Small business owners concerned about the number and quality of IT workers have been given hope for the future - a new survey has revealed that working with computer technology is the most popular career path for children, ahead of being elected prime minister or even becoming a pop star. As reported by Startups.co.uk, over half of UK employers are reported to be unhappy with the skill levels of their IT staff, with many admitting that they required extra training to bring them up to standard. Concerns have also been raised about the shortage of skilled IT workers in several areas of the UK, particularly London and the South East - regions which have previously benefited from a plentiful supply of computer experts. However, new research has revealed a potential remedy to firms' IT woes in the future, with nearly a quarter of youngsters surveyed saying they would like a career working with computers. The study, by IT service operators Parity, found 22 per cent of 12-15 year olds cited working with computers as their ideal career, ahead of launching a pop career (15 per cent) or becoming a doctor (13 per cent). The prospect of becoming an IT expert was also far more exciting to those quizzed than being prime minister, a bank manager, a soldier or a teacher. The research found that the main reason for IT ambitions was money, with 34 per cent of those questioned saying that they would like to enter the profession for the salary. A further 33 per cent said that they wanted to work in IT because of the "exciting technology", but just one in five felt that the job would be particularly fun. Peter Linas, of Parity, said in the past people had bemoaned a perceived lack of interest in IT in the UK. "This tide has been reversed in recent years and it's great to see from this research that IT is capturing the younger generation's imagination. "This goes to show that the tech industries image has changed significantly over a short period of time," he said. ® Copyright © 2003
LogoWatchLogoWatch If ever proof were needed that the newly classified mental illness known as 'brand building' had taken hold in offices up and down the land, it must be the inert efforts by councils to brand their cities. Rather than simply advertise what a city has to offer - throw in a few pics of big buildings and scenery, maybe some happy kids and a local character or two - it now seems that what you need to boost your tourist appeal is a new visual identity for the city. To you and me - in fact to anyone that didn't spend months in a glass-walled room with half-a-dozen polo-necked 'creatives' - a logo. And this masterpiece of design simplicity is what Birmingham, UK has come up with. An over-excited press release explained all: "Over the past half year, Marketing Birmingham and its preferred design agency, Boxer, have been engaged in developing an exciting new brand for Birmingham. The new visual identity for Birmingham was officially unveiled on 8th July in a stunning display at Villa Park, Birmingham." There can't be much more to say than that can there? But, oh there is: "The brand itself is rooted in a set of values which relate to the people and institutions of Birmingham. The values reflect Birmingham's diversity and present it as dynamic and human," it espouses. And here was us thinking that it was the word 'Birmingham' squeezed into a lower-case 'b' with a short-stem. There's more: "Through logo, font, language, slogan and colour palettes, the brand is capable of almost unlimited application." And: "The new branding emphasises Birmingham's cultural diversity, providing a platform to market new initiatives." But having spent six months on this sensational piece of ocular real-estate, Marketing Birmingham is keen that local people embrace it. "To maximise the impact of the brand, public, private and voluntary sector agencies across the length and breadth of the city are being asked to adopt the brand in a form which is relevant and applicable to them." Alternatively, they could just write out the name of the place where they live and stick a big circle round it. But then, in a moment of pure marketing genius, it exposes the world to the bastard offspring of brands - sub-brands: "Three organisations - City Centre Partnership, Locate in Birmingham and Marketing Birmingham - have already agreed to corporately align themselves as fully-fledged sub-brands of the new city brand." Sub-brands!?! Will this branding never end? Not if Dr John Heeley, head of Marketing Birmingham, has anything to do with it. "There are surprisingly few cities effectively branding themselves," explained the poor man. "With this new city brand, I believe we can steal a lead and powerfully communicate the Birmingham advantage within the city and across the world stage." And with an image as powerful as the one above, who can doubt they will be successful in their quest? ® Update Thanks to Rob Manuel of B3ta fame who says: "Of course, what they need is a nice uplifting song that makes Brummies feel good about their city rather than just a new logo." And provides us with this link: www2.b3ta.com/birmingham. Enjoy.
Some 3000 jobs are under threat at electrical retailer PowerHouse after the company called in the receivers yesterday. The company, the UK 's largest independent electrical retailer, immediately announced that it has already decided to close 93 of its 223 stores at the end of the month with the loss of 813 jobs. Some 600 redundancies are expected among staff working at PowerHouse superstores, while the rest will come from the closure of the retailer's High Street shops. However, PowerHouse has yet to confirm which stores will close and who will lose their jobs. Employees are expected to learn more later this week. In a statement, the joint administrative receivers, Nick Dargan and Neville Kahn of Deloitte & Touche, said they were "carrying out a rapid assessment of the company’s operations" with a view to selling the business as a going concern. PowerHouse is the UK’s third largest retailer of household electrical appliances behind the Dixons Store Group and Comet. In 2002-03, the company was only able to rack up a profit - after tax - of £300,000 ($478,590) on a turnover of £384 million ($612.6 million). ®
DRAM contract prices continued to rise again during the first half of August, according to the latest figures from online memory marketplace DRAMeXchange. Prices didn't rise as much as they did in July, but the trend is still upward. The previous month was characterised by double-digit increases - this time round the growth was more modest. In the chip market, 256Mb 400MHz DDR prices rose by up to 5.06 per cent, DRAMeXchange's figures show, followed by 128Mb 266MHz DDR at 5.04 per cent. The prices of 266MHz and 333MHz 256Mb DDR didn't rise as much, increasing only 3.73 per cent. DIMM prices rose more consistently, with 256MB PC3200 modules rising by up to 4.82 per cent, 256MB PC2100 and PC2700 part prices increasing by up to 4.65 per cent, and 256MB PC2200 and PC2600 SO-DIMMs going up by 4.88 per cent. As market watcher Gartner pointed out this week, the price rises are being driven as demand outstrips supply. "This recovery is going to be based on lack of supply, not increasing demand," said Andrew Norwood, principal analyst with Gartner's semiconductor research group. "We have been here before, and if the DRAM vendors become greedy and increase production, the industry will quickly swing back into oversupply and prices will crash." ® Related Stories DRAM upturn threatened by vendor 'greed' DDR 400 prices up 14 per cent
