14th > April > 2003 Archive

Enfora preps ‘Wi-Fi wallet’ Palm PDA cases

Reg Kit WatchReg Kit Watch PDA Want Wi-Fi on your Palm? US-based wireless specialist Enfora has a very discreet solution the WP802b: a wallet for your handheld that contains a built-in 802.11b adaptor. As you can see from Enfora's concept picture, the PDA sits on one side, the 802.11b transceiver on the other. The two come together through Palm's Universal Connector. The UC doesn't support full 11Mbps speeds, but since you'll never get a data throughput rate that high with Wi-Fi (network traffic control grabs a lot of the bandwidth), that shouldn't matter too much. The WP802b is compatible with Palm OS 4.1 and 5.0. The 802.11b transceiver is powered by its own rechargeable Lithium Polymer battery. A typical running time is 24 hours on a single charge, says Enfora. The case itself measures 3.8 x 6.2 x 1.4in (15.5 x 9.5 x 3.5cm). The WP802b is due to ship in the next three months. Enfora is also working on dual-band 900/1800MHz GSM/GPRS version, and a 1900MHz GSM/GPRS model for the US market. These two products connect through the PDA's infrared port, allowing them to support almost all handhelds on the market, including PocketPC and Linux-based devices. Enfora already offers a wallet-mounted infrared-based CDPD radio modem for Palm, PocketPC and other PDAs, for $299. Desktop Dell's first Intel i875P-based PC, the Dimension 8300, was launched today. The 800MHz FSB, dual-channel DDR machine ships with Intel's 3GHz Pentium 4 with HyperThreading and up to 2GB of DDR 400 SDRAM. Buyers can stock the i875P's 8x AGP slot with a range of video cards including ATI's Radeon 9800 Pro and Radeon 9800, and Nvidia's GeForce 4 MX. The 8300 offers up to 200GB of hard drive space through two internal drive bays. It supports two optical drives - users can mix'n'match from 48x CD-ROM, 16x DVD, CD-RW, DVD/CD-RW combo and DVD+RW/DVD+R drives. 10/100Mbps Ethernet comes built in, along with eight USB 2.0 ports (two of which are front-facing). A floppy drive (remember them?) is offered as an option. eMachines has unwrapped its Spring PC collection, comprising three desktops ranging from $399 to $599 in price. The entry-level T2240 is based on 2.2GHz Celeron and contains 128MB of DDR SDRAM, 56Kbps modem and 48x CD-ROM, all for $399. The $499 T2245 replaces the T2240's CD drive with a CD-RW unit and a 16x DVD-ROM drive. It ships with 256MB of memory. Both machines provide six USB 2.0 ports, 40GB hard drive and integrated Intel Extreme graphics. The T2385 is based on a 2.3GHz Celeron with 512MB of DDR, an 80GB hard drive, and the same dual optical drives as the T2245. It too contains a 56Kbps modem, six USB 2.0 ports and integrated Intel Extreme graphics. It costs $599. All three machines come with built-in Ethernet. In the UK, eMachines systems are exclusively sold by Dixons stores, so expect the new three to make an appearance there soon. Motherboards ABIT has released its first Intel i875P-based motherboard, the Gigasystem IC7-G aimed at overclockers. Why Gigasystem? The board supports a 1GHz frontside bus and a 1GHz memory clock. The board features a number of overclocker-appealing refinements, including a BIOS that has full control of CPU speed settings and automatically resets whenever a failed overclock attempt crashes the system; a CPU fan speed control utility, and Serial ATA conversion for existing ATAPI and IDE peripherals. The IC7-G sports eight USB 2.0, three 1394, one SPDIF port, and supports multiple Flash card formats. It also features an integrated Intel Gigabit Ethernet network adaptor. ®
Tony Smith, 14 Apr 2003

mmO2 sells Dutch ops for peanuts

mmO2 is to sell its Dutch arm to an investment company for just EUR25 million. In a statement, mmO2 said that independent private equity and corporate finance group Greenfield Capital Partners would buy the struggling unit in a cash deal expected to close by the end of May. The announcement ends months of speculation over the fate of the business, which mmO2 has been looking to unload since the start of 2003. Although the sale of O2 Netherlands was widely expected, the price of EUR25 million has already been described as disappointing. Still, the move will allow mmO2 to exit the Dutch market, which has five operators but a population of just 16 million. In the Netherlands, the company has never made a profit, although it holds a 3G licence for which it paid almost STG270 million. In the year to 31 March 2002, O2 Netherlands had a turnover of STG200 million, with an EBITDA loss of STG51 million and an operating loss before goodwill and exceptional items of STG119 million. The Dutch mobile telecom currently has about 750 employees and had approximately 1.25 million customers. "We believe that this deal is in the best interests of mmO2 shareholders and also represents a good opportunity for the Dutch business, its employees, customers and suppliers going forward," commented Peter Erskine, chief executive officer of mmO2, in a statement. "The Greenfield offer enabled us to sell at a realistic valuation given market conditions in the Netherlands." The British company said that following the sale, the disposal will result in a slight improvement in mmO2's EBITDA margin and there will be a "minimal effect" on revenue and absolute EBITDA. The sale will also result in a provision for loss on disposal in the order of STG1.4 billion, the company said, which will be treated as an exceptional item in the year ended 31 March 2003. Greenfield's plans for O2 Netherlands remain somewhat unclear, although the business is expected to continue to operate and Stef van Doesburg, partner of Greenfield Capital Partners, noted that the buy was complementary to the group's telecoms businesses, including Enertel NV, the number two dial-up operator in the Netherlands. "This acquisition supports our overall strategy of investing in companies that offer a competitive range of fixed and mobile services," van Doesburg said. It has also been reported that when the acquisition closes next month, O2 Netherlands will change its name back to Telfort Mobiel, after re-branding to O2 only a year earlier. The Dutch mobile company was founded in September 1996 as a joint venture between BT and Nederlandse Spoorwegen NV, the Dutch railway company, with BT holding a 50 percent stake. It received a mobile licence in 1998 and became of subsidiary of mmO2 in late 2001 when mmO2 spun off from British Telecom. Meanwhile, speculation still churns over the future of O2 Germany, which has also been pegged as a possible acquisition target, with KPN the top suspected buyer. mmO2 has so far been unwilling to confirm rumours of a sale of its German business, which only recently became profitable. © ENN
ElectricNews.net, 14 Apr 2003

