads would receive the backdoor without the original package ever being touched. It's a decidedly unusual technique. "I haven't had a chance to do a forensic analysis on it, but my first take was that it was pretty sophisticated," says Allman. "He did a pretty remarkable job of covering his tracks, and the attack was fairly subtle." © 2002 SecurityFocus.com, all rights reserved.
Kevin Poulsen, 11 Oct 2002

Paying for DRM

LettersLetters : Music biz strikes back with free, DRM 'padlocked' downloads WMP users 'wish' for better DRM, wider takeup of WMA O geeks, what has become of us? The geeks are in fine fettle, Tom - get with the program Some very nuanced responses from you in response to the Fair Use debate. Perhaps the point of OD2 is a little more subtle? 1p to listen, 10p for a digital copy, and a pound to record to red book CD sounds an awful lot like a marriage of DRM and fair-use doctrine. Ok, to some it would seem an utter perversion. I think on a closer look it starts to make some sense. 1p could be the calculated cost to distribute a one-shot song over the internet. Maybe there's a profit there, maybe not, as I'm not too up on European's telco and IT industries. The point is it would seem to make everyone happy: The record studios get money for their effort, and the consumer gets to sample. 10p for a digital file likewise seems reasonable from an economic standard. I'm leaving off the technical considerations of licenses, etc. at the moment. What's notable here is the pound-for-red-book-audio. As I see it, this is the fair use doctorine in action. The article states DRMwill not stop me from making personal copies in any method or order I choose. I can still distribute non-paid mp3z for everyone, but here's the cunning economic bit: why would I take a copy from an unknown source when it's practically free to get the real deal? Why risk download only to find out someone overlaid key sequence or did a bad rip? Taken on its own, Peter Gabriel seems to be doing the right thing. Maybe he doesn't quite understand what he's doing, but history's full of useful idiots. -jdm They won't get rid of Theft... but if they could provide a means that people can live with and not feel they are being exploited, most people will pay. I would pay 1p for 100,000 streamed... sure... as long as I could choose the songs and it were decent quality... and I may not pay 10p for digital downloaded versions... why? Who needs a collection if a fat pipe delivers an unlimited selection and charge very small amount? The only thing that they could really do is change quality... 96hz for stream... 128 for download and 256 for the CD version. That would again encourage CD piracy, but proably not that much more. Brian Kelly This thought was triggered by Tom Steinberg's article and your response to it. With regard to DRM, Tom bemoans the lack of any sensible compromise from the techie community, and you respond that "as currently the entertainment business shows no signs of willingness to consider any of the above, the situation is by definition polarised". And that made me think that what your description leaves out is the attitude of Johnny Average Musician. Most musicians are quite confused about DRM - on the one hand, they don't want to see a society in which they can't dream of one day going professional, and making music to pay the rent, but on the other hand, any unsigned band worth its salt has free MP3s on their website - it's only when they get signed that the record company stops them. And many musicians, being by and large Mac users, resent the domination of M$ and the potential lockout that Palladium could cause. It strikes me that music makers, and other content providers, ought to be at the forefront of deciding what "measure of DRM might be acceptable as part of a radical rethink of copyright". The problem is they're just too damn lazy, disorganised, and bad at business. But if the techie world were to provide them with some rallying point - the musical equivalent of open source, or at the very least the "free for non-commercial use" license - that many would support it. The point is that musicians only go along with the the music biz pigopoly because they don't see an alternative - musicians are always complaining about record labels, after all. And many "indie" (in the sense of "independent") musicians make their money through gigging rather than royalties anyway, much as many open source gurus make their livelihoods on the conference circuit. And, most importantly, the pigopoly only gets access to the copyrights because the artist signs it away to them - get the artists onside and you *might* be able to gain some more leverage with the evil empires. This isn't a terribly well-thought out argument, but I have to say that I think that we, as techies, can come up with something more appealing than "no DRM at any cost". Richard Lanyon I think I.P owners are entitled to fair remuneration for use of their I.P. ("Fair" is perhaps another conversation. Let's not go there now.) I am also a proponent of fair use. If I want to, I think I should be able to go thru all of, let's say, my Steve Winwood CDs, pull out selected tracks, and burn my own personal "Favorite Hits" CD for my own personal use without having to pay for the tracks again. Or make a CD of love songs for my girlfriend. (Hey, no one screamed when John Cusack made tapes for his loves in "High Fidelity". It's an old an honorable method of courting. Is it different on a CD? Nah.) Ok, that said, maybe it's not really about Draconian Rights Management, and maybe a pound a single is a fair price for a tune. (I don't buy singles anymore, but $1.50US to $2.00US per track doesn't strike me as unreasonable, especially since they were $.75 back when I was a kid in the early 1960s.) What happened w/ Napster et. al.? Ate into the market, no doubt. Why? Sudden collapse of morals on the part of music listeners? Maybe. Convenience?? More likely. Is it easier to gear up to go to the local music store, find parking, yadda, yadda, yadda, or to search the web and download? Obviously the latter. So, if I as Big Media can get you to pay a pittance for a trial listen or a locked copy, and can get you to pay pretty much what you pay now for an unlocked copy (and cut my distribution overhead to almost nil), I can make more per track, and go back to not worrying too much about people's personal "Favorite Hits" and "I Love You" compilations. They guys who might want to be worried are the music stores.... Lee Webber This reader provides an explanation of why China is so keen on Linux, very succinctly:- I really think Microsoft s needs to be careful about what they wish for. I hope Microsoft gets everything they want. So this means a movie studio can prevent people from watching pirated or non-approved versions of a movie. It also means a near end to software piracy. Software publishers will be able to disable, deny access or otherwise nullify pirated software. Microsoft is working to tie it all into the hardware and OS. The rest of the world does not view copyright the way the U.S. media cartel does. I think most Americans don't either. So how is China going to feel about its military, government, or even businesses running any software controlled by the US software conglomerate? How will France feel? How will Germany feel? What if terrorists steel the keys, or otherwise hack into the system and issue a shut down command to millions of computers. And no more piracy means everybody pays? Except that it seems 1st world nations are the only ones that can afford Microsoft s products. I hope Microsoft succeeds beyond their wildest dreams. Foreign governments will be forced to move away from Microsoft and U.S. software. A year from now a decent business computer could be $200. And the Microsoft OS and Office Suite could be another $400 to $1000. Microsoft could slit their throats on this. Mark Pells Thanks for your server room horrors, we'll be posting a full selection of dangerous places later today. Dell responds to our jibes, and due to popular demand, the Visual Basic thread will temporarily re-open, too. For one day only. ®
Andrew Orlowski, 11 Oct 2002

SEC takes belated fraud action against L&H

The US Securities and Exchange Commission said yesterday it has filed a lawsuit against defunct language software developer Lernout & Hauspie Speech Products NV, alleging "fraudulent schemes" that wiped $8.6bn off the company's market value. The complaint claims that L&H, based and listed in Belgium and the US, artificially inflated its revenue by over $350m between 1996 and 2000, when it entered Chapter 11 following a string of newspaper exposes. The SEC said the alleged fraud resulted in an "international financial scandal, the destruction of L&H as an operating company, and a loss of at least $8.6bn in market capitalization". The regulator seeks an injunction against future violations, but it is difficult to see how that will achieve anything practical. L&H went bankrupt in November 2000, three months after the Wall Street Journal reported that the company's exponential revenue growth could be accounted for by questionable sales in Korea and Singapore, where L&H recognized the majority of its revenue in early 2000. The SEC, which has been investigating L&H since late 2000, said between 1999 and 2000, the majority of the $175m L&H reported from its Korean business was fraudulent. The complaint said L&H freed its customers from payment obligations and masked the fact that money might not ever be received. The complaint also alleges that L&H funded two Belgian startups, which then became customers, allowing it to claim revenue from R&D. Later, L&H acquired both companies for the amounts they had paid to L&H plus more. The SEC said these deals "were, in substance, disguised loans," and L&H should not have recognized some $60m revenue from them. Finally, the SEC claims L&H created shell companies, called "Language Development Companies" in order to recognize $102m in license fees and $8.5m in prepaid royalties. The commission said these companies were created to "create additional customers" and "improperly fabricate revenue". Since L&H's troubles emerged, it has been legally pursued by US and Belgian regulators, as well KPMG, its own auditor, over the accounting irregularities. Its founding executives spent time in jail last year. The company's assets were sold to ScanSoft Inc, an unrelated firm, last December. © ComputerWire
ComputerWire, 11 Oct 2002

