18th > August > 2003 Archive

Palm to rebrand as ‘PalmOne’

Palm will become PalmOne when its operating system division, PalmSource, finally becomes in independent company later this year. It's not yet clear whether PalmSource will continue to describe PDAs based on its technology as 'Palm-powered', since that description will be technically meaningless. Effectively, the Palm name will vanish at that point. Actually, it already is meaningless, and became so as soon as Palm separated its system software operation from its hardware business. How can a Sony Clié be "powered" by a rival brand, after all? Once Palm as 'Palm' no longer exists, such idiosyncrasies should vanish too. The PalmOne name positions the company as the leading supplier of 'Palm OS-powered', 'PalmSource-powered' or whatever branding is chosen to described Palm OS-based devices generically. Let's hope they don't all continue to muddy the water with 'Palm-powered'. PalmSource, however, is not the owner of the 'Palm' trademark, Palm, inc. is. Will it gain ownership when Palm, inc. becomes PalmOne? According to the official rationale behind the name-change, the PalmOne conveys: "The company's heritage as a pioneer in handheld computing; Palm's worldwide leadership, which it has retained despite an influx of competitors; and the conviction that Palm always would place customers first, thereby delivering what matters most to them." The company will also be changing its corporate colours, from a blue to red and orange. Products will begin to bear the new brand name in 2004, Palm said. ®
Tony Smith, 18 Aug 2003

OSU Four PC hostage situation enters month three

Four PCs are rotting away in a Franklin County evidence room, and there is little their owners can do about it. The computers and the four Ohio Student University (OSU) students who once used them are victims of the War on file-trading sweeping across the US. The PC hostage situation began in May when OSU police stormed into the students' rooms, and confiscated their machines and anything touching the hardware. The collegians - Patrick Muckerman, John Wieseman, Eric Diamond and Josh Cavinee - were suspected of running a file-trading network with the help of Direct Connect file-sharing software. The OSU Four made the mistake of angering the school's network manager, Frederic Eliot, and they have paid for their actions ever since. As luck would have it, a Register reader has come to the rescue by offering up some free kit, while prosecutors make up their minds as to the students' legal fate. More on that later. Eliot, the overlord of OSU's ResNet network, decided to make an example out of the four collegians and preserve the university's bandwidth. More than 58 terabytes of copyrighted material were traversing ResNet, he claims. Some 9000 students were hampered by slow connections. OSU faced $250,000 in bandwidth bills a year and 1000 requests from the Recording Industry Ass. of America (RIAA) to clamp down on illegal file-trading. This is a large burden for any network, but is it worth confiscating the property of students? Is it worth turning them into scapegoats because they provided a search engine for other computers on the network? Keep in mind the students have yet to be charged with a crime or to receive their property back close to four months after being raided by OSU police. "It is illegal to share copyrighted material, and not just on ResNet but in General," Eliot, a fan of the CAPS LOCK KEY, writes in an e-mail. "As far as I am concerned their freedom stops where the freedom of other students begins. I agree with you that (OSU) might have overreacted a bit in this case, BUT we needed to make sure that the message got through to other students wanting to do the same thing." With that Eliot has joined the RIAA, Nancy Regan, Tipper Gore and others as a crusader in need of a crusade. All of these folk are in the example-making business. The US has a long tradition of finger pointing, stretching from the Salem witch trials to madman Joe McCarthy, but at least those hunts were centered around something serious. People had their lives ruined for allegedly bucking the American Way not for smoking pot, putting bad words in songs or shuffling precious, protected bits of data over a network. Eliot's balls are so big, he must need a wheelbarrow to carry them around. Nancy and Tipper had enough sense to sleep with someone important in order to make their crusades appear justified. Eliot has done no such thing, and yet he feels safe in making the vault right up to example-maker. I run ResNet and so students shall suffer. I choose you - the OSU Four. Something in his Wheaties or GrapeNuts imbued Eliot with a real sense of pride that day in May. His shorts tightened. "Most students living in the dorms were actually happy to see their Internet connection back to normal speed again," he writes. "Notice how we didn't hear anything about student organisations being appalled by this incident? That's because Students UNDERSTOOD and agreed with what we did. And again my goal is to make sure that every students living in the dorms can take full advantage of their Internet connection." His love of large letters aside, can Eliot be seen as a man of the people then? He is a protector of bandwidth and unencumbered access to the Internet. Rumor has it that he dons a cape when Yahoo!'s homepage is accessed in but a fraction of a second. Eliot, however, seems to be missing the larger picture. We've reached a state where thousands of people are receiving subpoenas and facing charges that could place them in jail, eliminate their right to vote and burden them with hundreds of thousands of dollars in fines. It's not four students here and a couple there that are being turned into examples. It's your neighbor that likes punk, and your child discovering the British Invasion. Give the RIAA and people like Eliot time, and the US will triple its already record number of prisoners. This Puritan country that cries when a dirty word is uttered or an adult enjoys a spliff after work is ready to throw its beloved due process out the window at the record labels' behest. The OSU police took two months to pass this case onto the Franklin County prosecutor, Ron O'Brien. The prosecutor says charges still have yet to be filed against the OSU Four. And what of their property? "The students have a right to request/demand the return of seized property if further retention is not necessary as evidence," he writes. "However, sometimes such a demand is made that puts the matter on the front burner for law enforcement, which may not be in their interest." The RIAA can cry out from Washington DC, complaining about lost revenues in the midst of the biggest economic correction since the depression, but four students cannot ask for their computers back out of fear of prosecution. So it goes. And with that a kind fellow named Michael Donat has risen to the occasion to correct what he sees as injustice. "I'm rather indifferent on the direction of the case, but I am interested in the speed of it," he writes. "In America, we have the right to a trial in a reasonable timeframe. However, this is one case where I am not seeing any progress, and I have the resources to counter this injustice to some degree. "If these OSU students have not been charged and do not have computers when the fall term starts, I will donate a couple of Pentium II computers to them, loaded with Mandrake Linux 9.1. They aren't blazingly fast, but can get schoolwork done - and should be enough for their day-to-day needs." That's a generous offer from Michael. Should any of the OSU Four want to take him up on it, shoot me an e-mail, and it's a done deal. ® Related Stories OSU Four's PCs held without charge Cops seize dorm PCs in college raid
Ashlee Vance, 18 Aug 2003

