4th > August > 2003 Archive

Sage bids £66m for Softline

Sage has tabled an offer for Softline, valuing the South African-owned accountancy software provider at £66m. Should it succeed, the cash offer will be financed from existing debt facilities, Sage says. As well as its home turf, Softline commands good market share in Australia. The company had cash reserves of £11.1m as of March 31, so its so-called enterprise value is £54.9m. So in effect, the bid values Softline at annual turnover. For the year to March 31, the firm made an operating profit of £7.3m on sales of £53.5m. Softline also had net assets of £44.2m - if they were "real" net assets, Sage would have had to make a much higher bid to reflect this. As it is, the bid is pitched at 6.4 per cent higher than July 31's closing price, and a more attractive 26.6 per cent higher than Softline's closing price on June 24 when Sage said it was mulling over making an offer. Softline has something called an independent process committee which will consider the bid. It is subject to the usual shareholder and regulatory approval. ®
Drew Cullen, 04 Aug 2003

SCH snaps up Hays payroll biz

Specialist Computer Holdings has bought Hays Payroll Services for an undisclosed sum. The acquisition is to be transacted through SCS, the reseller's payroll bureau division which will combine with Hays. Hays is, or was, a leading business outsourcing operation. In recent months it has sought to divest most of its businesses to concentrate solely on its recruitment division. Turnover for the payroll business is lumped in with its consulting business. Last time the company broke out the figures for public consumption, annual sales were £18.5m. No profit figures were given. ®
Drew Cullen, 04 Aug 2003
Broken CD with wrench

SCO and Linux: this one will run and run

SCO's latest act in the Linux lawsuit saga has been to implement a licensing scheme for Linux users, writes Robin Bloor of Bloor Research. In the words of SCO CEO Darl McBride, "SCO is prepared to offer a licence for SCO's UnixWare 7.1.3 product for use in conjunction with any Linux product. This licensing format will assure that Linux users will be able to run Linux in full compliance with SCO's underlying IP rights." This is on the one hand, amusing, and on the other bewildering. Let's begin with the bewildering bit, and assume for the moment that Linux does, in some part, contain code that violates SCOs copyright - which is still a matter of dispute. It is as if the music industry decided to sell lincenses to illegal downloaders of music so that they can play the music in full compliance with copyright laws. The music industry may not be sharpest sector in the economy, but it's not daft. Now let's consider the amusing part. Ever since it decided that it had had its IP (or copyright - I'm not sure which) violated. SCO has been fueling the fire of publicity that this dispute ignited and its share price has responded very favorably indeed - having multiplied by a factor of about four. It added about 10 percent when it announced its new wacky Linux licensing scheme. Much of the initial increase was related to Microsoft's sudden largesse in providing a bag full of money to address any outstanding copyright/IP violation between the two companies. Since SCO revenues in the area of $64 million and losses of about $24 million in 2002, revenues are king - especially if you have to fund a high profile law suit. SCO is of course suing IBM for $1 billion or so, whom it seems to blame for "donating the code". It has not identified the code in question except to say that it involves the multiprocessing capabilities added to Linux 2.2 including NUMA (Non-Uniform Memory Architecture) features that let multiple processors execute code concurrently. There have been rumors that it would sue Red Hat, SuSE, Linus Torvalds, but my guess is that these actions are in reserve in case the share price flags. The ever growing Linux user community seems to be unperturbed at the moment and if history is anything to go by, they will remain unperturbed. The problem with the law is that it doesn't resolve disputes of this nature quickly. A number of people are questioning why SCO simply doesn't declare what the violated code/IP in question is. My guess is that it actually exists (it's hard but not impossible to believe that SCO would do this if it had nothing to complain about) and that it came from someone in IBM. However as soon as SCO declares what it is, the Open Source movement will rewrite the offending code, leaving SCO with zero traction. It may therefore be to SCO's advantage to spin this out. If it wins against IBM then it can go after Red Hat, SuSe and VA at leisure. However it is difficult to believe that IBM has made a legal mistake. It must believe that it has acted according to contract and it has the best legal advice that money and antitrust experience can buy. So IBM is ignoring SCO and its dance of the seven veils, and perhaps even rubbing salt in the wound by launching a promotion of free SuSE Linux Enterprise Server licenses (estimate value at $2,300 and 64 bit to boot) for buyers of its pSeries boxes. IBM is suggesting customers run Linux on one-to-four-way SMP servers, which means running the "disputed" code. © IT-Analysis.com
IT-Analysis, 04 Aug 2003