IBM Japan fined for misstating income

IBM Corp's Japanese subsidiary has been fined in approximately JPY 1.5bn ($12.1m) and forced to pay taxes relating to JPY 3bn ($24.3m) in revenue that was hidden by the company over three years, according to Japanese reports. A spokesperson for the Tokyo-based subsidiary has confirmed that IBM Japan has paid back taxes for the discrepancies, but denied that the company was trying to avoid paying taxes. On Thursday, the Kyodo News service reported that IBM Japan had been asked to pay the JPY 1.5bn penalty and additional taxes after it was found that the company had hidden JPY 1.7bn ($13.8m) in income and misreported JPY 1.3bn ($10.4m) due to accounting errors. The errors are believed to focus on how IBM was reporting expenses from multi-year projects, but is also reported to have involved the alteration of employee work records and padding personnel costs, resulting in a reduction of the company's profits. © ComputerWireT
ComputerWire, 11 Oct 2002

NAI posts profit on revenue up 13%

Network Associates Inc has reported net income of $9m for its third quarter, ended September 30, on revenue up 13% at $232.2m, including revenue from its recently reacquired McAfee.com Inc subsidiary. The Santa Clara, California-based security software and services vendor's net income compared with a net loss of $11.3m on revenue of $205.7m in the same quarter last year. Excluding McAfee.com, of which NAI acquired the 25% it did not already own for $200m in September, the company reported net income of $26.9m on revenue of $211.2m, compared to net income of $8.5m on revenue of $189.5m in the same quarter last year. For the nine months to date NAI recorded net income of $46m on revenue of $685.8m, including McAfee,com, compared to a net loss of $95.8m on revenue of $554.4m in the first three quarters of 2001. Excluding the consumer-focused McAfee.com subsidiary, the company's net income to date is $63.4m on revenue of $625.4m, compared to a net loss of $14.5m on revenue of $511m in the first three quarters of last year. NAI's CEO George Samenuk commented that the company had enjoyed a good quarter in a difficult economic climate, and also announced employee relocation and severance programs designed to reduce costs. The company is moving 200 general and administrative staff from Santa Clara to Plano, Texas in January 2003, a move that it believes will save it $2m a year. NAI has also reduced its headcount by 100, or 2.5% in the last week. With those cost savings in effect, combined with an estimated saving of $5m a year following the consolidation of McAfee.com, Samenuk said that the company is on track to increase its operating margin to 16% in 2003. The operating margin for the third quarter was 12%. Looking ahead, the company's COO and CFO, Steve Richards, said he expects fourth-quarter net revenue to be between $252m and $257m, including McAfee.com, with revenue for the full calendar year expected to be between $1bn and $1.03bn. In terms of new product developments, the company is expecting the first benefits of its August 2002 acquisition of Traxess Inc to be realized in the first half of the year with the delivery of the Infinistream network forensics technology, which will be capable of capturing network speed data in real time. The company's partnership with intrusion-detection specialist Internet Security Systems Inc is also due to deliver a network intrusion detection product that combines ISS's RealSecure IDS software with NAI's Sniffer network monitoring software in the first quarter of 2003. © ComputerWire
ComputerWire, 11 Oct 2002

Security tops list of reasons not to deploy Web Services

End-to-end security of web services forms the most significant barrier to implementation by organizations, but this is not expected to hinder future development. A biannual survey of North American developers by Evans Data found 24% of respondents list security concerns as the number one reason for not rolling out web services - a growth of five percentage points since Evans previous survey, conduced in March. Evan's latest survey of 629 developers, published this week, was conducted in September. The analyst found other concerns hindering implementation include ambiguity of web services standards - 21%, down from 23% - and questions over how to architect and integrate applications, 16%. Developers' concern over security possibly reflects increased pace of development in web services. Fifty seven percent of companies' applications now include some web service, a number expected to reach 87% next year - six months ago 43% said none of their applications used web services. A little less than half of developers, 43%, are currently deploying or expect to deploy a web services application during the next six months, Evans said. As developers build more web services, so they address practical issues such as security. In a multiple choice response, Evans found security technologies most likely used right now are XML encryption, 46.4%, security aspects of Simple Object Access Protocol (SOAP), 41.8%, and XML digital signatures, 41.6%. The analyst noted 43% suffered a network or internet "breach", 52% being attributed to a virus. Interoperability between web services and application development tools is important to a large number of developers. Forty eight percent said they will absolutely or probably have to "intermix" Java and .NET web services, compared to 34% who said they absolutely won't have to. Forty seven percent said it is either absolutely or probably important they use the same tools for different platforms or environments. Evans analyst Esther Schindler said this applied to Windows and Linux - news likely to appeal to Scotts Valley, California-based Borland Software Corp with its rapid application portfolio - as much as Windows and Java. Cross-platform is vital as - it seems - no-one platform will claim victory in the short-term. Forty percent of developers are developing for .NET with 63% targeting .NET a year from now, and 51% currently use Java while 61% are expecting to write for Java next year. Today's leading toolkits are Redmond, Washington-based Microsoft Corp's Visual Studio.NET, 68%, Apache Project SOAP Module, 32%, IBM Web Services Toolkit, 30% and Santa Clara, California-based Sun Microsystems Inc's Web Services Developer Toolkit, 27%. Seventy percent of developers, meanwhile, are building in SOAP, 37% using Web Services Description Language (WSDL) and 33% Universal Description, Discovery and Integration (UDDI). © ComputerWire
ComputerWire, 11 Oct 2002

Microsoft Passport boost through limited code access

Source code from Microsoft Corp's .NET Passport online authentication service is to be turned loose under a pseudo open source initiative, a move the company claimed will assist development of .NET applications. Redmond, Washington-based Microsoft yesterday announced code for its Passport Manager would be released to certain developers under the company's shared source initiative. Specifically, code will be released through Microsoft's Passport Manager Licensing Program. However, the move - announced at Digital Identity World 2002 Conference in Denver, Colorado - is seen as an attempt to specifically drive Passport's commercial use, seeding the ground for later rollout of .NET services by Microsoft and ISVs. Passport was last year positioned by Microsoft's as its enabler for federated single sign-in by customers to web services. Despite 200 million Passport accounts and early backing from some partners the service has failed to generate a groundswell of support. That honor has, instead, fallen to the Liberty Alliance Project which counts heavyweight IT consumers such as American Express, General Motors and United Airlines among its nearly 100-strong membership. Liberty is now signing up non-profits and low-income organizations. Liberty member Orem, Utah-based Novell Inc welcomed Microsoft's opening of code but noted Passport's relatively lackluster uptake during the last 12 months. Justin Taylor, Novell chief strategist for directory services, said by opening code Microsoft is attempting to spark Passport's uptake. "Microsoft is attempting to lay the groundwork for additional services. Passport has fairly limited adoption given the amount of time it has been out," Taylor said. A Microsoft company spokesperson appeared to agree with Taylor. "Passport Manager effort enables further expansion and development around commercial use of Passport," the spokesperson said. Passport Manager is a COM object that runs on a partner's web site and manages communication and integration with the Passport service. Passport Manager Licensing Program licensees are free to use the source code to develop, debug and support their own commercial software for integration with Passport. Code will be released in November to licensed companies, academics, developers and governments. Shared source is Microsoft's take on open source, using grass roots developer commitment to improve code and seed the market for up-take of Windows and other company products. The initiative was originally to open source code for Windows 2000, XP and .NET Server to enterprise customers with 1,500 or more Windows desktops, but has been expanded to cover more platforms, such as Windows CE, and more users, including academic and government institutions and original equipment manufacturers. © ComputerWire
ComputerWire, 11 Oct 2002

Intel to appeal $150m Itanium patent ruling

Intel Corp is to appeal a judge's ruling yesterday that its Itanium processors infringe on patents owned by Intergraph Corp, risking an additional $100m payout on top of the $150m it has already agreed to pay Intergraph, Kevin Murphy writes Texas District Court Judge John Ward ruled that two Intergraph US patents are "valid and enforceable" and that Intel's products "literally infringe" upon them, Integraph said. Judge Ward also said Intergraph is entitled to an injunction on the Itanium and Itanium 2. "We respectfully disagree with the ruling and will file a motion for reconsideration," Intel spokesperson Chuck Molloy said. The motion gives the judge ten days to change his ruling before it becomes official. "Then we will file an appeal," Molloy added. Intergraph and Intel have been involved in patent infringement lawsuits since 1997. In April this year, Intel agreed to pay Intergraph $300m damages to settle a separate infringement suit in Alabama that centered on Pentium processors. At that time, the companies agreed to cap the damages in the Itanium case. Intel said it would pay $150m if it lost in the first instance, which it has, and a $100m license fee if it loses on appeal. It could have also decided not to appeal and to voluntarily pay the $100m license fee or develop a workaround. If Intel wins on appeal, it pays nothing. Integraph has agreed to waive its right to ask for an injunction during the appeals process, Intel's Malloy said, so there is no chance of Itanium shipments being halted. It is not clear if Intel could attempt to work around the disputed technology to avoid infringement. But the court win could also be a boost for Intergraph's attempts to license the patents to companies not party to the lawsuits. The company said it recently license the same technology to Fujitsu Ltd for use in consumer electronics. Intergraph general counsel David Vance Lucas said: "We hope that the momentum from this decision, together with the recent announcement of our license to Fujitsu, will significantly advance our goal of establishing an open licensing program for Integraph's technology." The patents in question this time around cover "parallel instruction computing", which, as the name suggests, allow multiple processor operations to occur simultaneously, in parallel, increasing performance. Intergraph claims that PIC is fundamental to Intel's IA-64 architecture, which uses EPIC (for explicitly parallel instruction computing). © ComputerWire
ComputerWire, 11 Oct 2002