IBM's Nvidia, Apple chip timetable hit by blackout

IBM's 300mm wafer fabrication plant in East Fishkill, New York was shut down for a two days last week in the wake of Thursday's massive blackout. The plant's production line cycled into what IBM call "maintenance mode" after the mains power failed. Emergency back-up generators took over immediately, allowing wafers passing through the production line to be completed, a company spokesman told EBN on Friday. With no new wafers on the lines, the plant's equipment was put into stand-by mode, essentially to allow IBM to perform safety checks. These will be needed to ensure that no kit was damaged in the switch from mains to back-up power, and that no hazardous chemicals have spilled. Checks complete, the plant was expected to have gone into production again over the weekend. However, even assuming the blackout had no direct effects, IBM will still have fallen behind schedule by two days. The company won't say which products are currently passing through the line, but PowerPC 970 chips - aka the G5 - for Apple and parts for Nvidia - possibly the NV36 or NV40 - are on the company's list. It takes a couple of days for a wafer to pass through the plant before being packaged and tested. With Power Mac G5s due to ship this month - probably at the very end of August - we doubt the blackout-induced two-day delay will hit Apple's ability to ship the first Power Macs on time, but it may slow the company's broader product ramp a tad. With Nvidia's chips due later in the year, that company's timetable may be flexible enough to cope with the effects of the delay, even if its processors have already begun to roll off IBM's production lines. ®
Tony Smith, 18 Aug 2003

AMD scores Chinese server design win

Chinese server maker Dawning plans to target the local market with a series of one- and two-way Opteron-based machines, AMD said today. Four models are planned initially: two single-processor machines and the same number of dual-CPU boxes. All six will carry the Dawning-A brand name. The entry-level I110A and R120A are based on the Opteron 100 series in tower and rack formats, respectively. The tower I220A and rack R220A are based on Opteron 200 processors. All four machines are aimed not only at 64-bit applications, but 32-bit roles too, effectively pitching them at both Itanium and Xeon. Dawning's systems to date - 32-bit PC-based machines for the mass market, and 64-bit rigs for the Unix world - have been based on Intel Pentium chips, and IBM RS64 and Power 3 processors, respectively. The AMD deal allows the company to span the gap between both existing ranges and ultimately, perhaps, replace them both with a single product family. Last month, Dawning said it had chosen the Opteron 800 family as the basis for a ten teraflop supercomputer based on 2000 of the eight-way processors. ® Related Story AMD Opterons to power Great Supercomputer of China
Tony Smith, 18 Aug 2003

Asia to drive mobile data biz in 2010

Do you know what 'mobile data' will mean in seven years' time? Here's someone who reckons they do; and it's all Asia, says research company, Telecompetition. "Europe may have started the interest in mobile multimedia services with the 3G auctions, and the US may have first advertised 'mobile Internet', but it's Asia Pacific that will lead the world in adoption of multimedia enhanced 'Advanced Mobile Data' services - with $19 billion in annual revenue and a 40 per cent share of the world market by 2005," is the bold prediction. And the bit that will make some shake their heads: "The Asia Pacific region will add over 600 million new mobile data subscribers between now and 2010 - adding $142 million annually by the end of the decade. Over 80 per cent of that revenue will be from advanced mobile data services delivered on 3G or 2.5G networks." Some observers will express astonishment; others, sheer disbelief. PCTel's Ogi Resnik recently told NewsWireless.Net that all predictions based on expectations of 3G phone growth should be revised heavily downwards. His company sells enabling software which lets phone companies charge for mobile data over Wi-Fi hotspots. "Some of the 3G spending has failed to materialise, and some of them see Wi-Fi as a way of providing high speed data at a fraction of the cost of a 3G base station," he said. "We've seen some very well thought out RFCs in this area over the last few months - but a year ago, most mobile companies wouldn't have known what a hotspot was." Telecompetition's report seems to assume that mobile phone companies are somehow entitled to a revenue stream. "The report demonstrates the necessity of developing mobile data services to sustain operator revenue," the company said. It seems to beg the question 'necessity for whom?' and it doesn't seem obvious that it will be the customer. Telecompetition predicts that "by 2010, total worldwide average monthly voice revenue per user (ARPU) will drop from $26 to $18". If that turns out to be accurate, then a lot of phone companies will be very happy, because many of them think it will drop faster. "To compensate for this decline and grow ARPU a modest three per cent annually, mobile data ARPU must increase from around $2 today to over $12 by 2010, an increase of 36 per cent, $10 of which will come from advanced mobile data services." The research appears to be based on the assumption that in Asia, 3G phone networks will be widespread. The argument, it seems, is that these countries have very poor phone networks on which to build Internet broadband - which is very much part of the Wi-Fi hotspot equation. Wi-Fi data can only flourish where very cheap Internet connections are possible. "Developing and emerging economies have been highly motivated to build mobile infrastructure as quickly as possible," said Telecompetition President and CEO Eileen Healy. "Inadequate communications infrastructure has become widely recognise as the major inhibitor to success in most world markets, including emerging economies." Telecompetition's Worldwide Mobility Report: 2003 includes 300-plus pages of mobile voice and mobile data revenue and subscriber forecasts for 165 countries and five world regions, providing a comprehensive view of the total mobile demand, for any geographic area in the world. ® Copyright © 2003, NewsWireless.net Some Recent NewsWireless Stories Growth in WiFi eaten away by death of legacy 802.11b gear Mobile emails - via voice - from Voxit for iPaq
Guy Kewney, 18 Aug 2003