Japan's Fuji Electric this month revealed the latest development in the ongoing shrinkage of hard disks: the 2cm (0.8in) platter. The current standard in micro disks is the 2.5cm (1in) platter. Drives based on the platter are already in development, Fuji said, though commercial products are still some way off. Fuji expects them to be used in handheld devices like cellphones and PDAs, which have traditionally been drive-less products. Each platter is fractionally larger than 2cm and just 0.4mm thick. The magnetic medium Fuji is using provides a data density of 80Gb per square inch, allowing the disk to offer an unformatted capacity of 6GB. That's more than today's affordable solid-state memory cards can provide, but Fuji believes that's still not enough to persuade manufacturers to use the device in place of memory cards, according to a Nikkei Electronics Asia report. It claims that the demand for high-capacity cards will have driven memory card vendors to offer that sort of capacity by the time Fuji can bring its disk to market. There's another problem: as it stands, the drive records data longitudinally, which has a limit of 200Gb per square inch, Fuji said. It wants to develop a version using a perpendicular recording system, which should boost the data density to 400Gb per square inch, allowing the company to offer 30GB disks - much more competitive with Flash-based storage products. Fuji reckons it will take three or more years yet to make that change and to design and develop the equipment needed to mass-produce the disks. ®
Sobig-F has taken the record as the world's most rapidly spreading virus to date, according to managed services firm MessageLabs, which stopped more than one million copies of the email-borne nuisance since its first appearance earlier this week. Sobig.F has surpassed the infamous LoveBug, Klez and Kournikova viruses. Sobig-F, first detected on 18 August, is the sixth variant issued in the Sobig series and appears to be the most sophisticated to date, according to MessageLabs. All initial copies originated from the US, where the virus is currently most prevalent. Since the first Sobig virus first appeared on 9 January, MessageLabs has intercepted almost three million copies of the virus' variants. MessageLabs detected all strains of this virus proactively, using its heuristics technology. The current Sobig virus to email ratio is approximately 1 in 17 and the virus is spreading at such a rate it is expected to continue to stay at high-level status for the next few weeks. However, like past Sobig viruses, the Sobig-F virus has an expiry date and is set to deactivate on 10 September. Said Mark Sunner, MessageLabs' CTO: "The Sobig virus writer's use of an in-built expiry date indicates that he is committed to inventing new and improved versions. Each variant released so far has exceeded the previous one in growth and impact during the critical initial window of vulnerability." Sobig is a mass-emailing virus that can spoof the sender's address, fooling the user into believing the email is from a legitimate source and then opening the email. The email often contains the following header: "Subject: Re:details" and the text "Please see the attached file for details." The attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pifm, document_Fall.pif, application.pif, docment_9446.pif. Once the virus has infected your machine it attempts to connect to a website to download a backdoor Trojan, leaving your computer vulnerable to security breaches by crackers or other viruses. ®
Veteran IBM-watchers know how testing it is to read one of the company's financial statements. In the early days of the cold war, Churchill described the Soviet Union as "a riddle wrapped in a mystery inside an enigma". But compared to earnings releases from companies such as Apple and Sun - who provide terse and lucid declarations - you can be forgiven for thinking of IBM's announcements as a cloud wrapped in a fog containing a temporary heat-haze. However, this much is clear: IBM has shed 15,000 jobs in the past quarter: 1400 from the microelectronics division and a staggering "14,213 Global Services personnel" in response to "the recent decline in corporate spending on technology-related services". To balance the books, IBM also bunged its recent acquisition, PwC, by almost $400 million. In an SEC filing posted last week, IBM maintained that demand was strong. So strong, it had to conduct a private pogrom in its own services division. Clearly, something doesn't add up - even by IBM's own admission. Perhaps an email from a soon-to-be redundant HP employee to The Register sheds some light on the situation. HP announced earnings this week that fell below expectations and added that it would make 1,300 "unexpected" human sacrifices to cover the shortfall. In contrast to previous "sheddings" of fluff in the "labor market", the middle class now feels the pain. "Sorry but I'm due in early Sunday to train my replacement in Bangalore," the (almost) ex-HPer explained. "It's because of the time difference." Offshore drilling Hidden beneath the already hard-to-find news of job cuts is a massive transfer of IT resources to India and China. While only a few years ago we were promised a "Long Boom" of infinite prosperity, by "gurus" such as Wired executive Kevin Kelly, it now appears that every tech job can be cut or outsourced with impunity. Kelly is never happier, by his own admission, than when he's lying down in Pacifica dreaming of insects. For the rest of us, needs are rather more pressing. Not to appear to be picking on IBM or HP in particular, there doesn't seem to be a tech job left that's safe. This has yet to emerge as an election issue, although it represents an assault on middle class expectations that's unparalleled in peacetime. But it is important and needs some context. As the world's largest democracy, and with a philosophical and scientific tradition that (outside the Muslim world) is second to none, India has every reason to look upon the recent occidental outbreak of what we call "capitalism" as a temporary aberration. It's worth nothing that in common with his fellow Victorian political economists, Marx found the oriental model so strange that he excluded it from his theories entirely. But outbreaks of tech independence abound. The People's Republic of China has shown both a cavalier disregard for Western IP (aka "intellectual property") and boasts a proud confidence that its own homegrown talent can transform a pay-for "IP" import into an indigenous social resource. [See Trade Wars II: China shuns Qualcomm - no CDMA tax! - EU frets over China's 3G plan and Motorola gambles big on Linux, Sinocapitalism for more details]. Given China's astonishing historical legacy of engineering excellence, this is far from foolish. Dammit, weren't our kids supposed to bring home the bacon? On this side of the Gulf, we're sure to hear cries of anguish, as the parents of expensively educated middle-class kids learn that their investment (and, in the US, this can be upwards of $120,000 per child) has gone offshore. Which brings us to a particularly anxious conundrum. The prosperity that we felt was assured, and by rights, ours in the West no longer belongs to us. Those college dollars look like a poor investment, when a cleverer Indian can perform the same task for a tenth of the salary. So why did we spend all that money? Who, at what point, added enough "value" to justify the investment? It's a good question. In a historical perspective the Indian, Muslim and Chinese engineers whose forefathers created so much of this intellectual infastructure are only reaping their due rewards. For Western kids, however, this does seem a bum deal. "Weren't we supposed to be clever[-er] than everyone else?" a recent