AIX 5.2 provides dynamic partitions, other tweaks

IBM Corp will today roll out the software that will enable its Power4-based AIX servers to make use of dynamic logical partitions. These have been available for decades on its mainframes and since 1999 on its AS/400-iSeries line, writes Timothy Prickett Morgan. The dynamic logical partitioning support which is built into AIX works in conjunction with IBM's Power4-based servers, which have electronics that make it easier to make partitions work than is possible on prior generations of pSeries and RS/6000 Unix servers. AIX 5L version 5.2 also includes a number of other technologies and tweaks that make it a better operating system than AIX 5.1. In theory, logical partitions could have been supported on Pulsar, I-Star, and S-Star RS/6000 and pSeries servers, a statement that is based on the fact that these same servers that bear the RS/6000 and pSeries monikers are also the same basic electronics complexes that are sold under the AS/400 and iSeries brands and which have very fine-grained dynamic logical partitions that allow fractions of processors, portions of memory, and slices of I/O devices to be configured as a virtual machine running either OS/400 or Linux. The word that we have heard for years is that the same team of microcode programmers who brought LPARs to the OS/400 were working as quickly as possible to bring it to AIX. IBM's Unix variant, which is based on the Mach Unix kernel from Carnegie Mellon University, is very different from the home-grown kernel in OS/400. So weaving LPAR support into AIX has been problematic. In February 1999, OS/400's logical partitions were only set at the CPU level, and they were not dynamic. With OS/400 V5R1 in April 2001, IBM made iSeries partitions dynamic, offered granularity on processors down to 1% of a CPU for a single partition (with a maximum of four LPARs per processor), and allowed partitions to be configured with Linux. The dynamic logical partitioning that debuts in AIX 5L version 5.2 is based on a single-CPU granularity like the early OS/400 LPAR support, but is dynamic unlike the early OS/400 logical partitions. Processors, I/O adapters, and memory cards can be added to or removed from AIX LPARs without rebooting the server. A single AIX partition needs one processor, one I/O adapter, and 256MB of main memory to work. These partitions can run AIX 5.1, AIX 5.2, or Linux. IBM can slice its top-end pSeries 690 "Regatta-H" server into 32 partitions. The 36-way Sun Fire 12000 from Sun Microsystems Inc supports only nine dynamic domains, and the top-end 72-way Sun Fire 15000 supports only 18 domains. Hewlett-Packard Co's 64-way Superdome Unix server can support up to 16 dynamic hardware partitions (which HP calls nPars) that can only scale down to a single four-way cell board; HP's vPars virtual partitions are not yet available on the Superdome, but when they will be, they will support single-CPU granularity. Dynamic AIX LPARs will be available on 16-way pSeries 670 and 32-way pSeries 690 servers next week, according to Mike Harrell, product marketing manager for the pSeries line at IBM. IBM will offer a firmware upgrade on the 4-way pSeries 630 server by the end of the fourth quarter as well, and presumably the forthcoming 4-way and 8-way pSeries 650 will also support the AIX LPARs when they are announced later this year. In addition to the dynamic partitions, Power4-based pSeries servers running AIX will be able to take advantage of dynamic processor sparing. IBM has offered Capacity Upgrade on Demand (CUoD) configurations in its RS/6000 and pSeries line for years, and this CPU sparing is based on this technology. When customers buy CUoD configurations, they come with a few extra processors so in a pinch customers can quickly and transparently activate those processors. With dynamic processor sparing, if a processor starts to fail or actually fails, AIX 5.2 can take a processor that is earmarked for CUoD and grab it and let it do work while taking the bad CPU offline--hopefully before it causes a system crash. (That is the point, after all.) Harrell says that the AIX Toolkit for Linux, which is a collection of open source Linux programs that have been compiled to run in AIX, is now up to nearly 400 applications. IBM has also tweaked the Workload Manager within AIX 5.2 to make it possible to better curtail and control Web-based clients accessing applications running on its pSeries servers. AIX 5.2 now also support mobile clients with the IPv6 network protocol, has a journal file system that can support a single file up to 16TB in size (up from 1TB with AIX 5.1). This bigger JFS2 support is important to customers in the retail, entertainment, and research sectors, where parallel Unix servers are popular and so are very large datasets. (Lawrence Livermore Laboratory, home of the ASCI White supercomputer, needs such a file system, and there are a bunch more in line to get it. © ComputerWire
ComputerWire, 11 Oct 2002

102 ways to kill your computer

Update 2Update 2 Thanks to everyone who sent us their killer computer links. We've compiled them all at the end of this article for ease of reference. NeXT please The casings for NeXT Cubes are as light as plastic (reader Sean Lukes writes), but phenomenally difficult to destroy, as they are made out of solid magnesium. Yet when he was a columnist for NeXTworld magazine, Simson Garfinkel wrote an article on his attempts to set the magnesium casing in an old Cube ablaze. It took a very hot blowtorch and other preparations, but he finally got it going, and boy does magnesium burn! He still has a picture of it here. Desperate Dan By far the most popular submission was Dan's Data, an Australian site which gets straight to the point in "How to destroy your PC." With sections such as "Static is Your Friend", "Get it Wet", and "Killing Chips", Dan counsels: "Remember -- slapdash, ill-informed, incompetent work is what's expected of you. Don't let the industry down." Project Eunuch And so to Project Eunuch, British ingenuity at its best. Using a fridge freezer and alcoholic beverages (hence Eunuch -- The Extreme Use of Nearly Universal Cooling Hardware), the Castratis overclock a 486 PC made from scrap components to 247MHz. Or rather they blow up a 486 PC, as they explain with remarkable lack of shame. "It would appear that after all the motherboard jumpers were removed for storage, someone accidently powered the system up. This caused the whole setup to run uncontrollably fast. Fortunately, one of the technicians (the one who had destroyed the least of the "coolant") had the presence of mind to check the clock speed... 247MHz! "There was only one thing to do. Halflife. "Completely playable, the game ran fine for 2 minutes and 34 seconds (or 3 minutes 12 seconds, depending on who you listen to...) then crashed horribly. By this time, however, the processor was utterly wrecked. As was the motherboard. And the power supply, graphics card, soundcard and RAM. Most of the Holy Spirits had boiled too. "The only thing to survive the ordeal was the freezer, proving that superior British engineering always prevails (or something)." Wally Dug Now for something completely peculiar -- the Scottish gaelic-speaking, Amiga-loving, self-proclaimed genius, Wally Dug. Check this out for a saboteur's guide on how to make your own storage media, using inter alia four muffins and two litres of Irn Bru (Scotland's national fizzy drink). Texan Lynching What is it with Texans and Guns? First, Texan nationalist Kyle of HardOCP, renown has a link to an old 486 getting overhauled with a shotgun and a .22 here. Then we have this tale from Ron Dear, witness to an attempted computer homicide some years ago at a "large retailer based in Dallas, TX". "The retailer had "installed a 'new' machine and it just never quite got into the 'groove'. For a number of weeks, the hardware people could not get together with the software people and the machine would continue to crash at random intervals. The purchasing department had been entering orders... and I believe it was about the fifth time they had to re-enter all the purchase orders when the incident came to a head. "This young lady of gargantuan proportions storms into the computer room yelling and screaming and waving her limbs in a serious display of agitation. As I was about to inquire about her problems and how I could assist her... she removed a .357 from her purse! I politely excused myself and vacated the premises... then called security. She never did shoot the machine, but I thought it would be prudent for me to NOT BE THERE!" Hammer, safety glasses, cutting tool We are indebted to Jonathan Margolis and the Sunday Times for alerting us to The Illustrated Guide to Breaking Your Computer. Author Tom Murphy VII (is he a clone?) offers step-by-step instructions in how to partition a disk-drive using a hack-saw. This method is "advantageous over fdisk because it allows partitioning of individual platters and is independent of operating system. You also get to make cute designs". Murphy VII also tells you how to destroy CRTs, under the heading: "Monitor + Hammer = Good Clean Fun!". There is a health warning attached with this activity which "can actually be dangerous and bad if you are unsafe about it, so be careful". It is, however, a matter of some debate as to how careful you can be using Murphy VII's suggested "apparatus" of hammer, safety glasses, glass cutting tool, long crowbar and short crowbar (optional)". Monitors explode. Extreme caution is needed here. Art for Art's sake Murphy VII is a no-nonsense PC demolition man. Kay Buena is a very different animal: she blows up PCs in the name of art. You can check out her exploits here. Blame it on Microsoft It's not so spectacular -- a reader, who prefers to remain anonymous writes -- but my favorite way to destroy a really annoying person's PC is simple. Rub some fine grit steal wool above the expansion slots. Plug a junk card into each slot then remove. The fine strands of steal will create intermittent shorts and will drive them insane. e.g. fiber shifts slightly, shorts two contacts. Crashs machine, and burns (the fiber not the machine). Repeats until they get a new computer. Don't worry, Microsoft will take the heat. Booby trap your PC This link at I Am Not A Geek tells you how to booby trap your PC. Unfortunately, physical destruction is confined to data and you need a modicum of coding ability - you have to use the dreaded DEBUG utility to prevent intrusion. Too bad it is out of print http://www.amazon.com/exec/obidos/ASIN/0961253894/103-4224137-8330250 Computers Are Useless: One Hundred Uses for a Dead Computer Library of Congress Entry Computers are useless: 100 uses for a dead computer / by James M. Ley LC Control Number: 83051250 Type of Material: Book (Print, Microform, Electronic, etc.) Brief Description: Ley, James M. Computers are useless: 100 uses for a dead computer / by James M. Ley; drawings by Eileen M. Logsdon. Sunnyvale, CA : Thunderbolt Publications, c1983. [94] p. : chiefly ill. ; 14 x 21 cm. Help us to help you Are there any more Killer PC sites out there? Email us here. Related stories Woman hacks into husband's PC - literally Half of users attack their PCs Users smash up PCs in outbreaks of network rage Build your own Klingon disrupter Killer PC reference library The Register offers PC cleaning tips Bad Day Office worker captured on CCTV destroying PC. Stunt unfortunately, but still amusing Dan's Data: How to destroy your PC Project Eunuch NeXT cubefire Kay Buena kills in the name of art The Illustrated Guide to Breaking Your Computer Wally Dug Booby trap your PC 486 firing range Fully automatic: Thompson, M-16, and M-11 Identical disk drive platters: different bullets Fun with phones Mobile Squelcher jams cellphone calls Mobile Phone Squelchers - - Register readers weigh in Bastard Operator from Hell BOFH 2000: Kit and Caboodle ®
Team Register, 11 Oct 2002