Intel ‘Yamhill’ coming in 2005 – report

Intel's mysterious 'Yamhill' technology - the chip giant's answer to AMD's AMD64 architecture - is a runner, but won't appear before 2005, a report from investment research organisation American Technology Research (ATR) has claimed. Rumours that Intel is working on Yamhill, a set of 64-bit extensions to the 32-bit x86 instruction set, have abounded for as long as AMD has been known to be working on similar technology, if not longer. AMD's version, originally dubbed x86-64 but now known as AMD64, finally made it to market in April when the company shipped its first Opteron processors for workstations and servers. The technology will make it into the mainstream in September when the consumer-oriented Athlon 64 ships. AMD64 allows Athlon 64 and Opteron chips full backward compatibility with 32-bit operating systems and applications. Essentially, if you run a 32-bit OS, the chip operates just like a traditional Athlon but faster. Run a 64-bit OS, and you have access to 32-bit apps and 64-bit software. 64-bit computing has traditionally been the province of specific high-end applications, such as database management and scientific modeling. AMD64 allows AMD to tap into those markets with the same chip family that its uses to target more mainstream applications that are work perfectly well in the 32-bit domain. We can see some consumer apps taking advantage of the memory space made possible by 64-bit pointers to stretch their muscles - games, for example, and video editing - but most consumer software simply won't need it. But that doesn't matter. AMD64 is more about extending the market reach of AMD's processors than dragging mainstream into the 64-bit domain. It may yet have that effect, but not for quite some time. It needs 64-bit desktop software to be widely available, and that's not going to happen until 64-bit desktop processors are widely available. Athlon 64 will set the ball rolling, but we're not yet convinced that it's going to grow AMD's market share dramatically enough to create a 64-bit mass market. However, a similar technology from Intel would accelerate the process, if only because of the weight of the company's marketing machine. Where AMD largely has to wait for market momentum to build up slowly behind its 64-bit technology, Intel has the power to get the market moving itself. Yamhill is how it may do so. ATR reckons it will ultimately do so, and "eventually supply a 64-bit extension of its P4 [and] P5 [aka Prescott]", according to the ATR report, cited by Semiconductor Business News. "Any 64-bit variant of P5 [is] not in evidence until 2005," the ATR report says, Yamhill "would seem to present the only real challenge to AMD's Athlon 64, which should more or less enjoy the power desktop by itself in H1 2004." Meanwhile, "Opteron, which should be ramping aggressively in late Q4 2003, should have the low-end server market more or less to itself throughout 2004", the report adds. In short, the P5 will come, and it will stay 32-bit for the time being. Reports on Yamhill from early 2002 suggest it would be incorporated into Prescott, but turned off. Should a market for 64-bit computing on the desktop emerge, Intel can then tweak the die and enable that extra circuitry. Back in early 2002, there seemed much less need to: AMD's 64-bit chips kept being put back, and IBM had yet to make its work on the 64-bit PowerPC 970 - what Apple calls the G5 - public. But both processors - and AMD more than IBM, thanks to its focus on the x86 world - really only challenge Prescott at the very high end, where the desktop market blurs into the workstation business. Arguably these processors are more of a threat to Intel's Xeon. While the case for 64-bit in the consumer space has yet to be made, there is a need for it in the workstation and low-end server arenas. Opteron is far more competitively priced than equivalent Xeons. IBM is putting the 970 into blades; Apple is putting it into workstations/pro desktops. In that respect, Yamhill seems far more likely to appear in Xeon chips before Intel activates it on the desktop. But if Intel is holding Yamhill off until 2005, it clearly believes its challengers won't pose enough of a threat to Pentium and Xeon before then. If so, AMD had better not waste the time Intel has granted it. ®
Tony Smith, 04 Aug 2003

VAT's up? – help at last

The EC Directive (2002/38/EC), concerning VAT levying arrangements, came into effect from 1st July 2003, writes John MacGowan of Bloor Research. This removes the obligation for EU suppliers of electronic services (i.e. software, music, videos) - which can be downloaded from their websites - to levy VAT when selling in markets outside the EU. The legislation removes what was considered to be a severe competitive handicap; previous legislation demanded that EU vendors charged the relevant (home country) level of VAT to customers, even in countries outside the EU, when supplying digital products. These changes are what e-business retailers had been campaigning for and are intended to "level the playing field". Non-EU based businesses supplying electronic services to customers domiciled in the EU must levy VAT at the rate imposed by the customer's EU member state; which can vary between 13% to 25%. Simplified VAT collection arrangements have been implemented. Non-EU businesses (rather than registering for VAT in each EC country where their customers reside) can now use a taxation authority dedicated website (one for each Member state) to access a simple, automated, system for declaring and paying their VAT dues online and at a single location to cover all their EU customers. For the UK the VAT collection is the responsibility of HM Customs and Excise. Adoption of this Directive has resulted in US companies AOL/Time Warner, eBay and Amazon, which previously were exempt from charging VAT, now having to comply. Freeserve, which recently moved their servers to Madeira to take advantage of a VAT rate of 13%, have been reported as estimating that AOL saved £150 million (since 1996) by not paying VAT in the UK. Please note, for physical products EC-based retailers are still required to charge VAT. © IT-Analysis.com
IT-Analysis, 04 Aug 2003

Arima preps Athlon 64 notebook

Reg Kit WatchReg Kit Watch Notebook Taiwanese manufacturer Arima is preparing a notebook based on AMD's Athlon 64 processor and ATI graphics, according to specifications posted on the company's Web site. Before anyone gets too excited, it's worth noting that the spec. document for the machine, dubbed the A520, was produced in March or April this year and refers to the Athlon 64 by its old codename, 'K8'. This brings to mind the HP document which slipped out in June and purported to detail an upcoming 1.8GHz Athlon 64-based desktop, the t182k. It soon emerged that the machine was an "outdated planning document" for a computer designed for the South Korean market but never offered in the configuration listed. The same may be true of the Arima document, so we urge caution. The A520's processor speed is not listed, but the chip will be a 754-pin part - which pegs it as a budget system; 939- and 940-pin Athlon 64s are in the works for high-spec. machines. The 754 pin-out may also be used by AMD's mobile Athlon 64s, but nothing in the Arima spec. suggests that the notebook will contain the mobile processors. The A520 will sport either 15in or 16in displays powered by something called the ATI M9C. The notebooks contains a DVD/CD-RW combo drive, with CD-ROM, DVD-ROM and CD-RW drives offered as alternatives. Up to 1GB of DDR SDRAM can be accommodated by the machine's two slots, while 20, 30, 40 and 60GB hard drives are offered. There's VGA-out and TV-out, a built-in 56Kbps modem and 10/100 Ethernet. Firewire/1394 is optional. You can read the full spec. here (PDF) ®
Tony Smith, 04 Aug 2003

phones 4U declares price war on CPW

phones 4U is slashing handset prices in a bid to leapfrog Carphone Warehouse (CPW) into UK market leadership. phones 4U is to spend £20m on the campaign, called phones 4 Less. It could use up its war chest very quickly if the competition responds in kind, for the company is guaranteeing to undercut all competitors on handset price. If a customer buys a phone and finds the same model cheaper elsewhere, phones 4U will refund the money and shell out another 20 per cent of the value of the phone. phones 4U is currently the UK's second biggest phone retailer with 17 per cent market share, compared with CPW's 22 per cent share. CPW is certain to respond if it feels threatened. But does this mean it would have to cut prices in all shops, or merely in areas where there's a phones 4U in the vicinity? We should note that any price war is not bi-polar - this will draw in The Link and the indies. So if phones 4U is to gain market share, then this will not necessarily come at CPW's expense. So why is phones 4U turning the price screw? Judging from comments made by Anthony Catterson, MD, the company is deploying attack as the best form of defence. "We need to be market leader. It is a very tough market out there and we think there is going to be a lot of consolidation over the next 18 months. Increasing our market share is the best way to protect ourselves in that environment." ®
Drew Cullen, 04 Aug 2003