Pocket Wi-Fi sniffers end missing hotspot misery

Reg Kit WatchReg Kit Watch Road warriors know the frustration: you're in a foreign city and want to find a Wi-Fi access point. Normally that means looking on the Internet for site directories that can tell you where the nearest hotspots are located, such as WiFinder or WiFiMaps. Most of the time, it's trial and error. Now, there is a much easier solution. US peripherals maker Kensington has introduced a world first: a detector that will locate Wi-Fi networks. No more booting up your notebook to find a Wi-Fi signal. The small device detects 802.11b and 802.11g signals from up to 200 feet away and filters out other wireless signals, including cordless phones, microwave ovens and Bluetooth networks. Three lights indicate signal strength. For $29.95 that's seems a bargain. However, Wi-Fi Finder is not perfect. There is no display information on the owner of the network or whether the hotspot is commercial, free or private; nor is there any information about the level of security provided (WEP or WPA, for example). Another US company, WiFisense, based in New York City, has a different approach altogether. Its wearable scanner not only detects the networks' signal strength, it will also indicate if they the hotspot is password protected or not. It then uses patterns of light and sound to announce its availability, quality and accessibility. But it doesn't stop there: the technology can easily fit in any wearable, everyday object: laptop bags, jackets, belts and the like. Currently the WiFisense is a handbag. "A haaaandbaaaag?" as Lady Bracknell might exclaim. There are 64 LEDs embedded in the front of the handbag, which light up to acknowledge Wi-Fi presence at various signal strength. If there isn't any Wi-Fi activity in the vicinity, the LEDs look just like some beads on the bag's surface. Isn't that neat? ®
Jan Libbenga, 18 Aug 2003

Wi-Fi gets on the right track

AnalysisAnalysis What sort of investment in public transport would make you swap from plane to long haul trains or from car to bus or commuter train? asks Rob Bamforth of Bloor Research. How about fast mobile data access using Wi-Fi? Mobile users at mobile hotspots. It might be a challenge delivering high bandwidth networking to a moving target - both technical and financial - but at least there's a sitting audience. For the would-be 'railwarrior', the solution could be at hand, at least if the trial being undertaken by UK train operator, Great North Eastern Railways (GNER) is a success. GNER, which operates services from London to Scotland along the East Coast main line, are partnering with Swedish company Icomera to provide real-time high speed Internet access to trains. The service will be available to an unlimited number of First and Standard Class passengers, and staff. Icomera, with its Wireless Onboard Internet product, already have experience of running a commercial Wi-Fi service on trains in Scandinavia. Given the large number of travelers already using laptops on trains, the addition of Wi-Fi makes the travel time even more productive, and provides something that road travel can not. GNER has apparently solved the problem of delivering uninterrupted connection while the train travels at high speeds. Icomera's Wireless Onboard Internet solution provides connection using a combination of GSM and satellite, and automatically selects channels using the most effective multiple combinations to provide 100 per cent access even at speeds over 300kmph. Subject to the successful outcome of the three-month trial, GNER plans to fit satellite-receiving equipment first to its ten high-speed diesel locomotives and then, early next year, to its fleet of 30 electric engines. GNER plan to be able to offer connectivity all the way along the route from London to Inverness, longer than most laptop batteries, so this could be further encouragement for suppliers of handheld devices capable of lasting all day on a battery. GNER recognises that their business is moving people from place to place. It isn't aiming to make money from being a Wi-Fi hotspot, - it hopes his new service will encourage more people to travel by train rather than taking the car or a plane. There are solutions appearing for delivering Wi-Fi access to smaller commercial vehicles too, such as buses, so if governments are looking for ways to encourage more use of public transport, they could look into the possibilities of subsidising services like wireless network access. It's not possible to make a busy bus or train as personal as a car, but they can become a 'vehicle' for aggregating network connectivity. Trains would need to become more laptop friendly outside First Class - GNER needs to think about installing power points, and not the proprietary sort located in aircraft cabins that force the would-be airborne computer user to shell out £100 or more just to spend seven hours watching DVDs. Perhaps wireless handhelds would make more sense for 'railwarriors', and 'bus-battlers'. Either way, the value for the technology-toting traveler would be clear. At least they could do something other than playing games on their mobile phone... ...and there's also the prospect of network traffic reducing vehicular traffic. ® Copyright © 2003, IT-Analysis.com
IT-Analysis, 18 Aug 2003

Invisible Networks confirms restructuring

Invisible Networks - the Cambridge-based wireless networks outfit that helps bring broadband to rural areas - claims it was forced to lay-off staff because of the "changing demands of projects" it was working on. In a statement issued on Friday, the company said that the restructuring has enabled it to "refocus its expertise" and that it is now in a "strong position to grow and move forward in a fast-expanding industry". And in a bid to reassure its existing punters the company said: "Existing networks will not be affected by the restructuring, with the 3 networks of the Cambridge Ring continuing in to be supported and incremental growth to these networks in areas where it is cost-effective to build." The Register reported last week that Invisible Networks had made a number of people redundant. According to sources, around 22 people worked at the company before the redundancies. Now there are just a dozen or so. ® Related Stories Invisible Networks confirms job losses
Tim Richardson, 18 Aug 2003