Outlook Express in crypto processing flaw

Code used to authenticate messages to Outlook Express users might be turned against them by attackers to run hostile code on victims' machines. Microsoft's latest security advisory warns that a buffer overflow flaw in the Outlook Express S/MIME parsing functions "could enable system compromise". Redmond has issued a patch. Yes, it's yet another critical security flaw, affecting only Outlook Express users. Other email clients, including Outlook, are immune. Microsoft's advisory is vague about the precise cause of the problem. To authenticate messages, Outlook Express supports digital signing of messages through S/MIME. The fault here lies in the code that generates the warning message when a particular error condition associated with digital signatures occurs. Because of this buffer overflow bug, an attacker could create a digitally signed email and editing it to introduce specific data, which exploits the buffer overflow bug. This would either cause the email client to fail or, much more seriously, cause the mail client to run code of their choice on a user's machine. This vulnerability could only affect messages that are signed using S/MIME and sent to an Outlook Express user. Credit for finding the flaw goes to Noam Rathaus of Beyond Security. ®
John Leyden, 11 Oct 2002

Is this the end for .net.uk?

The second level domain .net.uk may be dead before Christmas due to underuse, thanks to the changing Internet world. A recent subcommittee of Nominet's Policy Advisory Board (PAB) concluded that it had outgrown its use and should be shut down to new applicants, with existing domains maintained until renewal, and then removed forever from the Internet. That conclusion was not accepted last week by the PAB main committee, and the subcommittee was asked to look again at how the domain could be opened up but chartered so its use remained relevant. However subcommittee chairman Clive Feather remains sceptical. "Just because that was the case with .net [the top-level domain], that doesn't mean it's right," he told us. Chairman of the PAB Peter Gradwell told us that it had considered the large volume of feedback that the subcommittee's conclusions had sparked and that it remained "unsure" whether the domain's rules could be changed to become more relevant while remaining strongly chartered. It is difficult to see how the subcommittee could reach a different conclusion however. It has argued that thanks to the changing world of network providers and ISPs (where some "ISPs" are no more than branded services), it was almost impossible to define what was an ISP and hence the .net.uk domain has no practical use. To open it up would put it on a par with .co.uk domains - a pointless exercise that would simply entail more protective registering and domain arbitration. The subcommittee also pointed to Nominet's own policy for the creation of SLDs. One states: "No SLD shall be created if its uses and functions are wholly or substantially encompassed by the charter of any single existing SLD." Another: "A new SLD shall not normally be permitted where a new SLD with a wider charter would better serve the interests of the Internet Community." Hence it argues that the .net.uk should be confined to the online dustbin of history. The figures also back up this point of view. There are currently only about 540 .net.uk domains. The largest number registered in one month was just 29 in May 1997. Last month (September 2002) there were five. This compares to around 50,000 .co.uk domains registered per month. Nevertheless, one PAB member (who was not present at the subcommittee meeting) has argued forcefully that the .net.uk can be made to work. Mr Feather told us he has just sent out emails to arrange a new subcommittee meeting. That meeting will produce a report for the next PAB meeting on 4 December 2002. If the report continues to argue for the demise of the net.uk domain and the PAB agrees, a meeting of Nominet's Council of Mangement could rule on it later that same month and the second-level domain will be dead in time for Christmas. ®
Kieren McCarthy, 11 Oct 2002

Channel mired in networking depression

The networking market remains in a state of deep depression, with recovery not expected until the second half of 2003, and resellers in particular feeling the pain. A survey published by channel analysts Global Touch tells a story of declining volume, compressed gross margins, and flat 'add-on' sales. Telco-orientated resellers are facing particular pressure from brokers/liquidators and service providers selling networking equipment below cost. And in the corporate sector things are scarcely better with firms simply not spending money - especially on networking kit - unless absolutely necessary. Recovery in the market is dependent on wider economic and political factors, which could conspire to make matters still worse, Global Touch forecasts. "Our best prediction is that the market should begin to recover in the second half 2003, assuming no war or a no 'double dip' U.S. recession. If either occurs, which is likely, the recovery that is so desperately needed may be pushed well into 2004, creating disastrous market conditions," said Denise Sangster, President and chief executive of Global Touch. Looking at Q3 2002, 94 percent of US respondents to Global Touch's survey said networking equipment sales were either below or extremely below the same period in 2001. Almost three in four (71 per cent) of European respondents indicated the same, while the remainder (29 per cent) said sales were flat. No-one reported improved sales. There was a significant increase in purchase order and projects cancellations in Q3 compared to Q2 2002, the survey found. Global Touch also quizzed resellers on sales of from the major equipment manufacturers. US respondents indicated that sales of Juniper Networks were moderate, Extreme Networks sales were flat, 3Com, Cisco Systems, and Enterasys sales were flat-to-very weak. European respondents indicated that 3Com, Cisco Systems, and Enterasys sales were flat-to-very weak, Extreme Networks sales were weak-to-very weak, and Juniper Networks sales were flat. Resellers expect equipment sales from most vendors to be either flat or down in Q4 2002, with the only bright spot been an expectation among European resellers that 3Com's sales may pick up over the remainder of the year. Looking further ahead, however, there was widespread hope that revenues in general would recover in the second half of next year. Global Touch's Q3 2002 Channel Tracker report includes data obtained from channel partners (i.e. distributors, systems integrators, VARs, resellers, and networking-focused service providers) in the US and Europe with combined revenues of more than $95.36 billion. The data for the Networking Equipment edition of the Channel Tracker report was collected from participants during the last two weeks in September 2002, and focuses on sales in the third calendar quarter (July 1 to September 30, 2002). A summary of the report can be found here, and the full report can be downloaded form Global Touch's Web site here (registration required). ® Related stories Networking vendors eat their babies Channel faces cash crisis
John Leyden, 11 Oct 2002