graduate asked me recently. Well, er, actually no. Smarts is as smarts gets. Forget your O'Reilly PERL course, and follow the money. A course in Mandarin or Arabic is probably the shrewdest investment a parent can make right now. Go west, my son... and then keep going The inexorable logic of digital capitalism has rewarded companies such as Dell, which add no value, and pare costs to the bone, and ruthlessly punished systems companies such as Sun and Apple, which invest in R&D. For reasons best known to themselves, these companies invest in the hard stuff that can't easily be commoditised. Logic suggests that such companies are the bulwark against copy-cat Oriental opportunism. While you might think much of the above is facetious, the West faces a very real problem: we have a surfeit of well educated kids who, if we accept the orthodoxies of asset-stripping capitalism, simply can't compete with foreign competitors without tilting the playing field. When capitalism went digital, the first casualties were manual laborers. Now that skilled engineering jobs are being transferred offshore, the middle class is in the firing line, and this poses a very real crisis for a large and not-entirely unimportant section of society. Go to college, learn tech skills and - oops, sorry - you're job has just gone offshore. Please accept this redundancy slip and some small token that your worthless (hard-earned) contribution has enriched the global economy. Or as the creepier types insist, the global "eco-system". Technology once promised us vistas of endless prosperity, and saw itself aloof from the obligations of political economy or globalisation. Now these pigeons are coming home to roost, and "technology" is more of a liability than it is a blessing. It's dry, academic stuff to be sure. But when jobs are being lost on such an extraordinary scale, scarcely reported, is there a politician bold enough even to raise the issue? ®
Wireless won't work on its own - the key to making a success of public Internet access is having a physical presence. So says Magnus McEwen-King, chief exec of Broadreach Networks, which operates net cafés in place such as Virgin Megastores, bagel shops and various railway stations under the ReadytoSurf brand. According to McEwen-King, the specialist Wi-Fi operators have triply shot themselves in the feet: once by focusing only on wireless, again by spending too much on infrastructure, and a third time by trying to tie users into exclusive relationships. "Our business model is public Internet access, not just Wi-Fi, so there's three to five fixed terminals per location as well," he says. "We're not taking a punt on Wi-Fi, we'll still make money if it doesn't happen. The key is return on capital employed - our mantra is 'economically viable and technically adequate'." This means that where other companies might put in carrier-grade backhaul and multiple wireless access points - EuroSpot has some half a dozen APs at Paddington Station, for instance - Broadreach makes do with one. "Full coverage is very nice," McEwen-King says, "but where are people going to use it? We cover the café area where people sit, we don't cover the ticket hall as well." He adds: "The major telcos are not really listening to the customers. At the moment the T-Mobile relationship means that only T-Mobile customers can access Starbucks Wi-Fi, say. What are they protecting? The other operators have only a handful of sites, but they're still being stubborn, and we're seeing a number of exclusive deals with premises owners being undone or asked to be undone." The difference with his business model is that, like GSM, it is intended to allow seamless roaming. ReadytoSurf customers can buy vouchers on-site, and usefully, if they register then unused connection time can be banked for later, but McEwen-King puts greater emphasis on its deals with BTopenworld and VirginNet which allow and encourage those ISPs' subscribers to roam onto its net cafés. "When we launched Openworld roaming we got more registrations in a day than in months of direct registrations," he says. And he sees opportunities ahead for wireless, if only the industry can be patient enough to let it grow naturally. For example, he turns the recent Mori poll around, saying that the amazing thing is not that 70 per cent of the people surveyed didn't know what a WiiFi hotspot was, but that 30 per cent did. "It took years to get that sort of recognition for mobile phones," he exclaims. "This is where public Wi-Fi should be after one year - investment hasn't run ahead of demand, there's been consolidation, we've had one of the Americans coming over. There's good dynamics in the industry. And 95 per cent of new laptops will have it as standard next year, so the capability will be there ahead of 3G ubiquity." Broadreach has just inked deals with two Heathrow hotels and is looking to put mobile net cafés on Virgin trains, presumably allowing delayed travellers to file their compensation claims en route. The company's investors include Intel, BT and (amazingly enough) Virgin. ®
Symbian is clearly one of the prime beneficiaries of the rise in smartphone sales at the expense of PDA shipments highlighted by market watchers like IDC of late. Around 2.68 million handsets based on Symbian technology shipped during the first half of the year, up more than 1000 per cent from the 230,000 that shipped in the first half of 2002. Q2 saw a 27 per cent increase in Symbian-based handset shipments over the 1.18 million devices that shipped in Q1. The effects on Symbian of that increase were a near sevenfold increase in royalty revenues for the six months to 30 June 2003, rising from H1 2002's £1.5 million ($2.4 million) to £10.2 million ($16.3 million), and a 122 per cent increase in the company's overall revenue, which grew from £9.5 million ($15.2 million) during 1H 2002 to £21.1 million ($33.7 million) in 1H 2003, it revealed today. It should be pointed out that the figures are unaudited. However, Symbian is a privately held company and as such under no obligation to publish its figures. That it has done so is a sign of the growing success of the smartphone market as a whole: it wants the world to take a greater note of the role it has played and to raise its profile in a business dominated by public companies regularly publishing financial results and receiving analyst commentaries. Indeed, its move is intended to "enable the financial markets to better understand Symbian's activities and progress towards establishing Symbian OS as the industry standard operating system for smartphones", a spokesman said. Symbian isn't a true standard, of course, it's simply the market leader, though Microsoft is likely to be challenging that role with its new Windows Mobile 2003 for Smartphones offering. Palm, too, is steering in that direction. That there's still plenty to play for is signaled by how few Symbian-based products have generated all that growth. Currently there are only ten Symbian-based handsets on the market, though the company says 26 more are in development, from nine licensees. At the end of March, Symbian CEO David Levin said 21 devices were in development from all ten of the company's licensees, so by our reckoning, while nine companies have increased the number of Symbian OS products they have in the works, one licensee has decided not to bother after all. Maybe it's Motorola, which is believed to have defected to the Microsoft camp. Its Symbian-based A920 3G phone is completed and due to ship in the coming months. ® Related Stories Smartphones will kill off PDAs - IDC Smartphone sales leapt 438% during Q1 MS Smartphone to hit 28m units in 2005 - oh, really?