Microsoft preps PlaceWare conferencing strategy

PlaceWare became a wholly owned subsidiary of Microsoft on 30 April, and last week Bruno Giverns of PlaceWare discussed with me the role that PlaceWare will have in the newly formed Information Worker Division of Microsoft, writes Martin Langham of Bloor Research. Microsoft had already been active in the web conferencing space. Its software includes Windows Instant Messenger, NetMeeting and the planned introduction, later this year, of the Real Time Communications Server to be known as the Microsoft Office Live Communications Server. The missing piece was a public access service. PlaceWare caught Microsoft's eye and now its PlaceWare Conference Centre is to brought into the mainstream as Microsoft Office for Live Meetings. Why use an external service when Microsoft will provide a Microsoft Office Live Communications Server that you can install in-house? There are two reasons. Firstly, it is often useful to have a neutral place when you need to collaborate with external parties and you don't want them inside your firewall. But an external host has to overcome the security concerns of all the parties. PlaceWare does this by supporting its Web conferencing service on a highly secure host called iVault II. iVault II offers 99.9 per cent service availability through a combination of fault -tolerant system design, fail-safe back-up hardware and software, and advanced load balancing technology. It is also highly secure, providing nine levels of security including motion sensors, video surveillance cameras, biometric controlled access and security breach alarms. Secondly, when you're dealing with external parties there are tremendous technical problems in penetrating their many different firewalls. The expertise of a hosting service is invaluable in negotiating all these firewalls so that meetings can take place across many organisations with the minimum of fuss. Microsoft plans to integrate PlaceWare closely with Office 2003. Microsoft's "Integrated Innovation" approach is an important theme for Microsoft, as they need to make their wide range of technology solutions work closely together, the better to persuade users that they need this latest version of a suite so many of them have already and find sufficient for their needs. Interestingly, for a real-time conferencing application, Placeware Conference Centre does not do video. But then neither does Oracle Collaboration Suite, which provides similar data conferencing facilities. A video stream can be expensive to set up and, obviously, it is only practical for people with video cameras. Microsoft does support video in Net Meeting, albeit only on a one-to-one basis. Radvision recently announced that its viaIP 400 communications platform can provide desktop multi-point in support of video, voice, and data collaboration over Microsoft's Windows Messenger and Microsoft Office Live Communications Server. So, another piece of the Microsoft collaboration strategy falls into place. Collaboration is a key element of Microsoft approach to persuade people to move to Office 2003. This is a big bet because even though IBM and Microsoft can report very rapid, almost viral uptake of collaboration internally, no one knows how well collaboration will take off in the wider world. ® Copyright © 2003, IT-Analysis.com
IT-Analysis, 18 Aug 2003

Windows Update still standing despite Blaster

The Blaster worm failed to knock Microsoft's Web site over this weekend, with an attack programmed to swamp Windows Update with useless traffic missing the mark. Unknown coders programmed Blaster to attack Windows Update's windowsupdate.com site via a referring address, which Microsoft has since pulled. In the event, the attack, which was timed to begin on 16 August, was easily sidestepped. The normal referring address of Windows Update is windowsupdate.microsoft.com. This site itself redirects to another site. The more substantive problem remains, however. The worm is still spreading, so there's no room for complacency. Secondary risks are rearing their ugly head with virus writers trying to capitalise on the publicity generated by Blaster to fool people into installing Trojan code that pose as Blaster patches. Users should be reminded that Microsoft NEVER sends out software updates by email precisely because of this kind of attack. Meanwhile Netcraft reports that on Friday Microsoft changed its DNS so that requests for www.microsoft.com no longer resolve to machines on Microsoft’s own network, but instead are handled by the Akamai caching system, which runs Linux. The side effect is that some Passport-related URLs now pop up a Security Alert saying "The name on the security certificate is invalid or does not match the name of the site". D'oh. ® Related Stories Blaster worm spreading rapidly Blaster worm variants make mischief Blaster rewrites Windows worm rules
John Leyden, 18 Aug 2003

Airgo to double Wi-Fi bandwidth to 108Mbps

US-based Airgo Networks today began sampling a WLAN chipset it claims can improve the speed, range and reliability of 802.11-based wireless networks. The part, the AGN100, employs multiple antennae to boost, say, 802.11g from a maximum throughput of 54Mbps to 108Mbps, the company claims. The part also boosts 802.11a and 802.11b. Testing conducted by Airgo showed the chipset had a range two to six times further than rival WLAN chipsets. The chipset uses a technique called Multiple Input, Multiple Output (MIMO), developed by Airgo's founders at Stanford University. Essentially, the system spreads traffic across multiple standard-speed WLAN channels, boosting overall performance. Improved signal processing yields the superior range. Spatial multiplexing schemes put the data back together again. Performance increases proportionally with the number of antennae built into the system. MIMO uses Orthogonal Frequency Division Multiplexing (OFDM), the basis 802.11g, like 802.11a, is itself based on OFDM technology. 802.11b is based on a technique called complementary code keying (CCK). It's not clear whether Airgo's system doubles 802.11b performance - certainly the company only refers to the slower spec. when it's talking about backward compatibility, not boosted performance. That said, with the market shifting to 802.11g, it arguably makes sense to target that market, particularly since it's the clear choice of buyers willing to pay more for better network performance. Airgo promises full compatibility with existing 802.11 kit, but it remains unclear whether the higher throughput the company claims its technology offers operates in environments that mix in non-Airgo based products. The AGN100 comprises the AGN100BB broadband/MAC chip and a companion part, the AGN100RF radio chip. Says Airgo: "The chipset is built with a scalable architecture that allows manufacturers to implement single antenna systems using just one RF chip or increase performance by adding additional RF chips." In short, to gain the benefits of the multiple antennae, vendors will need to implement extra chips, increasing the cost. The AGN100 supports draft 802.11e quality of service specifications, and indeed Airgo is touting the technology as the basis for multimedia networks. It is targeting not only WLAN equipment makers, but consumer electronics companies looking to add network functionality to TVs, DVD players, Hi-Fi, game consoles and the like. Airgo was founded in 2000, and remains privately held. It names Nokia's VC wing as one of its investors. Founders come not only from Stanford University but Clarity Wireless (now owned by Cisco) and Agere. ® Related Stories 802.11g drives Wi-Fi sales Samsung plots Ultra-wideband WLAN future Taiwanese chip makers prepare 802.11g assault Intersil triples 802.11g data rates
Tony Smith, 18 Aug 2003

Europe and China fuel DSL growth

Worldwide demand for DSL equipment is growing, strongly buoyed by take-up in Europe and China. But as demand increases the cost of kit is coming down. "Cost is clearly the key in the DSL equipment market," said Jouni Forsman, principal analyst for Gartner's worldwide Telecommunications and Networking group. "The average vendor revenue per port dropped from $95.90 in the first quarter of 2003, to $84 in the second quarter, and in the following quarters, prices will continue to be challenged," said Forsman. Some 9.8 million DSL modems were shipped in the last quarter - and increase of 81 per cent on the same quarter last year and up 16 per cent on Q1. Customer premise equipment (CPE) shipments increased 59.5 per cent compared to the same quarter last year (16.2 per cent quarter over quarter) to 8.1 million in Q2 - the third consecutive quarter of record DSL equipment shipments. Asia/Pacific (driven by an exceptionally strong Chinese market) and Latin America showed the strongest regional growth in the second quarter of 2003, while Japan and North America registered declines. Gartner also said that Europe showed "robust growth" with the major incumbent telcos pressing ahead with the roll-out of broadband. ®
Tim Richardson, 18 Aug 2003