HP reaches out with software strategy

As the world moves down the road to a web services based future, HP, like every other vendor, is making its play in the big exciting world of applications on demand. Rather than setting up as a jack-of-all-trades, the new HP is collaborating and playing to its strengths in its latest web services software strategy. First, there was the announcement that HP will bundle a trial version of BEA Systems application server with every hardware server, starting with those running HP-UX. Then there's the news that HP staff will be trained in Microsoft's .NET web services platform and HP will work with Microsoft to ensure .NET based solutions work well in the large enterprise by using its expertise in designing, developing and operating large IT implementations. And let's not forget the partnership with IONA which will offer extensive support of its web services, J2EE and COBRA technologies, on HP environments. So far as the middleware layer is concerned, HP is utilising its partnership with TIBCO, which provides the Rendezvous messaging bus. HP would once undoubtedly have included Bluestone and Netaction, but upon pulling the plug on these businesses it's now looking to others to fill out the offering. HP's software strategy is to provide a services oriented infrastructure which best serves its customers. To achieve this, HP's software model uses both HP developed solutions, such as OpenView, together with those of partners. As with any partnering strategy the question is how deep does the relationship run and how do the companies stop queering each other's pitch. There is also the risk that the customer relationship may be lost, or at least diluted, if other vendors are involved. But there does appear to be a certain maturity in some areas of the industry highlighted by HP's strategy. The relationships with Microsoft and BEA clearly position these companies as the software stack for HP's hardware and infrastructure offerings. With the Compaq acquisition still fresh in the minds of many, it would be far too easy for HP to make a splash and try and prove to others that the new company cab do everything for everyone. The partnering approach may not make as many headlines as going for the Master of the Universe title, it shows a degree of common sense which should be welcomed by customers and, in the end, deliver results. © IT-Analysis.com
IT-Analysis, 11 Oct 2002

Office 11 Beta due within a month

The next version of Microsoft Office - codenamed office 11 - is not yet in beta, says Microsoft, but it is due within a month, Alun Williams writes. Yesterday Steve Ballmer announced that Microsoft already had the next Office release in beta, but this is not quite the case. 'We're not in beta yet', the Microsoft Office XP Product Manager David Bennie told us. It should happen in less than a month, however. Beta 1 will be a closed program with 6,000 copies released worldwide. Beta 2, following on in 2003, will be slightly more open with 3,000 customers involved. David Bennie was speaking about the XDocs application announced yesterday. Emphasising that "XML is the way to go" for Microsoft, he claimed that XML is steadily establishing itself in business use. He also fleshed out possible uses. Salespeople out on the road, for example, could record travel expenses and details of future meetings in one form. Each cell of an XDocs form could relate to different business requirements - meeting information going to Outlook, expenses info to SQL Server, etc. Essentially, XDocs is smart-form design application. With a simple front-end for user input, the forms can take advantage of XML for co-ordinating with important back-end business processes. The salesperson's identity, perhaps, could be used as the key to draw in any supplementary material and customer details could be populated from their name alone. Once back at base, the data would be synchronised. Bennie also foresees a role for XDocs outside of large corporations - small businesses, for example. "How many people use the forms capabilities of Word?" he asks rhetorically. XDocs could be used as a simple template for individual expense reports and such like. Note that whereas Office XP was the first incarnation of Office to allow saving of files as XML (as a different document type), XDocs will work natively in XML - there is no native format to translate. © PCPro.co.uk/
PC Pro, 11 Oct 2002

Mobile phone growth to stagnate in Europe

Western Europe's mobile phone market will stagnate at around the 300 million mark, says a new report. According to UK telecoms consultancy Analysys, mobile subscriber numbers in Western Europe have grown by only three percent in the first six months of the year and this will reach just six percent by year-end. This is down from 17 percent growth in 2001 and 53 percent achieved in 2000. Analysys said the dramatic slowdown was due to the fact that penetration rates have practically reached their ceiling. "Most people in Western Europe who want a mobile phone already have one," remarked Katrina Bond, lead author of the Analysys report on the subject. However, she added that mobile operators are starting to see increases in the amount of revenue they are getting from each customer. Analysys forecasted that Germany, Italy, Sweden and the UK (the countries it specifically examined) will all maintain their 2001 ARPU (Average Revenue Per User) levels this year. This, said Bond, was because operators have managed to grow revenues in non-voice services. Analysys predicted that they will earn 13 percent of their income from non-voice services this year, compared to 8 percent in 2001 and 5.3 percent in 2000. "This is a positive trend, but for it to continue, operators must succeed with the new messaging and entertainment services such as picture messaging and downloadable games that are being introduced now," commented Bond. She also said that operators must embrace wireless LAN services if they wanted to maximise future revenue streams. © ENN
ElectricNews.net, 11 Oct 2002

US tech job losses slowing?

The number of job losses in the US tech sector have hit staggering levels through the first half of this year. A report from the AEA, the American Electronics Association, shows that in the first few months as many as 113,000 employees were shown the door in one way or another. But hope is at hand - the organisation reckon that the rate of redundancies are slowing. The past couple of years have been positively brutal for the tech sector. Falling revenues, consolidation and an overall lack of impetus has left the market battered and bruised. And companies going to the wall have left a substantial dent in the US employment figures. From January 2001 to June 2002 it is currently estimated that as many as 430,000 employees have been made redundant from the tech sector alone. Looking at the estimated US tech sector workforce, this is a bite and a half. Last year, in March 2001, it was thought that there were as many as 5.7 million people working in the tech sector in the US. In June of this year it had fallen back closer to 5.3 million. That's roughly 8 per cent of the tech workforce that lost its job in recent times. Prior to the tech boom, back in the 90s, the US tech workforce was 4 million. The worst hit in the tech economy, it seems, is the manufacturing sector which is pummelled from left to right by every swing in fortunes. According to the AEA, since January 2001 right until June 2002, high tech manufacturing employment declined every single month. The communications industry didn't fair any better either. With its heartland firmly entrenched in the Internet it was battered by both the tech downturn and the dot com collapse. This led to employment in the sector falling by 6.4% between January 2001 and June 2002. Software got off relatively lightly with a comparatively moderate fall of 1% over this same time period. The feeling now is that the industry employment record may have hit a plateau prior, we all hope, to benefiting from something of an upturn. Unfortunately it's not going to be anything like it used to be. Certainly there are signs of a slow down in misfortune - but there are few corresponding signs of an upswing. It looks like this could be a long and bumpy road. © IT-Analysis.com
IT-Analysis, 11 Oct 2002

Who will buy O2?