‘Super-DMCA’ fears suppress security research

Steganography and honeypot expert Niels Provos may risk four years in prison by completing his Ph.D., writes Kevin Poulsen, of SecurityFocus. A University of Michigan graduate student noted for his research into steganography and honeypots -- techniques for concealing messages and detecting hackers, respectively -- says he's been forced to move his research papers and software offshore and prohibit U.S. residents from accessing it, in response to a controversial new state law that makes it a felony to possess software capable of concealing the existence or source of any electronic communication. "Concealing the existence of communication is my dissertation, and concealing the source of communication takes place in honey nets," says Niels Provos. "So I decided to be proactive about it and move it to another location, and for now just deny anybody from the states to download any of my software." At issue are the so-called "Super-DMCA" bills under consideration in seven states, which have already become law in six others. Similar in some ways to the federal Digital Millennium Copyright Act -- which made it a crime to distribute software that cracks copy protection schemes -- the state measures appear to target those who would steal pay-per-view cable television shows or defraud broadband providers. Though the bills vary in language and scope, they are patterned after model legislation pushed by the Motion Picture Association of America along with the Broadband and Internet Security Taskforce, the latter a consortium of cable companies and premium channels. The Super DMCA began quietly passing state legislatures two years ago, but did not come to public attention until last month, when the broad language in some versions of the bill immediately sparked anger from technologists and public interest groups. The , which took effect on March 31st, typifies the legislation: Among other things, residents of the Great Lakes State can no longer knowingly "assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." It's also a crime to provide written instructions on creating such a device or program. Violators face up to four years in prison. Taken literally, the law is bad news for businesses like Anonymizer.com and Hushmail -- both services cater to privacy-conscious Internet users determined to conceal their place of origin from marketers, or to communicate anonymously. Critics say it would also ban firewalls and NAT boxes, dealing a blow to Internet security. "This statute essentially criminalizes the mere possession of technology," says Fred von Lohmann, senior staff attorney at the Electronic Frontier Foundation, which opposes the legislation. From Michigan to the Netherlands Provos says the Michigan law also makes most of his academic career a crime. Provos is an expert on steganography, the science of concealing secret messages in seemingly innocuous content. He's developed software to detect some types of stego in image files, but he's also worked the other side, developing improved methods for preventing a message from being detected. He also wrote "HoneyD," a free program that simulates a network of computers, with the aim of luring in and detecting hackers. The deceptive software arguably conceals the source of a communication. "It's very difficult, reading the law, it makes basically everything that I do illegal," says Provos. So last week Provos took his research papers and software off of his home page, and relocated them to a server in the Netherlands. To play it safe, he also erected a barrier of sorts to U.S. visitors: to access the new page, a user has to answer three questions affirming that they are not in the United States, or another country with similar laws. He hopes it's enough to give him legal cover. "I'm not really sure how this works. If I give access to people in the U.S. and I live in Michigan, could that be construed as a problem?," he says. "And there are a lot of other states that have passed their own laws." Provos says the offshore site is a temporary measure while he awaits an opinion from the University of Michigan's legal department. Meanwhile, he's urging colleagues in the security community to contact his state's legislators and fill them in on the unintended consequences of the Super-DMCA. But he insists the whole thing isn't a protest or a publicity stunt. Though nobody has yet been prosecuted under the law, Provos, a German national, says his concern is genuine. "As a foreigner I have to be very careful... I'd rather follow the law to the letter than be negatively surprised later." The EFF's von Lohmann says he's worried that Provos may not have gone far enough. "If he's still in Michigan... Sure, he has a questionnaire, but maybe that's not enough," he says. "I don't know. This is all untested territory." In response to the early criticism, the industry groups pushing for the law released a new version of their model legislation on April 1st that, among other things, adds an "intent to defraud" to the language -- significantly narrowing the scope of the law. "That doesn't really fix all the problems because it's unclear to me what intent to defraud means in this context," says von Lohmann. In any event, unless lawmakers revisit their efforts, the new draft comes too late for Michigan residents, and those in other states where an old version of the bill has already become the law of the land. ©
Kevin Poulsen, 14 Apr 2003

IEEE preps 802.11n 320Mbps WLAN spec

Wireless LANs will reach speeds of 108Mbps, double 802.11a and 802.11g's 54Mbps rising to 320Mbps - and that's real data rates, which will more closely match the maximum raw transmission rates - if the IEEE has its way. Earlier this year, the standards body formed a working group, the High Throughput Study Group, to explore the possible extension of the 802.11 specification to higher bandwidths. That group has now move to the next stage of implementation, and become the High Throughput Task Group. It is expected to receive official recognition in September as the 802.11n Working Group. The Group has two goals: "To define standardised modifications to the 802.11 MAC and PHY layers that achieve a minimum increase in throughput of 100Mbps as measured at the MAC data SAP", and "to improve the 802.11 wireless LAN user experience by providing significantly higher throughput for current applications." Essentially, that means increasing 802.11's raw data speed, and to increase the performance of the standard as perceived by the end user. Today's 802.11g products, for example, operate at 54Mbps, but the amount of network packet and traffic management, plus data encryption and decryption, and error correction that the standard incorporates reduce the throughput of user data by a wide margin. The Group wants not only to increase the raw data speed, but to reduce the management overhead significantly. Don't expect it any time soon, however. According to the Group's chair, Stuart Kerry, recently interviewed by Unstrung, the standard won't be in place before 2005 or even 2006. But as the progress of the 802.11g standard has shown, manufacturers may will be keen to incorporate draft versions of the specification well ahead of its promotion to an official IEEE standard. When that happens it will improve performance in both the 2.4GHz and 5GHz bands. "We're talking true throughput here," said Kerry. "We've had proposals running at 108Mbps and on up to 320Mbps." ®
Tony Smith, 14 Apr 2003

