17th > March > 2003 Archive

Samba vuln – get your patches on

A buffer overflow has been found in Samba that requires immediate action, the team's Jeremy Allison tells us. Samba is the most-widely used software that allows access Windows networks from non-Windows clients. If you're running a Samba server version 2.0 or higher, you urgently need to install the latest version 2.2.8, or block access to TCP ports 139 and 445. Code that exploits the hole - which gives a potential attacker root privileges has already been created by the black hat Community. Version 2.2.8 source can be found here, and binaries here. You can find more information in this posting. ®
Andrew Orlowski, 17 Mar 2003

RIAA website now hidden in plain sight

For those of you who have been following the RIAA's "Hide The Website" game, you'll be relieved to hear it's moved on again, and now can not be accessed at an entirely new location. This is the third hoster who can't host the site since January, although strictly speaking, it's come back home, to UUNet. The Recording Industry Association of America has been bedevilled in keeping its anti-piracy information flagship afloat. After numerous attacks over several months, in which the site was more down than up, the RIAA began to hide it with hosting companies who you'd never suspect of being professional global hosters. First, it was smuggled into the basement of a "small disadvantage business" in Rockville Maryland giving "Tomorrow's Solution's Today, Inc." the first ever big hosting contract for the hoster. That lasted only a few weeks, during which time the site was visible for a few minutes. Then it wound up with a small DC law practice, who had this folksy side sideline of connecting your computers. We clocked almost 20 minutes of uptime there, before it disappeared from sight again. Now it's back home with UUNet, who relinquished their duties at the end of January. And how they must be glad to see it back. Like an unwanted cargo hulk lugging its toxic payload from port to port around the world, there's no telling where it will end up next. Although if the analogy holds up - look out Cumbria! ® Related Stories RIAA website now routable and public Disabled war veteran hosts Disabled RIAA website RIAA defaced -again! RIAA invites comments RIAA servers still broken Pigopolist's pants still down RIAA orders US Navy to surrender RIAA punishing Navy cadets 'because it can' 'I demand the story be taken down immediately' - RIAA Swarm Radio - a cheaper, faster 'casting tech Verizon fights on in RIAA ID case "I poisoned P2P networks for the RIAA" - whistleblower Missing RIAA figures shoot down "piracy" canard RIAA in a spin over CD copying bust Hollywood's private war for social control RIAA-backed webcast bill 'a disaster for the US' '96 pc of Net Radio' to close after backroom deal screws grassroots 'casters 'RIAA-written' Net radio bill served to Senate
Andrew Orlowski, 17 Mar 2003

Reg caught in strategic server relocation move

Site NewsSite News There has been much excitement of late here at Vulture Central as we finally found a permanent home for the world's favourite IT news organ. Cue excited chatter about burstable bandwidth and high-speed and redundant network connectivity. You're right - maybe we should get out more, but we are genuinely delighted to announce that as of right now The Register is hosted by Rackspace Managed Hosting Europe at the company's state-of-the-art data centre in West Drayton. Yup, we never thought we'd see "state-of-the-art" and "West Drayton" in the same sentence. Nevertheless, this is where our two web servers and two database servers live, lovingly tended by Rackspace and its round-the-clock monitoring, security and technical support. It's that customer support which was critical in securing Rackspace our hosting contract. In addition, we were convinced that Rackspace could meet all of our current and future requirements. When you're doing 20 million impressions a month, you want to be sure your kit is not going to fall over at the drop of a hat. Reg supremo Linus "Fish Fingers" Birtles took a moment from perusing an enormous Excel spreadsheet detailing the percentage of Reg readers in Romania who are both Catholic and vegetarian to offer: "It's been tough to find a company which can meet our unique needs, both technically and culturally. Rackspace is that company." Enough said. If you'd like further information on Rackspace, you can fill in the form below and they'll get back to you. Of course, Rackspace will handle your data in accordance with the Data Protection Act, and will not pass it on to third parties. Name: Company: Job title: Telephone: e-mail: Your website:
Team Register, 17 Mar 2003

Content-based backup cuts PC storage needs

A new breed of content-based backup technology is on show at CeBIT. Designed for corporate PC networks, it can back up email and application data on individual PCs without requiring huge amounts of storage space on a server. The idea is a simple one: if a file exists in several places, you only store one copy of it. This applies whether the file is a common Microsoft program, or a shared corporate document. Plus, when a file is altered, you only backup the changes. "Lots of files are redundant, and eliminating those reduces the amount to backup by 95%, which makes it affordable," says Bob Brennan, the chairman and CEO of Connected. He adds that it also allows an organisation to treat its PC disks as a reliable resource. This in turn means users can be permitted to store more email data locally, so the organisation requires fewer email servers. Connected's DataProtector technology has been used for several years in remote backup services such as NetStore, as it allows a PC to be backed up over a modem link. Now the company has added EmailOptimiser which applies that same techniques to email attachments. His company's client software is for Windows PCs only, but a Belgian competitor, DataCenterTechnologies, also supports Linux and Unix clients. DCT's senior channel manager Marleen Bettens points out that content-based backup gets more effective the more PCs you have. "We are trying to educate users to a new view on backup. Most IT managers don't backup PCs because it is too difficult," she says. "We position it for organisations with 20 PCs and up, it's also very good for remote locations." Files that never change are backed up only once as are identical files, thanks to metadata - data about data. Called DC-Protect, the DCT software fingerprints a PC and stores this metadata, allowing anything from file by file recovery by end users themselves, to bare-metal disaster recovery. ®
Bryan Betts, 17 Mar 2003