Around £1.4 million ($2.2 million) of public sector cash is being used to help bring broadband to Yorkshire and the Humber region. The nattily-titled 'Broadband Yorkshire & Humber' - an initiative sponsored by the region's development agency and part-backed by European money - is using the cash to provide training and support for 1800 businesses to hook up to broadband. With all this cash sloshing around to generate awareness in broadband, BT has agreed to use its own money to DSL-enable 18 exchanges which might not have necessarily been commercially viable for broadband investment. Most of those exchanges earmarked for investment should come online in November, at which time it's estimated that nine in ten of the region's households - along with some 10,000 businesses - will have access to ADSL. In a statement, Susan Johnson, executive director, business development at Yorkshire Forward, said: "Broadband Yorkshire & Humber hits all the right buttons for Yorkshire Forward, helping us to grow the region's businesses through the improvement of infrastructure. "This initiative will extend both the broadband footprint and choice of technology to many more businesses and households in the region," she said. Those exchanges getting ADSL are: Humber - Cleethorpes, Grimsby, Barton-upon-Humber South Yorkshire - Rawmarsh, Thrybergh, Thorne, Bentley and Askern West Yorkshire - Steeton, Cullingworth, Burley in Wharfedale, Addingham and Thornton North Yorkshire - Pickering, Bedale, Great Ayton, Old Catterick and Catterick Camp All the South, West and North Yorkshire exchanges go live for broadband services on 19 November, except Great Ayton and Cullingworth, which are due to be plugged in on 25 February next year, following engineering works to upgrade the network connections to these exchanges. ®
OpinionOpinion A sign on a Trenton, NJ railroad bridge says "Trenton Makes, The World Takes." In light of recent history, a sign at Sea-Tac airport should probably read "Microsoft Makes, The World Quakes." For the second time this year, Microsoft is the source of a major internet security event. First was Slammer/Sapphire in January that seriously impacted networks and corporations around the world, including shutting down ATM machines at some large banks. And now, we've got MSBlaster taking advantage of a years-old vulnerability in Microsoft Windows operating systems. But unlike Slammer that only targeted servers, this one goes after desktop computers as well - meaning that ninety percent of the world's computers are potential targets and victims this week. Consumer desktops are significantly more plentiful than corporate ones but less-protected against viruses, worms, and other attacks. As low-hanging fruit goes, they're a perfect target of opportunity for cyber-mischief. According to a Wired story today, Microsoft is confused why these worms continue plaguing users when the company's made great effort to improve the patch delivery process. Microsoft says it's working with federal law enforcement to find out who's behind the dastardly deed that's giving the software monopoly yet another embarrassing black eye in the media. This is a typical Microsoft response full of proactive sound of fury, but signifying nothing helpful. And the media's full of reporting about the pervasiveness of MSBlaster and what people can do to protect themselves against this "latest" cyber-threat. Yet Microsoft says third-party software accounts for half of all Windows crashes. Funny, it also blamed the competing DR-DOS for Windows 3.1 crashes in an attempt to get people to buy MS-DOS back in the 1980s. (It was later discovered that Microsoft had engineered false error messages to trick users into buying MS-DOS.) It also said Internet Explorer couldn't be removed from Windows 95 without crippling the operating system, and was proven wrong by enterprising researchers. So Microsoft's track record for veracity isn't exactly stellar when it comes to its products and business practices. But, few if any are mentioning the real issues here: MSBlaster's ability to affect practically all versions of Windows shows that despite Microsoft's marketing flacks, there is still significant code shared between all versions of Windows. Anyone who thinks DOS is dead, or Windows XP's code internals have little in-common with Windows NT 4 should think again. MSBlaster proves it. Also, MSBlaster takes advantage of known vulnerable network ports in Windows, ports that any competent network administrator or internet provider should have closed long, long ago. In fact, there's probably no good reason why these ports should be enabled on consumer versions of Windows or supported by ISP networks, for that matter. In other words, it baffles the mind why these well-known ports continue to be a major security vulnerability in Windows. Of course, Microsoft pledges to continue working on its patch distribution process as part of its larger "Trustworthy Computing" initiative. That's all well and good, but does this mean the security of our networked systems has been reduced to the repeated mantra of "run the patch" and then sit back to wait for the next pair (exploit and fix - a matched set!) to be released? Hopefully not. Security is a two-part process requiring the network staff to administer their resources appropriately and the software vendors to produce code that's much more reliable than it is now. As it did with the Slammer worm in January, Microsoft proudly says it made available a patch for Windows far in advance of the vulnerability being exploited on a massive scale. But many users didn't get the message or download the patch - either because home users didn't realize that the automatic Windows Update process was designed for just that reason (or would "do it later") or, in the case of large companies, network administrators likely were too busy installing any number of other patches required (at least 30, according to the number of security bulletins so far in 2003) to keep their Microsoft systems operating in a somewhat more secure manner from week to week. (And we wonder why help desk staffs burn out so quickly.) If Microsoft really wanted to resolve its software problems, it would take greater care to ensure such problems were fixed before its products went on sale - and thus reverse the way it traditionally conducts business. Doing so means less resources wasted by its customers each year patching and re-patching their systems, hopefully meaning more is available for effective network planning, design, and management to support a robust defense-in-depth security strategy. Customers shouldn't be forced to spend their money cleaning up after Microsoft's mistakes, laziness, or general complacency, but on improving their information environments to take full advantage of the many benefits of the Information Age. More importantly, why are we - users, administrators, media, and the government - praising Microsoft for their response to this critical problem? If something's wrong with a product, responsible companies are obligated to fix it as a matter of good business practice. A responsible adult knows that if you make a mess, you're expected to clean it up, regardless if anyone compliments you for your efforts. Did anyone expect widespread praise to be heaped on Ford Motors after its Explorer fiasco a few years back? Hardly - there was a serious problem with one of its products, and the company fixed it, albeit under