23rd > October > 2002 Archive

Evesham buys Welsh system builder

Evesham Technology has bought Mertec, a Welsh-based system builder specialising in server networks design and installation. Terms were undisclosed. Following the takeover, Evesham is reorganising its business, removing 12 jobs, mostly in management. The jobs of three senior executives will no longer exist. There are no news of job cuts at Mertec, but it does not appear to make commercial sense to have two assembly operations. Mertec has a useful customer base in Wales and has good experience in building big server installations. This will help Evesham in its quest for custom in the education and local government markets, the company says. Mertec founder and MD Roy Morgan is to take a seat on the Evesham board and will continue to run Mertec Evesham Technology, as it is now called. Microstore, the Welsh firm's Swansea retail outlet, is to be refitted as an Evesham store. ®
Drew Cullen, 23 Oct 2002

Baltimore launches Trusted Business apps

In a bid to revive its flagging fortunes, internet security software vendor Baltimore Technologies Plc has launched a new suite of pre-packaged software modules designed to offer secure solutions for networking, messaging and electronic document management. The Dublin, Ireland-based company has been through some tough times this year, with a voluntary de-listing from the Nasdaq stock exchange, and the sale of its cryptographic hardware and email filtering software businesses and Australian subsidiary, but will be looking to improve its finances with the new packaged application strategy. Known as the Trusted Business Suite, the application modules portfolio includes a set of business modules built on top of the core Baltimore Applied Solutions Engine (BASE) platform, which includes Baltimore's own authentication and authorization technologies. Designed to be deployed out of the box, the Trusted Business Suite comprises six application modules. In the networking field, Trusted VPN is a secure virtual private networking application that uses digital certificates and features user enrolment and management functionality, while Trusted Web includes access and authorization management capabilities. For secure messaging, Baltimore is introducing Trusted E-mail, a package that enables administrators to assign digital certificates to email users and digitally sign and encrypt emails, as well as Trusted Web-mail, which extends access to email messaging to extranets and portals. In the electronic document management space, known by Baltimore as Trusted Workplace, the company has introduced Trusted Documents, which provides secure digital signing and encryption for electronic documents, as well as Trusted Forms, which applies digital signatures and certificates to form-based web transactions. The company believes that by prepackaging its encryption and digital security technologies with business applications, it will be better positioned to target the corporate market. It will need to be. Despite increased interest in network and data security in the last year, Baltimore has been struggling. Its most recent financial results showed revenue down 43% at 22.1m pounds ($34.3m) in the first half of 2002, ended June 30, compared to 38.9m pounds ($60.5m) in the first half of 2001. The company's restructuring program has seen it sell its Content Technologies subsidiary to content filtering specialist Clearswift Corp for 20.5m pounds ($30m), as well as the bulk of its majority holding in its Japanese distributor to investment company CGI Ltd for JPY 900m ($6.75m). The company also sold its Australian subsidiary to local security company SecureNet Ltd for 2.1m pounds ($3m) cash, and its cryptographic hardware business to AEP Systems Ltd for 3m pounds ($4.66m) cash. © ComputerWire
ComputerWire, 23 Oct 2002

Cisco buy Psionic for IDS skills

Cisco Systems Inc is expanding its presence in the network security software space with the acquisition of small, privately held intrusion-detection software (IDS) vendor Psionic Software Inc. San Jose, California-based Cisco is acquiring Austin, Texas-based Psionic to boost the efficiency of its existing network-based IDS technologies. Founded in January, 2000 Psionic produces the ClearResponse intrusion management system, which works with existing IDS software to validate potential security breaches and reduce false alarms through the use of patented adaptive scanning techniques. Cisco is planning to integrate Psionic's software with its own IDS products to improve the performance of its network security technologies. Psionic's eight employees will join the Cisco VPN Security Services business unit under the direction of general manager Richard Palmer. Under the terms of the agreement, Cisco will exchange common stock worth $12 for all outstanding shares and options of Psionic. The deal has been approved by both company's boards and is due to close in the second quarter of Cisco's fiscal 2003 (ending January 25). Cisco is expecting to take a nominal one-time charge for purchased in-process research and development expenses. © ComputerWire
ComputerWire, 23 Oct 2002

Feds investigating ‘largest ever’ Internet attack

US Federal authorities are investigating an attack on the internet that has been described as the "largest and most complex" in history. Rather than a specific entity, the attack was aimed at the domain name system's root servers, essentially at the internet itself, writes Kevin Murphy. In a distributed denial of service attack that began 5pm US Eastern time Monday and lasted one hour, seven of the 13 servers at the top of the internet's domain name system hierarchy were rendered virtually inaccessible, sources told ComputerWire. "We're aware of that [the attack] and the National Infrastructure Protection Agency is addressing the matter," an FBI spokesperson told ComputerWire. No more information on the investigation was available. According to a source that preferred not to be named, the recently formed Department of Homeland Security is involved in the investigation, as well as the FBI, suggesting that authorities are concerned the attack may have originated overseas. "It was the largest and most complex DDoS attack on all 13 roots," a source familiar with the attacks said. "Only four of the primary 13 root servers were up during the attack. Seven were completely down and two were suffering severe degradation." The source said each of the servers was hit by two to three times the load normally born by the entire 13-server constellation. Paul Vixie, chairman of the Internet Software Consortium, which manages one of the servers, said he saw 80Mbps of traffic to the box, which usually only handles 8Mbps. In a DDoS flood attack, hackers take control of dozens or hundreds of "slave" or "drone" machines, then instruct them remotely to simultaneously flood specified IP addresses. The attack is believed to have been an ICMP (Internet Control Message Protocol) ping flood, which stops networked devices responding to traffic by pounding them with spurious packets. Freely downloadable hacker tools such as Tribe Flood Network, Trinity and Stacheldraht can be used to launch ICMP floods. One such tool was used memorably against Amazon, eBay and other big sites in the Mafiaboy attacks of February 2000. Mafiaboy, a Canadian schoolboy, was eventually caught after bragging to friends about the attacks. The DNS root servers are the master lists of domain names and IP addresses on the internet, the machines from which all DNS lookup information flows. If they were taken offline or became inaccessible, any application that uses domain names (email and browsers at the low end) would ultimately stop functioning properly. The best way to counter these kinds of attacks is "massive over-provisioning", said the ISC's Vixie. He added that the attack did not actually crash any of the root servers, rather it congested devices upstream of the servers themselves, so that very little legitimate traffic could get through. A spokesperson for VeriSign Inc, which manages another root server, said: "VeriSign expects that these sort of attacks will happen, and VeriSign was prepared. VeriSign responded quickly, and we proactively cooperated with fellow providers and authorities." Louis Touton, VP of the Internet Corp for Assigned Names and Numbers (ICANN) which runs another server, said that these types of attacks against root servers are common, but that the scale and the fact that all 13 servers were targeted set Monday's incident apart. He pointed out that no end users were affected. DDoS attackers operate with at least one degree of separation from their targets, and use spoofed source IP addresses to make tracing them virtually impossible. According to Vixie, the only way to stop such attacks happening in future is to make it too hard to execute them and get away with it. "The most important thing to come to light here has been known for some time. We've got to find a way to secure all the end stations that forge this traffic," Vixie said. "There's an army of drones sitting out there on DSL lines... There's no security at the edge of the network. Anyone can send packets with pretty much any source address." Richard Probst, VP of product management at DNS specialist Nominum Inc, observed the attacks, and said it was interesting that the hacker chose to attack the root servers for only one hour. Only a sustained attack on the root servers would have had an impact on end users, which tend to do DNS lookups in the first instance on data cached locally at their ISP. It is only after a longer period, when cached data starts to purge, that an offline root server could cause problems. "The root servers don't actually get as much traffic as others, such as those that handle .com, " Probst said. "It makes you wonder whether they were trying to stop things, or to show their knowledge of the system. It's almost as if these folks were exploring to see how the system would respond to this level of attack." © ComputerWire Related story Root server DoS attack slows net
ComputerWire, 23 Oct 2002