Speculation grows ahead of Freeserve, Dixons split

There's fresh speculation that Dixons is to ditch its long-standing relationship with Freeserve and cuddle up instead with AOL UK. The move would mean that AOL's software would be pre-loaded on PCs flogged by Dixons with the giant electrical retailers earning commission for new sign-ups. According to the Telegraph, Freeserve's ejection from Dixons' stores is a result of the French-owned ISP being unable to match the £10 million reportedly offered by AOL. The new arrangement - which only applies to narrowband Net access - is expected to begin from February next year. Speculation that Freeserve could lose its prime slot in Dixons Group stores surfaced in June following reports that BT and AOL had held secret talks with Dixons. BT later admitted that it had held talks with Dixons but ruled itself out due to concerns that such a move might draw criticism from rivals. Both AOL UK and Freeserve declined to comment. No one from Dixons was available for comment at the time of writing. ® Related Stories BT admits distribution talks with Dixons Dixons and Freeserve deny split
Tim Richardson, 04 Aug 2003

BT dismisses MMO2 reports

BT has distanced itself from weekend reports that it is planning to buy back MMO2 - the mobile business it spun off less than two years ago. According to reports, investment banks have sidled up to BT suggesting that the telco borrows a stack of cash to buy back the mobile operator. The story, though, has been dismissed as little more than an open shot at the beginning of the "silly season". Dismissing the story a BT spokesman told The Register: "It is not surprising that this story appeared during August ("silly season") when City sources have too much time on their hands." Last week, BT returned to the mobile mass market after confirming that it had teamed up with T-Mobile to offer a new service aimed at families. BT will plug the service while piggybacking on T-Mobile's network. BT Mobile Home Plan (remember, the tariff is not just for mobile home owners) is the telco's first major step back into the mobile mass market since it flogged its mobile arm MMO2 almost two years ago. ® Related Story BT confirms return to mass market mobile
Tim Richardson, 04 Aug 2003

Sneaky virus poses as email from sysadmin

One of the sneakiest viruses to date began spreading rapidly across the Internet this weekend. Mimail, which poses as an email from a potential victim's own sysadmin or ISP, suggests that a user's email account is about to expire. Potential victims are urged to open an attachment message.zip, containing a copy of the virus. Users who unzip the file find another innocent-looking HTML file inside, named 'message.html'. This file contains an embedded EXE file, when opened in vulnerable versions of Internet Explorer, will drop an executable named foo.exe and run it. More information on the IE MHTML vulnerability used here can be found in an April 2003 advisory by Microsoft. On infected machines, the virus searches for email addresses on a user's hard drive. Mimail uses its own SMTP server to spread sending copies of the malicious code to email addresses harvested from an infected PCs. Mimail also has a backdoor component. The virus attempts to send data from a victim's machine to certain email addresses, coded into Mimail. More detailed descriptions of Mimail can be found in advisories from F-Secure, Symantec and McAfee. Vendors generally rate the virus as a medium level threat. Windows users are advised to update their AV signature files and to apply patches from Microsoft if they haven't already done so. Apple and GNU/Linux users need have no fear. As is so often the case, they're immune from the latest Windows nasty. ®
John Leyden, 04 Aug 2003

Orange slams Three's ‘bad PR’ for 3G

Orange has accused Three and its parent company, Hutchison, of bringing 3G technology into disrepute. In an interview with Scotland on Sunday newspaper yesterday, Orange's UK finance director, Mike Newnham, claimed that Three customers were having to return their videophone handsets to the company's shops because the hardware doesn't work properly. "I think customers that have decided to buy a handset are having problems with networks and handsets," Newnham alleged. "There are a lot of issues they are facing which are technical involving handsets and the networks." Three admitted that it has had problems, but stressed that these were minor issues: "This is a new technology and when you launch a new technology, there is an element of having teething problems," a spokesman told the paper. He also dismissed Newnham's other claim: that Three's pricing strategy is unsustainable. Three prices are much lower than Orange's, he said, adding that Orange was simply being left behind. Orange is not expected to launch a 3G service of its own until 2004. Three began offering its 3G service in March. So far, its coverage is limited. It can provide voice telephony and picture messaging throughout most of the UK, but videophone coverage is largely limited to the country's biggest metropolitan areas and the major road and rail routes linking them. It does, after all, take time to roll out a full service, as Orange well knows. Early Orange subscribers - including this reporter - will recall that back in 1994, when Orange launched, its digital service was similarly much-reduced. Hutchison claims to be selling 3000-4000 3G handsets each week through Carphone Warehouse alone. As Scotland on Sunday points out, all this is typical of the mud-slinging common in the highly competitive mobile phone arena. The irony here is that Three, owned by Hutchison, comes in from criticism from Orange, formerly owned by... Hutchison. ®
Tony Smith, 04 Aug 2003

Notebook chips driving CPU biz recovery

The microprocessor market appears to be picking up on the back of increasing demand for mobile products, according to the latest figures from market watcher Mercury Research. Mercury's numbers show a slight decline in processor shipments during Q2. But while the total was down, the number of mobile chips in the mix was up to record levels. Since mobile parts tend to command higher prices than desktop chips - and thus higher margins - that's good news for chip makers' revenue totals going forward. "Mobile was the bright spot in a not-so-bright quarter," said Dean McCarron, Mercury's principal analyst, according to a Cnet report. "Typically you have a seasonal decline in Q2... [which] was a record quarter for portable component shipments." "There's a lot of evidence that the third and fourth quarters are both going to be growth quarters as they normally are, seasonally, and pretty good growth quarters at that," he added. The coming six months will see the arrival of AMD's Athlon 64 and, later, Intel's Prescott CPU, likely to be branded the Pentium 5. On the mobile front, notebook-oriented Athlon 64s are expected, and Intel has committed itself to boosting the performance of its Centrino Pentium M chip, courtesy of the 90nm Dothan core. The arrival of the Centrino platform, however, did little for Intel's market share during Q2 - it fell fractionally from 82.7 per cent in the year-ago quarter to 82.5 per cent. That tiny dip was shared by AMD, whose share rose from 15.6 per cent to a massive 15.7 per cent, and the Others category, which went from 1.7 per cent to 1.8 per cent. Pretty much static, year on year, then. The figures are more interesting when you compare them with the previous quarter, however. AMD lost share, falling from Q1's 16.6 per cent, while Intel grew its leadership from 81.7 per cent. The Others gained a tenth of a percentage point between Q1 and Q2. ®
Tony Smith, 04 Aug 2003