US consumers to ‘dump fixed-lines’

Fixed-line telecom companies are facing a "potentially staggering" threat to their consumer business from wireless operators. New research from telecoms solutions provider CIT-PriMetrica suggests that nearly 50 per cent of US households would be prepared to switch from a wireline service to a family share wireless option with 600 shared base minutes offered at $50 per month. The survey, which was carried out in conjunction with Ernst & Young, also found that around one third of US households would drop their wireline service for a similar wireless package with 2000 shared based minutes costing $130 per month. Unsurprisingly, homes that already have a wireless service are more willing to replace their fixed-line facility than those that do not have any wireless service. According to CIT-PriMetrica, these findings suggest that the threat posed by wireless service to wireline telephone companies is "potentially staggering." "One of the most pressing threats to the incumbent telcos is the widespread use of wireless and the aggressive marketing plans of various wireless companies," said the company in a statement. This is not good news for a sector that is already struggling under massive debt and stagnant revenues. CIT-PriMetrica found, for instance, that growth in the number of wireline users in the US has more or less stalled. From 2000 to 2001, total lines grew from 263 million to 272 million and were flat in 2002. "With a difficult economic environment, declining prices and increased competition via alternatives, the long established telecos are suffering with poor results," said CIT-PriMetrica. It is the competition from wireless providers though that may prove the most debilitating for fixed-line telecoms. The rise in mobile phone usage, coupled with the emergence of new wireless technologies such as Wi-Fi, is seeing more and more people ditch their fixed line service for a more convenient and 'on the go' substitute. A recent study in the UK, for instance, found that 17 percent of mobile phone users frequently send SMS when at home rather than pick up the phone. According to Paul Eddings, managing director of CIT-PriMetrica in the UK, the greater availability of wireless technologies that can also provide services such as high-speed Internet connections will be a major threat to telecos in Europe. "Up to now, a lack of knowledge, inertia and concerns about connectivity have held people back from switching from wireline to wireless. But these problems are being overcome by wireless providers and is it quickly getting to the stage where households no longer need a fixed-line service," said Eddings. He also told ElectricNews.Net that he expected the trend emerging in the US to be replicated in Europe over the next couple of years. © ENN
ElectricNews.net, 17 Mar 2003