OpinionOpinion Simon Rockman is the publisher of What Mobile, a monthly magazine/buyer's guide for people interested in mobile phones. The bursting of the telecoms bubble and the huge amounts paid for 3G licences are problems, which fed of each other. The effect will be felt for decades, perhaps even centuries. It's inviting future ridicule to sit here at the beginning of the situation, predicting what will happen. The folly of this can be seen in how bad predictions have been over the past few years, but I'm prepared to take that risk. Within the confusion that is set to reign there are some things that are obvious - 3G will be late and networks will go bust. There are other things that are not obvious. Somewhere between the two are surprising things within the obviousness. The UK has five 3G networks. They paid a total of £22bn pounds for them. That's £500 for every mobile phone user, about four times the market value or acquisition cost of an existing subscriber and of course none of these are acquired customers. Someone in the UK will fail, and the question is "who?" The obvious candidate is the new entrant. Even in the afterglow of the auction 'wins' Sir Chris Gent told me that he thought the business case for a fresh, ground-up start was weak. But Mandy-Rice Davies applies and more significant is the quality of the people at Hutchison 3G, now known as '3'. The company known as 3 is run by Colin Tucker, the man who was the technical brains behind Orange, he's surrounded himself with some of the smartest people who built Orange and cherry-picked the phone industry for the best people. And even more significant is the size of his wad. 3 is bankrolled by Hutchison Wampoa the company which did best out of the telecoms madness. Hutchison sold Orange to Mannesman. Mannesman bought Orange as a poison pill. The German company thought that if it owned Orange there would be no risk of a takeover by Vodafone. No-one had ever managed a hostile takeover of a German company before and if Mannesmann owned a UK network then Vodafone would be unable to buy Mannesmann, the law doesn't allow you to own two competing mobile phone networks. Orange was also a good, well run and hugely profitable business. So with both a business and political incentive Mannesmann bought Orange from Hutchison. As part of this deal Hutchison received a significant shareholding in Mannesmann. Lots of shares at a great value. But an Orange towel on the deckchair and centuries of legal precedent wasn't going to stop Vodafone. There are lots of telecoms companies that are adept at financial management and lots which are great at mobile phone technology. Vodafone is good at both. If you have to pick what it is best it, then the money side wins. Vodafone is probably the best company in the world at running its financial affairs, understanding what to buy, when to buy, what to fix because it is broken, and what to sell. In the most audacious takeover, Vodafone bought Mannesmann. This took a lot of waving of cash at the German shareholders and so they came away with an amazingly inflated deal. One of the biggest shareholders was Hutchison. In return for all its large value of Mannesman shares, Hutchison received a large number of Vodafone shares, which had been sold hard to the Mannesmann shareholders and had a value that reflected this. In short Hutchison sold Orange twice, winning on the accumulator. Shortly after Hutchison sold a lot of Vodafone shares. So many that two brokers were appointed, one of the largest trades ever conducted. This left Hutchison with a lot of money. The kind of money that would launch a space project, or a 3G mobile phone network. The UK network which will fail won't be 3. Nor will it be the astutely-run Vodafone. That leaves us with Orange, T-Mobile and O2. The first two have an intrinsic geographical advantage. They use 1800Mhz technology on GSM. The cells are smaller and so they need more of them. This means they have more land and so the cost of rolling out 3G is less for them than it is for O2 or Vodafone. Orange is better placed than T-mobile, with more subscribers - the most in the UK and more cell sites. It might be a significantly less go-ahead company than the Orange of old and become a follower rather than leader, but it still has some of the old flair and has the real estate. In time gone by One 2 One would have been the poor relation, but with the purchase by Deutsche Telekom there seems to be a new vigour, some of this, no, a lot of this is misguided. The company looks at how it was a poor number two to Mannesmann in Germany and through technical pioneering has overtaken the new Vodafone owned company to be number one. T-mobile thinks it can do the same here. What's wrong with this picture is the belief that technology was the driving force. It wasn't, xenophobia was. The Germans didn't like their company being bought by Sir Chris' mob and decamped to Deutsche Telekom. Of course in the UK the opposite applies, we might be more used to other nations buying our companies (Union Flag MINI anyone?) but similarly there is no patriotic incentive to leave Vodafone and T-mobile still has the smallest base. As an aside the patriotism card shows the shrewdness of Vodafone's sponsoring Ferrari Formula One. An Italian car with THE German driver helps make the people feel part of the Vodafone family. Winning everything in sight helps, and making the OrangeArrows look feeble just warms the Vodafone heart. Expect T-Mobile to follow suit, perhaps with Ralph-brother-of-Michael's team Williams BMW. So Orange has the infrastructure and T-mobile the political will. That leaves O2, but you knew we were heading there anyway from the headline. O2 is a very-badly run company. The decision making is confused and power so diluted that there is no strategy or direction. The company, like BT, is so self-absorbed that people there don't think of their rivals in business as being their opposite number at other networks, but as those people they work for or who work for them. Purchasing is a complete mess. O2 ordered 165,000 RIM Blackberrys. In the first six months they sold 6,000. And were proud of it. The order has been cut back substantially but this means that O2 has lost its exclusivity and still has a stockpile. It's also not the way to treat suppliers, although such things are a habit with O2. Despite having warehouses full of £400 Blackberrys, O2 decided to take the HTC Wallaby. Remember O2 is a network not a handset manufacturer, and has little in the way of systems to merchandise, sell, train staff or run telephone support for handsets. Wallaby is a lot more than a handset, it's a Microsoft convergence product, a new version of Pocket PC OS, very difficult to support and generally unwanted. HTC makes the iPaq and the Wallaby was originally designed for Compaq, Compaq didn't take it and so the design was touted around the mobile phone industry. No-one wanted it. No-one except BT Cellnet. Now renamed O2 they called the device the XDA. (Someone should find out who comes up with these names and take away his bag of Scrabble letters). The XDA is an OK product, in a couple of years time once HTC and Microsoft have learnt a by the initial mistakes it will beget an excellent product, but the problem O2 has is quantity. The most successful PDA in Europe is the Nokia 9210; this sold 53,000 units in a quarter. Handspring is rumoured to have sold fewer than 20,000 treo's in Europe. For the XDA, O2 only has the UK and a minor presence in Germany and the Netherlands. A sensible number of units to buy would be 15,000. A wildly optimistic number would be 30,000. No, O2 is suspected to have bought 100,000. We've seen the first £100 price cut, expect more. I don't know if O2 has been able to cut the order, the availability of the device in other parts of the world might mean this has happened or it might mean that Microsoft is so keen to get units out there it has persuaded HTC to sell it more widely. The likely answer is both. Cutting orders is something O2 is getting a taste for, ask Quanta which was to have a phone sold exclusively to O2 with a pop group tie in, or Sharp, O2 ordered a very large quantity of camera phones and then cut the order by 80%. Even with all these cuts, O2 has far too much stock, mobile phones age like fresh fruit, on What Mobile magazine we see something like three new phones a month, if a phone is still selling well after six months it is a classic. The XDA will soon be trounced by the Hewlett Packard 928 and the SonyEricsson P800, but O2 can't push either of those as it has XDAs to sell. Just watch the customers migrate to other networks. Getting new ones is expensive. It might be interesting to dig through the O2 accounts and see how the shed loads of hardware is shown. Is it an asset or a liability? It might have a nasty habit of turning from the former to the latter. Which makes O2 look frail. When the problems come home to roost it's going to look bad, worse in the light of Vodafone. Both Cellnet and Racal-Vodafone launched in January 1985, like rival siblings they grew up together, one became fantastically, world-conqueringly successful, the other didn't. When O2 hits problems it won't be alone there will be lots of networks around the world looking for suitors (and so depressing the price). At the same time Vodafone will have bounced back from its sub £1 share price. While all the networks have posted disappointing results, Vodafone with a massive loss, I suspect there is an element of asking an accountant "what's two plus two"; the answer is "what do you want it to be". Vodafone's huge write down will lead to a strong turn around making Vodafone shares powerful currency when the time comes to shop for other networks. So while Vodafone will be buying O2 will be selling. The customer for O2 won't be Vodafone, but there is no shortage of other candidates. Once again politics is as much of an incentive as business. One candidate is the only company bigger than Vodafone: Japan's NTT DoCoMo. Meeting Vodafone on its home ground is going to be hugely attractive, but there are other companies to entertain. At the time of the 3G auctions there were a lot of companies, which were tempted to dabble in the profitable world of telecoms. The climate is different now and there won't be a headlong rush but the broadcaster Sky should not be discounted, nor should Microsoft. This is more than a matter of looking to see who is rich, Microsoft having conquered the desktop and having made good inroads to the living room now wants the bedroom with x-box and your pocket with Smartphone 2002. But Smartphone is failing to impress handset manufacturers. The rival Symbian operating system is being used by Nokia, Motorola, SonyEricsson, Siemens, Matsushita (Panasonic) and Samsung. Just the top three from that list is 80% of the handset market. Microsoft has licenced to the new British start up Sendo, and the Far East PC clone makers TCL, Compal and HTC. Total current mobile phone market share less than 0.1%. Samsung also has a licence for Smartphone 2002, but is known to be working on Linux, and Palm devices as well as Smartphone and Symbian. None of this looks too good for Microsoft. It's worse because at the beginning of this year Siemens jumped ship from Microsoft to Symbian. If Microsoft took an interest in O2, perhaps with long time friend BT 'saving' the company it had sold to 'help' shareholders then Microsoft would be in a position to specify the handsets it bought, and you can guess whose operating system it would choose. This might lead Nokia, perhaps through the customer which got it into the GSM business in the first place, Sonera to have a sniff. The rivalry between Microsoft and Nokia is a major driving force in the industry, not usually for the good. When valuing O2 there is the issue of the 3G licence. BT paid over £4bn for the licence but when O2 was floated it only took £1bn of the debt. It could be seen that the asset is worth £1bn, or it could be another liability. We've seen operators start to walk away from licences, perhaps it is worthless. The assets that are of most interest are the GSM network and 11 million customers. There is one company above all which could most use those. A rich company. 3. The model on which 3G is being built is of islands of 3G in a sea of GSM, all phones will need to be dual mode to work outside the areas where 3G operates. The 3 network has said that when it launches it will cover 60% of the UK population, that's a much, much smaller geographical area and doesn't include in-building coverage. Something Colin Tucker taught the world with Orange, a lesson painfully learnt with Rabbit, is that coverage matters more than anything. To provide 3 with a GSM network there is a co-operation with O2. taking over the company would give 3 better access to the network and an element of control that is lacking in a licence deal. An example of this is O2's refusal to adopt EDGE. Dave McGlade, O2's managing director, says that EDGE, which triples the data speed of GSM isn't needed because we have 3G. For a lot of the world it is needed because 3G will be late. For a joint deal between 3 and O2 (where's that Scrabble bag?) EDGE will be needed to give a respectable data rate when outside the islands of 3G. The 3 network could give O2 the management skills it so badly needs. Removing one of the UK rivals must seem attractive to 3 but the O2 3G licence remains a stumbling block. The 3 network got the biggest amount of radio spectrum because it was the new entrant. If 3 bought O2 then Vodafone's legal department, which is almost as wily as the accountants, would no doubt contend that 3 and O2 no longer constitute a new entrant. The one company certainly can't have all the 3 and O2 spectrum, but if 3G is going to take off so slowly the need for more spectrum, and so the value of it - to use it you have to build better equipped cell sites - is questionable. Perhaps it is best re-farmed among the new quartet of the networks. © What Mobile
Simon Rockman, 11 Oct 2002