the threat of lawsuits from victims or their families. But that's not the case with software, from Microsoft or anyone else. When you acquire software, you don't really "buy" it, but rather purchase a license to use it "as is" for a period of time, and the vendor is under no obligation to fix anything wrong with its product. If you take the time to read the thousands of words in a typical software End User License Agreement (EULA) - and many people don't - you'll see that by installing and using the software, you indemnify the vendor against any claims, losses, or problems resulting from using its software, even if the vendor knew about the problem before it sold the product. In some cases, as this Register article notes, you agree to let Microsoft remotely modify your software and you can't hold it liable if something breaks as a result. Code Red, Love Bug, Slammer, Nimda, Pretty Park, BubbleBoy, Melissa, Code Red II, MSBlaster, and numerous other high-profile Microsoft-sponsored incidents... many view them as "the price of doing business in the Information Age" and cheerfully spend (or lose) increasing amounts of money with each new incident arising from poorly designed software. But rather than face reality by conducting a dollars-and-sense risk assessment of their IT operation to see how much Microsoft's vulnerabilities cost their enterprise annually, these sheeple - at all levels of government, industry, and society - prefer tolerating mediocrity to efficiency and reliability in their software assets, because they're either too lazy to investigate alternatives or don't want to propose changes to the comfortable status quo. What recourse do you have in such cases? You can't just sue the software vendor for problems with their product like you can the maker of a vehicle or appliance since you've given up those rights by using the product under the terms of its license agreement. The only option you have is continue using the software in question and scrambling to update your systems whenever a new problem presents a danger to your information assets. In other words, when Microsoft says "patch" you salute and say "how soon?" Or, you can vote with your pocketbook and move to an alternative software product that works better, costs less to buy and maintain, and won't burn out your network support staff. Nobody's saying you must use any one particular product or operating system, and they all tend to perform the same basic functions needed in today's working society - although some are better at it than others. It may take a little bit of effort to switch and get used to the new product, but the long-term payoff will be worth it. After all, in the real world, if you don't like Ford trucks, you can buy a Jeep instead. ® Copyright © 2003, Richard Forno. All rights reserved.
The popular Java Anonymous Proxy (JAP), used to anonymise one's comings and goings across the Internet, has been back-doored by court order. The service is currently logging access attempts to a particular, and unnamed, Web site and reporting the IP addys of those who attempt to contact it to the German police. We know this because the JAP operators immediately warned users that their IP traffic might be going straight to Big Brother, right? Wrong. After taking the service down for a few days with the explanation that the interruption was "due to a hardware failure", the operators then required users to install an "upgraded version" (ie. a back-doored version) of the app to continue using the service. "As soon as our service works again, an obligatory update (version 00.02.001) [will be] needed by all users," the public was told. Not a word about Feds or back doors. Fortunately, a nosey troublemaker had a look at the 'upgrade' and noticed some unusual business in it, such as: "CAMsg::printMsg(LOG_INFO,"Loading Crime Detection Data....\n");" "CAMsg::printMsg(LOG_CRIT,"Crime detected - ID: %u - Content: \n%s\n",id,crimeBuff,payLen);" and posted it to alt.2600. Soon the JAP team replied to the thread, admitting that there is now a "crime detection function" in the system mandated by the courts. But they defended their decision: "What was the alternative? Shutting down the service? The security apparatchiks would have appreciated that - anonymity in the Internet and especially AN.ON are a thorn in their side anyway." Sorry, the Feds undoubtedly appreciated the JAP team's willingness to back-door the app while saying nothing about it a lot more than they would have appreciated seeing the service shut down with a warning that JAP can no longer fulfill its stated obligation to protect anonymity due to police interference. Admittedly, the JAP team makes some good points in its apology. For one, they say they're fighting the court order but that they must comply with it until a decision is reached on their appeal. Jap is a collaborative effort of Dresden University of Technology, Free University Berlin and the Independent Centre for Privacy Protection Schleswig-Holstein, Germany (ICPP). A press release from ICPP assures users that JAP is safe to use because access to only one Web site is currently being disclosed, and only under court-ordered monitoring. But that's not the point. Disclosure is the point. The JAP Web site still claims that anonymity is sacrosanct: "No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user." This is obviously no longer true, if it ever was. And that's a serious problem, that element of doubt. Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn't build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it. Justifying it after the fact, as the JAP team did, simply isn't good enough. Telling us that they only did it to help catch criminals isn't good enough either. Sure, no normal person is against catching criminals - the more the merrier, I say. But what's criminal is highly relative, always subject to popular perception and state doctrine. If we accept Germany's definition of criminal activity that trumps the natural right to anonymity and privacy, then we must accept North Korea's, China's and Saudi Arabia's. They have laws too, after all. The entire purpose of anonymity services is to sidestep state regulation of what's said and what's read on the basis of natural law. The JAP Web site has a motto: "Anonymity is not a crime." It's a fine one, even a profound one. But it's also a palpably political one. The JAP project inserted itself, uncalled, into the turbulent confluence between natural law and state regulation, and signaled its allegiance to the former. It's tragic to see it bowing to the latter. ®