The state of SuSE

InterviewInterview I spent a little time on AIM with SuSE U.S. rep (and all-around nice guy) Holger Dyroff, discussing SuSE's new products, trends in Linux desktop/consumer use, and the state of Linux market penetration in general. This transcript has been edited (very lightly) only for grammar and spelling, not content. Make sure you read all the way to the end, where Holger mentions SuSE's take on SCO's decision to commit corporate suicide. Roblimo I tried -- and liked -- the new SuSE office desktop product. What additional features are we going to see in the upcoming version? Holger Good question. The new announced SuSE Linux 8.2 will not be a successor of the SuSE Linux Office Desktop but a new version of our successfull Personal and Professional series! New features we'll see are Ease-of-Use with KDE 3.1, more applications like MainActor and GNU Cash (Video editing and Home Banking) as well as better mobility (Wireless LAN cards and WinModems) In regards to the SuSE Linux Office Desktop it's well received from our customers and we will continue this product line as well and enhance it in the not too distant future. Roblimo Will we see it in retail stores? Will people be able to buy it from Staples, Office Depot, Fry's, CompUSA and other places most people go to for software? Holger Yes. SuSE Linux Office Desktop is available at Fry's and Microcenter, already as well as on Amazon.com. SuSE Linux 8.2 of course is available as usual: BestBuy, CompUSA, Microcenter, Fry's, Futureshop (for Canada). Staples and Office Depot weren't profitable channels for Linux and you'll not see it there. Roblimo One problem I -- and others -- have noticed with SuSE is that the automated update feature doesn't seem to work very well. Is this because of unreliable mirrors? Inherent in the software? And is the problem fixed in 8.2? Holger You are right. It didn't work well in SuSE Linux Office Desktop. In SuSE Linux 8.1 some customers had problems. We have put effort in that for 8.2. 1) It's now more reliable and we tested it thoroughly. 2) We put in a new feature: A daemon is now checking for available updates and warning you if there are some to apply. Also important (You might have read announcements from our competition) -- SuSE Linux 8.2 comes with FREE security fixes, etc. and access through YaST Online Update for 2 years! Roblimo So SuSE works out to... umm... $20 per year for home users? Not bad. Holger Basically, yes. If he needs to run some Windows Applications and therefore needs the Desktop Product it's more expensive but I think still affordable. We will also start with pre-loaded hardware with 8.2. We are confident to have an announcement in the next 2-3 weeks. Roblimo What kind of hardware? A nice laptop I hope? :) Holger Not yet, sorry. It'll be desktops first. But we have not yet seen many offers with SuSE Linux, that will change. Roblimo Are you working with any "big name" hardware vendors? Holger Yes, we are talking with several, but no deals closed yet. Actually in Germany we are dealing with Fujitsu Siemens, they offer pre-loaded desktops since 1-2 years already. Roblimo How about less-advanced countries, like the United States? Holger As said, we are talking to top tier vendors and I see it coming for this year! We already have a huge wave of interest from the desktop product. We basically have a customer a day who is thinking about more than 1000 desktops with Linux. It's rolling. Roblimo How's it going on the corporate desktop front? Interest is nice, but are you getting any actual installations/conversions? Holger Corporations tend to have a 6-12 months sales cycle, they just don't decide on a rollout of 1000+ desktops overnight. Early successes are in Germany until now. A complete city administration (Schwaebisch Hall) is changing to 400 desktops and 20 servers with nothing other than Linux. Believe me, it'll come soon. But I know every journalist would like to write about it today :) Roblimo I doubt that many journalists who make their livings covering Windows technology are interested, but that's their problem. :) Thinking of journalists, are you getting more inquiries from mainstream press people than you did a year or two ago? Holger Yes. PC World and PC Magazine are increasing their coverage. Infoworld and Computerworld are regular Linux writers, and I suppose you saw the Business Week cover story about Linux recently. I suppose it just comes along with a higher market share. Even on the desktop we will have a higher Linux marketshare then Apple by Q1 2004. Roblimo According to whom? (14:54:15) Holger That's IDC data, they say about 2% right now and 4% a year from now. (Apple is 3.5%). SuSE is backing this data, we have the same perception. (14:54:48) Roblimo You and IDC actually expect the number of Linux desktops in the world to double in the next year? Holger That's correct. And we have clear targets for the business desktop. Just think about several million Desktops out there which are still running OS/2! They need to be migrated in the next two years and we want to make sure that many of them will migrate to Linux. Roblimo Do you honestly believe Linux - specifically SuSE 8.2 - is ready for use by the average home computer owner who is currently using Windows 98 and thinking about upgrading? Holger It depends. If he is working with his PC and browsing the Internet: YES If he is heavily into gaming and wants to have the same new multimedia applications as his friends - Not yet. Applications will be key for this market and I think Codeweavers with their Windows Enablement Technology is an opportunity to bridge the gap and make the applications available now. But short term, it's the business desktop first. Not the family with a 9 year old in school. (If they have a 13 year old its a market, she or he might be a kernel hacker soon :) Roblimo GnuCash - I see SuSE is touting the latest version of GnuCash. Do you think that will be a big selling point for home users? Holger Yes, as it has some nice new features including home banking, and why buy extra applications for Windows if a nice application is coming with your Linux operating system? Roblimo I have no answer to that. It's like the "Why pay more?" question you see in supermarket ads. :) What applications do you hear the most requests for on the home and small office level? Holger Photo Editing and Printing is a huge issue. Gimp is nice, but is yet missing some features and people are asking about Adobe Photoshop-like applications and features all the time. Another area which is frequently asked for is web publishing and tools like Macromedia offers. Roblimo Anything up SuSE's sleeve on in these areas? Holger Not yet, we are not application programers, but a service provider who takes what is available as open source software and delivers it to its customers. Both ISVs Adobe and Macromedia would definitely be a key towards a Linux desktop revolution. And I read Adobe is starting to use QT to develop on. Roblimo Moving away from the consumer area... How's the Openexchange Server doing? Holger It's doing good. We have sold several thousand worldwide and the most asked question was, do you have a trial version so I can test that Outlook works with it. Roblimo And have you? Holger It's brand new. It's $19.95 and can be pre-ordered at http://www.suse.com/openexchange/slox_eval_form.html Roblimo Ah. Holger It'll be the complete product with all functionality. But without maintenance. So everybody can easily try it out! Roblimo Actually, I know some people who run a fair-sized network -- around 800 users -- who tried Openexchange and liked it, say they plan to implement it soon. Holger Wow! Thats good news! We have some others like that in the states, but the most we sold were like 300 concurrent licenses or so. Everybody else is in Evaluation. The sales cycles get longer if more users are involved. Roblimo What's the biggest deal you have under evaluation? Holger About 1900 EndUsers. Roblimo Wow. Holger We don't promote it above 1000 users right now, as we want to get some experience first and are missing some features for really huge companies. Roblimo But sales, in general are picking up? Holger Yes, absolutely. Roblimo Are they still asking why they should use Linux, or coming to you for Linux? Holger No, that got much better. A) Linux and B) SuSE Linux have made progress in brand recognition. People are comparing pricing and of course many need information and proof, because they are implementing something "non-standard" instead of MS Exchange which everybody knows. Roblimo How about retail sales of the consumer products? Doing better? Holger They are stagnating a little bit right now. I'm looking forward to 8.2. Part of the problem is the economy, people reduce their Update cycle to save some money, etc. Roblimo Do you think increased competition for desktop Linux users might be part of the cause? Lycoris... Xandros... Lindows... Mandrake still cranking... Red Hat remembering desktop users... Holger Competition is what motivates us every day to make our products even better. Roblimo But isn't the "Linux user pie" spread a little thin right now? Holger Not necessarily as the whole Linux retail market is still shrinking (about 10 percent 2001 to 2002) and we are the only vendor who sells more then in the year before. New vendors like Lindows are looking for new customer groups. But you are right, instead of buying a new version of SuSE Linux, some customers might just think, "let's try Xandros this time." And of course, more people download it from the Internet. Even SuSE Linux which is available for a free download 4 weeks after the start of sales in the shop. Roblimo Obviously downloads are important. On one hand, you tell us Linux desktop usage is exepcted to double soon, but on the other you talk of retail sales being down by 10%, except for SuSE. Are downloads a big factor in this seeming contradication? Or is most of the increase in Linux desktop use going to be in corporate settings, not homes? Holger From a sales perspective it might just be that the people don't update as frequently as they did. Kernel 2.4 is rock solid and money is tight. Broadband connections are getting more and more used and this allows easier install of SuSE Linux over the Internet, which is fine and is the idea of Linux. And yes, our focus in the near future will be the corporate and business desktop but, as we show with SuSE Linux 8.2, we will not forget our roots. Roblimo Last question: It sounds like SuSE is doing a lot of great stuff. When will SuSE disassociate itself from SCO so we can buy SuSE products with a clear conscience again? Holger We are reevaluating our relationship with them right now. This needs a little bit of time. We were surprised from their actions as I guess everybody else was and I can tell you, our CEO Richard Seibt was not amused. ©
Robin Miller, 17 Mar 2003