Oracle and Unbreakable Linux

OpinionOpinion You could argue that Oracle was relatively slow to jump onto the Linux bandwagon, or you might argue that IBM was fast off the mark. writes Robin Bloor It probably happened that way because IBM was getting anxious about platforms. The world had gradually moved to Unix or Windows NT and the reference platform for Unix was Sun's Solaris, not IBM's AIX. When Linux started to become popular, IBM was quick to see an advantage. No vendor owned Linux and IBM could use it to sell its hardware and make it a prime platform for its software. Anyway, Oracle is now clearly a Linux convert and evangelist. It is running an expensive world-wide marketing campaign under the slogan "Unbreakable Linux". As part of this it is spending $150 million to encourage ISVs to develop Oracle based applications for the Linux platform, offering help with porting and development (all in a free Linux bundle). All its products are available on Linux and it claims to "recommend Linux to many of its new customers". Oracle is also eating its own food, as it runs its own business on Linux. Just like IBM when it "got Linux", Oracle claims to just giving the customers what they want - i says it's not promoting Linux ahead of other platforms, . However, Oracle Senior Vice President and Chief Marketing Officer, Mark Jarvis, has commented that Oracle recommends Linux to its database customers "About 75 per cent of the time." He further commented that, "It's down to size and manageability constraints, because manageability is one issue with Linux. But that'll be fixed soon." Oracle is developing its own solution to this. There are apparent paradoxes for all major vendors in the Linux market. Microsoft, of course, has no interest and will only port to Linux in the event that it sees its applications market dissolving. By championing Linux, both Oracle and IBM have the effect of marginalising Microsoft's SQL Server database and many of its other products. However, there are several open source databases - the most prominent product being MySQL. One day the customers are going to ask "If an open source OS is so good, why not an open source database?" Naturally, IBM is vulnerable to the same shift in customer tastes. However it is the ISVs that are key to the whole game, because they write the applications. As time passes, customers care less and less about the technology (databases, OSes, middleware, etc.) and more and more about applications - the things that run the business. So Oracle's marketing campaign, just like the campaign that IBM ran, is aimed primarily at convincing ISVs. Some ISVs will undoubtedly want the Oracle stamp on their products, but they too appreciate inexpensive software and they are not immune to the appeal of an open source database. © IT-Analysis.com
IT-Analysis, 14 Apr 2003

Free mobile phone video – carried over audio?

It could be evil news for mobile phone companies if the idea catches on; but it does look as if Digital Audio Broadcast (DAB) technology can now make it feasible to watch TV on your cellphone. This might well sound like the daftest idea since self-assessed taxes: broadcasting video to mobile users over digital audio broadcast technology. But that's what Radioscape is demonstrated last week, at the NAB show in Las Vegas. Using only 150Kbits per second, full motion video was streamed from the UK over satellite, then re-broadcast in Nevada and received on a personal computer using RadioScape's software-based DAB receiver card. Perhaps the most important aspect would have been the low power requirements of the Radioscape receiver: mobile phones have to be very stingy with battery capacity. The demonstration was done jointly with Microsoft, NTL Broadcast and Tandberg Television; and Radioscape, designers of the silicon and producers of the software that makes it possible, described this as "the next key advance for DAB (Digital Audio Broadcast) technology." The material was broadcast video content from CNN. It was encoded using Windows Media 9 - and DAB audio content from Capital Radio Group was IP encapsulated and multiplexed using RadioScape Digital Radio Infrastructure products. The stream went through a satellite uplink from the UK and was then rebroadcast locally via DAB. The demonstration also included portable applications with streaming video to a PDA sized screen using only 64K Bits per second. Data over DAB on the move was demonstrated using an HP Compaq IPAQ PDA with an Etheractive DAB datacard sleeve. "DAB is perfectly suited for portable devices as it can provide a very low cost means to access video and data anytime, anywhere making it a key technological advance for innovative products that are being designed for tomorrow’s digitally-connected, mobile society," was the official quote from John Hall, RadioScape’s CEO. Because DAB uses relatively little power with low processor requirements, it is "ideal for mobile applications that want to access the huge explosion of television programming, which is currently only available via cable or a satellite dish," said Hall. First products are likely to be hand held PDAs and dedicated video devices, but not for some time - this is for demo purposes only, at the moment. However, it does open up the prospect of cutting out the mobile carriers for the most popular of their current dreams - of sending expensive MMS video clips of sporting highlights, like football goals or motor racing incidents, to subscribers. Broadcast technologies, remarked a Radioscape spokesman with devastating innocence, "provide a simple and cost effective method for receiving both video and rich data." Bet that came as a surprise to the assembled broadcasters. But Radioscape is doing its best to make this seem like good news for the mobile operators. "Combined with conditional access, this could open up new revenue options for them," said the company. "One of the advantages of the RadioScape DAB solution is the flexibility of its end-to-end software defined radio approach. Through this RadioScape can quickly bring new technologies such as video to market with the entire end-to-end capabilities required for a broadcast quality service." This isn't all marketing hype, however. The involvement of Microsoft and Windows Media 9 is crucial to this; Microsoft is attempting to make itself the hub through which all copyright is protected. Windows Media 9 innovation is almost entirely based around digital rights management (DRM) options - encrypting media so that only those who have a key can unscramble it. Microsoft's codecs are, admittedly, as good as anybody else's, and perhaps better in many respects than most; but it is its fond belief that copyright owners will switch from all rival software when they find they can control who receives it. RadioScape predicts that the initial demand will be in the Asia Pacific region where, it says, the culture of listening to radio is less established but video is very popular. Comment: The copy protection dream springs eternal in the hearts of technologists. All the evidence is - and always has been - that media which is made freely available, is the most popular. Music which gets radio air-time gets to the top of the pop charts. Groups which release sample tracks in MP3 format are the ones who get the gold disc awards - and the revenue that goes with it. Even Microsoft itself came to dominate the application software business, not by just out-featuring its rivals, but by forcing all PC makers to include Microsoft Office and Works as standard on every computer made - simply by virtually giving it away (at a time when Lotus 1-2-3 cost several hundred dollars, Works could be obtained, bundled, for around $90.00). Nonetheless, the bean-counter dream - of having ultimate control - is unquenchable. Despite the disaster of "regional control" attempts on DVD, Hollywood and the music studios remain convinced that all they have to do is come up with a truly "uncrackable" DRM package, and they will become absurdly wealthy. RadioScape may be proudest of its skills at creating software solutions but much of its revenue comes from the fact that it designed the DAB software stack that is used by Texas Instruments in its DRE200 DAB receiver chip. You could call this copy-protection, or you could see it as a profitable "bundling" deal - but either way, it will encourage others to interpret this move exactly the way they want to. And the big media owners want to believe in copy protection. In the end, however, someone is bound to discover that viewing figures are highest if you don't charge to "unlock" media on a phone, and most streaming video will be free, and self-promotional. RadioScape is headquartered in London, England, and has an office in Scottsdale, Arizona. ©
Guy Kewney, 14 Apr 2003