The most basic principle of a von Neumann machine is that programs and data can share memory as they are both just strings of bits. This is still the basis of the architecture of all commercial computers, writes Peter Abraham of Bloor Research. These two concepts came together at the dawn of computer history but have tended to drift apart ever since. The COBOL programming language doesn't look anything like data. Object-orientation brought process and data closer together but even then the storage of the two was totally different. XML goes back to von Neumann because data and programs can both be stored in XML. In a sense XML goes further by storing input and presentation in the same format as well. To take just three examples, ebXML is data, BPEL4WS is program and XFORMS is presentation. This is philosophically and academically interesting but is it of any practical importance? The simple answer is yes, because if you can develop an XML machine that can process XML data based on XML programs you have a higher level machine than a von Neumann machine. The practical effect of this is the ability to develop new applications with less code. Is this feasible? A small UK company called hyfinity have a patent pending on the kernel for such a machine which they call a Morphyc architecture. Think of it is as the equivalent of the control process in a von Neumann machine, bringing together input/output, memory and the arithmetic and logic unit. The arithmetic and logic unit is bought-in in the form of commodity processes, including XML parsers, XPATH and XSLT processors. The kernel itself is written in Java and only needs a JVM to run. Based on this kernel, hyfinity have developed two products, MVC and PxP. MVC is an extension of XFORMS which enables fast development of browser-based applications. They have used this to develop xStudio which is the development environment for both products. Once they had developed the basic functions of MVC, they used it to develop its own extensions. This then gave them the base to build the xStudio functions needed for PxP. PxP is a peer-to-peer integration package which allows the integration and in some cases the development of applications that receive, process and produce XML. This recursive use of products to develop themselves has positive implications: the kernel is small and is very well tested, and at the next level up, the developers have used their own product, so they make sure it is user friendly. The concentration on XML, to the exclusion of all else, makes the architecture of the product very clean and enables a great deal of functionality to be built on a small kernel. Any connections to non XML messages or data will be through a third-party adapter. The proof that this is an interesting idea is in the fact that a company with only eight full-time employees have built a product that functionally is in the same league as many of the much bigger and more established players. If they can develop such a level of functionality using their own product then that product should be capable of developing functionally rich applications for their users. Several clients are now live with industrial strength applications running. The other fact that comes from the size of the development team is that it's price point can be much lower and can be made attractive for highly distributed systems. The obvious downside of such a small company is the question of whether they can survive in this very competitive market place. If there's any justice, they will do so. ® Copyright © 2003, IT-Analysis.com
Microsoft yesterday released another cumulative fix for Internet Explorer designed to address all the old flaws with the Swiss cheese browser and fix a set of fresh problems. Separately, Redmond also issued patches to correct less serious vulnerabilities with a ubiquitous Windows middleware package and a revision of a July advisory on a serious vulnerability involving MIDI files. The new IE flaws could enable an attacker to run arbitrary code on a user's system if the user either visited a hostile Web site or opened a specially crafted HTML-based email message. No surprise that Redmond designates the fix as "critical" then. The first new vulnerability arises because IE does not properly determine an object type returned from a Web server. Microsoft warns: "It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action." (our emphasis). "An attacker could also craft an HTML-based e-mail that would attempt to exploit this vulnerability," it adds. As if that wasn't enough there's a second (slightly less serious) new flaw involving the cross-domain security model of Internet Explorer. This security model is designed to keep windows of different domains from sharing information. However, it's at least partially broken so that crackers might be able to execute script in the My Computer zone. Not good. Microsoft advises users to IE 5.01, IE 5.5 IE 6.0 and IE 6.0 for Windows Server 2003 to review its cumulative patch which fixes these new flaws, as well as providing a roll-up of previously released fixes for IE. Kill Bit! This cumulative patch also sets the Kill Bit on the BR549.DLL ActiveX control which provided support for the Windows Reporting Tool. Internet Explorer no longer supports this control, which is just as well because it contains security vulnerability. To protect customers who have this control installed, the patch prevents the control from running or from being reintroduced onto users' systems. In addition to these vulnerabilities, a change has been made to the way IE renders HTML files. This change addresses a flaw that could cause the browser or Outlook Express to fail. Internet Explorer does not properly render an input type tag. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability by viewing the site. In addition, an attacker could craft a specially formed HTML-based email that could cause Outlook Express to fail when the email was opened or previewed. The root causes if these problems - buffer overflows and coding mistakes - will be all to familiar to long suffering IE users. Microsoft's pleas of mitigation also carry a familiar ring. Microsoft points out, by default, IE 6 on Win 2003 runs in enhanced security configuration. Also to execute these flaws a cracker would have to entice victims to visit a maliciously constructed website - as if spam HTML email doesn't make this all too easy. Microsoft's advisory explains these various flaws in IE in far greater detail. And there's more Redmond also yesterday issued a fix to correct a less serious buffer overflow risk involving Microsoft Data Access Components (MDAC), a collection of components that are used to provide database connectivity on Windows platforms. By default, MDAC is included by default as part of Windows XP, Windows 2000, Windows ME and Windows Server 2003. Microsoft Data Access Components versions 2.5, 2.6 and 2.7 are potentially vulnerable. MDAC version 2.8 - as used by Windows Server 2003 - is not. MDAC is included in the Windows NT 4.0 Option Pack and in Microsoft SQL Server 2000. Additionally, some MDAC components are present as part of IE even when MDAC itself is not installed. Due to a flaw in a specific MDAC component, an attacker could respond to broadcast requests with a specially crafted packet that could cause a buffer overflow. An attacker who successfully exploited this flaw could gain the same level of privileges over the system as the application that initiated the broadcast request. Microsoft reckons for an attack to be successful an attacker would need to simulate a SQL server on the same subnet as the target system. Because of the difficulty of exploitation Microsoft designates the flaw as important and not critical. There's more info in an advisory here. MIDI Vuln reloaded Lastly, Microsoft reissued an advisory regarding a critical vulnerability with its DirectX component, originally issued in July, to announce the ability of the availability of patches for a greater range of DirectX packages. The vulnerability, which arises because of an unchecked buffer in DirectX, could allow crackers to inject malicious code on vulnerable machines via maliciously constructed MIDI audio files hosted on a Web site or on a network share, or sent using an HTML-based e-mail. Our July report goes into this in more depth. A list of affected packages and available fixes (too extensive to detail here) can be found in Microsoft's advisory here. ® Related Stories Post Blaster, MS floats default auto updates for Windows WindowsUpdate on Linux - an urban legend is born MS fixes WinNT patch RAS knock-out glitch MS alerts users to Windows DirectX vulnerability IE bugs keep coming Wakey, Wakey it's Patching Day. Again If it's Thursday it must be IE patching day MS IE patch misses the mark MS releases grand daughter of all IE security patches