The sad tale of a security whistleblower

OpinonOpinon Previous articles in this space have discussed whether security professionals can go to jail for doing things like demonstrating the insecurity of a wireless network, or conducting a throughput test on a system without permission. Now, a new and unwarranted extension of the US computer crime law shows that you can go to jail for simply telling potential victims that their data is vulnerable. By explaining how the vulnerability worked, and why customer data was at risk, prosecutors asserted, the security specialist "impaired the integrity" of the affected network. It is now up to a federal appellate court to determine whether this interpretation of the law is to stand. If it does, it could mean a dramatic decline in postings to Bugtraq, CERT, or other public fora. Bret McDanel was dissatisfied with his former employer, Tornado Development, Inc. Tornado provided Internet access and web-based email to its clients. However, McDanel apparently discovered a flaw in the web-mail that would permit malicious users to piggyback a previous secure session, grab the unique session ID and thereby read a user's email - despite the fact that the site promised that email was secure. Dissatisfied with the pace at which Tornado addressed the issue (and for other reasons, undoubtedly), McDanel severed his employment with them, and went to work for another company. About six months later, according to defensive filings, McDanel discovered that Tornado had never fixed the vulnerability he discovered. Using the moniker "Secret Squirrel" he sent a single email to about 5600 of Tornado's customers over the course of three days, staggering the release each day to prevent flooding Tornado's email servers. The email told Tornado's customers about the vulnerability, and directed them to his own website for information about it. So what did Tornado do? First, they scrambled to delete their own customer's emails (without their permission) to prevent them from learning about the vulnerability. Then they took other steps to conceal the hole. Ultimately, the fixed the vulnerability, and upgraded their general security. For his efforts, McDanel was arrested, tried, convicted and sentenced to 16 months in the federal pokey, which he has now served. He has appealed his conviction to the federal Ninth Circuit Court of Appeals. It's important to note that McDanel was prosecuted not for a denial of service attack against Tornado by an email flood, but apparently because Tornado, and the government, were unhappy with the content of the email message and associated web page - content that is presumptively protected by the First Amendment. The "losses" suffered by Tornado, were only in lost reputation and lost clients. There was no evidence that McDanel or anyone else ever exploited the vulnerability. To put McDanel in jail, the government adopted a rather unique interpretation of the federal computer crime statute. The applicable language in the Computer Fraud and Abuse Act make it a crime to "knowingly cause the transmission of information and as a result of such conduct, intentionally cause any impairment to the integrity or availability of data, a program, a system, or information without authorisation." Ordinarily, this is used to go after people who distribute worms or viruses, mailbombs and Trojan horses: things that actually shut down or affect the computer system itself. More Oversight Needed In this case, the government argued that the Secret Squirrel's missive itself - whether posted on his own webpage or emailed to Tornado's customers (or, presumably, posted to any other public source) "impaired the integrity" of Tornado's computers or network. The government argued that the message was incorrect, useful to would-be attackers, and was intentionally designed to give Tornado trouble. Because McDanel revealed the flaw publicly (having previously revealed it privately to Tornado to no avail) he could be prosecuted, because, according to the government, "the public now knew about a flaw in the Tornado system, how that flaw worked, what that flaw could get somebody who exploited the flaw, and in fact a how-to manual about how to exploit that flaw". Had the government merely gone after McDanel for a spam denial of service, or "email bomb" theory, and had they proven that the emails themselves slowed down or materially impaired the availability of Tornado's computers, there would likely be little chance on appeal (though a California State Supreme Court decision recently held that a massive email sent by an ex-Intel employee to his former colleagues was protected free speech where the effect on the mail servers was minimal.) If the email was intended to, and actually operated as, a denial of service attack - well, case closed. But the government here has stretched the federal computer crime statute to include not only attacks on computers or networks, but the dissemination of information about vulnerabilities. They've expanding the definition of "impairing the integrity" of such affected systems. This is a dangerously slippery slope. There is little doubt that what McDanel did was irresponsible and malicious. But, assuming the vulnerability existed, what were his alternatives? He had already told senior management about the hole, and they did not fix it. He could have told them again, and hoped that they took it more seriously. If he threatened to expose the vulnerability to force them to fix it, he could be prosecuted for extortion. And posting the vulnerability to a newsgroup or security organisation, instead of the customers, would be a fruitless exercise unless he detailed the entity that was suffering from the hole, and then would-be attackers would know who to attack, and Tornado would be in a worse position. He likewise could have notified some governmental agency - but frankly, there is no government agency with a mandate to provide security advice to email carriers. So, he notified Tornado customers directly that their email accounts were at risk. He didn't exploit the vulnerability, encourage or conspire with others to exploit it. He didn't reveal the vulnerability to an underground hacker organisation. He told the affected people. For this, he went to jail. He could have explained to the customers that their information was at risk, without revealing quite so much detail. But according to the government's theory of liability, this would not have prevented his prosecution. Moreover, as is frequently the case with security vulnerabilities, this likely would have prompted a quick denial by Tornado that any such bug existed - and they may or may not have fixed them. Under the theory articulated by the government, the transmission of any information that can be used by others to impair the integrity of a computer system (or cause loss of reputation) if done without authorisation (and who would authorise it?) is a federal crime. The law requires the impairment to be "intentional," but under US case law a person is presumed to intend "the natural and probably consequences of his or her actions." You know that revealing the vulnerability will embarrass the company, and this fact alone "impairs the integrity" of the network, according to the government's theory. If you were to come into my office and ask my legal opinion about whether you should reveal a vulnerability under this interpretation of "impairing the integrity" of a computer, I would have to tell you that it was a federal felony to do so. What we really need is for Congress to produce stringent guidelines for prosecutors about what kinds of conduct "impairs" integrity, and therefore runs afoul of the criminal law. These guidelines should be binding on all federal and state prosecutors so there is a clear understanding about what people in McDanel's position are permitted to do. A code of conduct for security specialists with clear guidelines on what they can do when a company or entity refuses to fix a vulnerability would be helpful as well. Until then, as the canny desk sergeant in Hill Street Blues used to say, "Let's be careful out there." ® SecurityFocus columnist Mark D Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior VP and Chief Security Counsel at Solutionary, Inc. Copyright © 2003,
Mark Rasch, 18 Aug 2003