Lawscot domain dispute gets to court

The ongoing legal battle over domain lawscot.co.uk between the Law Society of Scotland and Glasgow resident Tommy Butler finally ended up in court at the start of the month - and promptly came back out again. Before the opening arguments were even made, Mr Butler was left without his lawyers and forced to consider representing himself. However, he asked for the case to be postponed. It duly was - until Wednesday 19 March - at which point Mr Butler intends to persuade Glasgow Sheriff's Court himself that he has the legal right to retain the lawscot domain. The delay is just the latest in a string of controversies over the case. Mr Butler continues to insist that he cannot get a fair trial in Scotland because all lawyers would be members of the organisation suing him. After a public plea in July 2002 when the Law Society served him and UK register Nominet with injunctions stopping the use of the domain, he found one set of lawyers willing to represent him but later fired them after he alleged they failed to contact people important to his case. A letter from the Law Society to his lawyers insisting they not talk about the case in public also gave him cause for concern. In October 2002, he contacted more than 100 Scottish lawyers who all refused to take his case on before eventually hiring an English lawyer and domain expert. The English lawyer then hired a Scottish law firm to act as agents in Scotland. This complicated relationship led to the Law Society making several out-of-court offers for the domain but ultimately fell apart on the Friday before the case was due in court when Mr Butler insisted on point of principle that he would defend his case. True to Mr Butler's fears, it now looks as though he will have no choice to defend himself against the foremost legal eagles in Scotland. In his favour is the fact that he has a very good case for keeping hold of the domain. The Law Society's arguments have been undermined by their refusal to follow the usual system of domain arbitration and by domain case law. However, the Society is desperate to win not only for the sake of its reputation but because Mr Butler would have an extremely strong case for compensation were he to be declared the legal owner of the domain. The Law Society claims Mr Butler is "passing off" on its good name by owning the domain lawscot.co.uk, wrongly receiving confidential information in emails intended for the society, and infringing its trademark. Mr Butler argues that "lawscot" is a generic name and reflects his intentions for the site - namely a directory of Scottish law firms. Emails wrongly received by Mr Butler were in many cases down to the Law Society's own error in publishing the wrong email address on both its website and in its literature. And the trademark that the Law Society now possesses was applied for in September 2001, and registered in March 2002 - long after Mr Butler had bought the domain in November 1999 and also after the Law Society had offered to buy the domain from Mr Butler. Mr Butler is determined to win the case, telling us "they are not getting it out of principle. It's a pain in the back of my neck but they're still not getting it." ® Related articles Lawscot.co.uk domain dispute continues (14 Oct 2002) Court freezes lawscot.co.uk, owner claims unfair trial (2 July 2002)
Kieren McCarthy, 17 Mar 2003

Adaptec shows SATA at CeBIT

Adaptec joins the Serial-ATA party today, with the launch at CeBIT of a set of SATA RAID cards at prices from £56. The two, four and eight channel cards are expected to replace low-end SCSI RAID controllers over time, as well as supplanting some of Adaptec's IDE (parallel ATA) RAID products. "SATA is definitely ready from the point of view of easier cabling - its longer and thinner cables also bring better cooling," says Robert Helbig, an Adaptec field application engineer. "There is tremendous price pressure to get IDE drives into servers, so SCSI is losing market share at the lower end where the price difference can sometimes be as much as three times," he says. "Our IDE RAID controller sales already outnumber our SCSI RAID sales." Helbig admits that at 150MB/sec, SATA offers no performance advantage over IDE, especially as the parallel-to-serial bridging technology in use today can limit real throughput to less than 100MB/sec. He adds that even when SATA-2 comes along with 300MB/sec and extra features such as command queuing and drive hot-swapping, SCSI will still have the high end thanks to its advantages in areas such as error reporting and defect block handling. In fact, SATA is everywhere at CeBIT. "Every single customer we talk to is moving to SATA for RAID. It ties in with the redefinition of how enterprises deploy storage," says Patrick Kevill of 3Ware, another RAID card supplier. Cheap IDE or ATA-based RAID is finding favour because users are realising that not all of their data needs the protection and performance provided by high-end SCSI or Fibre Channel storage. As much as 75% is archived information or less critical data that could be shunted off onto cheaper storage. Kevill says that a 3Ware SATA RAID adapter costs around 20% more than the equivalent IDE RAID card, because of the extra bridging chips needed, and that it adds £15 to £20 to the drive price. (Western Digital CEO Matt Massengill turns this figure the other way around, by the way, saying WD is pitching its 36GB Raptor SATA drives at 30% below the price of an equivalent 36GB SCSI drive.) Promise too has launched SATA boards, both basic four-channel RAID 0/1 models and intelligent versions with hardware RAID 5. Channel sales manager Sophie Sun says Promise is also supplying SATA chips to the likes of ASUS and MSI for integration onto mainboards. However, there are still a couple of SATA caveats. Firstly, the connectors are weak and they really need the addition of a locking clip, warns Romain Cohen-Gonsaud, an area sales manager with disk enclosure supplier CiDesign. And at the launch of EMC's first IDE-based Clariion storage boxes, senior vice-president and general manager Joel Schwartz robustly declared that SATA hard disks are not yet ready for EMC's customers. "There are no SATA drives on the market today that we feel comfortable bringing to market," he said. There are reliability questions, he said, and some drives do not support hot-swapping. "We will move to SATA as soon as it meets our commercial standards," he added. WD's Matt Massengill says this is partly EMC's innate conservatism, but acknowledges there is some truth there. "This is really brand new technology, and it will take time for everything to come together," he says. "Follow-on generations will be larger and more robust - we will see a surge of S-ATA subsystems over the next six months." ®
Bryan Betts, 17 Mar 2003