BT court action stops engineer strike

A series of one day strikes by the BT engineers, due to commence today, have been called off following a High Court injunction. The Communications Workers Union has withdrawn plans to stage strikes today (April 14), Friday, April 25 and Monday April 28. The strike calls for 13,000 BT engineers was in response to an "unfair" new productivity scheme (called Self-Motivated Teams). CWU members had been balloted on strike action. Union executives will meet later this week to consider their options. ® Related stories BT boss slams union over jobs-to-India Strikes loom as BT mulls moving 700 jobs to India
John Leyden, 14 Apr 2003

Intel chief takes helm at WLAN chip maker Atheros… NOT

Question: what's the difference between Dr. Craig Barratt and Dr. Craig Barrett? Answer: one is the CEO of a major international semiconductor company, and the other runs Intel. That's right, Craig Barrett (with an 'e') is CEO of Intel, while Craig Barratt (with an 'a') is the recently appointed CEO of wireless LAN chip maker Atheros. But how amazed we were when we saw a press release on Atheros' web site entitled 'Atheros names Craig Barratt President and CEO'. Was Intel's executive compensation insufficient to meet Craig's needs? Was the Chipzilla chief earning a little extra income on the side to make ends meet? Would the two come together and allow Intel to dominate the 802.11 - sorry, Centrino - chip market? All these questions and more entered our eager, story-hungry minds as we quickly scanned the release. Until we hopped over to the Atheros Executives page, and Craig was revealed not to be Craig after all. You see, Craig is a youngish feller, and, well, the other Craig isn't. And we doubt that Atheros' Craig has a horse called 'AR5001X Combo WLAN Solution', even though the other Craig's nag is named 'Pentium Princess' or somesuch. Barratt Barrett So, a single vowel separates these two giants of the semiconductor business - and almost caught El Reg out. Details? We've heard of 'em. ®
Tony Smith, 14 Apr 2003

ARM sales and profits plunged during Q1 2003

ARM Holdings today said that its Q1 sales and income had fallen dramatically, and it expects the gloom to continue for the foreseeable future. For the three months to 31 March 2003, ARM recorded a profit of £4.3 million on revenues of £31 million. This time last year, ARM posted a profit of £10.7 million on sales of £42.1 million. Today's figures represent year-on-year declines of 59.8 per cent and 26.4 per cent, respectively. The good news is that while Q1 sales were down on Q4's £32.3 million, profits were up 19 per cent quarter-on-quarter. Royalty revenues were up just over 33 per cent sequentially, thanks to the signing of eight new licensees. So £10.3 million of ARM's Q1 revenue was derived from royalty payments as licensees shipped a record 178 million ARM-based products. Licence revenues amounted to £12.1 million. Sales of development systems improved in the quarter, to £5.0 million. Service revenues were £3.6 million. Licence revenue fell from 49 per cent of total revenue in Q4 2002, to 39 per cent in Q1 2003. By contrast, royalty revenue's share of the total rose from 24 per cent in Q4 2002 to 33 per cent last quarter. In short, the mix is shifting from new licence sign-ups to existing licensees shipping product. No great surprise, that, since most of the companies that want to license ARM technology have already done so. Operating expenses reduced to £23.1 million from £25.4 million in Q4 2002. Before investment write downs in Q1 2003 and restructuring costs in Q4 2002, operating expenses fell to £21.5 million from £23.5 million. Gross margins for the first quarter were 91%, down from 92% in the fourth quarter of 2002, reflecting the increase in sales of development systems, the company said. Sir Robin Saxby, ARM chairman, described the results as "robust" despite the "uncertain political, economic and semiconductor industry environment". Looking forward, ARM doesn't expect its circumstances to improve any time soon: "Given the uncertain macro environment, we do not currently foresee any improvement in the circumstances that have given rise to slower licensing activity in the last three quarters. Thus, although the long term growth indicators for the business remain healthy, it is our expectation that total quarterly revenues will remain at a similar level as Q1 2003 in the short term," it said. ®
Tony Smith, 14 Apr 2003