PeopleSoft aims to make noise in Europe

The opening day theme at PeopleSoft Connect EMEA 2002 in Paris yesterday was designed to address one of the problems that has been nagging at the enterprise applications company for years: the lack of awareness within the European market. "PeopleSoft in EMEA is no longer at a competitive disadvantage from a product point of view, but we are clearly at a competitive disadvantage from an awareness point of view," admitted president and CEO Craig Conway. "In a market where the volume for SAP is so much higher we have to shout more," he said. Ironically, this is the polar opposite of rival SAP AG's position, because while it dominates the European market, it has failed to make a similar impact within the US. The Pleasanton, California-based vendor is aiming to change that perception, and said that 25% of its business comes from Europe and over 1,000 of its 4,000 or so customer base are European-headquartered companies. It is also working to dispel the persistent myth that it is still an HR-centered company, pointing out that it has a fairly even balance across its four product areas in terms of license revenue. However, apart from its European mission, PeopleSoft is also aiming to carve out a fresh market opportunity and made it clear that the next area it is looking to is integration. Although it first revealed its intent at its US user conference in August with the launch of AppConnect, the scale of its commitment is becoming clearer. Rather than pursuing integration just in the context of easing integration between PeopleSoft products and third-party products, it has visions of establishing itself as a middleware provider. According to Conway, due to the company's adherence to standards and an internet-based architecture, the PeopleSoft portal is not generic to PeopleSoft applications and is deployed for non-PeopleSoft applications, maintaining that 425 customers run the portal to coordinate both PeopleSoft and external applications. "Maybe we can do the same thing for middleware application brokers," he said. These statements should be viewed with caution, as the reality within the portal sector is that no vendor has built the perfect enterprise portal and along with vendors like SAP and Oracle, the PeopleSoft portal is most appealing to existing customers, despite its ability to reach outside itself. Also, its potential impact on the industry will be muted as he was only referring to a subset of the integration sector. The emphasis highlights the growing competition among enterprise application vendors to address the integration issue. As far as other areas are concerned, PeopleSoft announced the expansion of its Accelerated Solutions initiative, whereby it offers fixed-price, fixed-scope implementations, to Germany, Italy, Spain and Switzerland. Previously this service was offered in France, the UK and the Netherlands. It also announced an application targeted at the professional services automation market, which provides facilities to enable staffing or service companies to manage resources and match skilled people to available jobs; a global payroll solution which consolidates pay information from multiple geographies into a single database while enabling localization on top; and version 8.8 of its Enterprise Performance Management (EPM) solution which offers enterprise-wide risk management which provides features designed to meet the requirements of the upcoming Basel Capital II Accord. The final announcement was an expansion of its existing alliance with IBM. Under the wider agreement, PeopleSoft's Human Capital Management software will form the core of the eHR component of IBM's Dynamic Workplace initiative that aims to offer intranet-based collaborative technologies for organizations in order to drive employee efficiency and company agility. While the agreement is highly significant for PeopleSoft, it may be less important for IBM, which is ramping up its partnerships with software vendors and has a strategy of building non-exclusive vertical alliances. © ComputerWire
ComputerWire, 23 Oct 2002

MS releases Office 11 to beta testing

Microsoft Corp has announced that the next version of its Office suite, codenamed Office 11, has entered the first beta testing stage. The release of the new version comes as Microsoft arguably faces more competition in the office productivity software market than at any time in its history. Redmond, Washington-based Microsoft dominates the desktop office application space, with Office taking about 90% of the market, but is coming under increasing pressure from proprietary software vendors such as Corel Corp and Sun Microsystems Inc, as well as open source projects such as OpenOffice.org. Some of the new key features in Office 11 could actually make it easier for those competitors to compete with Microsoft, as the company moves to support more open file formats with the adoption of XML. One factor that has limited the functionality of competitors such as Sun's StarOffice has been their ability to handle Microsoft's proprietary file formats. As Microsoft becomes more open, it could actually be opening the doors to the competition. Microsoft's response to this potential outcome is to use the file formats to increase integration and collaboration with other Microsoft applications and services. Office 11 will feature tighter integration with Microsoft's SharePoint Team Services web site software, enabling users to more easily collaborate and communicate with team members. Office 11 will also feature new functionality called Smart Documents, which connects documents to other relevant content and applications. The company is also developing a new application that may become part of the office suite, codenamed XDocs, which will incorporate word processing and graphics capabilities, and is designed as a single input point for data that can be shared by multiple existing applications. XDocs is due for release alongside Office 11, although Microsoft is yet to decide if it will be part of the suite, or a standalone product. Microsoft is keeping further details of Office 11's functionality close to its chest at this stage. The first stage of the beta testing process involves only 6,000 internal and 6,000 external testers, with only select testers having access to the first beta version. There will be a second more open beta testing version before Office 11 becomes generally available in mid-2003. © ComputerWire
ComputerWire, 23 Oct 2002

Xandros Linux: ‘It just works’, even with Windows stuff

ReviewReview The "premier release" of Xandros, formerly known as Corel Linux, is being released today at the Xandros.com Web site. Individual users can pick up a copy for $99, and corporate/enterprise users will see a discount price for multiple licenses. I was lucky enough to get an advance copy of Xandros to play around with. This distribution is Linux through and through, but it could just be the Linux that will truly snag a market that is looking to escape from the confines of Windows. Xandros came in a real box, with a real 220-pages long user guide, and a single installation CD. As Roblimo would say, I popped the CD into the beverage tray. The first thing that came up was the Xandros Installation Wizard. "The wizard will help you to install Xandros Desktop." Next was the license agreement. It was one of those (quickly-becoming typical) EULAS that mention the GPL stuff and then the proprietary stuff. Interesting about this license: There was no license to read BEFORE I opened the box, no shrink wrap or seal on the package, and yet the final paragraph of the EULA states that if I don't agree with the license and haven't broken the seal on the software I can return it for a refund. Oops! Too late. Of course, this is a review copy -- perhaps yours will be shrink-wrapped with a copy of the agreement on the outside. The next screen presented a choice between an express install and a custom install. I chose the custom just to see what I could fiddle with. This brought up a screen that lists all software available, with check marks next to the defaults. These include Crossover Office and Plugin, plus all the usual included-with-your-distro software, including OpenOffice, games, Palm utilities, editors, and Adobe Acrobat reader. I simply left the defaults in place. Next I could choose whether to use the free space, take over the disk, resize a Windows partition (including NTFS and FAT 32), or "manage disks and partitions," something Xandros recommended for experts only. I ultimately told it to take over the disk, but peeked into the expert mode and found a disk druid like utility that would allow me to resize current partitions, delete them, reassign them, and choose to either format them or leave them as is. Next I was asked to choose the root password, or administrator account, as Xandros calls it. There are also options to "enforce strong passwords" and "make user home folders private," all things that should make most security-conscious Linux people happy. Then, just as in most Linux graphical installs, I was given the option of creating user accounts. Xandros recommends creating at least one user account. Even without strong passwords enforced, it still required a six-character password for a user account. Next was the installation summary, and because I had opted to "take over disk," Xandros gave me a blinking red warning that all my data would be destroyed. I noticed that Xandros thought I had no network interfaces, though my PCMCIA NIC was firmly in place and plugged into my network. I clicked on "Finish," and Xandros went to work installing the files needed. After 16 minutes, Xandros said it was done and I restarted the computer. While it is booting up, the messages look just like the Lindows start up messages, an eery reminder of the history between Xandros and Lindows and Crossover, a current partner with Xandros. Then came the login screen. I typed my name and password, and the KDE desktop, with a Xandros logo substituted, booted. The desktop is familiar graphical Linux stuff. A "First Run Wizard" greeted me and led me through most all the options you'd normally fiddle with when installing Linux, such as setting which hand I would use the mouse with, setting the time and time zone, and setting up a network connection. Now, my network card was recognized, and connecting was ever so simple. I just accepted all the defaults and was online in about two seconds. Then I could set up my printers, tell the desktop which Operating System to simulate: UNIX, Windows, Apple MacOS, or KDE (which isn't an operating system, but it was an option nonetheless). UNIX looked just like a standard KDE desktop to me; Windows didn't look much different; Apple MacOS was cool. I flipped it back to the default for the purposes of this review, but would probably go with the Apple look if I decide to keep running this distribution. Conspicuously and happily missing was the X configuration stuff, which is almost always a pain in the rear, especially on laptops. Xandros just detected the hardware and employed what it considered to be the best settings. Works for me. Next was the registration screen. You'll have a choice to register online or skip it. That was it for the "First Run Wizard." One really, really interesting feature of Xandros is the ability to switch users mid-stream, or to have two users logged on to the same computer simultaneously, simply by selecting "Switch User" from the launch menu. This option can be set so that you have to re-enter your password when switching back to your desktop, or you can leave it so that no password is necessary. For family groups using the same computer, this will be a very convenient option for a quick email check -- no need to log out, just switch users. And being that Xandros is based on Debian, you're still able to run apt-get from the console to pull down any applications you want or need. Of course, with Crossover Office and CrossOver Plugin installed by default, you'll also be able to install your Windows programs. Let me tell you: Internet Explorer 5.5 runs beautifully in Xandros. I've used Crossover to install Explorer on Mandrake and SuSE, with only partial success. But everything about Explorer is right this time: the fonts, the javascript, the layouts, the speed -- everything. In fact, everything that Crossover has said is solid in its products is also solid in Xandros. You won't have any problems installing MS Office, or Quicken or Lotus, or any of the myriad plugins Crossover normally supports. Having said that, you need to know that Crossover is not supporting the version that comes with Xandros. For support, you'll have to pay extra. The nice thing is, you probably won't need any support. "It just works," is what Xandros CEO Michael Begos told me. Now that I've had the chance to install Xandros and run it, I have to agree. Xandros is touting the control center, which looks just like the control center in Windows, including the display setting options, and the fact that users can access Windows files and share printers with Windows on a network. The menus are grouped logically; there's a "Launch" button where the "start" button usually is in Windows; the default taskbar icons are helpful: switch user, volume, the typical Windows-like connected computers icon for when you're online, the Mozilla browser, logout and lock screen buttons, the file manager, and mail. Everything that is installed works. The only problem for Windows users I would foresee is the lack of a major graphics manipulation application like The Gimp. They're probably not going to know how to get a copy of that and install it; and CrossOver Office doesn't support any graphics apps like that yet. Xandros seems to be what Lindows could have been if it had stayed true to its Linux roots, both product-wise and philosophically. I like Xandros; I like the ease of use combined with common-sense security options and configurability; I like that it reaches out to Windows users without alienating the Linux community; it may just end up becoming the main distribution in my house. © Newsforge
Tina Gasperson, 23 Oct 2002