Symbian and Microsoft sign RIM deals

Symbian and Microsoft both announced deals with Canadian pager company RIM for a piece of their email gateway today. Nokia surprised the industry by signing a licensing deal with RIM for the right to use the latter's software late last year. Nokia will support RIM's Blackberry Connect stack on its phones later this year. This move was an acknowledgement of the success of the RIM model in the US market, and marked a defeat for the standards-based WAP model. Although WAP now has 'push' capabilities and the carriers have 'always on' packet data, the infrastructure burden and lack of consistency in the fragmented North American market allowed RIM to capitalize on the mess. RIM is better known to Register regulars as Lawsuits In Motion for its ludicrous pursuit of Handspring - and anyone else within shouting distance - for "copying" its hugely innovative "keyboard and wheel" combo. Understandably, cash-strapped Handspring and Palm settled the dispute rather than fight on, despite an abundance of prior-art which could have nullified the legal nasty. RIM has since added voice capabilities to its pager range, although in real life, only Stewart "BREW will be a big long-term winner" Alsop would be prepared to hold one of these up to his ear. And look where his advice has got you. RIM has lawsuits with rival pager company Good Technologies outstanding. Good has licensed its Blackberry-like software to PalmSource. In all, a good day for the Canadians. ® Related Stories RIM granted handheld email patent - clobbers Handspring RIM unleashes more lawyers on Good RIM keyboard patent harmful only to RIM - experts Judge blows Lawsuits in Motion a Raspberry 'Lawsuits in Motion' name distasteful, ignorant [must-read]
Andrew Orlowski, 17 Mar 2003

DDS-DAT is back from the dead

Two years after terminating DDS-DAT with extreme prejudice, customer pressure has pushed HP and Seagate into reviving the popular mid-range tape technology. Showing at CeBIT, the new version is called DDS Generation 5 and stores 72GB of compressed data per cassette. The slight name change from DDS-5 to DDS Gen 5 is down to Sony, which owns the DDS logo as well as the rival AIT tape technology, and is the only DDS-DAT supplier not to introduce Gen 5 products. Gen 5 is the same speed as DDS-4, according to Ken MacDonald, European sales manager for OEM storage at HP. "We could have made it faster by the end of this year, but our customers said they wanted capacity now rather than speed later," he says. The revival of DDS is all down to pressure from OEM and end user customers, claims Daniel Hernandez, sales and marketing manager at Mast Storage, a Spanish OEM which is building DDS Gen 5 products using HP mechanisms. "Our customers are very satisfied with the capacity and backward-compatibility of DDS - they were disappointed and hesitant to change when the death of DDS was announced," he says. DDS Gen 5 drives will cost much the same as Tandberg SLR, Sony AIT or Exabyte VXA drives, but DDS will cost up to 20% less overall because DAT media is much cheaper, Hernandez adds. "We have even found that some customers who moved to AIT now want to come back to DDS," he says. MacDonald says that there may also be a DDS Generation 6, but that HP has not yet decided whether to take this route or introduce a low cost LTO drive instead. ®
Bryan Betts, 17 Mar 2003

Freeserve mulls another Madeira VAT move

Freeserve is considering relocating its broadband operation to Madeira to take advantage of the island's lower VAT rate. The FT cites Freeserve boss, Eric Abensur, as confirming that the matter is currently being discussed. He told the pink paper that a decision whether to move the ISP's broadband business to Madeira would be made "later this year". This isn't the first time Freeserve has upped-sticks in a bid to reduce its tax bill. Last July Freeserve confirmed that it was moving its business for its Anytime unmetered ISP service to Madeira to take advantage of the island's 13 per cent VAT rate, as opposed to 17.5 per cent in the UK. Freeserve's motivation behind this latest move appears simple enough. Having lost €92m last year it seems it will examine any avenue to reduce its losses. Furthermore, the issue of VAT is always a good excuse for the ISP to bash its rival AOL, which, under current rules, is exempt from paying VAT in the UK. Last September Freeserve was given the green light to challenge HM Customs and Excise's decision not to charge VAT on AOL's Internet service in the UK. However, the judicial review - due to begin shortly - has now been delayed until October because a key witness is on maternity leave. ® Related Stories Freeserve gets nod for AOL legal action Freeserve Anytime moves to Madeira
Tim Richardson, 17 Mar 2003