Chip biz recovery shuffling forward

Having had a chance to ponder the numbers, market researchers are cautiously forecasting continued recovery for the chip industry. "Noteworthy improvements in market conditions during the last few weeks confirm that the industry is continuing its recovery as expected and is about to enter a more accelerated growth phase," said Gartner today. The reason? Wafer fab utilisation is now over 80 per cent, foundry wafer pricing is up and silicon demand is increasing, the researcher notes. Higher utilisation is being experienced by chip packaging and assembly specialists too. Driving the recovery going forward will be a revival of corporate IT spending, for which there are early signs, Gartner said. Alongside that, consumer spending hasn't tailed off any further. However, there remains excess capacity in the telecomms sector, so with inhibited spending there, we shouldn't expect the chip business to grow rapidly, the company warned. Gartner is still looking at 11.2 per cent chip market growth this year, rising from 2002's $156 billion to $173 billion. Gartner can't help trying to pull one over on its rivals by claiming it has been forecasting low double-digit growth since Q4 2002 - long before other market watchers were forced to downgrade their forecasts from just under 20 per cent to around ten per cent. Advanced Forecasting goes one step further: it accurately revealed the truth "more than a year and a half ago", the company claimed today. It even states, effectively, that if the industry had paid it some attention in 1999, the 2000 recession would have been much less severe. "Advanced Forecasting predicted in early 1999 that the growth rate of underlying demand for ICs would slow significantly in the summer of 2000, warning the industry to slow its exaggerated momentum," the company boasted. "Instead of slowing down, the momentum continued, leading to inflated targets, overbookings, overcapacity, and inventories, causing the longest and deepest recession in semiconductor history." "Those heeding our warnings about the slow down in growth fared much better than those choosing to ignore them," the know-it-all added. AF sticks to its July forecast that Q4 will show "accelerated growth". It too points to high fab capacity utilisation levels and chip sales as signs of recovery, noting that figures for the later stand at "five per cent below their all-time peak of 7.7 billion units". ® Related Stories Chip industry turnaround coming in Q4 DRAM sales to rise 35% this quarter 300mm wafer prices set to rise 10% in Q4 Chip biz to see 'lacklustre' 2003 growth Notebook chips driving CPU biz recovery
Tony Smith, 18 Aug 2003

NGSSoftware unleashes Typhon III

UK-based security company Next Generation Security Software (NGSSoftware), which is best known for discovering the underlying flaw exploited by the Slammer worm, today released the latest version of its vulnerability scanner, Typhon III. The software has been designed to fill the gap between vulnerability scanning, application testing, war dialling and several commonly used public domain tools, drawing together this functionality into one tool. The scanner is not based around a particular database of checks but is able to perform "arbitrarily complicated check sequences" needed to identify more complex vulnerabilities, according to NGSSoftware. The product can perform in-depth testing on applications (including bespoke applications), looking for common problems such as SQL injection and Cross-Site Scripting. Features include the ability to check services on custom ports, redefine error responses on Web applications and perform checks using known credentials. The checks carried out by Typhon III are constantly fed by NGSSoftware's research efforts. NGSSoftware, which is going up against the likes of ISS with the product, claims Typhon III is the most comprehensive security-auditing tool currently available. Features of Typhon III include: A scanning engine that bypasses SYN flood protection Oracle Checks (NGSSquirrel for Oracle performs comprehensive scanning) Checks over SSL, for applications over HTTPS, as well as SMTP and POP3 over SSL Web Spidering, including the ability to let users manually enter known parts of the website. SQL injection tests against all variables found in an application Cross-Site Scripting against all variables found in an application War dialling Bootnote Typhon, a figure in Greek mythology, was so feared that when the gods saw him they changed into animals and fled in terror. Hissing like a hundred snakes and roaring like a hundred lions, he tore up whole mountains and threw them at the gods. ® Related Stories Oracle security claim to be debunked -- expert Slammer: Why security benefits from proof of concept code Wired to publish Slammer code
John Leyden, 18 Aug 2003

Palm, RIM strong despite Q2 PDA global sales dip

World PDA shipments fell 7.3 per cent year on year during Q2 - a traditionally slow period - but the quarter brought impressive gains for Palm and Research in Motion, market watcher Gartner said today. The overall decline in sales mirrors IDC's findings, published last month. While the two researchers disagree on exact figures, the trends they highlight are identical. Palm OS-based PDAs accounted for 51.4 per cent of the devices shipped around the world in Q2; Pocket PC took 35.9 per cent of the market. During the quarter, end users spent $827 million on PDAs, of which Palm and its licensees took 41 per cent, compared to the 47.7 per cent taken by Pocket PC vendors. The difference in revenue and unit shipment shares is all down the higher prices that Pocket PC devices command, said Gartner. Palm bucked the downward sales trend with a 15.3 per cent increase in sales year on year, a feat achieved only by RIM, which notched up growth of 134.3 per cent. Dell stormed into the top five vendors group, going from nowhere to a 5.3 per cent share of the market. HP and Sony both experienced declines, of 10.3 per cent and a mere one per cent, respectively. HP is expected to regain sales this quarter, as buyers who delayed their purchase for the release of Windows Mobile 2003 spend their savings. The real losers were all the other vendors - collectively they shipped 43.5 per cent few units in Q2 2003 than Q2 2002. Palm's market lead - now at 38 per cent - was driven by strong sales of the consumer-friendly Zire 71. ® Worldwide PDA vendors Rank Vendor Q2 2003 shipments Q2 2003 market share Q2 2002 shipments Q2 2002 market share Growth 1 Palm 943,807 38% 818,800 30.5% 15.3% 2 HP 381,298 15.3% 424,950 15.9% -10.3% 3 Sony 272,638 11% 275,315 10.3% -1% 4 Dell 132,417 5.3% N/A N/A N/A 5 RIM 131,100 5.3% 55,950 2.1% 134.3%   Others 2624,557 25.1% 1,105,646 41.2% -43.5%   Total 2,485,817 100% 2,680,661 100% -7.3% Source: Gartner Related Story Euro PDA sales leap as global sales slump
Tony Smith, 18 Aug 2003