Lotus chief worked, not fibbed, self out of job

"Former Lotus CEO speaks candidly about job shift," says the tantalising Computerworld headline and, given the colourful circumstances which preceded Jeff Papows' departure from Lotus in early 2000, how could anyone resist? Regrettably, Jeff's 'candid' interview makes no mention of the sexual harrassment charges or the grisly exposure of his highly imaginative tales of his hard upbringing and heroic exploits as a Marine Corps top gun. He does lay something on the line, but it's er, "I basically worked myself out of a job. I mean, at that point Lotus had 60% of the market share." So it was great when he was there, and anything that's happened since obviously can't be his fault. Nor can his departure have had anything to do with IBM bringing Lotus into the fold, clipping exec wings as it did so, or with any silly stories about what Jeff claimed he did with hand grenades. But they were jolly funny stories, and well worth repeating: "So he's not an orphan, his parents are alive and well. He wasn't a Marine Corps captain, he was a lieutenant. He didn't save a buddy by throwing a live grenade out of a trench. He didn't burst an eardrum when ejecting from a Phantom F4, which didn't crash, not killing his co-pilot. He's not a tae kwon do black belt, and he doesn't have a PhD from Pepperdine University" (The Register April 1999. Jeff of course didn't remember saying any of that stuff, but for your entertainment you can find more things he didn't remember here and here. ®
John Lettice, 23 Oct 2002

MGIF publishes m-gaming standard

The Mobile Games Interoperability Forum released its new specifications this week, giving mobile gamers another reason to prepare for an industry explosion. As handsets improve and wireless data networks grow faster, it's a generally acknowledged fact that the market for mobile gaming will grow to become massive before the end of the decade. A report from Frost & Sullivan earlier this year claimed that in 2001, the mobile gaming industry generated revenues of just USD436.4 million from downloadable, message- or Web-based games. By 2008, however, the industry will be worth a massive USD9.34 billion. With these kinds of figures in mind, the Mobile Games Interoperability Forum (MGIF) publicly released its v1.0 specifications on Monday. The specs release represents one of the first steps toward addressing the many portability and interoperability issues that the industry faces. For example, many "play anywhere" Java-based mobile games must be re-written to run on different handsets -- all of which have varying ways in which users input commands. With the new set of rules, game developers and handset makers will be one step closer to resolving this and other issues and will have a basic set of common, reusable functionalities in the form of programming APIs (application program interfaces). These are among the core functionalities for server-based mobile games. "Since its inception, mobile gaming has been fragmented because of a lack of standards and a plethora of portability and interoperability issues," said Paul Goode of Motorola, chairman of the MGIF. "This specification is about lowering the technical barriers so that the entertainment industry can exploit the great potential of mobile phones as a channel to market." Goode also said the MGIF v1.0 specs will provide benefits for all stakeholders in the mobile gaming space, including developers, publishers, platform companies, operators, handset manufacturers and end users. The latest specs could also pave the way for future standardisation in the industry, MGIF said. Along with the announcement, the organisation said it would soon be integrated into another industry group, the Open Mobile Alliance (OMA), a newly launched standards body established to make mobile technologies more interoperable. Currently, the OMA is in the process of incorporating the Wireless Application Protocol Forum, the Wireless Village initiative, the SyncML Initiative Ltd, the Location Interoperability Forum and the MMS-IOP group. The MGIF is an industry forum founded in July 2001 by Ericsson, Motorola, Nokia and Siemens. The group said that following the publication of these new specifications, future focus within the MGIF will include addressing developer issues on the handset side. On 7 November in London, the MGIF will host a Requirements Workshop, gathering input on both server and handset issues to be addressed in later releases. For more information visit the group's Web site. © ENN
ElectricNews.net, 23 Oct 2002

Novell touts MySQL with Netware 6

Novell this week has finally found a solution to one of its underlying problems. Despite the fact that it offers a raft of network management, policy management, security management and central repositories, most notably with its eDirectory, it's never had a database. This was problematic in two respects, first it meant that Novell had the tiresome task of ensuring everything it made was compatible with a range of databases and second, it meant that it couldn't offer a complete solution. This week, Novell has redressed this by turning to open source for the solution. MySQL is the solution that Novell is eyeing and, according to reports, the firm plans to bundle a copy of the hugely popular open source database with its Netware 6 product. MySQL, the most popular of the open source databases, will be presented as a free bundle for all Netware 6 customers. It comes with a twist though. Instead of companies being tied to the MySQL General Public License the product will ship under a commercial license. This will mean that anyone who develops to the database under this license will not have to submit their developments to the open source community. In this respect it's a lovely little addition. It's free, it shores up something of a hole in Novell's deliverables, albeit not a very significant one, and it will give NetWare 6 users a taste of what much of the web community already love: MySQL. In recent years MySQL has soared in popularity as web developers in particular have turned to the database as a cost effective way to develop a fully functional site. Rather than spend millions on a larger system like Oracle, web developers have found that they can build and deploy database-driven sites at half the time and with considerably less cost. Better still, you don't have the transaction lag that you get from many of the larger systems - giving web sites blistering performance - for free. This, we expect, is where Novell sees itself making some gains. Bundle NetWare with MySQL, advise on scripting languages like Perl and PHP, underpin the whole thing with Apache and suddenly a whole raft of new users will have access to a phenomenally powerful database system with the many benefits of a world-class network operating system, NetWare 6. Further to that of course it will take MySQL into new territories which won't do it any harm at all. The new bundle will be available in December of this year. According to Novell, anyone that avails of the new offer will find that, "...MySQL is a proven solution that can substantially reduce the expenses associated with a large number of database installations. Novell customers and partners will discover excellent performance, stability and reliability." Indeed, it's proving a very popular route for these large scale system producers which the database element in their offerings. Recently Sun had said it was planning to bundle MySQL with a number of its servers. Microsoft, in particular, had better watch out. © IT-Analysis.com.
IT-Analysis, 23 Oct 2002
Broken CD with wrench