Apple contracts Quanta to build wireless display – report

Apple is planning to launch a Tablet PC-style wireless display terminal, the Chinese language Economic Daily News has reported. Taiwanese contract notebook manufacturer Quanta has been signed to produce the machine, the paper claimed citing unnamed sources. The story will stoke ongoing rumours that the Mac maker is working on a tablet Mac. Hints that such a device was being worked on Apple's labs have been surfacing since last Autumn. Our old pal Matthew Rothenberg at eWeek let the cat out of the bag last November with his "hunch" that Apple has already seeding prototype tablet Macs with developers. At its core: Mac OS X's Inkwell handwriting recognition technology and a healthy amount of knowledge picked up during the development of the Newton OS, said Matt. Inkwell has been a part of Apple's system software since last September's release of Mac OS X 10.2. So far, only graphics tablet users have been able to do anything with it. Matt later refined his 'hunch' to encompass a "device that superficially resembles a large iPod with an 8in diagonal screen, lacks a keyboard, packs USB and FireWire ports, and runs Mac OS X along with a variety of multimedia goodies". The launch window: Macworld Expo San Francisco, last January. If the tablet is real, we suspect Apple pulled the launch to prevent it being overshadowed by the 17in PowerBook. Since then the 8in LCD tablet concept has run and run, with talk of a home-oriented machine with built in Airport Extreme 802.11g networking. The Economic Daily News story, however, talks of a 15in display with a detachable keyboard but no battery. That suggests we're not going to be looking at a tablet as such, but some kind of tabletop terminal, perhaps driven by Mac OS X Server. If the story is accurate, we reckon Apple is targeting not the business-oriented Tablet PC market but the living room PC consumer arena. The Economic Daily News says Quanta has begun test production, and is expecting to ship in volume during Q1 2004, which seems a little far off, particularly given last year's suggestion that developers already had prototypes. Might Apple be preparing two separate devices, a tablet and a wireless living room terminal? At this stage, it's impossible to say, though Apple insiders are welcome to enlighten us. ® Related Links eWeek: Mac Tablet ready for Expo? eWeek: Waiting for the Mac Tablet
Tony Smith, 14 Apr 2003

Stolen mobile rings in ‘body cavity’

Our piece last week on the "Purring Kitty" mobile phone vibrator programme certainly found favour among many of our readers. This email, from Diana Lask, was typical of the feedback: I simply wanted to say a nice "Thank You" for a story detailing a practical use of today's high tech gadgetry. I do believe that you should post more of these kinds of stories. Most definitely yes. Yes...YES...Oh MY GOD YEEESSS! Another satisfied customer. However, we did receive an article from Jamaica's Western Mirror, dated 19 March, which nicely illustrates that while vibrating phones may have found a new niche market among the sexually frustrated, there are times when it is not advisable to conceal modern gadgetry in one's "body cavity". Embarrassing does not even begin to describe this. Read on: Stolen "Cellie" rings in vagina, by Vivian Tyson Pandemonium broke out at a shopping mall in Negril on Monday, when a cellular phone which was stolen from a female shopper was found after it rang from within another shopper's vagina. Some bystanders were amused over the happenings, but some chided the young woman for sinking so low that she even embarrassed other women. The event took place minutes past 1pm, when a woman went into a store in the popular Negril shopping centre, to purchase an item. On leaving the store, she realised she had left her cell phone inside after completing her transaction. According to eyewitnesses, the owner of the phone went back inside the building to retrieve her communication device but it was missing from the place that she had left it. She queried about the phone but the operators and other customers who were inside the store said they did not see it. While the woman was searching for her phone, a woman who was acting quite suspiciously, was about to slip through the door when she was confronted about the incident. She denied knowledge of the missing phone before stepping outside, but the owner of the phone and others followed her outside and accosted her once more about the instrument. Once more, the nervous looking woman denied having knowledge of it. A crowd had gathered by then and at that point, one of the women helping in the search to retrieve the cell phone asked the owner for the number and began dialling. When the connection was made, the phone was heard ringing between the woman's legs. She was then held and her underwear partially removed and the ringing/vibrating phone was found stuck in her body cavity. The phone was plucked from its hiding place by the irate owner, who told the crowd she was going to have it properly sanitized before using it again. According to one man however, "Mi nuh wan' dat deh phone fi use again, mi would dash it weh." Yes, we see your point. ® Bootnote Thanks to Matthew Wrigley for sending us this astounding story.
Lester Haines, 14 Apr 2003

How to automate a DoS attack using the Post Office

Fancy taking revenge on someone you don't like by deluging someone with junk mail? A little bit of knowledge can go a long way. Thanks to the increased readiness of companies to send out brochures and magazines to anyone who bothers to register online, the US Postal Service can become the agent of denial of service attacks. This much is well known, but a recent paper by security researchers Simon Byers, Aviel Rubin and Dave Kormann demonstrates how to automate this attack. If you type the following search string into Google -- "request catalogue name address city state zip" -- you'll get links to over thousands of Web forms where you can type in your information and receive a catalogue in the mail. It'd be a tedious business to fill out many forms. But anyone with a modest amount of programming skills, and a target's snail mail address, can automate the attack and deluge their victims with junk mail. Last December, self-styled "spam king" Alan Ralsky let slip his snail-mail address. Internet activists seized on this information to deluge him with unwanted snail mail. Within weeks he was getting hundreds of pounds of junk mail per day and was unable to find his real mail amongst the deluge. A pleasantly ironic attack, made all the more satisfying by Ralsky's outraged reaction. That attack took the collective effort of many thousands but automating the attack leaves us all vulnerable. Noted security and encryption guru Bruce Schneier believes there is no easy defence against the attack. "Companies want to make it easy for someone to request a catalogue. If the attacker used an anonymous connection to launch his attack -open wireless networks would be a good choice - I don't see how he would ever get caught," Schneier observes. "Even worse, it could take years for the victim to get his name off all of the mailing lists," he adds. Individual catalogue companies can protect themselves by blocking automated signups (inserting a step that a person can easily do, but a machine can't). But it only takes a limited percentage to omit this check for the attack to work. Schneier isn't convinced this will happen. "The attack works in aggregate; each individual catalogue mailer only participates to a small degree. There would have to be a lot of fraud for it to be worth the money for a single catalogue mailer to install the countermeasure," he writes. Schneier concludes that as old physical process is moved onto the Internet such attacks are likely to become more prevalent. Which isn't nice. ® External Links Defending against an Internet-based Attack on the Physical World Related stories Spammer gets junk mailed Email more popular than letters
John Leyden, 14 Apr 2003