Tories mull broadband tax breaks

BT could be forced to ensure that broadband is available to everyone in the UK as part of a beefed-up universal service obligation (USO). It's just one of the ideas Tory MP and Shadow Minister for Trade & Industry, Michael Fabricant, is looking at to help accelerate the roll-out of broadband in the UK. Mr Fabricant is also mulling the idea of cross subsidies and tax breaks to help bring broadband to rural areas. Speaking to The Register, Mr Fabricant said: "We need to guarantee much faster speeds to subscribers. I am currently looking at ways we might speed up the roll-out of true broadband. "In very remote areas, satellite and wireless networks are available, but these alternative platforms have their disadvantages and are more costly than cable. "It may be necessary to cross-subsidise services and impose a universal supply obligation on BT. Alternatively, tax breaks might be offered as an additional incentive," he said. At the moment there's little indication as to when the Conservatives might publish their plans for bringing broadband to rural areas. But Mr Fabricant appears sure of one thing: "I am concerned, however, that existing broadband users should not have to pay more for their service." The idea of forcing the UK's incumbent telco to make broadband universally available is nothing new. Last year, for example, IT industry entrepreneur Bob Jones called on the telecoms regulator to make broadband universally available to all in the UK. At the time he said: "It's time to revive the old concept of universal service - providing telephone lines to everyone - with regard to broadband. "Cellular companies have to provide service to over 95 per cent of the population as a condition for their licences - [the regulator] should extend this requirement to BT if it wants to prevent a two-speed business Britain," said Jones. But earlier this year, e-minister Stephen Timms effectively ruled out extending the USO to broadband saying that the matter had been "considered" before deciding that "it is not yet justified". The Government has also rejected in the past ideas for tax breaks to help roll-out broadband. ® Related Stories Rural areas face widening BB digital divide Make broadband universally available Oftel ducks making broadband mandatory
Tim Richardson, 18 Aug 2003

Apple ships first Power Mac G5s

Apple has begun shipping Power Mac G5s to pre-ordering punters, the Mac maker said today. Over 100,000 of the machines have been ordered since CEO Steve Jobs unwrapped the aluminium-clad beauties on 23 June. Jobs promised that the 64-bit systems would go out in August, and ship in August they have. Initially, only the single-processor boxes, based on 1.6GHz and 1.8GHz IBM PowerPC 970 chips, have begun shipping - dual 2GHz systems will be dispatched "late this month". Each machine's frontside bus clocked at half the CPU frequency. The 1.6GHz machine uses 333MHz DDR SDRAM, while the other boxes use 400MHz DDR. The low-end system can support up to 4GB of memory, the 1.8GHz and dual-2GHz systems up to 8GB, with DIMMs installed in pairs. The top-two models ship with 160GB Serial ATA drives, the 1.6GHz model with 80GB of Serial ATA hard disk storage. All machines ship with a DVD-R/CD-RW 'superdrive'. Their AGP 8x Pro slots are filled with an Nvidia GeForce FX 5200 Ultra-64MB DDR card (1.6GHz and 1.8GHz), ATI Radeon 9600 Pro 64MB DDR (dual 2GHz) or Radeon 9800 Pro (build-to-order models only). All three systems will ship with Mac OS X 10.2.7, a 32-bit version of the operating system optimised for the new CPU. Despite the availability of up to 8GB of memory, individual apps will only be able to access up to 4GB. Apple is still calling the 970, the first 64-bit desktop processor, despite evidence to the contrary in the form of AMD's Opteron 100 series, and - even earlier - an Alpha chip that made its way into desktop systems. True, neither chip was designed for desktops systems, but Apple isn't claiming its chip as the 'first 64-bit processor designed for desktop systems'. ® Related Stories IBM's Nvidia, Apple chip timetable hit by blackout Apple launches 2GHz, 64-bit Power Mac G5 Apple confirms Panther OS will be 32-bit
Tony Smith, 18 Aug 2003

Online gripe forum tackles mobile spam

Site of the DaySite of the Day If you've being ticked off by poor service or peeved by annoying mobile spam messages, help is at hand. Grumbletext provides a forum to publicise UK mobile phone scams. It's a Vmyths for the mobile generation, with more interactivity built in. So next time you receive an annoying mobile spam messages that tells you that you have won something and that you should phone a premium rate phone number to claim your prize, you can search Grumbletext to check its provenance, before shelling out good money on call charges for virtually worthless discount vouchers. The site relies on people sending information in, so the more people that are aware of it the better. You can submit your grumbles by texting (07810 83 83 83 - normal rate), an online form or via email (to grumble@grumbletext.co.uk). Grumbletext plans to charge 25p per message to send SMS messages to the site but is yet to introduce this charge. LiveWebs Ltd, the firm behind Grumbletext, says it will publish these gripes on its website "within minutes" (we hope they apply some fact checking), forward these reports to the companies concerned and "get as much publicity as we can in the media". Messages on the site have already shamed a number of companies into action. Grumbletext, which began in February and branched into mobile spam complaints in June, is targeted at serving the needs of British consumers. The site is designed as a forum to "grumble about UK companies when they've got you seething with poor customer service, flaky pledges, intrusive marketing, aggressive selling, general thoughtlessness and carelessness". Big companies behaving arrogantly are the chief target of Grumbletext but its not averse to going after either public figures or politicians. Banks, airlines and BT are amongst the most grumbled about organisations on Grumbletext. The site, which is attractive and well designed, aims to make it easier for people to complain - rather than suffering in silence. Instead of sending a complaint directly to a company, Grumbletext wants to create a forum to build a collective voice of complaint that some companies will be more likely to act on. "We want to shame companies into making 'top-down' changes to their service and processes which benefit their customers," LiveWebs explains, in the Grumbletext FAQ. Grumbletext recognises that individual complaints have a role and point to Web resources on putting gripes to companies directly. It also recognises the role of regulators, like the Independent Committee for the Supervision of Standards of Telephone Information Services (ICSTIS), in fighting premium rate spam scams. ® Related Stories The Bunk stops here SMS spam canned NTT DoCoMo pays $217m to put spam back into the can
John Leyden, 18 Aug 2003