cd-wow fights BPI over imported CDs

The music industry last week won an important legal battle in its bid to prevent discount etailer cd-wow from selling imported CDs in the UK. Music labels, lead by trade group the British Phonographic Industry (BPI), are seeking an injunction and claiming damages from Music Trading On-Line (HK) Ltd, the firm behind cd-wow, for the sale within the Europe of CDs imported from Hong Kong. These CDs are genuine but their sale in Britain contravenes the UK's Copyright, Designs and Patents Act 1988, the claimants argue. In responding to the August 2002 action, Music Trading On-Line sought to limit the scope of the case by arguing that the British Phonographic Industry was not entitled to act as representatives of the whole industry against it. However in a High Court ruling, published last week, this application was dismissed. The British Phonographic Industry is entitled to act for the whole industry in an action seeking to limit the sale of parallel imported CDs, the Vice Chancellor Right Hon. Sir Andrew Morritt ruled. The senior judge has turned the case back to lawyers representing Music Trading On-Line and the British Phonographic Industry, whose hand has been strengthened by the Vice-Chancellor's ruling, to reach an agreement. He will consider the case again if the parties fail to agree terms. cd-wow is yet to return our requests for comment on the case. ®
John Leyden, 17 Mar 2003

NTL in BT Broadband complaint

NTL has complained to the telecoms regulator that a broadband marketing deal between BT and satellite TV operator BSkyB is anti-competitive. The complaint, reports the Independent, was lodged last November, just a fortnight or so after BT and BSkyB announced the deal. An extract from Oftel's latest quarterly Competition bulletin reads: "BT has entered into an agreement with BSkyB whereby Sky customers who order BT Broadband on-line via Sky.com save £80 on equipment they would otherwise have had to buy from BT and receive a £20 credit on their Sky digital bill. "NTL claims that the deal involves undue discrimination against BT customers who are not Sky customers; favours a BT business to a material extent; and puts competitors at a disadvantage." A spokesman for BT said: "We do not believe there is anything anti-competitive about this offer. Oftel were kept fully informed about the offer when it was put together." BT and BSkyB have joined together in the past in a bid to compete against the cablecos. Their view is that some people are more likely to buy their services from a supplier which offers TV and Internet together with their telephone service. ® Related Stories Sky flogs BT Broadband BT in digital TV deal
Tim Richardson, 17 Mar 2003

Euro SAN groups merge at last

The two main European storage networking associations have completed their merger, emerging as the "new" Storage Network Industry Association Europe (SNIA-E). This combines the resources of the old SNIA-E with those of the Fibre Channel Industry Association Europe (FCIA-E) Everyone involved is being very careful not to present this as a take-over of the FCIA-E, talking instead about "shared interests" and "avoiding duplication", but it is hard to avoid this conclusion, especially as FCIA-E chairman Andy Batty says the plan is to continue the FCIA-E's work within a SNIA-E group. He says FCIA-E members are now temporary SNIA-E members, with both groups able to nominate people for the SNIA-E governing committee elections next month. The new committee will convene for the first time at June's Storage Networking World-EuroStorage bash in Cannes. The merger has been planned for several months but it demonstrated weaknesses in SNIA's membership fee structure. Organisations which join SNIA forums must pay an additional fee, and FCIA-E members had balked at the suggestion that they might have to pay twice for no additional benefit. Batty says that for this reason, the FCIA-E may not become the Fibre Channel Forum of the SNIA-E, as had originally been planned: "FCIA-E members won't have to pay an additional forum membership fee, so we are still debating the exact name of the new group." He adds that whereas the European groups both promoted storage networking, the US-based SNIA and FCIA are involved in developing standards and technologies, so they will remain independent for now. ®
Bryan Betts, 17 Mar 2003

Lock up your computers! Crime is everywhere

Did you know that 61 per cent of British businesses suffered computer-related crime last year? This astonishing statistic is supplied courtey of the British Chamber of Commerce. And if that were not hyberbolic enough for you, how about another "fact": "93% of firms experienced a virus attack or irregular intrusion" last year. That's what the BCC claims, entirely plausibly we think It is difficult enough to make a living as a plumber. or a hairdresser, or a shopkeeper without all those pesky virus-writers, hackers and disaffected employees intruding all over the computer systems in an irregular manner. People who run small businesses can talk of little else but this pandemic of computer mischief-making when they gather in Britain's saloon bars and the golf courses. As for trading online: the world is full of Nigerians and sundry credit card fraudsters waiting in ambush. Here the BCC is making itself useful. It's running a series of e-Security seminars countrywide for SMEs to "help protect them against modern security risks related to trading online". You can find out more at www.chamberonline.co.uk. ®
Drew Cullen, 17 Mar 2003

Wrox hit the rocks as Glasshaus cracks

IT publisher Wrox Press is set to close following the collapse into liquidation of US owners Peer Information last Friday. Peer Information owns Friends of Ed and Wrox Press, which trades as Glasshaus, Curlingstone, and runs a number of community sites. Glasshaus and Friends of Ed have announced that their respective sites are to close. There's nothing on the Wrox site just yet, but links on the site suggest the business failure of Peer Information spells the demise of a whole community, which includes sites such as ASPToday.com and CSharpToday.com (both up and running but neither is taking new subscriptions or adding fresh content). A statement by Peer Information states: "The Board of Peer Information has passed a resolution to place the company into liquidation. The company is unable to meet its financial commitments, and we have been unable to secure additional funding. The Directors are left with no choice but to place the company into insolvency process." Workers on the various affected sites are to lose their jobs, while authors are also likely to suffer. Chris Matterface, ex-Author Agent, Friends of Ed, asks authors to cease work on current projects in an email (republished here). It seems unlikely that authors will receive outstanding royalties, though some have vowed to contact liquidators in the hopes of seeing some of the money they are owed. ®
John Leyden, 17 Mar 2003

How much does it cost to oversee the Internet?