StorageTek pumps ATA drives into BladeStore

Advances in sub-systems are rarely groundbreaking - they simply mean data runs faster, only to hit a bottleneck elsewhere. But "groundbreaking" is what StorageTek is claiming for its new disk subsystem, launched this week. Called BladeStore, this product "alters the economics of information storage", the company says. In other words, it's cheap, making it easier for corporates to run more information online for less cost than previously, making the data both "protected and available, according to the Storagetek mantra. Storagetek has not published any prices, so this is for now a matter of assertion rather than fact. Caveat aside, we shall now proceed to the Storagetek BladeStore pitch. First up the hardware is cheap, combining ATA disk drives for data storage with enterprise-class fibre-channel disk systems. ATA disk arrays are beginning tio surface in enterprise-ish class data storage devices. However, StorageTek is claiming that "BladeStore disk subsystem has moved to the head of the class by delivering storage density advantages and the performance, flexibility and manageability benefits to customers with enterprise open systems environments". That is a lot of bullet points crammed into one sentence, but you get the company's drift. Second, Bladestore is fast, according to Storagetek, which has not yet published live data transfer back-up speeds. Third, it has a small footprint, saving space in the data centre. BladeStore's "best-in-class, 8TB in 6U scaling to 160TB in three standard racks". ®
Drew Cullen, 23 Oct 2002

NTL boss clarifies salary

Barclay Knapp - the boss of NTL - had to face some flak on Monday after the Times reported that he is to receive a threefold increase in his salary. Not bad for a man who helped the cableco run-up debts of more than £13bn before seeking the comparative shelter of Chapter 11 bankruptcy protection. However, it seems Mr Knapp is not best pleased. In an email to staff yesterday and seen by The Register Mr Knapp played down the story claiming the current deal is less than he was earning before. He also attempts to discredit the report believing it to be an opportunity to "poke ntl in the eye". Wrote Mr Knapp: "Many of you will have seen the article in The Times on Monday and the follow-up by other papers today. "First of all, The Times is owned by Rupert Murdoch's News Corp - the same owners as BSkyB - and they take every opportunity to poke ntl in the eye even if they get the facts wrong. In the current anti-business press climate everyone else loves to pile on too," he wrote. Concerning his pay he explained: "I signed up to lead ntl again for less money than I made previously, not more. My previous pay was approximately $750,000 per year guaranteed. Now it is $700,000. Any additional amount is in the sole discretion of the new board - as it would be in any case. As the paper points out, my total pay was somewhat more than $750,000 for 2001 - and substantially less for 2002. "I have not received a grant of any share options. Again, this will be in the new board's discretion. All of my existing options in ntl were cancelled, and I never sold a single share," he said. Earlier this month another internal memo from Mr Knapp revealed that employee morale was on its knees. No doubt keen to quell any unrest among his troops over reports concerning his remuneration, Mr Knapp added: "There is no question I am well compensated and that I'm getting a second chance, for which I am very grateful. I am also acutely aware that many associates have taken it on the chin during our restructuring, and I hope by and large we have been as fair and compassionate as possible." ® Related Story NTL was jetliner in power dive, says leaked memo
Tim Richardson, 23 Oct 2002

IE hopelessly bug ridden

Nine closely-related Internet Explorer flaws leave users open to a variety of powerful attacks, security researchers at Israeli firm GreyMagic Software warned yesterday. The vulnerabilities revolve around object caching and a combination could enable an attacker to steal private local documents, steal cookies from any site, forge trusted web sites, steal clipboard information or even execute arbitrary programs, GreyMagic reveals . The issue affects users running IE 5.5 and IE 6. Computers running IE 6 SP1 are vulnerable to a lesser extent, but are still at risk to two of the nine vulnerabilities. Users of AOL Browser, MSN Explorer are also affected. Only those using IE 5.0 SP2 have a measure of protection from the exploits. GreyMagic advises users to disable Active Scripting as a workaround pending the release of security fixes from Microsoft. It has published a demonstration showing how an attacker could read a victim's Google cookie using one of the cached objects vulnerabilities it has unearthed. Microsoft is reportedly angry at GreyMagic's advisory. It says the warning could leave users at greater risk or, at minimum, cause needless concern. This argument is a continuation of Microsoft's row with security researchers over the full disclosure of security vulnerabilities. GreyMagic published its advisory yesterday, but it reports on its site how it has refined its findings since first noticing a problem at the start of this month. Microsoft hasn't acted to date, and given its tardiness in responding to its concerns in the past, GreyMagic decided to go ahead regardless and alert the wider community of the problems it had unearthed. All nine vulnerabilities are of the same general class (object caching). However, each of them is a separate vulnerability, which uses a unique method for exploitation, which GreyMagic documents here. When communicating between windows, security checks ensure that both pages are in the same security zone and on the same domain. The vulnerabilities GreyMagic publicises arise because the security settings in IE wrongly assume that certain methods and objects are only going to be called through their respective window. These assumption enables some cached methods and objects to provide interoperability between otherwise separated documents, creating a mechanism for a variety of exploits. ®
John Leyden, 23 Oct 2002

Euro porn ops fined £125K for premium rate abuse

Two European porn operators have been thumped with fines totaling £125,000 for running ads featuring child pornography. Spanish-based Greenock and German-based Premium Call GmbH were also slapped for using dialer software that automatically downloaded itself onto PCs without users' knowledge before charging them £1.50 a minute. ICSTIS - the UK's premium rate services regulator - said this software appeared to be deliberately designed to mislead users into running up huge phone bills. Taking action under recently implemented European ecommerce regulations, ICSTIS fined Greenock £75,000 and dished out a £50,000 slap to Premium Call GmbH. It has also barred access to both services for two years and both operators have also been reported to the National Hi-Tech Crime Unit. In a statement ICSTIS Chairman Sir Peter North said: "The sanctions imposed on Greenock and Premium Call GmbH reflect the serious consumer harm caused by their services and serve as a warning to others that we will not hesitate to take decisive action to protect UK consumers from such abuse." Tough-acting ICSTIS recently fined a text messaging company £50,000 for sending misleading SMS spam. ® Related Stories Moby Monkey fined £10K for misleading text spam Watchdog gets tough on text spam Watchdog slaps text spam firm with £50k fine
Tim Richardson, 23 Oct 2002

Secure your Linux system with IT-Minds.com

This week's featured book from Reg associate IT-minds.com shows you the pros and cons of the most valuable open source security tools and how to implement them, including all-new coverage of Bastille. Along the way, three long-time Linux sysadmins will show you the "gotchas," rules of thumb, and undocumented tricks it could take you years to learn on your own. Linux System Security is available to Register visitors at £27.99, a huge saving of 30 per cent. The rest of this week's hot list at 30 per cent off are: Linux Firewalls Interactive Training Course for Red Hat Linux Cisco Field Manual: Catalyst Switch Configuration Cisco Multiservice Switching Networks Sams Teach Yourself Game Programming in 24 Hours Linux Kernel Programming Designing Systems for Internet Commerce Inside Coldfusion MX Upgrading and Repairing PCs And if they don't tickle your fancy, Reg readers get 20 per cent off all books at IT-minds.com. Check it out. ®
Team Register, 23 Oct 2002