The Xbox key sales target

Contrary to an earlier story, Microsoft is on track to hit its 9million units sales target for Xbox this June. This morning we reported on market analysis which showed that Microsoft was likely to miss this sales target by a significant margin - with a realistic estimate of worldwide sales for the console sitting at between 6.5 and 6.6 million units. However, these figures are for the fiscal year, and Microsoft has since clarified that its June targets are for the entire lifespan of the console. As such, the 6.5 million forecasted by Wedbrush Morgan analyst Michael Pachter for fiscal 2003 should be combined with the 3.9 million units sold in the previous year - leaving Microsoft with a healthy lead over its own overall sales estimates. Ironically, however, if the Xbox were to miss its sales targets, this would actually help Microsoft's bottom line financially. The company is still losing a vast amount of money on sales of the Xbox hardware - at least $100 on each unit, and quite probably more - in contrast to Nintendo and Sony, both of whom are thought to be making profits on their hardware thanks to cheaper manufacturing costs and, in Sony's case, the age of many components. Microsoft will announce its quarterly results tomorrow, and although the company is expected to post a significant profit as usual, all eyes in the games industry will be on the results from the Home and Entertainment Division, which houses the Xbox project. These results continue to reveal the true cost to Microsoft of maintaining its assault on the games market and, more importantly, on consumer living rooms - a battle which many commentators believe Microsoft cannot afford to lose in the long run. © gamesindustry.biz
gamesindustry.biz, 14 Apr 2003

Intel officially unveils 800MHZ FSB, i875P chipset

Intel has announced its '800MHz' frontside bus, along with Pentium 4 chips and chipsets to go with it, as expected. So, we have a 3GHz Pentium 4 that incorporates HyperThreading and the i875P chipset (formerly known as Canterwood), comprising the 82875P North Bridge and the ICH5 South Bridge. The i875P brings in dual-channel DDR 400 support to deliver the same 6.4GBps throughput that the '800MHz' FSB provides. The bus actually operates at 200MHz, but data is 'quad-pumped', quadrupling the volume of data transmitted per clock cycle. Intel is initially aiming the chipset at high-end multimedia and 3D applications. The i875P offers an AGP 8x interface, integrated USB 2.0 controller, Serial ATA support with RAID, and two independent DMA audio streams for music and Voice over IP apps. The 3GHz P4 costs $417 in batches of 1000, which the i875P costs $53 with RAID, $50 without. Among the hardware review sites, there seems a consensus that the 3GHz/P4/i875P combo provides a significant increase in PC performance. "Any chipset and CPU that can make me look at an ATI Radeon 9700 Pro as the weakest link deserves a ton of kudos," says HardOCP, just one of many reviewers praising Intel's latest offering. However, the advantages will really only be felt in the multimedia and 3D applications - games too, natch - at which Intel is targeting the i875P. At the same time, while the benchmarks reveal the i875P to be the top performer, its lead isn't as great as you might imagine from the praise heaped upon the product by the reviewers. With the exception of some memory bandwidth tests, the improvement revealed by the benchmarks is typically just 3-8 per cent over the next best-performing solution, ignoring overclocked systems. That has to make you question the value of upgrading from a 533MHz FSB system and/or a comparable clock speed, particularly given the i875P's price premium. It also doesn't bode well for Springdale, the upcoming 800MHz FSB chipset for 2.4-2.8GHz P4s. But, as HardOCP notes above, the graphics sub-system may be providing a false, poorer picture of the overall i875P performance. Beyond performance, many reviewers single out the i875P's Serial ATA implementation for its ease of use. Hexus is typical: "Speaking of RAID. Intel has dealt discrete RAID controllers a small blow by integrating RAID0 into the ICH5 ER Southbridge. It's fairly easy to setup and maintain, thanks to the easy-to-use Intel RAID program." Providing eight USB 2.0 ports was given a thumbs-up too, but a lack of integrated 1394 drew some boos. ® Related i875P Review Links HardOCP Tech Report Hexus Bit-Tech The Tech Zone Hardware Zone
Tony Smith, 14 Apr 2003

Linksys and Symantec bundle security

Linksys is to bundle copies of Norton Internet Security 2003 with its entire line of cable/DSL routers sold in Britain. The full-featured version of the Norton Internet Security 2003 security suite will be offered to Linksys customers during their router installation via set-up software. Norton Internet Security 2003 features protection from viruses, crackers and privacy risks. It includes firewall, parental control and AV tools. Linksys router customers will receive a 60-day subscription service from Symantec, which will deliver regular updates for virus definitions, firewall rules and the intrusion detection signatures. Thereafter customers will have to pay a subscription fee. The aim of the deal is to help punters secure home PCs against the growing tide of security risks, as well as increasing Symantec's reach into the consumer market. Always-on DSL connection pose a significantly increased security risk. This is well known by the tech savvy, who often use free products like Zone Alarm and Grisoft's AVG anti-virus scanner, for protection. But that still leaves room for commercial products in the market, and this is where Symantec steps in. Symantec has OEM deals with PC vendors including Fujitsu-Siemens, Dell, Sony, Gateway and Packard-Bell to bundle its security software on PCs. Normally these come with 90 days subscription to its services. On the networking side, the deal with Linksys adds to existing agreements with ISP Wanadoo and modem/security software bundling deals with US Robotics and Toshiba. ®
John Leyden, 14 Apr 2003