Todmorden might not get broadband

There are fears that Todmorden in West Yorkshire might not be upgraded to DSL because some ISPs are failing to pass on information to BT Wholesale. Last month Todmorden became the first exchange in the UK to hit the threshold in a demand-led initiative to get areas without broadband upgraded to xDSL. ISPs then had six weeks to verify those registrations as genuine. Once achieved, BT Wholesale would then proceed and invest the necessary cash to convert the exchange to broadband. Yesterday, though, BT's own ISP, BTopenworld, admitted that it had failed to contact any of those in Todmorden who had registered their interest. The ISP also admitted that it had not accepted any orders either. Now, Net users from Todmorden and other parts of the country that have hit the trigger level, have told The Register that other ISPs have also failed to verify orders or pass on the information. Unless this process is completed, then it's possible that exchanges won't be converted to broadband. In the case of Todmorden, it has until October 22 to convert 150 pre-registrations to firm orders and there are real fears that this deadline might be missed. One reader from Todmorden told us: "Given BTopenworld's admission that they haven't converted any orders as yet, I am now under the impression that there is no chance we'll get broadband services." If Todmorden were to fail to reach its target, then it would come as a major embarrassment to BT, which is currently spending £33m to promote broadband in the UK. However, BTopenworld is not the only major ISP that is failing to pass on details. Those running the campaign to get Leek in Staffordshire converted to xDSL are also concerned at the lack of interest from ISPs. "It's great that somebody has finally exposed the BT Wholesale Pre registration Scheme for the farce it really is," said the organiser of the broadband4leek campaign. "Since going onto 'phase2' (the advance orders phase), there's been little evidence of the big ISP's doing anything to confirm the pre registrations, so the problem is far more widespread than just BTOpenworld. He claims AOL UK, BT, Freeserve and Tiscali are telling Net users that they know nothing about having to get advance orders. These claims are supported by other users who've contacted The Register claiming that they've drawn a blank with their ISPs. Privately, industry insiders also maintain that the big name ISPs have been reluctant to complete this second phase of he take the advance orders. Some people are so concerned at the apparent lack of progress they have even emailed BT CEO, Ben Verwaayen, calling on him to intervene. Andrew Ferguson, from ADSL Guide is well aware of the problems facing people on the ground. "It appears to be the larger ISPs that aren't taking part with some not visibly collecting registrations," he said. This, he believes, is more than an oversight on their part since they've had since mid-summer to prepare for this. Asked whether he felt Todmorden would reach its threshold by the October 22 deadline he told us: "I wouldn't put any money on it." A spokesman for AOL UK admitted that that the ISP has so far not passed on any details, insisting that it only joined the pre-registration process late. However, it will be passing on the necessary details to BT Wholesale from next week. A spokeswoman for Freeserve denied that that the ISP had failed to play its part adding that it has verified the orders and passed on that information to BTWholesale. No one from any of the other named ISPs was available for comment at the time of writing. Of course, there are some ISPs that have been actively involved in the process and handling the advanced orders. Nildram and Zen consistently crop up time and time again as ISPs which are taking part in the initiative. As soon as exchanges hit the pre-set demand trigger levels they send out emails and phone people to confirm orders. Thanks to their action, many local campaigners looking to get their exchanges converted to xDSL are now calling on people to register with one of these two ISPs to guarantee that their interest counts. Worryingly, though, Zen reports that despite trying to convert registrations of interest into firm orders from the outset, it has only been able to confirm four in every ten orders for the Todmorden exchange. This lack of success - due maybe to the fact that people have either changed their minds, gone with another ISP or as a result of some of the pre-registrations being bogus - means that reaching 150 advance orders could prove even more difficult. BT Wholesale - the division of BT behind the pre-registration system - admits that the number of verifications received from ISPs "has been slower than it would have liked". But a spokeswoman was confident that Todmorden would reach its target. However, BT Wholesale has declined to say how many orders have been verified for Todmorden. The problem with this, is that if Todmorden does make it, it won't be known whether it was done legitimately, or by massaging the figures to avoid a public relations disaster. Nonetheless, in light of concerns about this upgrade process it seems likely that BT Wholesale will redouble its efforts to convince ISPs to cooperate and pass on the necessary information to make the process work. After all, it's in the interests of all concerned - BT Wholesale, ISPs and end users - that more exchanges are converted to broadband. Indeed, it seems the message is starting to get through. After being outed as an ISP not passing on any information, BTopenworld has told The Register that it has now contacted all those concerned at Todmorden to confirm orders and passed on those details to BT Wholesale. Although it wouldn't say how many orders it's confirmed, it said it had secured a "very high percentage". What's clear from this is that the broadband pre-registration system - a system set up by BTWholesale to convert exchanges to xDSL based on real demand - is based on good intention. But unless all those concerned are prepared to play their part, it is the end user who loses out. Again. ® http://www.theregister.co.uk/content/4/27541.html BTo admits 'oversight' in Todmorden pre-registration initiative
Tim Richardson, 11 Oct 2002

BTo admits ‘oversight’ in Todmorden pre-registration initiative

BTopenworld has admitted that it has so far failed to process any orders as part of a demand-led initiative to convert exchanges to DSL. The broadband pre-registration system was put in place earlier this year by BT Wholesale to map demand for broadband in areas that are not currently served by DSL. The idea is that if enough people commit to buying broadband, BT Wholesale will convert the exchange to DSL. Four weeks ago Todmorden in West Yorkshire became the first area to hit its trigger level. ISPs then had six weeks to convert those registrations into firm orders. However, with less than two weeks to go its been revealed that BTopenworld has failed to process any of its orders - a move which could mean that the Todmorden exchange is not converted to DSL despite more than registrations of interest. One reader, fed up with the way BTopenworld has failed to handle his enquiries, told us: "We have until the 22nd of Oct to convert 150 pre-registrations to firm orders. I say 'we' because it feels like BT don't want to take orders. "I have called BT many times to try to order the service. First few times I was assured that BTopenworld would be contacting me. "Finally after another three phone calls I have just managed to explain the procedure to BT's call centre that the service is not yet in Todmorden, that we have hit our threshold and I need to place a firm order to ensure we get the service," he said. That was two weeks ago and still BTopenworld has failed to take the order or respond to his requests. And this from a company whose CEO claims that broadband is at the heart of its strategy. A spokesman for BTopenworld admitted that the ISP's helpdesk "didn't know what the process is" to take these orders. He described this as an "oversight". Instead, he assured us that BTopenworld would start phoning and emailing those people this week to see if they are still interested in signing up. "We're confident that we will be able to contact all those people," he said. But not everyone shares the optimism and there are real fears that Todmorden could miss its chance to join the broadband revolution. A spokesman for BT Wholesale declined to comment on the activities of individual ISPs. Nor would he say which ISPs were not passing on the details or how close Todmorden was to reaching its 150 orders. But he insisted: "Registrations are coming through. We are confident that Todmorden will reach its target." ® Related Story Todmorden triggers ADSL checker first
Tim Richardson, 11 Oct 2002

BTo takes ADSL to the high street

BTopenworld has teamed up with high street electrical retailer Maplin to show off its business-class broadband service. SMEs will be able try out the service before deciding whether they want to fork out for the high-speed Net access. What's more, with more than 65 retail stores and in excess of 400,000 customers in the UK, Maplin will provide a "significant high street presence for BTopenworld", says BTo. To begin with, though, the demos will be taking place in only eleven stores - not 65. Which is significant, but probably for other reasons. ®
Tim Richardson, 11 Oct 2002