Reg Kit WatchReg Kit Watch Desktop PC Can't wait for the Athlon 64? Houston-based PC maker PCFX has begun offering a gaming PC based on AMD's Opteron 200 series. The Leviathan III family is equipped with single Opteron 240, 242 or 244 CPUs and built around Nvidia's nForce 3 Pro 150 chipset, which offers AGP 8x, Serial ATA and a dual-channel DDR SDRAM bus. The PC ships with 333MHz DDR, USB 2.0 and 1394 ports, 160-240GB of hard drive storage (using two 80-120GB drives) with RAID 0, 1 or 0+1 if you want it, S/PDIF digital audio I/O, six-channel sound and 10/100Mbps Ethernet. A basic system with 1.4GHz Opteron 240, 512MB of registered ECC SDRAM, 80GB hard drive, 16x DVD optical drive,a 256MB GeForce FX 5900 Ultra and Windows XP Home Edition costs $1947.50. Flash Drive Verbatim has begun shipping USB 2.0-compatible Flash drives in its Store'n'Go range. The drives are essentially standard Flash drives, but by providing Hi-Speed USB 2.0 support, they can deliver up to 8MBps read and 5MBps write performance on systems equipped with suitable ports and USB 2.0 drivers - roughly eight times faster than USB 1.1 devices. However, the drives are compatible with USB 1.1, so they will work on other systems. The drives also offer password protection, and can be partitioned using bundled software into public and private storage volumes. About the size of a AA battery, the Store'n'Go drives are offered with 32MB, 64MB, 128MB, 256MB, 512MB and 1GB capacities. Prices range from $29 (32MB) to $349 (1GB). Curiously, despite being back by a lifetime warranty, the drives are only certified to hold data for "ten years or more", Verbatim said. ®
Could this be one the greatest excuses of modern times? Apparently movies flop because… get this… of texting, instant messaging and email. That's right, movie makers can no longer chuck loadsamoney at plugging films in the fairly confident hope that investing in hype will ensure a box-office smash. Why? Because movie-goers are so quick to text/IM/email their pals that such-and-such a film is a load of old tosh, potential audiences can be persuaded to stay away, turning a hit into a right horror. Of course, the flip side is that a good review from viewers could catapult a low-budget movie into the heady realms of a blockbuster. You get the picture. Anyhow, this view of the potential damage caused by modern communication was relayed by the Independent, courtesy of the LA Times. It's also explored here in some depth by Hollywoodreporter.com. ®
The campaign launched in May by the Recording Industry Ass. of America (RIAA) to target individual music sharers appears to be scaring punters away from file-sharing services, the latest figures from market watcher NPD appear to show. NPD tracks consumer file-sharing activity. It calculated that 14.5 million US households downloaded music files in April. In May the figure fell to 12.7 million, and dropped to 10.4 million in June, the company said today. On a statistical note, the figures listed are calculated from the activity of a sample of 40,000 users, NPD said. In April some 852 million songs were acquired via the Internet. Come June, the figure fell to 655 million. April, says NPD, was a record-setting month, but the fact it doesn't provide a figure for May, suggests the dip was relatively small. Indeed, the average number of files downloaded per household grew between April and June, from 59 to 63. The figures suggest that while hard-core downloaders are grabbing ever more tracks for themselves, more casual punters are holding fire. "Our data suggests that the RIAA's legal tactics have more of an effect on the attitudes and actions of lighter downloaders," said NPD VP Russ Crupnick in a statement. The vast majority of songs downloaded are from P2P services, he added, implying that some at least come from paid-for download services. Apple launched its Mac-based iTunes Music Service at the end of April, but even its impressive success - 6.5 million songs sold by the end of July - is nowhere near enough to counter the apparent decline between April and June. Similar services aimed at Windows users, such as BuyMusic and Listen.com, are likely to do better, but some have come too late to account for much more of the 197 million fewer songs downloaded between April and June than Apple does. Certainly we'll need to see July, August and September figures to see whether all those songs that are now not being nabbed for free from P2P services are being paid for at Apple and the other commercial sites. If the two figures don't match, it will put the nail in the coffin of the argument that punters would pay for music if they could, and confirm the view of the RIAA and its ilk that the only way to stop them is to threaten legal action. However, a more interesting statistic to see would be the number of sample tracks that punters listen to at the iTunes Music Store, BuyMusic and so on. P2P pundits often claim that Grokster, Kazaa, Morpheus and the like are used more for checking out new music rather than acquiring it free of charge. If that's the case, we'd expect to see the number of sample tracks users are listening to increasing at the same rate that the number of P2P downloads are falling. Instead of downloading potentially poorly encoded or virally infected files, music fans are choosing to sample music at the 'legitimate' sites before making music download or, more likely, CD purchases. Such a trend - if it emerges - is both good and bad news for the P2P service providers. Good, because it shows that their users really aren't interested in pirating music, rather in increasing their exposure to new artists and sounds. The bad news is that they prefer to use a clearly above-board service to do so, and not a P2P with its perceived air - rightly or wrongly - of illegitimacy. If NPD's analysis is correct, and it's the threat of legal action that is keeping punters away from the P2P services, it will be interesting to see what effect the RIAA's pledge not to pursue small-scale downloaders has as it becomes more widely known. ® Related Stories RIAA pledges not to target casual file sharers RIAA, MPAA appeal against 'Grokster is legal' ruling Court tells RIAA to take subpoenas somewhere else