MS joins phone battle with debut of Orange Stinger in UK

Microsoft's Stinger smartphone is finally with us, a year on from its first promised ship date, and after numerous missed ETAs in the intervening period. The winner, the Orange SPV, was unveiled in what Microsoft's press people curiously refer to as a "posh London nightclub," but which we thought was Old Billingsgate (a name with unexpected conjuring potential) Fish Market, last night, and in a curious sort of way it is still first, despite the delays to the Windows Smartphone platform. The O2 XDA is also a Microsoft device, also on sale in the UK, but it's a PDA, not a smartphone. The Ericsson P800, like the SPV, is a phone-shaped device with PDA characteristics, but is experiencing regrettable delays. And the Nokia 7650? Well, that is a smartphone, but not a Windows smartphone, and although again it has PDA characteristics you'd probably differentiate it from the SPV by saying it came more from the phone end of the business, and relied considerably less on integration with a PC than the SPV. That particular Microsoft 'secret weapon' is however a dubious one - how many of the millions of mobile phone users are going to be in the slightest bit interested in picking up their email and syncing their contact books from their handsets? This one plays for Microsoft in the corporate market but not, we suspect, in the volume phone arena. That said, with the arrival of the SPV there are now clearly two games in town, and it's a needle match between the Microsoft of the PC world and the Microsoft of mobile phones. The 7650 and the SPV both do email, both do pictures, both have games-capable screens, and both come in at a little under £200 with subsidy. The Orange does video (SPV stands for Sound Pictures Video), but video messaging is really a service provider differentiator in this context. For example, Germany's T-Mobile does video messaging, using the Nokia 7650. The Orange deal is both an advantage and a disadvantage for Microsoft. Orange is a tough competitor in the UK, and will no doubt have secured some kind of 'free run' exclusive period for Stinger, so it's not going to waste this. But the exclusive means that Microsoft's total sales won't benefit from widespread distribution at this juncture; that will have to wait for similar deals with other networks (the SPV is built by HTC, which anticipates numerous such deals) and/or for other manufacturers to join the fray. One acid test may be how long it is before Orange parent company France Telecom (aka orange.fr) joins in. Or indeed 'if.' Will Samsung be next? The Korean giant has a Stinger in the wings, but has bizarrely become strongly committed to both Microsoft and Symbian/Nokia in the same week. Symbian announced Samsung had licensed its OS on Monday, and yesterday Microsoft announced that Samsung had announced "it has selected the [Microsoft] Smartphone to power its next-generation handsets." There is, we suspect, an element of spy v spy here, and it might just be that the merry pranksters at Symbian announced something we all knew already in order to embarrass their old colleague Juha Christensen, who in his capacity as Microsoft VP i/c mobile phones is perfectly capable of embarrassing himself, here.# Note that Juha, in between being excited (Microsoft execs interviewed by Microsoft Presspass always have to be excited, did you notice that?), pitches the SPV's unique qualities as being that it helps bridge the boundaries between business and home use (illusory, as we've already said - real people do not have lives like MS execs), and that you won't discard it after a year, because it'll "grow with you." Rather than doing the bugfix gag, we'll try to address the perils of that in a more level-headed fashion. Yes, the mobile phone business has traditionally run on the basis of you throwing it away and getting a new one every year or two, but although some of the older execs are still a little horror-struck by the notion of upgradable phones, most of them are over that. Mobile phones are now application platforms, the applications can be bought and loaded onto them, so they do change and grow. However, you can't upgrade the hardware, and two years hence SPV mobile phone is going to look just as uncool as your Nokia 7650 mobile phone, and you're going to throw it away and get another one. So we suspect this 'growing' stuff as being mere marketing-speak. But whatever, Stinger's here now, and the phoney war is over... ® Related stories: SPV preview Pictures Orange announcement and full spec
John Lettice, 23 Oct 2002

Arson suspected in Manchester cable melt down

Phones services in Manchester and parts of the North West have been disrupted following a suspected arson attack. Police were called to two incidents in the early hours of this morning. In one incident in Salford, a fire started in a wheelie bin near a cable box damaged underground cables. Shortly afterwards, police attended a similar incident nearby, following reports of another fire. In a third incident a control box for traffic lights had been set on fire causing the lights to malfunction. Both BT and business-focused telco, Your Communications (formerly Norweb Communications) have been hit by the fires. Other operators are also understood to have been affected. Gary Clarkson, operations director for Your Communications, described the fires as a "serious incident" and said engineers were working to fix the damaged cables. According to one unconfirmed report the fires may have been started deliberately as part of a malicious attack against a telco. Police have launched an investigation into the incident. ®
Tim Richardson, 23 Oct 2002

Hutchison orders 2 million 3G phones from NEC

Hutchison Wampoa has doubled its order of dual-mode 3G phones from NEC to two million units. Nice work for NEC and nicer for Hutchison which needs lots of handsets, if it is to roll-out its greenfield 3 mobile phone networks in a meaningful fashion. To date it has taken delivery of just 1,000 handsets from NEC. The value of the contract is not revealed. The NEC 3G handsets come in three foldphone flavours. The company promises "computer-style keyboards, built-in cameras and significantly larger colour screens, which let customers experience 3G services to their fullest: mobile communication, Internet and audiovisual features all in one. The devices include a substantial memory of up to 64MB, built-in Java functions and purpose-built software." NEC is not one of the big five handset makers, but it has a consumer brand that the target Hutchison 3G customers will have heard of. It's instructive to note that the great 3G Handset Drought may not be quite so prolonged as analysts orginally forecast. There is, after all, plenty of spare manufacturing capacity worldwide. ®
Drew Cullen, 23 Oct 2002

Powerllel claims go-faster algorithms for grid apps

At first glance, Powerllel looks to be a distributed computing solution similar to Platform LSF, Sun Grid Engine and DataSynapse LiveCluster. But after a closer look, it's clear that Powerllel's unique optimised and dynamic parallel computing technology actually complements these resource-sharing grid offerings. Rather than looking at distributing a bunch of applications across a bunch of processors and aggregating unused compute power, Powerllel focuses on the application itself. So for companies that are evaluating grid solutions to cost-effectively power compute hungry applications, Powerllel's software can provide immediate benefits, including improved performance and more accurate results. Based in New York City, Powerllel has traditionally focused on the financial services market where mathematical models and algorithms used in risk management and portfolio analysis applications can be supercharged by Powerlell's parallel processing technology. In fact, this technology can be used in any industry that relies on computational models, including life sciences, manufacturing, energy and media. Powerllel's unique technology dynamically splits the application itself at run-time to provide load-balancing for the best possible application performance. Powerllel's Lobster (Load Balancing Sub-Task ExecuteR) continually reassesses the environment using algorithms that will optimise performance at any given point in time. This is in sharp contrast to other parallel applications that pre-define how the application will be split, eliminating the ability to adjust on-the-fly to changes such as the number of available processors and I/O characteristics. This aspect of Lobster also adds fault-tolerant capabilities - if any one processor fails, that piece of the application is automatically rerouted to one of the remaining processors. Without the dynamic nature of Lobster, that computation would need to start again, affecting speed, performance and accuracy of computations. Powerllel's technology can be used to eliminate the need for application developers to implement parallel processing tasks (such as fail-over, roll-back, load balancing) within the application, greatly reducing application development time. Powerllel Adapters are tailored to the structure of an application (linear vs. tree, for example) allowing an application to be integrated with Lobster in a matter of minutes (as compared to months to implement parallel processing within the application). Platform Computing and Powerllel recently announced an integrated products partnership. Platform will embed the Powerllel technology in some of their products and by the same token, Powerllel will take advantage of Platform's resource sharing and queuing software. In addition, Platform and Powerllel will pursue joint sales opportunities, particularly in the financial services segment. This is a win-win for each company. Powerllel will benefit from Platform's broad market presence, size, and leadership position in the growing grid market. And Platform will augment their distributed resource management offering with unique parallel processing technology that will provide significant application performance gains to customers in their target industries. For application developers who are looking to parallel applications quickly and easily, Powerllel is definitely worth a look. And for customers who are looking for ways to speed application processing and improve accuracy of complex computational problems in financial services, life sciences, manufacturing, energy and media markets, Powerllel offers unique technology to address these needs today. © It-Analysis.com
IT-Analysis, 23 Oct 2002