How much do you think it costs to oversee the Internet a year? Not pay for any servers or cables or set up any domains or deal with customers or anything like that, but simply act as an overseeing body, listening to what people are saying and, if necessary, making a decision on what should be done. A few thousand? A hundred thousand? Maybe even a million dollars? No, according to ICANN's newly released budget figures, six million dollars. And in what may be the most extravagant rebranding in history, next year it will cost $8 million - up a third. Now, $8 million (£5 million) may not seem like much for overseeing the Internet but let's draw some comparisons. Nominet is the UK organisation that runs the .uk domain on a not-for-profit basis. That means it is behind and responsible for every .uk Internet domain - which themselves now make up just over 8 per cent of the entire Internet. Nominet has a staff of 100 and an annual budget of £8 million. However, ICANN does not actually run anything as such, so a second comparison could be the regulatory body that oversees the UK telecommunications industry - Oftel. Oftel has 200 staff and an annual budget of £17 million. But both these are UK based, so let's also look at one of the largest international bodies in the world that deals with the telecommunications industry - the International Telecommunications Union. The ITU in 2000 had a budget of £77.5 million and 782 staff. Now, to get an idea of the cost of the different roles, let's divide the budget by the staff. This gives a comparable figure across all three organisations irrespective of their size and role. Doing this gives £80,000 in the case of Nominet, £85,000 for Oftel and £99,000 for ITU. The same calculation for ICANN gives a figure of £112,000 this year and £133,000 next year. And no, we haven't confused dollars for pounds and we have used the most conservative figures available ($1=£0.632 - $5.86 million and "projected" 33 staff; $7.99 million and "projected" 38 staff). If you use the appropriate figures for the staff actually currently employed (27), you get £141,000 and £143,000 respectively. Now Nominet and Oftel are no slouches when it comes to bureaucracy and the ITU wrote the rulebook, so it should surprise many to find that ICANN is a third to two-thirds more expensive than comparable organisations - and not only that but it is becoming even more bureaucratic and even more expensive. The ICANN reorganisation due to start this year - essentially a rebranding - is calculated separately in the accounts and will cost just under $2 million - a startling third of its entire previous year's budget. While when most companies reorganise, staff numbers go down and cost savings are made, ICANN's new structure will see it take on more staff and cost significantly more. In another irritating aspect, the accounts have been deliberately fudged to give the impression that the organisation actually came in under budget by $153,000. By listing expected costs of public meetings and discussions in expenditure and counter-balancing them with the exact same amounts in revenue, and then claiming that this accounting practice will be ended this year ("this line item is now carried for historical alignment, and will not be present next year"), the organisation has managed to turn $176,000 over budget into $153,000 under budget. ICANN is still managing to meet its increasing costs by taxing global domain names and country-code domains however. It was noted though that the ccTLDs "voluntary contributions" are not all that great - just $621,000 in fact, and $179,000 less than expected. The reason for this is that ICANN is trying to force countries to sign over ultimate control of their domains to it and so the countries that have refused are also not playing ball when it comes to contributions. Of course, ICANN sees things differently. "The problem," it says, "is that relatively few ccTLDs are under agreement (although that number is steadily growing), whereas all gTLD registries and registrars are under agreement." The solution of course is for all ccTLDs to sign up. Then they can help "share the burden" by being forced to pay what ICANN asks. ICANN is managing to put away around $650,000 a year in its bid to achieve a reserve of one year's running costs - a wise financial move, but one that will become increasingly difficult as the bloated organisation swells with each year. ® Related link The budget
Kieren McCarthy, 17 Mar 2003

BT Tower in St Patrick's Day green light stunt

BT Tower in the heart of London was lit in emerald green last night as part of a stunt to plug a new directory enquiries (DQ) service. The stunt - timed to coincide with St Patrick's Day - was promoting the 11 88 88 service launched by independent DQ service Conduit. Last night's light show involved a crew of 50 people, a helicopter and eight flatbed mobile projection trucks to ensure all of the 620ft BT Tow was bathed in green light for a full hour. Those behind the stunt are chuffed-to-bits with their bit of fun claiming that it turned BT "literally green with envy with the world's biggest ever lighting projection stunt". On a more serious note, they claim that the new 11 88 88 service will be cheaper than BT's 192 DQ service with calls costing from 20p a throw, compared to 40p a go for BT's 192 service. And in sideswipe at BT's plans to move DQ jobs to India, Conduit claims all its staff are employed in the UK. Said Liam Young CEO of Conduit in a statement: "We wanted our launch to demonstrate to consumers who have been ripped off for years, that we are committed to challenging BT on their behalf by providing a high quality directory enquiry service at half the cost. “BT has been using its monopoly to overcharge callers for far too long. Now with 11 88 88, the cost of directory enquiries has halved. "To add insult to injury, BT is opening call centres in India to increase their profits yet further. We currently employ over 900 people in the UK, and intend to create more jobs in the UK whilst saving our customers money.” A spokesman for BT told The Register that despite Conduit's claims, last night's event attracted very little interest. "We've had no complaints. Nobody noticed. Conduit have had to put out a news release to publicise it," he said. ®
Tim Richardson, 17 Mar 2003