Application Vulnerability Description Language coined

Security vendors joined together today to back a standard for describing application security vulnerabilities. The new Application Vulnerability Description Language (AVDL), to be managed through the OASIS consortium, provides a "XML standard to define, categorize and classify application vulnerabilities in a standardized fashion". The language provides a way for vulnerability scanners, for example, to exchange data with application security software. OASIS has established a Technical Committee to develop the standard. The laudable aim of the standard is to reduce security management headaches, but we have our doubts if will it work? First, the security industry is notoriously fragmented. Unlike other market segments, there are scores of vendors selling competitive and incompatible products. Standards are very much the exception rather than the norm. Take the incompatibilities that plagued the public-key infrastructure market, the stateful inspection versus packet filtering approaches to firewalls or the more current intrusion protection versus intrusion detection debate. On the other hand we're starting to see some sort of consensus (based on 802.1X) on an approach to wireless LAN security, but not comes from equipment vendors more than security firms. Secondly the list of names (Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics and Teros) so far signed up for AVDL lacks the real heavy hitters. Cisco, Network Associates, ISS and Symantec don't feature. IBM, Computer Associates and HP, which make good money selling tools that enable enterprises to manage their security infrastructure, aren't signed up either. AVDL may make it easier to manage and deploy best in breed products. But are security suite evangelists, like IBM and HP, going to be keen on this approach? Lastly we need to consider the anti-virus tools market, where vendors can't even agree names for viruses much less anything else. For years end users have looked to consistency in naming, vendors always say that's a good idea - then do nothing. The first meeting of the full OASIS Technical Committee for AVDL has been scheduled for May 15. The first candidate AVDL specification will be posted for comment during Q3'03, with final spec due before the end of the year. Additional information on AVDL is available here. ® Related stories Oasis ratifies SAML 1.0 RSA removes patent block to SAML uptake Liberty Alliance proposes Web security standards
John Leyden, 14 Apr 2003

Intel suspends shipments of 800MHz FSB Pentium 4

Intel has confirmed that it has delayed the release of its 800MHz frontside bus Pentium 4, despite launching the processor alongside its support chipset, the i875P, today. At issue is a "small anomaly observed in validation testing on a small number of chips", a spokesman said. In response, Intel halted shipments of the chip. It is unable to say when those shipments will be resumed. Comparisons will inevitably be drawn with the original, infamous Pentium floating point bug. But that glitch emerged after the chip had shipped - and Intel initially refused to accept that there was a problem. ® Related Story Intel officially unveils 800MHz FSB, i875P chipset
Tony Smith, 14 Apr 2003

Computer mag advice can kill!

OK, own up, which computer magazines are trying to kill their readers? With newsstand circulation falling through the floor in the last couple of year, the last thing we need is dead punters. But dead is what you could be if you followed advice to home computer owners on how to install electrostatically sensitive components in computers, the Health and Safety Executive (HSE) warned today. Frustratingly, the HSE does not name the guilty mags. Anyone know who they are, anyone got the clips? Upgrading your computer is really not worth dying for: So here is the HSE advisory to tell you what not to do: HSE WARNING OVER SAFETY ADVICE ON UPGRADING PERSONAL COMPUTERS The Health and Safety Executive (HSE) today expressed concern about advice given in some computer magazines to home computer owners on how to install electrostatic sensitive components in computers. To prevent damage to components from static electricity computer owners are being given the potentially dangerous advice to: Plug the computer in to the mains; Switch off the power supply at the mains; Earth themselves to the computer chassis using a conductive wrist strap. The HSE warns that this procedure can be dangerous. If there is a fault in the computer power supply, or if the electric socket is wired incorrectly, the computer chassis can become live and give a fatal electric shock. To protect themselves, as well as static-sensitive equipment, HSE would recommend that home computer owners: Disconnect the computer and any attached peripheral equipment from the mains; Before working on the computer, touch a metal radiator, water pipe or similar earthed object to discharge static electricity (static charges usually build up on the person, not the computer); Remove computer covers as necessary; If instructions on discharging static are provided by the component manufacturer, follow them before unpacking the component; and after installing new components, replace computer covers before connecting the computer to the mains. Following these instructions should keep owners safe. ®
Drew Cullen, 14 Apr 2003

Cap Gemini targets EDS renewals

Cap Gemini Ernst & Young is aiming for strong growth in its outsourcing operation by dramatically building its offshore arm, targeting new business in applications management and BPO, and targeting the clients of rival EDS. It must regret selling off its BPO practice in 2001, with outsourcing services currently showing strong resilience to the general slowdown. Hubert Giraud, global head of CGE&Y's outsourcing practice, has said that the company plans to grow its outsourcing services to between 40-45% of revenue over the next two to three years, up from its current level of 27%. Mr Giraud said CGEY is building a new model of onsite, near-shore and offshore software and services delivery capabilities. Traditionally, the company has worked through providing consulting and systems integration services onsite at its clients' locations in western markets. But to benefit from the cost advantages of moving development work to less expensive locations, the company has set up near-shore development sites in Barcelona and Madrid in Spain, as well as an offshore site in Mumbai, India. CGEY is also targeting potential opportunities arising due to the recent troubles at EDS, which saw CEO Dick Brown resign last month. Kevin Tomlinson, head of outsourcing for CGE&Y in the UK said: "We know that EDS has a lot of renewals coming up in the next two years in the UK and customers are already asking questions." Business process outsourcing (BPO) is another target area, and here Giraud claims the company won the largest project in the market in 2002, valued at $642 million, to provide human resources, transaction processing and supply chain management services for Hydro One. More than 900 employees will move from Hydro One to CGEY-owned vehicle Inergi, while the customer services operations are managed by UK-based BPO operation Vertex under subcontract from Inergi. It is interesting that CGEY has to share the booty with Vertex, which acquired Cap's business process outsourcing practice in February 2001. CGEY sold up at a time when it was building up its high-end consulting operation through the acquisition of Ernst & Young Consulting. It must now wish that it kept hold of the division, with consulting spend frozen and outsourcing services emerging as the one area of IT services spend to show resistance to the general slowdown.
Datamonitor, 14 Apr 2003