Danish watchdog calls for ban on intrusive online ads

Our thanks to Kasper Larsen, founder of Klarisma, a web data-mining specialist, for drawing our attention to calls in Denmark to ban in-yer-face online ads such as "shutter" banner rolldowns and interstitials. According to ComputerWorld Denmark, the Danish "Forbruger-ombudsmand" - described by Larsen as "the consumers watch organ" wants a ban on such ads. Norway could follow suit, he says. In his weblog, Larsen attacks the consumer watchdog's rationale. He is not exactly a bystander, staking a claim to be "one of the inventors of the Shutter Banners" through his sometime involvement with Jubii, a leading Danish website now owned by Lycos Europe. Says Larsen: "If Shutter Banners and interstitials should be banned from Internet - then Outdoor and soccer field banners that rotate should also be banned. And then - what about TV program sponsorships - that shows what is much like a shutter banner or interstitial before and after the sponsored program? Should they be banned? The consumer always got the choice on the Internet - go somewhere else if you don't like it here." In recent weeks, AOL, iVillage and Ask Jeeves have voluntarily removed pop-up ads from their site, in response to consumer revulsion. But banning ad formats is a most peculiar idea to these non-Scandinavian eyes. ®
Drew Cullen, 23 Oct 2002

ASA slams ‘intimidating’ Domain Registry of Europe mailshots

The advertising watchdog has ordered the Domain Registry of Europe (DROE) to stop issuing mail shots that "look like bills". In a ruling published today against the domain registry outfit, the Advertising Standards Authority (ASA) upheld complaints that the mailings "misleadingly exaggerated the importance and status of the content". It also said that the content of the letters was "distressing and intimidating to recipients". The direct mailings in question featured an image of the European Union flag next to the words "Domain Registry of Europe" and "IMPORTANT NOTICE". Said the letters: "We understand that your domain name XXXX expires on XXXX. We recommend you renew your domain name at least 30 days prior to its expiration to avoid any 'Registrar Lock'. "Should your current registrar lock your domain name you will be unable to renew your domain name at what are likely to be the new lower prices offered by our firm. Renew today to avoid being forced to pay higher prices. Failure to renew your Domain name...may result in a loss of your online identity, which may make it difficult for your customers and friends to locate you on the Web...Deregulation of Domain name registration now allows the consumer the choice of their registrar...You are under no obligation to pay the amounts stated below, unless you accept this offer...This notice is not a bill, rather an easy means of payment should you decide to register or renew your domain(s) with us." The ASA was unconvinced by the defence put forward by the DROE and ordered the company to withdraw the mailing. Anyone who receives further misleading direct mailings from the DROE should contact the ASA. In August The Register reported that the ASA was investigating the DROE over concerns that their mail shots "looked like bills". ® Related Story Ad watchdog critical of Domain Registry of Europe
Tim Richardson, 23 Oct 2002

Furore over Comparex Europe MBO

A former director of Comparex has placed two full page ads in Business Day, in South Africa, slamming the networking reseller's proposed sale of its European operations for a bargain basement price to an MBO team. Dave Sullivan, who calls the attempted MBO a 'cash heist' is calling on shareholders and staff to vote against the proposed team, IT Web reports. The MBO team,which includes Rian du Plessis, current CEO of Comparex Holdings, will pay &euro10m, up from €8.5m tabled in August, in response to news that another bidder has come to the table. In return the new owners gain access to €70m cash and full ownership of Comparex Europe. This option is, the MBO team claim, cheaper than closing down Comparex Europe, a lossmaking business with 1,000 employees. And most of the money is required for working capital purposes and to meet other obligations. But Sullivan points out that the company vehicle used by the MBO team to transact the purchase is based in the British Virgin Islands, a tax haven which will give it unfettered access to the cash, he says. According to information on its UK web site, Comparex group turns over approx. €1bn a year, with €500m coming from continental Europe. The company has offices in Austria, Belgium, Czech Republic, Germany, Hungary, Netherlands, Poland, Portugal, Slovak Republic, Spain and the UK. ® Comparex Europe buyout press release
Drew Cullen, 23 Oct 2002

BTo flogs travel insurance

Crikey - things must be getting bad at BTopenworld. BT's ISP is now flogging travel insurance to make ends meet. The latest press release from BTopenwave, as it was described recently, tells us of a "fantastic insurance deal". "For £69 per person, customers receive fully comprehensive multi-trip travel insurance for a year, which includes 17 days winter sports cover as well as membership to the exclusive BT Openworld Travel Club," it says. What next? BTopenwound flogging dusters and mops door-to-door to scrape a few quid together? Or is this yet further evidence that BTo is being sidelined as a content only division while leaving BT Retail to deal with broadband access? Hmmm? ®
Tim Richardson, 23 Oct 2002

Online banks, retailers shut out Linux, Opera, Konqueror fans

We've received an enormous amount of feedback from our story on the impossibility of opening money-saving online energy accounts with Scottish Power if you are a Linux or Opera user. Many of you reporting that it's difficult for Linux users with default browser configurations to view the Scottish Power site at all. Instead, Linux users receive an unhelpful message that "We have detected certain aspects of your system that will prevent you experiencing this site fully. These are: You are not running a Windows or Apple Macintosh operating system". Opera users can't use the site either, and with your help we think we've narrowed down this issue to Scottish Power's use of an antiquated version of a software tool called BrowserHawk, which incorrectly reports that Opera fails to support neither Flash or cookies. There is a workaround for both Opera and Linux users, but it's only partially effective. Opera and KDE's Konqueror allow user agent spoofing, where the user agent string is altered allowing surfers to pretend to sites that they're using a different browser. A similar trick is also possible with Mozilla, which we'll take as an example. In this case, first make sure you've got Flash installed then set you browser identity to Mozilla/4.0 (compatible; MSIE 5.0; Mac_Power PC) or you could try pretending to be using a Windows machine, again by changing your preferences to override default user agent configs in the user.js file. There's more details on this here. Netscape 4.x will never view this site on Linux because it's ID cannot be changed, Lynx can have it's ID changed but fails as it can't run JavaScript, which is heavily used on the site. Along with cookies and Flash. Reg reader and Linux fan Alex Tucker tells us he wasn't able to get very far into Scottish Power's Web site even after changing his browser ID. So user agent spoofing isn't always going to nail this problem. Bankers show grey matter Scottish Power discriminatory policies against minority computing users (it's yet to give us a response on this beyond saying it is looking into the issue) illustrate a wider problem of commercial Web sites failing to allow users of perfectly capable alternative browsers from using their online facilities. A useful site which documents support for online banking for Konqueror users amply illustrates this point, and show how many financial institutions worldwide are making life difficult for potential customers. Looking at the UK, let's say well done to Egg, Smile, and Lloyd's TSB. Alternative browser users who fancy using NatWest or HFC's online facilities need not apply. NatWest, which only welcomes users of IE and Netscape 4, is a pet hate by many people who responded to our original article. Netscape 6 is not allowed at Royal Bank of Scotland either "because staff haven't had the chance to evaluate the security of the browser", which has been available for almost two years. Can anyone seriously suggest IE is preferable for security reasons? Do these people not monitor the security environment and notice the weekly flood of security alerts concerning IE compared to the drip (one we recall of in the last five years) concerning Opera? Well actually there is someone who can - and it's Marks & Spencer which says "to protect you from certain usability and/or security issues we currently do not support Opera, Mozilla, earlier versions of Netscape or IE. If your preferred browser is not supported, we recommend that you consider co-installing a supported version." ®
John Leyden, 23 Oct 2002