ebookers looks to India for cost savings

ebookers blamed Iraq and SARS for falling demand in longhaul flights. But the UK's biggest online travel firm expects a bounce-back in the winter, on the basis of good forward bookings. Pre-tax "adjusted" losses (i.e. with out interest, depreciation etc.) for the three months to June end were £0.9m, half that of last year. Gross sales leaped 67 per cent to £118m. Presumably this reflects the acquisition of Travelbag, the longhaul specialist, bought for £55m in January 2003. ebookers is migrating much of Travelbag's sales onto the Internet and is moving back offices to the group's new customer centre in New Delhi. The company reckons it made savings of £1.4m by transferring BPO ops to India. Today it announced plans to increase staff in India from 600 to 2,000 and to start touting for third party business process outsourcing work. This will trade as Tecnovate. ®
Drew Cullen, 04 Aug 2003

Rombyte fined £16K for flogging fake DRAM

Newbury memory distributor Rombyte has been fined £16,000 for selling counterfeit memory. At a hearing at Reading Crown Court last Friday (August 1), judge Mr Recorder Moylam also ordered Rombyte to pay costs. Rombyte directors Andrew Jones, Jazz Dhillon and Patrick John Shaw Rombyte pleaded guilty to eight counts of supplying counterfeit memory modules at a hearing before Newbury Magistrates in May this year. The case follows a raid by officers from West Berkshire Trading Standards on Rombyte in May 2002. In October, Rombyte made a contractually binding arrangement with Hynix to "cease and desist from importing and marketing counterfeit memory chips stamped with the Hynix brand name but not manufactured or marketed by Hynix". First Choice Components Ltd, which was also accused of importing "Hynix" re-marks from Taiwan made a similar undertaking. In return for furnishing Hynix with its list of the suppliers of the faked products and destroying its remaining supplies, the manufacturer agreed not to instigate a civil suit. That still left Rombyte with a prosecution against it by its local council's trading standards department. But Rombyte's settlement with Hynix worked in it favour and appears to have persuaded Mr Recorder Moylam to levy a relatively light fine on the company. ® Related Stories Trading Standards raids Rombyte Hynix re-marked chips sourced to Rombyte, First Choice Rombyte admits flogging counterfeit memory How do you tell fake memory from the real deal?
John Leyden, 04 Aug 2003

CPU sales rose 8.2% during Q2

Worldwide chips sales continue to show almost negligible growth in June, with sales rising from $12.49 billion to $12.54 billion, an increase of less than half a percentage point. So reveals the Semiconductor Industry Association's latest monthly numbers. For the quarter as a whole, global chip sales totalled $37.6 billion, up a mere 3.2 per cent on Q1's $36.4 billion, but 10.4 per cent on Q2 2002's $34.1 billion. Microprocessor sales rose 8.2 per cent year on year during the quarter on the back of an eight per cent annual increase in computer sales. That contrasts with the slight decline seen in the x86 CPU market, as measured by Mercury Research. During Q2, sales in Japan rose 5.3 per cent on a sequential basis, Asia Pacific was up 5.9 per cent, and Americas was up 3.6 per cent, while sales in Europe declined by 4.1 per cent due to sluggish economic growth in Europe and outsourcing of production to Asia, the SIA said. On a year-to-year basis, Japan saw sales rise 21.3 per cent, Europe 12.3 per cent and Asia-Pacific 11.8 per cent. The Americas experienced a 3.7 per cent decline. Looking ahead, the SIA noted that "capacity utilisation on the leading edge - 180nm/0.18 micron and under - has reached 96 per cent. Excess inventory in the supply chain is now at negligible levels with very few exceptions. "Now that inventory has been worked off, increasing demand as the year progresses will directly generate rising semiconductor sales," said SIA chief George Scalise. ® Related Story Notebook chips driving CPU biz recovery
Tony Smith, 04 Aug 2003

Outsourcing firm hires chimps

Did you know that Visual Basic 6.O is the preferred programming language of chimpanzees? No, what about "recent research in primate programming suggests computing is a task that most higher primates can easily perform"? Us neither. Primate Programming Inc, of Des Moines, Iowa has leveraged this innate talent to teach programming skills to primates and to resell their services. If you thought Russian programmers were too cheap, you'll lose the plot with Primate Programming. Its charge-out costs for software maintenance and report writing start at 69 cents per hour. Software testing, it says, requires less skill and this service starts at 45 cents per hour. You can find out more about this fascinating company at Primate Programming Inc: The Evolution of Java and .NET Training. While we are on the subject of primates check out The Monkey Shakespeare Simulator. The current record is the first six letters from King John. Can you do better? ®
Drew Cullen, 04 Aug 2003
DVD it in many colours