Rural wireless BB service delays launch

Lincolnshire-based ISP WRBB has delayed the launch of its rural wireless broadband service because it is still waiting for equipment to be officially certified. The service - called Sunshine - was due to go live at the end of September, covering East Midlands and East Anglia before being made available nationwide by the end of 2005. Now, though, the company has had to inform potential punters that the "countdown" to the launch has been halted and it won't be restarted until the necessary hardware is certified. In a message posted on its web site, WRBB reports that while the Institute of Electrical and Electronic Engineers (IEEE) approved and ratified the 802.11g standard on 12 June 2003, the WiFi Alliance has yet to complete its testing. So far, only eight products have got the thumbs up. WRBB sales and marketing director David Acton told The Register: "Until the hardware is certified, we can't roll-out the service." The company has put pressure on the WiFi Alliance - a group of wireless LAN manufacturers and vendors that runs a scheme to ensure that any certified device will interoperate with all other certified devices - to complete its work, but at the moment it's unclear when that might be. ® Related Stories Pay-as-you-go rural wireless broadband Wi-Fi Alliance passes out 802.11g kit
Tim Richardson, 18 Aug 2003

Sun to blast off Gemini in 2004

Sun isn't getting radical just yet, but it is prepping the first of its multicore low-end processors for delivery in 2004. As expected, the Gemini processor will combine two UltraSPARC II cores on a single piece of silicon. The chip is due sometime next year, coming in at about 1.2GHz and consuming but 32 Watts of power at maximum load. This product was built by Sun staffers but future multicore designs will come from work originally done by Afara WebSystems - a small company Sun acquired last year. The Gemini processor sits at the heart of Sun's throughput computing campaign. Sun is looking to cram numerous processor cores on a single chip in the hopes that it can reduce some of the disconnect between ever-increasing processor speeds and sluggish memory. Surround these multicore chips with tons of memory, and the processor won't be waiting for data for long periods of time. At least one core will be busy at all times. Sun's multicore strategy centers around multi-threaded software. Sun has been selling SMPs for some time now, and it's looking for processors such as Gemini to create an SMP on a chip. Software such as Solaris and Java that can split threads across an SMP should behave in a similar fashion on the multicore chips. Gemini is targeted at the one to four processor server space and thin, blade-type systems in particular. The chip's low power consumption qualities should make it ideal for large web and app server farms. Sun says Gemini will perform about 3 times better than current 1.0GHz UltraSPARC IIIi chips. The successor to Gemini - Niagara - will arrive in 2005 with a 15X performance boost over current chips. The Niagara product, what Sun calls a "radical" design, will have 8 processor cores per chip and each core will support 4 software threads. Niagara will truly be a milticore chip on Viagra. Thus far, Sun is going it alone with the "radical" multicore approach. IBM, of course, already has a dual-core Power4 chip, and HP and Sun both have dual-core RISC chips prepped as well. Intel will be coming along here too with Montecito. None of these designs, however, really compares to either Gemini or Niagara. IBM and HP are experimenting with these types of low power, simplified chips but haven't announced anything for mass production. Sun believes this is the right strategy to take given the types of software that are gaining acceptance. Sun says that the Web services craze along with Java and billions of mobile devices will call for processors that can divvy up myriad lightweight transactions as opposed to a single, powerful chip than can perform one function well. There is no real work that needs to be done to software in order to take advantage of the multicore chips. If it runs well on an SMP, it should do well on Niagara. In addition, the new chips are pin compatible with Sun's current UltraSPARC IIIi line. So, little customer adjustment is required to give the suckers a shot. Sun will continue to ship its main UltraSPARC line for years to come. The UltraSPARC IV arrives early next year and UltraSPARC V comes in 2006. All that said, Sun is providing its customers with a pretty clear path for the road ahead. The old, faithful chips are there along with a couple of surprises. Sun's UltraSPARC chips have been overshadowed by IBM's Power line over the last year and half or so, and the company needs something special to get it back in the analysts' good graces. Time will tell if the "radical" approach is what the doctor ordered. ® Related Stories Sun chip engineers talk multicore, SPARC delays Asynchronous processing, multiple cores in SPARC future Intel Tanglewood's first voyage Sun's Niagara is SPARC on Viagra
Ashlee Vance, 18 Aug 2003

IBM tells 600 workers to cash in their chips

Six hundred heads will roll right out of IBM's gimpy semiconductor business over the next 60 days. Close to 500 workers will be axed from IBM's Essex Junction, Vermont fab with another 100 workers being trimmed elsewhere. A total of 3,000 employees will be asked a take a week off without pay to help the struggling unit. IBM's chip business was a sore spot in the company's second quarter. IBM's technology division, which includes the chip business and design services, posted a $110 million loss in the period, as revenue fell 34 percent. IBM has been aggressively trying to woo customers for the microprocessor group and has picked up some nice wins with the likes of Apple and Nvidia. These contracts, however, have not been enough to offset the slow pace of overall orders, according to IBM. The 600 workers will have a chance to look for other jobs within the company. But, if they cannot find more work, a severance package awaits. This all comes on top of the more than 15,000 employees laid off over the past few months and hundreds of millions of extra cash IBM dolled out for its acquisition of PwC consulting in the second quarter. IBM slashed a total of 1,400 jobs from its microelectronics business and total of 14,213 workers from its once vaunted Global Services business as of June 30. The Register noticed last month that PwC staffers were afraid for their jobs, and it turns out they were right to be scared. The axe has come down en masse. IBM coughed up an additional $397 million for its PwC consulting buy "as a result of the review process and other adjustments." IBM had been working with PwC to figure out exactly how much extra cash was owed on top of the $3.5 billion already paid for the company. All in all, both IBM's microelectronics and services businesses appear to be having some serious struggles. ®
Ashlee Vance, 18 Aug 2003