We're being spanked by Nokia – Gates

Nokia is creaming Microsoft in the phone business, Bill Gates said yesterday. Gates admitted the company is "way, way, way behind Nokia", according to a Financial Times report. Three "ways" is significant - because Bill's "way"-scale is logarithmic (not a lot of people know that) - and the comment punctures the publicity bubble which accompanied the launch of the Windows-based Orange Smartphone this week. Gates vowed that Microsoft will catch up, denying that the company will scale back development efforts. Three years ago, a ballistic Bill identified the phone consortium Symbian as enemy number one and this year singled out Nokia for particular attention. Nokia itself has prepared for the arrival of The Beast by licensing UIs and stacks, and describing itself as a software and services company. Combined data/voice devices have been a long time coming, and each of the rival camps has had its share of problems. Palm lost the confidence of two of its handset partners Nokia and Motorola, which each canned projects, although new devices from Samsung and Kyocera should help restore its fortunes. Symbian has encountered many delays, and dropped its model of prescriptive reference designs (DFRDs) for a more flexible "a la carte" menu for licensees - ironically ditching the model devised for it by Juha Christensen, who Microsoft later poached. Symbian dramatically lost its head earlier this year. Stink or Swim But Microsoft's problems have been legion. A joint venture with Ericsson hit the dust, and it has failed to woo a major licensee with the exception of Samsung, which has a foot in all three camps. (Or four camps, if you include Java-enabled phones running manufacturers' closed operating systems, which is the happiest camp of all right now). The phone group has been reorganized so many times that the org chart must surely be assembled out of fridge magnets. Early voice-enabled devices exhibited some cute bugs. In one case, the phone would lock on receiving an incoming call from a caller with whose name begins with a letter at the wrong end of the alphabet. The software would begin to traverse the phone book, so it could display the Called ID, and then lock by the time it got the Vs and Ws. This was a terrific boon to say, Polish users with many friends or relatives whose names begin with "V" and "W", and who wanted to be left alone - but of little use to anyone else. The delays were inherited by the dedicated Stinger platform saw it christened "Stinker" - one Stinker has been delayed four times - and Microsoft has resorted to designing the phones itself and using contract manufacturers in Asia. (Microsoft hates the "Stinker" moniker so much, that it's rebranded Stinker as "Canary" - perhaps unaware of the bird's history as a sacrificial and disposable early warning system for miners. When the Canary dies - you clear out fast). That Microsoft's technology deficit should be so publicly acknowledged affirms that it longs to catch up: it doesn't usually publicize tactical withdrawals until long after the fact. Some years after that, it will include the failure in a witty Comdex video. Feature creep But right now, it has slim pickings. Juha Christensen described one of the "must have" features which differentiate Smartphone 2002 as "Caller ID". So notoriously unreliable have Stinker prototypes become, that it's shipping them to friendly journalists without SIM cards. ZDNet columnist David Coursey, in a piece entitled New Microsoft cell phone: Why I just love it! , doesn't seem to have used it to make a call, or send a message - but he gives it a rave nonetheless. "The Orange Smartphone exceeds the capabilities of the current generation of top-of-the-line handsets, including Siemens S55, Sony Ericsson T68i, and the Symbian-powered Nokia 7650," writes Coursey. "Comparing a Smartphone to the rest of what's out there is depressing if you're determined to not buy Microsoft." Comparing feature lists is always tricky, so you decide. Smartphone 2002 has expandability - an SD card slot - and a web browser. The Nokia 9290 series - which if Coursey has seen, he has chosen not to review - is more expensive, and doesn't do "always on" packet data, a significant drawback. But it does have a full web browser (Opera), RealOne and Macomedia Flash players, and it too is expandable. The Nokia 7650 has an integrated camera and Bluetooth: both major features lacking in Smartphone 2002. I wouldn't call the inclusion of these "depressing", but perhaps David's working on some reverse-functionality metric, where fewer features are better. I don't know - but that's the only logical conclusion. We hope this doesn't tone down Coursey's rhetoric. Columnists are under no obligation to be objective. But it is a funny old world when Bill Gates says his phones are "way, way, way" behind, and a ZDNet anchor insists they're way, way, way ahead. Oops. ® Related Stories Microsoft vs Nokia/Symbian: Gates rails at 'proprietary Symbian', looks for the insanity defence Microsoft poaches Symbian exec for wireless ops Microsoft declares war on '(inaudible)' Sh... Symbian Can Club Nokia thwart .NET? The MS plan for smartphones: Get Nokia! Wintel - the next generation's horoscope Microsoft disowns Nokia cybersquatting prank Making a Stink: Ballmer takes charge of MS Phone biz MS Stinger smartphones finally poised to ship [March] Politics or bugs behind Microsoft exec massacre? Bugs delay flagship MS phone MS joins phone battle with debut of Orange Stinger in UK GUI wars return: Motorola, Sony Ericsson tie-up
Andrew Orlowski, 23 Oct 2002

Claranet drops virus outbreak blocker

Claranet, the leading British ISP, this week abandoned its first line of defence against email-borne viruses following performance issues with its in-house developed technology, its global mail filter. Claranet continues to market to business users a separate service which uses more sophisticated virus scanning and filtering. Other ISPs sometimes bundle such services with basic access packages targeted at consumers - for example, BTOpenworld this month rolls out virus/spam blocking technology from Brightmail/Symantec to improve the customer online experience. Claranet takes a different line. Since the decision to drop its global mail filter, the ISP advocates a DIY approach - advising home users to use desktop AV scanners (which they should use anyway) and to set email clients to automatically delete email from persistent virus senders. Claranet introduced a global mail filter to protect customers from infection by the prolific Anna Kournikova virus. Email headers were searched for filename attachments associated with viruses. If a virus is detected the software returns a message to the sender with a note informing them of the infection. This worked well during the Anna K outbreak but with many new viruses using spoofing the technology is becoming more trouble that it's worth, prompting a decision (at least for now) to sideline it, the ISP says. Neil Levine, Claranet CTO, explains: "Claranet has over the years applied generic filters to our mail spool to prevent mails which may be virus infected being delivered. However, as a result, there was a strong potential for false positives to be generated, which may have meant valid, non-infected mails were filtered out." "After consulting with customers on our newsgroups, the global filters were removed after customers stated they preferred to control the type of filtering themselves, either using Claranet's User Mailfilter facilities or by using locally installed software on their PCs. "Any virus in the future which causes service degradation will continue to be filtered." ®
John Leyden, 23 Oct 2002