Dell knocks IBM off number three cluster rung

IBM's Opteron-based supercomputing cluster, announced last week, has already been knocked out of third place in the world supercomputer chart, by another cluster that hasn't been installed yet. Dell today issued a future tense press release detailing its selection as the provider of a 1280-server cluster for the National Center for Supercomputing Applications (NCSA) at the University of Illinois, Urbana-Champaign. All those Dell PowerEdge 1750 servers, each containing dual 3.06GHz Intel Xeons, will be used to deliver 17.7 trillion floating point operations per second, enough, says Dell, to "rank this cluster as the world's third most powerful system on the Top 500 List of supercomputers". Last week, Big Blue said the same thing of its 1318-server cluster, which it's going to install for the Japanese National Institute of Advanced Industrial Science and Technology. "It is expected to be more powerful than the Linux cluster currently ranked as the third most powerful supercomputer in the world," said IBM. IBM's servers are based on dual Opteron processors and Xeons, which together yield 'just' 11.2 teraflops. "The eServer 325 systems with 2116 AMD processors is expected to deliver 8.464 teraflops of processing power," said IBM. "The 520 Intel processors are expected to deliver 2.704 teraflops of processing power for a total of 11.168 teraflops." So the 36.7 per cent increase in teraflops that the Dell rig offers over its IBM rival, comes on the back of a three per cent decrease in the number of processors: 2560 to 2636. Of course, such a calculation is very rough and doesn't take into account all the other systems used to complete the cluster, such as I/O service provision machines and what have you. But it's a fun sum. The NCSA said its cluster will be used to study the evolution, size and structure of the universe; investigate theories on the lifecycle of stars like the Sun; modeling severe storms; studying the human genome and biological processes; advancing the drug design process and more. ® Related Story IBM pre-announces AMD Opteron 246
Tony Smith, 04 Aug 2003

Novell buys Ximian

Novell is beefing up its Linux play with the cash acquisition of Ximian. The company has confirmed that it will continue to support Ximian-sponsored Mono and GNOME open source projects. Mono, Spanish for Monkey, is, we guess, the more visionary, of the two. This will enable Linux developers to create and deploy .NET apps on Linux in languages other than C#. GNOME is the Linux desktop/GUI that some prefer to KDE. Ximian's totemic open source developers (and co-founders), Miguel de Icaza and Nat Friedman, will continue to do their same jobs wearing Novell hats. Ximian also has some real live products to call its own, notably Ximian Red Carpet, a centralised software management technology. Overtime, Red Carpet is to be tightly integrated into Novell ZenWork, Novell says. Post-acquisition, Ximian is to be called the "Novell Ximian Services business unit at Novell". Surely this is one Novell too many? ® Ximian press release
Drew Cullen, 04 Aug 2003

Betting on Malware

DARPA's plan to create a futures market for terrorist activities is dead, but the concept is a natural for predicting viruses and worms, says SecurityFocus columnist George Smith. The fun folks at DARPA were at it again last week, cooking up projects at the nexus of security and the war and terror that somehow manage to offend everyone. First there was the Total Information Awareness project. Next came the misnamed Combat-Zones-that-See, a scheme to use artificial intelligence and thousands of cameras hooked to PCs to track the comings and goings of your auto. Last week's was called the Policy Analysis Market, a futures betting parlor that would magically reveal rugged intelligence on terrorism activities. It would do this by being a sophisto gambling joint for the insider minds on terror. People who knew, or thought they knew, willing to plunk down their own money on probabilities and predictions would show trends and spikes in terrorism and geopolitical upheaval. It was a rotten thing, said the Senate. We're not going to allow the anonymous to bet on death and destruction. They might incite it, and inside trading terrorist groups could prosper. Plus, it bore the mark of John Poindexter -- a man whose motto, at least in the national defense arena, could be, "I bring bad things to life." The Policy Analysis Market website was flying high last Tuesday morning, but before noon PST, it was gone. I have banished everything to do with this, indicated Tony Tether, director of DARPA. We were so foolish. Poindexter was also alleged to be polishing his resignation by week's end. I can agree with all of that. But a dirty little secret of security affairs is that every discipline has its speculators. In computer security, or virus prediction, you can pick up the trades and pluck their names from the weekly news. Who is foretelling the melting of the Internet, the failure of the power grid due to remote attack, the zero-day worm? Here, however, we are confined to virtual destruction and chaos. If a Policy Analysis Market existed for this, it could be defended on the basis that it's much less ambitious and only has to do with bloody computers. It would be interesting to see it separate the shrewd soothsayers from those who perform just for the jazz, the outrageous claim in print or on TV. The Richard Clarkes of the world would have to be cautious. Larding up their accounts with long and short range bets on electronic catastrophes would be catastrophic to their wallets. Those who might do well would be the people willing to hedge their predictions, or who went for small bets on cybertrouble at the grass roots level -- like picking the top three computer viruses for the next quarter, or the growth percentage for spam in the next six months. You couldn't go wrong on the near term prospects for Klez, Bugbear and Sobig. Another fruitful avenue to wealth would be in the highly technical prediction of the mechanics of worms and cyberattacks. Computer scientists have proven adept at recognizing emerging vulnerabilities and before-the-fact potentials for computer viruses. Betting futures on such things would be easy. The hard part would lie in the realization that the possession of such intelligence does not automatically guarantee that the nation-at-large benefits from it. Case in point -- the arrival of Word macro viruses many moons ago. Anti-virus developers, computer science analysts -- all had warned Microsoft that Word viruses were going to happen. Then they did, and they did, and they did. And more time went by before anyone at the software giant got worked up enough to do anything about the first wave of them. There would also have to be some defenses erected against insider trading and gaming of the system -- big time sanctions for those caught betting on things like the prevalence of computer viruses armed with pre-press release data from, let's say, MessageLabs. And it would be only proper to give some type of financial reward to those who predicted spam would crush everything else malicious in your mailbox, well before everyone else got worked up about it. Now don't think I'm too smug about all this. It's easy to look back and make sport while choosing examples from history to prove a point. I know I'd lose my shirt in a futures market, but I might be tempted to sneak in a few bets on the prospects of Klez. © George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.
George Smith, 04 Aug 2003