Win2K Web Server software brown alert goes out

An unchecked buffer in a Windows component could cause web server compromise, Microsoft warns today. According to Microsoft, the flaw affects Windows 2000 only (i.e. not XP or NT). It revolves around Microsoft's flawed implementation of the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol in IIS. WebDAV is a set of extensions to the Hyper Text Transfer Protocol (HTTP) which provides a standard for editing and file management between computers on the Internet. On vulnerable Windows 2000 boxes running IIS, the vulnerability can have dire consequences. "An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS)," Microsoft's advisory warns. "The request could cause the server to fail or to execute code of the attacker's choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context)." Microsoft describes the vulnerability as critical and has released a patch along with advice on workarounds for customers who are not immediately able to apply the fix. The vulnerability is reminiscent of the flaw which was infamously exploited by the Code Red and Nimda worms. Microsoft is clearly taking the problem seriously. Stuart Okin, chief security officer of Microsoft UK, phoned us gives us a heads up on the patch - a first, in our experience. We understand he has spent the day notifying Microsoft's largest UK customers of the problem. Security tools firm ISS has published an advisory which explains the vulnerability more clearly than the Redmond advisory. According to ISS, versions of IIS 5.0 on Windows 2000 up to and including Service Pack 3 are vulnerable to the flaw. ® External Links Microsoft's advisory ISS alert
John Leyden, 17 Mar 2003

Hole in Sun ONE

A potentially serious vulnerability in Sun ONE Application Server creates a mechanism for crackers to run malicious code on Web servers. A flaw in the NSAPI Connector Module, which connects a Sun ONE Application Server to Sun ONE Web Server (formerly iPlanet Enterprise Server), leaves the door open to stack buffer overflow attacks, security firm @stake warned last week. In common with buffer overflow attacks, the flaw creates a way for crackers to create a malformed request that crashes a server and overwrite sensitive locations in memory with arbitrary code, where it might subsequently be executed. Even though this exploit is yet to be coded up in a script-kiddie friendly exploit, sysadmins are urged to guard against the flaw. The issue affects Sun ONE Application Server version 6.5 and earlier. Sun ONE Application Server 6.5 SP1, available here, fixes the problem for users running the latest version of the software. A fix for version 6.0 is not currently available. However @stake suggests a workaround designed to to verify the lengths of HTTP requests, as well as other mitigation strategies (explained in more detail in its advisory here). ® External Links Overview of the problem (from BugTraq)
John Leyden, 17 Mar 2003

Freeserve clamps down on heavy users

Freeserve is clamping down on 1,500 heavy Net users warning them that unless they curb their activities they could face usage limits - or even the chop. The ISP has highlighted around 1,500 users of its unmetered AnyTime service who it claims are using the service more than 20 hours a day. Those involved have set up their kit to redial automatically the ISP immediately after their call to Freeserve has been dropped. Freeserve is contacting all those involved and asking them to cut their usage in half. ®
Tim Richardson, 17 Mar 2003
Broken CD with wrench

MS revamps eBiz server licensing

Microsoft is to introduce revised licensing terms from April 1 to make it cheaper to run its business applications on partitioned servers. The software giant is moving to a per processor server licensing model so that customers pay only for licenses for the processors which server software runs on, instead of all the processors on a partitioned machine. The changes (explained here) apply to Microsoft's eBusiness server products (SQL Server, BizTalk Server etc.) but not to Windows Server 2003 or Microsoft Exchange. That's because per processor licensing is not available for Windows Server and Microsoft Exchange, where per user client licenses are offered as an option. Essentially the per processor server licensing regime is fairer to the many companies that are consolidating disparate server workloads on larger machines. However analysts questioned by CNET are equivocal over the effect upon licensing costs. Gartner, for one, believes companies are more likely to re-use freed up licences. ®
John Leyden, 17 Mar 2003

Molesting Google

LetterLetter Dear Editor - The Register's story about my report Chester's Guide to Molesting Google seems misguided. Some basic technical misunderstandings were evident, especially regarding how material is removed from Google's search results. To aid people in understanding the details of Google's blacklist, I've now written a guide on this topic: Google Censorship - How It Works Note my site was not censored from the search engine AltaVista. I believe the writer misunderstood how that search engine works, making an error by doing a too-restrictive search, and so mistakenly thought my site was absent because of censorship. I don't see how I'm "creating hysteria" by reporting on the removal of material from Google's index. Nor even in being concerned about the implications. I would like to point out that of all the articles on the topic, I would say mine was the most factually accurate, and also enabled readers to further investigate the situation themselves if they were so inclined. I'm not particularly criticizing Google. But rather, my target is the process of "moral panic". This leads to one file of a puerile attempt at humor, eventually being reported as an illegal site of pedophilia, and then blacklisted from the most powerful search engine. Perhaps the material here was indeed of "extremely limited value". But it was certainly nowhere near against the law (in either the US or UK). And if this sequence of events was not documented, it would have been easy to dismissively claim it as hyperbolic, absurd, and fictional. When such an event occurs, with nothing behind it but pack-journalism, it leads me to wonder what else might happen. As war with Iraq looms, how readily could some politically embarrassing material be ordered removed from Google for "military necessity" or similar? Knowing how easy it is make molehills into molesters shows us how readily such suppression might happen. Sincerely, Seth Finkelstein sethf.com More letters to follow. ®
Andrew Orlowski, 17 Mar 2003