SuSE 8.1 illustrates MS' fear

Anyone wondering why MS execs Steve Ballmer and Brian Valentine are so bent out of shape about Linux should check out SuSE's most recent distro, 8.1, for insight. For a desktop PC or small-biz network it's already miles ahead of Win98-SE and ME and closing fast on XP for ease of installation and use by first-timers. The user experience is so close to XP now that one can expect it to surpass it in the next edition or the one following. Now add to that Linux's resistance to viruses, the comparative speed with which open-source security bugs get fixed, the wealth of free applications included, and the GPL enlightenment that allows you to install it on as many machines as you please and upgrade it free of charge on your own, and you can see why MS is feeling the heat around the corner and not taking it terribly well. What's new Most of the changes between 8.0 and 8.1 are refinements. Package installation, whether during the initial system build or later tinkering, now includes detailed information about packages, dependencies and conflicts with pop-up dialogs offering alternatives for resolution. It's fast, logical, and easy for a new user to understand. In a recent OSnews review, author Eugenia Loli-Queru said she found the package manager a 'monstrosity' but personally I think it's the best one going. The installation is not a linear process, but instead there's a tree menu from which users can choose which bits of the installation they wish to customize and which they prefer to leave to the SuSE defaults. Initial package selection during the system build can be very time consuming with the pro edition; just about every package you might ever wish to install is available. For a seasoned Tuxer who knows what they want, choosing 'detailed package selection' and going through the tree should take only 20 minutes or so, but for a newbie it can be overwhelming. There is also a very handy package search feature which makes it easy for seasoned users to find the packages they like. However, a new user can comfortably choose the default system because adding needed or desired packages later is quite easy with the YaST2 GUI control interface. Again, it offers the same simplified conflict and dependency information and search features one gets with the initial setup. This item will make the distro easy for Windows and Mac users to configure and administer; you can accomplish almost everything without recourse to the shell. In other words, you need to know as much about Unix to run SuSE 8.1 as you need to know about DOS and Basic to run Win-XP. Purists may balk, but I think it's a significant and welcome step towards bringing Linux into the mainstream, where it very much belongs. Of course, if you prefer to work from the shell and build your apps from source, there's nothing in the SuSE setup that makes this difficult. SuSE remains remarkably accessible to newbies and yet power-user friendly. It's still 100% Linux. Hardware detection during the installation is every bit as good as Win-XP. As with XP, the hardware drivers supplied are functional but may not be as good or as up-to-date as the ones the manufacturer supplies, so it's always a good idea to visit the maker's Web site and install the latest ones when you get around to it. The NIC detection and networking setup went off without a hitch. My ISP requires PPPoE for my DSL connection, and the supplied Roaring Penguin RP-PPPoE driver which I installed during the system build worked flawlessly. Previously I'd had to install the RP package again manually to make it work properly, but this time SuSE has got it sorted. Getting my machine on-line was as easy and trouble-free as it is with XP. There's no 'wizard' but the basic networking setup in YaST is simple and intuitive, yet it allows for advanced tinkering. SuSE is now including the hsflinmodem driver for victims with Conexant WinModems (software modems). I've used this driver on my laptop and it works like a charm, but you do have to select it for yourself during installation. There are several other WinModem drivers as well, though I've had no occasion to try them. Network security is easy with SuSE Firewall2, which defaults to a nice, tight configuration for iptables easily set up in YaST. In the 'Security and Users' section of YaST is a simple configuration utility to tighten up file permissions. Root and user passwords can be MD5 encrypted for additional security. You also get Mozilla 1.1, which gave me some trouble with fonts in KDE. This might be attributable to the supplied SuSE RPM, as I recall installing 1.1 from a binary package on an older system and having no such problem. In any case I downloaded and installed 1.2b from Mozilla.org and that solved the difficulty. Multimedia support is getting better with each successive distro. I use a SoundBlaster Live card which needs the emu10k1 driver which can be loaded as a module or compiled into the kernel. It works well enough, though there are no bass and treble controls. There are plenty of audio and video codecs, a plethora of players, mixers, grabbers and burners, and numerous audio and video editing utilities. There is now support for the Promise controller, a fact which made my day as I've had a Promise ATA 133 card for some time and previously no chance to play with it. When I hooked up a drive with an existing Win-XP image on it, the Windows image became permanently un-bootable, even after returning it to the mobo's built-in controller where it had resided happily for weeks. Linux simply wouldn't boot, but with no detrimental effects. The trick is simply to pass the parameter ide=reverse at boot time; this corrects the drive detection difficulty which had previously made the Promise controller a hassle. The controller does its job all right; the system became noticeably more lively, and hdparm reported the following (to me quite impressive) benchmark results: Timing buffer-cache reads: 128 MB in 0.25 seconds = 512.00 MB/sec Timing buffered disk reads: 64 MB in 1.62 seconds = 39.51 MB/sec This was on a Maxtor 40GB drive with ATA 133 support. Your mileage may vary. I found also that the kernel support for the Promise controller makes it unnecessary to tinker with hdparm options and place them in /etc/init.d/boot.local. I tried numerous combinations but was unable to make any significant improvement in the benchmark results. (Note that it's important to run hdparm -Tt /dev/hd* several times after each change to weed out anomalies.) Headaches For all the progress in SuSE 8.1 there are some hassles, most of them minor and easy to fix. Nvidia cards are still a trial owing to Nvidia's reluctance to permit Linux packagers to distribute their drivers. But the SaX2 X Window configuration utility has been tweaked nicely since 8.0 and is getting along with Nvidia better than ever, so once you download and install the real drivers from the Nvidia Web site you should have no problem. I strongly recommend not opting for 3D support during the system installation. This will make it much easier to configure the video card later. I ran into one glitch with SaX2; I had downloaded the Nvidia drivers and installed them before running SuSE on-line update. When I started SaX to configure my video system, it stumbled on the fact that I hadn't downloaded and installed the 'real' drivers via SuSE update (i.e., some helpful engineer making things a bit more idiot-proof than necessary). So it's best to run the on-line update first, then install the latest drivers from the Nvidia Web site, then check your XF86Config file, then re-boot, and then finally configure X with SaX. But there was another glitch. The on-line update feature installed the Nvidia RPMs all right, but failed to configure etc/X11/XF86Config properly, leaving the statement, Driver "nv" in place of Driver "nvidia", which made it impossible to start X after the required re-boot. I found this out the hard way and had to run vi from the console and correct it, which was no problem; but for a newbie this would be a major difficulty. It needs to be sorted out immediately. Finally, I've always found that the RPMs Nvidia supplies don't put all the files in all the right places. I strongly recommend using the binary tarballs for the Nvidia kernel and GLX driver instead. It's incredibly easy; you just unpack them wherever you please, bust out a root shell and run make from the top level directories. It's actually easier and faster than RPM, and even better, it always works. Just make sure that the statements Load "glx" and Driver "nvidia" appear in etc/X11/XF86Config under Section "Module" and Section "Device" respectively before you re-boot (or make sure you know how to use emacs or vi, and make sure you know the path to your XF86Config file -- different distros put it in different places.) The free OpenOffice.org 1.0.1 is now included in place of StarOffice. It's a full office suite with excellent import and export filters, which I use exclusively. People who follow my Linux coverage are probably sick of hearing me complain about RPM, but here again it let me down. The RPM which was installed during the system build seemed to unpack properly, but whenever I attempted to open a Word document OO invariably crashed and shut down. However, when I downloaded the tarball from openoffice.org and installed it (same version), everything worked as it should. There is a stuff-up with the clipboard in KDE. Whether this is due to SuSE's tinkering or KDE's carelessness I don't know, but whenever you highlight a URL the clipboard brings up a little menu offering to open it in the browser of your choice. I've always found it irritating but at least it always worked properly. But now, when you select a URL the thing copies it wrong, so that "http://theregister.co.uk" is mangled as "openURL(http://theregister.co.uk, new-window)" in the browser's address field, which of course puts a stop to all the fun. SuSE has severed its long-standing relationship with LILO and gone to GRUB as its default bootloader. I've never used GRUB before and I have little to say about it, except that it appears to work as it should. It has the advantage of allowing the machine's owner to set a boot password which can be MD5 encrypted. YaST still makes it easy to configure the boot parameters and I personally haven't noticed any problems, or vast improvements. However, when booting a second, physical HDD SuSE still doesn't configure the bootloader properly and requires the user to correct it manually. Conclusions For me it feels odd to review a SuSE distro without recommending it, but this time I'm going to pass. 8.1 is a significant evolutionary step towards a mainstream Linux desktop. It shows where SuSE is going with the desktop PC (and the small-biz server and work station), and it shows how quickly the company is moving. That's impressive, all right. Fundamentally, SuSE Linux is an XP killer, but it needs buffing. All the major pieces are in place to make migrating from Windows a pleasant surprise, but there are too many little rough spots to make a strong recommendation. I think current SuSE users should stick with 8.0 for now; and people looking to get rehabilitated from the Windows licensing and upgrade crack addiction and seeking manumission from Microsoft's abusive EULAs might wait for 8.2 or 8.3, when most of the little irritants mentioned above will have been polished smooth. ®
Thomas C Greene, 23 Oct 2002