Nvidia buys PDA, phone graphics chip maker

Nvidia today said it will buy MediaQ, a developer of graphics and other ancillary chips for wireless PDAs and cellphones, for $70 million in cash and stock, mostly the former. Interestingly, the announcement follows a number of suggestions posted on web sites that Nvidia is developing a PDA-oriented chip, possibly codenamed the NV33. While the NV33 is now believed not to be the mobile processor, it's entirely possible that talk of said ultimately arose out the company's discussions with MediaQ. MediaQ was founded in 1997. Today it offers three product families, the MQ1000, MQ2000 and MQ9000. The first offers "high-end graphics, camera and connectivity capabilities" for handheld systems and smartphones. The MQ2000 family extends that with more advanced multimedia and LCD-control facilities. The MQ9000 series, meanwhile, is a range of ARM9-based sub-processors designed to accelerate graphics rendering, imaging, video streaming, Java processing and the like. Each chip is designed to provide very low power consumption and energy efficiency, and is backed with drivers for Windows Mobile 2003 for Pocket PCs and Smartphones, Palm OS and Symbian. The company lists the likes of Dell, HP, Palm, Psion, Philips, Sony, Sharp, Siemens, NTT DoCoMo, Panasonic and Mitsubishi among its customers. Like Nvidia, it doesn't fab its own chips; unlike Nvidia it uses UMC to do so. A privately held company, Media Q has not published financial results. To date it has raised over $55 million in finance from companies including Weston-Presidio Capital, El Dorado Ventures, Summit Accelerator Fund and ViVentures. National Semiconductor and Infineon and are named as corporate investors. For Nvidia, the deal is all about expanding the range of platforms it covers. Nvidia won't have bought the company for its graphics expertise, but MediaQ will bring Nvidia skills in low-power designs, SoCs and a better understanding of the needs of the PDA and handset markets. MediaQ has plenty of contacts in the LCD world, too, which are likely to come in handy as liquid crystal panels continue to displace CRTs on the desktop, and more and more users choose to buy notebook PCs. It also provides Nvidia with products to use against arch-rival ATI's Imageon range of PDA-oriented devices, the result of ATI's purchase some years ago of SoC specialist Chromatic Research. ATI's Imageon 3200 competes with the likes of MediaQ's MQ9000. Nvidia expects the deal to go through this quarter, the third of its 2004 fiscal year. ®
Tony Smith, 04 Aug 2003

Smart cards, ID cards, nice, nasty, inevitable?

ID cards come in two quite distinct flavours - the nasty one, where they use the cards to police you, and the nice one, which you use to establish and protect your rights and identity. Simple? Actually, I lie when I say they're distinct flavours; in reality nice isn't absolutely nice, the two bleed most horribly into one another, and what we should really be busying ourselves with is establishing clear lines of distinction then defending them. If we don't, then ten years hence, ID as establishment of personal rights and identity will inevitably come with free, added control and monitoring. By happy coincidence, here in the UK we've recently been presented with pretty good examples of nasty, nice, the blurring between the two and how that blurring happens. The Home Office's plans for compulsory ID cards had an unfortunate accident last week, while the day afterwards the Office of the e-Envoy launched a smartcard consultation exercise. I accept that it's a little premature to categorise the e-Envoy's consultation as nice, but it is (at least at the moment) a fairly neutral presentation of the state of the art, and is soliciting comment from the standpoint that the widespread adoption of smartcards would potentially be an enabler of e-government, e-commerce and of benefit to the individual citizen. Maybe you agree with that, maybe you don't, but you probably do agree that smartcards as extensions of credit cards, membership cards, transportation tickets and a host of other credentials systems cannot be stopped. In which case we're all better employed getting some decent shackles on the beast than wasting our time trying to shoot it. The consultation (access to forms and framework document here) is intended to be completed by the end of October, provides a useful run-down of UK and international schemes and initiatives, and notes that "The majority of smart card initiatives abroad use the 'ID card' function as the central plank on which the scheme is based." This is significant because it's a central plank which is (largely) absent in the UK and which is subject to considerable opposition here. Various components of the Home Office's maimed ID card scheme are listed, along with one that's at least on the surface a little more free-standing. The Home Office's smart card Application Registration Card for asylum seekers, which contains fingerprint data, is already going live, and could be said to undercut one of the objectives floated for an ID card, the proof by asylum seekers of entitlement to health service treatment. Of course equally it could be said to provide some useful perspective on a national ID card in action, because the intention behind this particular flotation was to stop people getting treatment fraudulently, which can only happen if everybody who is entitled has a card to prove that entitlement. UK health from the consumer's perspective doesn't figure in the rundown of schemes, but it's an area where there's surely an inevitability to smartcards - once the NHS gets its act together on electronic records there will be a clearer need to associate the individual with the record, and if you arrive unconscious in casualty then it would surely be a benefit for you to be carrying something that expedited this association. So you're not necessarily agin' it, depending. Along with this live scheme, we have three under consideration, by the Drivers and Vehicle Licensing Agency, the Passport Office, and the "entitlement card" from the Home Office itself. With the general issue ID card at least stalled, we can probably expect renewed enthusiasm for the entitlement card, while we can see the ID Card scheme's genesis quite clearly in the e-Envoy's Office's run-down of the Passport Office's plans. "The Passport Office, together with the Home Office and the Drivers and Vehicle Licensing Agency, has been in discussions about developing a joint standard for identity to be incorporated into any potential scheme that may be developed in future - this demonstrates how by thinking about the use of smart cards, government departments work in unison across organisational boundaries, delivering interoperability and value for money." On the other hand, you might reckon that last regrettable and premature piece of editorialising detracts just a tad from the document's neutrality, illustrating precisely the kind of creeping control and invasiveness which, some pages further on, the e-Envoy's Office warns we must guard against. The Home Office saw the entitlement card piggy-backing on passports and driving licences before it had its more dramatic ID card wheeze, and we can expect plenty more piggy-backing from this and other directions in the future. DVLA cards will come, and we're surely not entirely against them, Most of us accept that we should have to prove we are qualified to be in charge of a legal and roadworthy vehicle, we're just perhaps a little concerned about what other things might be associated with the systems used to police this. And even if you don't accept it's a good thing that you have a passport, you'd be as well to be resigned to it, and to it being machine readable and (real soon now) containing biometrics according to internationally agreed standards. Even without the blatant drive for piggy-backing the blurring between nice (or maybe just neutral) and nasty is pretty clear here, and particularly dangerous because it's something you'll end up agreeing to as well if you're not careful. You accept that in some cases it is at least necessary and possibly beneficial for you to be able to or to have to prove your identity, and that the mechanisms used for this will, inevitably, be electronic. It is eminently logical (and probably sensible as well) for interoperable standards for identity to be implemented. There - aren't you pretty much lining up with David Blunkett now? To avoid this horror, we need to focus hard on what's wrong with the above picture - piggybacking and function-creep. This is evidenced in one sense in the Home Office's cunning plan to achieve a free national ID card by getting drivers, passport applicants and benefits agencies to pay for it, but that's pretty obvious and blatant. The DVLA provides a more difficult example of creep because it's hard to see where on the slippery slope you should make the stand. Driving licences are surely OK, as are driving licences that make it easier to check they're not forged. Vehicle documentation? Surely OK as well, so now you've got roadworthiness and ownership information on the card too. Insurance? Well, that's a third party, but driving without insurance is illegal, and difficult to police as things currently stand. And further down the road (if you'll pardon the expression) you've got road pricing bringing with it vehicle tracking, and black box information that could and will be used against you. On that last one, the DVLA is looking at tachographs as well, which rounds out the whole automotive picture into a potential mare's nest of a privacy nightmare. The e-Envoy's Office document seems to me to signpost how we should deal with this kind of issue, but not to signpost it nearly hard enough, and to skate over the question of control of the privacy gorilla that government is. "It is imperative that citizens' rights are upheld in an open and transparent manner inspiring confidence in the organisation(s) involved in the scheme," it says. "By facilitating the user's ability to know what data is being held about them within the scheme, the smart card may be perceived as an enhancement to that citizen's privacy and freedom instead of a threat." It raises the question of who should own the card, user or issuer, stresses the need for data separation (safeguards against one application using the data of another on multifunction cards) and suggests a speedier Data Protection Act right of access to data held on you. These however are not nearly enough to walk the brave talk of 'enhancement' to privacy and freedom. Putting fences between data held on the card is not enough, because data association via the network has to be dealt with as well. 'Informed' consent to such association is not good enough either, because organisations (both private and government) will obtain such associations through subterfuge or by simply making them a requirement of ownership of the card. If, that is, 'ownership' is the right word here. Nor does data separation necessarily deal adequately with function creep, or with government agencies unilaterally repurposing data it has gathered for one, accepted, reason into areas it hasn't bothered cunsulting about. The e-Envoy's Office here confines itself to the following: "Policy 3: To safeguard citizens' rights and guarantee data transparency, smart card schemes in government should comply with the Data Protection Act and any other relevant legislation. Personal information stored on or accessed via smart cards should be readily accessible by the card holder." This is not, frankly, good enough. The DPA and the European legislation it stems from provide rat-catchers for when the beast has escaped, but they are broad in nature and do not specifically address the very large rat that electronic identity could become. We need specific rules governing functionality and data held, we need specific lists of things that should be worried about and examined before they are allowed to be implemented (e.g. how far the DVLA should be allowed to go, and whether or not it's a good idea for multiple commercial organisations to band together to create one credit/entitlement card), and we need, as a society, to take an essentially 'opt-in' approach, only adding functionality and/or allowing creep once we've really established it's a good idea. Requiring that functionality be specifically associated with its own business case might be useful too - this would, for example, force an entitlement card to justify and pay for itself, rather being paid for via other agencies. It'd be nice if government looked at things this way, but as it won't, keep thinking nice and nasty, keep watching, and be ready to shout foul. ®
John Lettice, 04 Aug 2003