It's another bug, confirms Google

It's a bug! And what a big butterfly net we must have, for we've only been paying attention to Google for a week, and we've already found three critters. Or is it four? By telephone, we guided Google's Head of Corporate Communications David Krane through the procedure we used to unearth the "sun storage" feature we discovered last week. We noticed that a search for Sun storage on Google News becomes +Sun storage, and the user pointed to lots of storage stories coming from source "Sun". Why does that plus appear? "That's a bug! Thanks," said David. Krane explained that the "search for more stories from source Sun" wasn't what you might think. It was a pointer to a news source with the word "Sun" in the title, like the Baltimore daily, or Britain's Murdoch tabloid, The Sun. "There is a publication called "Sun" - for example The Baltimore Sun - it is a news source, This is not information from a commercial identity such as IBM," he explained. And lo, hours after he told us, the phenomenon could be seen with "Express" (leading to a link to a list of relevant stories from a news source, the UK mid-market tabloid The Daily Express and "Independent", ditto The Independent newspaper. These organs are winners of the "Express" and "Independent" lottery. It remains a highly selective feature. Organs entitled "Times", "Tribune", "Chronicle", or "Examiner" are not so favored. And on Friday, "Sun" lost its most favored status. A search for Sun storage now does not give you the plus-link, or the link to a cluster of stories from any Sun newspaper. Managing Relationships Krane strongly denied that the vacancy for a Business Manager at Google involved developing commercial relationships with "news sources". Which Google News has redefined, as we discovered here, to include lobby groups and corporations. (When we first asked Google about this on Friday, 4 April, the first reaction from a spokesman was "It's a bug" - meaning, we can't possibly be including press releases as news. That was clarified a couple of hours, and several phone calls later). Krane explained: "We don't have relationships with commercial organizations such as IBM, HP, EMC and IBM. We are hiring for a position which indeed appears to indicates we will. "Let's clarify; it has nothing to do with editorial judgement; that position is to manage relationships with publications." How? "Take for example, New York Times.com. That requires registration. So there's a relationship that had to be structured between the New York Times and Google. We see the necessity for this. The Times has been registration-only for as long as we can remember. And Google has managed to cope. However it remains a mystery why this is classified as a Business role, rather than a Technical or Editorial function. Thanks to David for the explanation. Google won its popular reputation for a couple of reasons. One, it didn't whore itself for payola. Two, its search rankings were simply much more relevant at finding credible source material than its established rivals. Now we discover that PageRank is broken: it no longer links to the most-linked to item, but leads the users through a thicket of weblogs. This is but one example, Register readers are sending many more. And the company needs to explain its Google News policy clearly and unambiguously: a written Policy statement remains elusive. ® Related Stories Google washes whiter Google turns news 'bug' into payola feature PR rules, OK? Google ducks promised news policy pledge 'Adios Google' [letters] Google News: press releases are OK - Official Anti-war slogan coined, repurposed and Googlewashed... in 42 days
Andrew Orlowski, 14 Apr 2003

US.gov builds huge child porn database

A huge database system designed to find sexually abused children is under development in the US. But legal restrictions mean that the project is unlikely to be replicated in the UK. The US Justice's Department Child Victim Identification Program will include a catalogue of thousands of illicit pictures seized from suspects and collected from the Web. This could make the Justice Department the "owner of the world's largest collection of child pornography, AP reports. This database represents an attempt to link images of abuse with the names of victims and the date of abuse. The system creates a fingerprint system of indecent images which will allow investigators to determine if images seized are the subject of previous cases. Image recognition software will be used to match new pictures with previously referenced images. It is hoped the system will make it easier for police to identify and locate sexually abused children. The database cannot be directly browsed. And only pictures linked to a particular investigation can be viewed at any one time. Police won't have direct access to victims' identities, either. In the case of possible matches, investigators will be given only contact details for a particular investigating officer. These measures are designed to stop abuse from unscrupulous law enforcement agents and attempts by crackers to break into the system and steal indecent images. However, the more joined-up such database systems become, the greater the potential for misuse and abuse. UK laws preventing the exchange of indecent images, for whatever purpose, mean the system (or something similar) is unlikely to be used in Britain. Security expert Neil Barrett, who has advised the police in numerous Internet paedophilia inquiries, said: "swapping pictures backwards and forwards is illegal in the UK. The law does not provide an exception for police." In the UK a checksum is of captured images is obtained. It is this data, and not images, which is exchanged between law enforcement agencies in Europe to see if an image has been the subject of a previous prosecution. Europol administers the scheme, used by police to assess the strength of evidence obtained during an inquiry. Barrett believes the European system is preferable not least because of the risk of images being intercepted - which he believes is inherent in the US system. ® Related stories UK police swoop in child porn raids Police swoop on Internet paedophiles On stats and chatroom paedophiles Child porn list leaked to Sunday Times Net porn policeman jailed for 18 months Child porn 'librarian' jailed for 2 years Watch out! There's a chatroom paedophile about
John Leyden, 14 Apr 2003