The battle against a change in EU law that would see software opened up to worldwide patent law is hotting up. The key decision in the European Parliament will take place on 1 September but those opposed to the change have arranged a protest demonstration to take place next Wednesday, 27 August in Brussels, outside the Parliament in Place du Luxembourg. The demonstration will then be followed by a small conference held within Parliament, organised by Belgian activists, Eurolinux and FFII in which they hope to persuade MEPs to vote against the measure the following Monday. At the same time, FFII is planning an online demonstration in which websites stop access to their site and post instead a protest page against the issue of software patent. The theory behind it is that with patents introduced, website owners will not be able to know whether they are inadvertently infringing an old patent or not. This is music to our ears. On the balance of all the evidence, the case for allowing software patents into European law is far from argued. Moreover, the evidence from the US is that introducing this proviso into law will have an overall negative effect on the IT industry. It smacks more of protectionism than free and open markets. And it would be a severe blow against the fledgling open source community which has already achieved so much in a very short period of time. However, as we pointed out in June, the case against patents has been damaged by the protesters' approach. Politicians - especially the MEP that put forward the directive, Arlene McCarthy - have been barracked as opposed to persuaded and all the arguments put forward have only been argued from one minority position. If the releases put out by the organisers of the demonstrations and conference demonstrate anything, however, it is that they have become far more politically aware. For example, the arguments put forward now against a change in the law are that it would: Reduce innovation and increase monopolies in such a basic asset as software, thus harming consumers choice and value for money and depriving citizens of a healthy information society Undermine e-commerce by legalised extortion from patent holders Jeopardise basic freedom of creation and publication (a software patent holder could censor publication by the author of an original program) Cause legal uncertainty to copyright holders through patent inflation, since they won't know they are infringing someone else's patents until blackmailed or sued Endanger SMEs and professionals who do not have the resources for patent buildup and litigation, and currently concentrate most jobs and innovation in European IT Introduce a fundamental legal contradiction by using patents to monopolise information (software is only information) instead of its original purpose of dissemination of information on inventions Now, that, as they say, is more like it. On top of that, we also have a number of economists who have looked into the issue and concluded that introducing patent law on software "will have serious detrimental effects on European innovation, growth and competitiveness". It's a good critique and adds more weight to the anti-patent argument - you can read it at Research in Europe. The demonstration will start at noon at Place du Luxembourg (not hard to find) and will last until 2pm, at which point the conference will start and finish, it is estimated, at 4pm. So if you feel strongly about the issue, about open source or about software development in general, now is the time to put your money where your mouth is and get to Brussels for the day. It's easy to get to. You can even get the Eurostar direct from London. ® Related links All you know about the demo and patent law at FFII Economists weigh in Related Story Open source prepares to kiss EU patent ass goodbye
Environmental lobby group Keep Britain Tidy has warned motorists not to toss their rubbish onto roads and verges as they drive around the country this holiday weekend. Hand-held signs bearing the slogan 'Don't be a Tosser' will be flashed at motorists as part of the campaign in a bid to stop people littering. Among the haul of junk found by the roadside - other than the usual redundant keyboards, monitors, printers and other computer stuff - environmentalists have found a pantomime horse's head, false limbs and a suitcase containing a wad of cash. "Roadside rubbish is a major problem especially at holiday time, because it gives tourists the impression that we're a nation of pigs," said Alan Woods, chief exec of Keep Britain Tidy. "With broken glass, big bits of plastic and lighted cig ends being dumped on our motorways, it's also only a matter of time before it causes a fatal car crash," he said. ®
The stunning video captured earlier this month of an NYPD Segway sting operation has been met with an equally shocking display of blogging drivel dolled out by scooter worshipers. The Segwaychat.com outpost has collected some of the world's finest, spoiled children. To their credit, one member of the group did work in conjunction with the NYPD to return the stolen Segway to its owner. Sadly, this achievement has given rise to a nonsensical glob-fest full of talk about shafts, the Segway's finer points and even capital punishment for scooter thieves. "There is a hero among us," writes the Segwaychat (SC) chief, in a post. "He chooses to remain anonymous. He is a SegwayChat member and Segway HT owner. He's 'one of you.' "For the last two months, this member has been working and coordinating with other SC'ers on a covert plan to recover a stolen Segway HT. While we can't share all the details at this point, you might be pleased to know the plan was a HUGE SUCCESS and that the stolen Segway has been recovered. It will be returned to the rightful owner shortly." This poster is remarkably lucid for a blogger and for the Segway species. He is the pride of the SC glob zone. If only the other bloggers-on-wheels could match his eloquence. "And people wonder why i ride with 3 locks on my control shaft," writes a junior SC member. More likely, people wonder about you, friend. The SC poster provides a cute picture of his well-locked shaft right next to a Mini. He is a man consumed by the latest fads (speaking of the U.S. here) in transportation. And what of all the shaft talk? Wasn't it enough that the NYPD busted a man named Wang? "The control-shaft "lift" seems like i'd be "hard" on the control shaft, making it loose," he writes about the NYPD's Segway lifting technique shown in the video. We will assume the "i'd" is a typo and a not a Freudian slip. This man loves his scooter. Later, another globule writes, "This is bound to be a classic for years to come. Great work everyone. I can't wait to hear the details of this little fiasco. DON'T MESS WITH THE POSE'!." What could be less intimidating than a Segway posse? Police in various cities already look silly enough chasing after criminals at 12.5 mph, and they have guns. A fleet of docker wearing blog-types searching for the nearest Wi-Fi-ready Starbucks would not strike fear in the hearts of many. Still, MagiMike insists on running with the theme. "In Texas we HANG horse thiefs. Grin. Now don't be a teast. Give us the details as soon as possible without hurting court case. PLEASE!!" Later in the blog session, buffalo takes the chat into a dark realm. "I've been wondering about DWI (Driving while intoxicated) Segway...but don't give us a bad name." The damage has already been done, buffalo. The sense of unity the Segway owners feel must come from their shared predicament. They've purchased a $5,000 scooter that can be rather easily picked up or wheeled away. Their softening bodies must become riddled with anxiety as they wrap a meager bike lock around such expensive kit. The Segway is caught between far more reasonable bikes and much heavier cars in the theft spectrum. Lucky they have the SC forum in which to extol each others' virtues as Segway owners and assuage their fears. ® Related Stories Police grab Wang in covert Segway opp Bush okay after Segway attack First Segway owners are rich, bright, but not fat Most bloggers 'are teenage girls' - survey