AOL junks Monster.com

AOL is ditching Monster.com as its job board supplier. The new incumbent, CareerBuilder.com, is paying up to $115m over four years with a mixture of guaranteed and performance-related payments. CareerBuilder's tenure on AOL's online properties starts in December 2003. The company is a subsidiary of three big US newspaper groups, Gannett, Knight Ridder and Tribune. Monster signed a four-year deal with AOL in 1999, at the timesaid to be worth $100m. So here is a rare case of a new deal struck by AOL which could be worth more than the top dollar gigs signed up in the dotcom bubble years. Of course, Monster knows how much AOL is worth to its business, and judging from today's outcome, it sure as hell doesn't tot up to $115m. ®
Drew Cullen, 04 Aug 2003
Cat 5 cable

Sun speeds V480

Sun Microsystems has added faster chips to one of its most popular servers, opening a door to take a shot at bitter rival Dell. Sun has started shipping its four processor V480 system with 1.05GHz UltraSPARC III chips. The new chips - a boost over 900MHz UltraSPARC IIIs - have the V480 running 22 percent faster. This was just enough added horsepower for Sun to release a benchmark, touting the V480's performance against Xeon-based systems from Dell and HP. Sun has taken the top spot on the TPC-H 100GB benchmark for four processor machines, beating out 2.0GHz Xeon-powered systems from Dell and HP. Sun barely edged out HP in raw performance and then snuck past Dell in price-performance. Full results here. Sun is a bit funny about benchmarks. The company picks and chooses its moments to shine quite carefully. It has spurned the TPC-C mark so loved by HP and IBM. Sun says it only participates in those benchmarks, which reflect real workloads. It's not exactly clear how Sun became the ultimate judge of real workloads. A "real" application seems to be something that runs well on UltraSPARCs. Sun does not appear very often on benchmark lists when Itanium 2 and Power4 are involved. Funny that. Benchmarks of any sort don't tend to be worth all that much, which makes the bashing of Dell and HP the most interesting bit of Sun's score. Dell has been running rather nasty ads, suggesting that customers move from Sun in droves. Dell seems to like comparing itself to a research and development powerhouse like Sun. This is not appreciated in Santa Clara. Souheil Saliba, a vice president of marketing at Sun, points to Dell's decision to drop its 8-way server development as evidence that Dell is not the systems company it would have people believe. "They realized it was way too hard for them to do an 8-way product," Saliba said. "They were struggling to bring out their product, and there were a lot of internal delays. They are not going to get the traction in the enterprise they think they will get." Ouch. Sun is quick to defend its turf in the four and eight processor market, as these systems are some of the best-selling kit for the company. It's this success that calls for such harsh words against Dell. The faster V480 starts at $19,995 with two processors and 4GB of memory. ®
Ashlee Vance, 04 Aug 2003