Gio Internet in Pipex plagiarism row

The boss of Gio Internet claims that the appearance of Pipex's Ts&Cs on his ISP's Web site was "a mistake". ADSL Guide reports that Gio's Ts&Cs look similar to Pipex's, except for in the place of the word "Pipex" it reads "Gio Internet". The giveaway, it seems, is the inclusion of the term "Public IP Exchange Limited" - the longwinded way of saying Pipex". Oh, and according to a screenshot on ADSL Guide the word Pipex also appears in Gio's Ts&Cs. Pipex boss, David Rickards, told ADSL Guide that he would be discussing this "clear copyright breach with [his] lawyers". The Register spoke to Gio MD, Khaliq Abdul, who said has removed the Ts&Cs in question. He has had not heard from Pipex or its lawyers over the matter. A new version of Gio's Ts&Cs should be up in the next couple of hours, he said. Asked about the alleged plagiarism of Pipex's Ts&Cs on his ISP's Web site he said: "Someone put the wrong file up." ®
Tim Richardson, 11 Oct 2002

Scottish ISP in repeat DDoS attack

Edinburgh-based ISP edNET was hit by a distributed denial of service attack, again. The attack started yesterday morning, and continued throughout the day, continuing until late afternoon today. Residual problems still remain. EdNET's customer status page said that the attack was minor but customers tell us that they have lost service because of the attack. edNET experienced a "minor denial of service attack" aimed at its webserver, an edNET problem ticketstates. "We have already filtered this attack and have contacted our upstream transit providers to have the attack filtered from their networks as well." One user writes to tell us that the problem is causing more problems than this message would imply. "To the best of my knowledge both business and home users have had no Internet access for the best part of 36 hours," he writes. edNET's status page indicates that most services are "OK" but reports "critical" problems with its external network No-one from edNET was available for comment on the issue at the time of writing. This week's attack follows a far more serious DDoS assault in early April this year which resulted in what it described at the time as a "catastrophic network failure". The ISP was also subject to another DDoS assault on July 21, according to its service status page. ® Related Stories Scottish ISP floored as DDoS attacks escalate
John Leyden, 11 Oct 2002

Messenger users get Henpecked

Virus writers have targeted MSN Messenger users with a childishly transparent, but at least partially effective, piece of social engineering. The Henpeck (or Rodok) worm began circulating to MSN Messenger users earlier this week inviting users to download and feedback on the 'readme' file of a program. The link contained in the message went to an executable file which, if users were daft enough to visit, attempted to download malicious files including a Trojan component, called Brat. If the malicious payload is executed, the worm mails itself a instant message inviting all the contacts of an infected user to catch the pox too. Afterwards the worm displays a fake CD key generator. Henpeck is also capable of stealing keys for the games Half-Life and Counter-Strike and sending them to a Hotmail email address. The site containing the worm has now been pulled, but not before infecting a substantial number of people. Those users should get themselves disinfected since their machines have been compromised with the Brat Trojan and further mischief might follow otherwise. It's not the first time virus writers have targeted Messenger users. Though most of these attacks haven't gone too far, they'll still given cause for concern. In March, security clearing house CERT warned that IRC and instant messaging (IM) services are increasingly becoming vectors for social engineering attacks. Henpeck is a prime example of this phenomenon. ® External Links More detailed descriptions of the worm by Symantec and Sophos Related Stories Instant message, cracker tricks First MSN Messenger virus
John Leyden, 11 Oct 2002

Introducing the latest hacker exploit: War Phoning

Bluetooth-enabled phones and PDAs with inadequate security could become the target of the next wave of security exploits, allowing phreakers to filch confidential information or even make calls using someone else's identity. Such War Phoning exploits, as they have been dubbed, arise because security features on Bluetooth-enabled devices are sometimes turned off by default, ZDNet reports. Early reports of the phenomenon come from this week's RSA Security conference, in Paris. "I have stood at the RSA booth in conferences, with my phone paging for other devices, and watched other people's devices show up," Magnus Nystrom, technical director of RSA Security, told ZDNet. He reports that many devices permitted access without requesting a "pairing code", opening the door to all manner of abuse - stealing personal data of passers-by or even making calls on other phones - in the hands of the unscrupulous. ®
John Leyden, 11 Oct 2002

Carly's bananas to worry about Dell ink

LettersLetters Quick question for you, by way of introduction:- What happens to naughty children who ring doorbells and run away? They grow up to become Fed Ex delivery agents! Here at The Register's West Coast Bureau, we're gathering delivery notices faster than we gather parking tickets, and that's saying something when you live slap bang in a the center of a small town which has far too many cars already, and nowhere to park. But six delivery notices in two weeks from Fed Ex line the office, and on five of those occasions, we were in, the local agent didn't even ring the bell. Racing downstairs in indecent dress one morning this week, we managed to collar one agent (he had actually rang the buzzer) before he could run away, and asked why so few delivery attempts were actually attempted. "There's all those codes and numbers to press," he said before shrugging and walking off. See, no matter how clever your automation systems might be - and FedEx was the first to provide web-based tracking, and we've met the CTO and he's a very smart guy indeed, it all falls apart if your human wetware isn't up to the job. Technology CEOs should repeat, every day, the truth: which is that the world is held together by people who value doing an excellent job - bakers, cheese makers, hacks - and when such people are aren't valued, it isn't a sign of a healthy economy, it's the sign of a sick one. Excellence is the invisible string that keeps us from barbarism. Now Dell Computer has been praised for its focus on process automation, and damned too: but one conscientious employee wrote to take issue with our summary of its Linux business. In Dell nukes HP with printer pledge we wrote:- But Dell doesn't know anything about Linux either, arrived late, and it's made a success of its Linux business. A Dell Linux team member replies:- I'd like to suggest that you better check your facts when making such claims. Dell has been factory installing Linux since Red Hat 6.1. While I appreciate your correct assessment that we have made a success of our Linux business, we certainly did not arrive late. Furthermore, this is readily apparent when attempting to order Linux as a factory installed option from the various hardware vendors offering Linux solutions. For example. Gary Lerhaupt Linux Development Dell Computer Corporation Now Gary doesn't work in PR, but he did their job for them. So thanks. Dell isn't just populated by robots and prisoners. Carly reckoned that HP's printer ink margins justified continued investment in new work, but not everyone agrees:- What's left to R&D? Printers are now producing photographic quality prints. This fits in with the general problem of the computer industry today: the computers we have now are sufficiently big and fast for the HUMAN SCALE jobs of the average user. We are now at (or at least very near) the point where more resolution is needed. So what's left to research and develop? Maybe longer lasting inks, or more speed. But we are close to the point where there is no point in further innovation. Do we need attoliter droplets in our prints? So much resolution that a microscope is needed to see the pixels? No. John Hinkley Thanks John - but that's the old "computers don't need to get any faster" argument people used to advance when text based Windowing systems were vying with GUIs. I was one of the people who argued this, and I was wrong. In an article by ARS analyst Gary Petersen entitledDude, Who Cares That You Have Printers?, which we recommend wholeheartedly:- "Dell will sell more consumables online, will be an influence in the corporate printer market, and will be doing this with very little risk to its own business model and profitability. But, Dell will not take the smallest of drops from Hewlett-Packard’s ocean of ink consumables profits, will not touch Epson’s hugely popular niche in photo printers, and will not dent Brother’s ability to sell to the low-end laser market," concludes Gary. It's a great read, and you can find it here.®
Andrew Orlowski, 11 Oct 2002

NEC chip heretic was not Fisted

We reported here that an outspoken critic of Itanium at NEC Leonard Tsai had lost his job because of remarks made about the troubled processor. Tsai's tall tale implicated a very tall man: Intel server chief "Iron" Mike Fister, an affable chap who earned his Register nickname "The Fist", after his bonecrushing handsake at a roundtable here a few years ago obliged us to write up the rest of the session left-handed, producing Jack-the-Ripper style notes we still can't read to this day. (We've packed a boxing glove ever since). According to published accounts, Tsai made some uninhibited, and very disparaging remarks about the IA-64 instruction set at a panel at Bert McComas' Platforms Conference in mid-July. NEC is an Itanic OEM, and recently debuted 16-way I2 systems. Tsai's remarks were gleefully cited by NEC rival Sun. Tsai then left NEC on August 1. "Beware The Fist!", we warned. Alas Tsai had already received his marching orders from NEC at the end of July, as his small Silicon Valley team was disbanded. So the notice was not linked to his remarks at the Platforms Conference. Tsai still seems determined to have us believe that he's at the center of a conspiracy. He might be, but he's not very persuasive. When we caught up with him at home, we asked why he had with held this rather germane piece of information. "I gave very specific answers to a set of questions," he told us. So was his dismissal related to his Itanic skepticism? "I can't comment on that. Officially…" he said. So what could he tell us unofficially? Absolutely nothing, it turned out. So until we he can provide a smoking pistol, we suggest taking Tsai's version of the story with a large quantity of salt. ® Related Story Miracle cures Berkeley man of Itanic wickedness
Andrew Orlowski, 11 Oct 2002