Is it a bird? A plane? No, it's a Windows Trojan

While one of the sneakiest viruses to date began spreading rapidly across the Internet at the weekend, antivirus software vendor Panda Software detected a Trojan that exploits, you guessed it, another Windows vulnerability. Its actions leave affected computers at the mercy of hackers, the company warns. The Trojan Autorooter (the term is based on security lingo for successfully cracking and gaining privileged access to a machine) is hidden in a file called WORM.EXE, which we have to admit, is a bit of a giveaway. As the Trojan is incapable of spreading by itself, the file can reach computers through a variety of means: e-mail messages sent by malevolent users, inside files downloaded from the Internet or even through plain old floppy disks. When it is run, Autorooter creates a couple files, including RPC.EXE, which exploits the operating system vulnerability by opening the communication port 57005 and logging on with the same privileges as the user of the pc. At the same time, it downloads a file called LOLX.EXE, aimed at opening a backdoor in the computer. After that, the affected PC is left at the mercy of malicious users, who are able to gain remote control of the computer through the port created and carry out all kinds of wicked procedures, including stealing or destroying the data. The Windows vulnerability, which Microsoft has classified 'critical', affects systems with Windows NT, 2000, XP, and Server 2003. ®
Jan Libbenga, 04 Aug 2003

Linux developers ignoring SCO

New research indicates that SCO's legal threat against Linux may go down as the "shot ignored around the world." Evans Data polled more than 400 software developers and found that 70 percent of them are not too concerned about SCO's IP assault. The developers largely agreed that SCO's actions will have little bearing on whether or not they deploy Linux in their enterprise. A paltry 12 percent of the respondents said that SCO has scared them enough to kick their Linux habit. "Developers seem unimpressed with the SCO lawsuit," said Nicholas Petreley, an analyst with Evans Data in a statement. "They are certainly not concerned enough to change their plans for Linux, since only one out of ten are considering it a factor in their adoption plans." It should come as no surprise to see developers ignoring SCO's claims to own some of the code found in Linux. The Linux users have spoken out against SCO in force and don't think the company has a legal leg to stand on. CIOs and CTOs, however, might have a different feeling on the matter, and a survey of their opinions would be of interest. Along with the SCO info, Evans Data picked up on some other trends in the open source world. KDE has moved ahead of GNOME as the desktop of choice among Linux users. Sixty-five percent of those surveyed use KDE versus 56 percent of the users who pick GNOME. Clearly, some Linux types like to use both desktops on the same machine. Evans Data also found that 36 percent of developers prefer a commercial version of Linux, while 15 percent tend toward non-commercial distros. Most users, however, said they don't really care one way or another with 49 percent voting in the undecided camp. ® Related Link Evans Data data
Ashlee Vance, 04 Aug 2003

US court okays malware in hunt for Web paedos

A US appeals court last week gave tacit approval to the use of Trojan horse viruses as a tool in investigating crimes on the Net. The federal appeals panel ruling stems from a case in which a hacker "uploaded a file to a child porn newsgroup that made it possible to track who downloaded files from the service", News.com reports. The uploaded file contained the SubSeven virus, which enabled the cyber vigilante to root around suspect computers. He then tipped off the police, who used this information in subsequent investigations. It's difficult to see how "evidence" obtained in this way could be seen as anything but hopelessly tainted. After all, if someone has gained control of a suspect's computer couldn't incriminated material be planted? Certainly any shrewd defence autorney would suggest so, injecting doubt into what could otherwise be a clear cut case. However the legal arguments in this case focus on whether or not this behaviour violated US constitutional protection against illegal search and seizure. A US District Court judge in Virginia thought the tactic violated a defendant's rights - but the appeals panel disagreed. It reversed the decision, even though judges said law enforcement operated "close to the line" in the case. The appeal court drew a distinction between the police using information from a third party after the fact and encouraging the vigilante's' actions in the first place. "In order to run afoul of the Fourth Amendment, therefore, the government must do more than passively accept or acquiesce in a private party's search efforts," the judges wrote. "Rather there must be some degree of government participation in the private search." ® Related Stories Trojan defence clears man on child porn charges (UK case) Reg duped by crime-busting D.I.R.T Trojan Super DIRT Trojan to infect indiscriminately
John Leyden, 04 Aug 2003

Red Hat takes the fight to SCO

Red Hat has filed a complaint against SCO, hoping to protect Linux's good name. Red Hat is asking for a judge to confirm that the company has not violated SCO's IP. In addition, Red Hat wants to hold SCO accountable for using "unfair and deceptive actions" in its crusade against the Linux community. "We filed this complaint to stop SCO from making unsubstantiated and untrue public statements attacking Red Hat Linux and the integrity of the Open Source software development process," said Mark Webbink, General Counsel at Red Hat, in a statement. In addition to its multi-billion dollar lawsuit against IBM, SCO has called on companies to pay for a license to use Linux or face the legal consequences. In so doing, SCO has characterized Linux users as a "tainted" group that can only be cleaned up by bowing to its IP demands. It's this kind of language that Red Hat dislikes. Fellow open source backers agree with Red Hat's take here but use a bit more of an aggressive tone. Speaking personally, he stressed, Ximian founder Miguel de Icaza said, "I know Mexican politics so I know when something's sketchy," he told The Register today. "I can recognize when someone's lying to you. Those guys have absolutely no case." Welcome to Novell, Miguel. It has taken Red Hat some time to stand up to SCO's formidable legal team. One might have expected the leading Linux vendor to rush to the aid of its users with a bit more speed. To make up for this lack of action, Red Hat has created the Open Source Now Fund. The Linux maker has dumped $1 million into the fund, which will cover legal expenses for companies under IP attack. In particular, the fund will help non-profits and companies developing software under the GPL. "The collaborative process of Open Source software development which created the Linux operating system has been unjustly questioned and threatened," said Matthew Szulik, Chairman and CEO of Red Hat, in a statement. SCO has fingered both customers and Linux vendors in its attack. The users, however, seem to have taken the brunt of the assault thus far. SCO has chided IBM and Red Hat for not providing Linux warranties but has sent thousands of warning letters to enterprise users. In addition, SCO has aimed most public statements at the user base. A survey has found most Linux users to be unfazed by SCO's aggressive litigation.® Related stories SCO sues IBM for $1 billion for 'devaluing Unix' SCO pulls AIX licence, calls for permanent ban SCO says it's time for Linux users to pay up SCO and Linux: this one will run and run
Ashlee Vance, 04 Aug 2003