28th > October > 2003 Archive

Why Longhorn is going to be different

PDC 2003PDC 2003 Microsoft Monday gave a sneak preview of their next-generation operating system Windows Longhorn. At a sold-out Professionals Developers Conference (PDC), the software giant's premier developer event in Los Angeles, Bill Gates called Longhorn 'the most important Windows release since Windows 95'. Along with Jim Allchin, group vice president of the Platform Group at Microsoft, the chairman and chief software architect of Microsoft discussed four major areas of platform innovation. Not surprisingly, given the recent concern over Windows security issues, Longhorn will extend the security technologies already in development for Windows XP to protect against malicious exploits, as well as introduce new security improvements at the architecture level that developers can take advantage of. There is also going to be a new presentation technology, code-named Avalon, which will be the foundation for the Longhorn shell. The XML-based graphics and presentation engine will provide Longhorn with a completely different, Apple-like transparent look and a handy taskbar to the right of the screen. This replaces the system tray bar and also augments it with new options, including RSS feeds, a big (very big) clock and a Who is in my neighborhood service, informing users about who is in the vicinity with a PDA, laptop or smartphone. A major change for Windows will be WinFS. Based on the relational database Yukon, this next generation of data storage will provide Longhorn with vastly improved ways to find, relate and act on information. Documents on the hard disk or on the company network, for instance, can be sorted by author and those documents are presented as if they are in a single folder, or as "stacks" based on another single common attribute. There is also a new communications technology named Indigo, which provides users with capabilities for more secure messaging and interoperability. Some companies are already working at applications for Longhorn. Adobe showed a prototype of Adobe After Effects that can unify documents, graphics and rich media. Developers will be able to build animated charts and graphs that are linked to back end data sources to produce a smart solution that displays stock prices and sales. Pharmaceutical research firm Merck & Co demonstrated an application that connects information from patients, doctors and technology systems to automate collection and processing of data in clinical trials. The application can connect thousands of clinical trial participants in remote locations. Bill Gates didn't mention a release date for Longhorn, but analysts do not expect the new release before 2006. A first beta will be released in the second half of 2004, along with a new Service Pack for Windows XP. Conference attendees this week receive a DVD with an early version of Longhorn (both 64- and 32-bit editions) and also forthcoming editions of Microsoft's development tool Visual Studio.Net (code-named Whidbey) and the new SQL Server, Yukon. Allchin warned developers that the performance of the Longhorn edition is "not good...we never shared code this early," he told developers. "Only install it on high performance machines." ®
Jan Libbenga, 28 Oct 2003

SCO says GPL unenforceable, unconstitutional and void

The SCO Group has described the General Public License, the cornerstone of much free software, as "unenforceable, void or voidable" in its latest court filing. The document is a response to IBM's Amended Counter Claims; IBM is counter-suing the SCO Group, claiming that it violates the terms of the GPL. SCO's response, filed on Friday, argues that the case be dismissed with costs awarded against IBM, and makes twenty six counter-counter-claims. "IBM’s claims are barred by fraud, illegality, collusion, conspiracy and/or lack of clean hands," claims SCO. The cornerstone of SCO's defense follows: "The General Public License ("GPL") is unenforceable, void and/or voidable, and IBM’s claims based thereon, or related thereto, are barred… The GPL is selectively enforced by the Free Software Foundation such that enforcement of the GPL by IBM or others is waived, stopped or otherwise barred as a matter of equity." Elsewhere it denies the "applicability or enforceability of the GPL." And to top it off, indulging in software libre is an un-American activity: "The GPL violates the U.S. Constitution, together with copyright, antitrust and export control laws, and IBM’s claims based thereon, or related thereto, are barred." In the past, SCO has contributed code to GPL products, and continues to distribute them. Elswhere, SCO says that four patents which IBM claims it infringed are "or may not be" valid. It also admits that UNIX™ was "originally developed by Bell Laboratories." The GPL has never been tested in court and its first real test has caused concern. Eben Moglen, pro bono attorney for the FSF, told us he was confident that SCO's case would be thrown out. ® Related Link SCO Group's Answer to IBM Amended Counter Claims [PDF - 224kb] Related Stories GPL goes to court The GPL will win, claims law prof Against SCO’s GPL jihad: one size doesn't fit all
Andrew Orlowski, 28 Oct 2003

Dell debuts iPod killer, music store

Ironies abounded when Microsoft recently criticized Apple's digital music strategy. Redmond said Apple’s end-to-end strategy, locking DRM to the iPod, restricted customers choice. Today we'll get a chance to see how much that choice is really worth, as Dell introduces its own online music store and iPod clone. In partnership with MusicMatch's online stores, Dell will offer songs for download for 99 cents. It's also offering an iPod clone with longer battery life and a lower cost than Apple. Made by Creative, the Dell DJ player will sell for $299 for the 20 GB version after a mail-in rebate, or $249 for the 15 GB version. Unlike the iPod, it plays Windows Media files, and works with Real and Microsoft jukeboxes on the PC. Dell claims 16 hours of battery life, twice as long as the iPod. Dell reckons that it can ship higher volumes than Apple, allowing it to work with lower margins. The iPod contributed a useful $121 million to Apple revenues in the last quarter: Apple hasn't disclosed iPod margins, but executives have said they're in line with computer sales, and the company is happy with that. Apple's gross margins were 26 per cent in the last quarter, while Dell's were 18 per cent. While the iPod is morphing into an interesting platform in its own right, sprouting audio in and removable media support, it could be leapfrogged by the broader category of 'personal servers'. Intel has demonstrated a concept device which features built-in Bluetooth and 802.11. Doubtless Apple is aware of this, and the popular reaction to the idea of an iPod with built-in Bluetooth (see Apple's 'BluePod' - promiscuous exchanges with strangers. But back to the present. Dell will have to execute well to match Apple's seamless integration. Both the iPod and iTunes were designed by the company, rather than licensed in from other vendors. An otherwise positive review of the Dell DJ at Tech TV notes in its Cons section, " Cannot quickly select and play all songs." Choice is a wonderful thing, but sometimes all people want is for the tunes to run on time… ® Related Stories Microsoft monopoly says Apple monopoly is too restrictive Apple adds iTunes DRM to one million Windows PCs Creative unveils 60GB iPod alternative Goodbye, PC; hello, PS (Personal Server) Pepsi, Apple team to lure kids to DRM Musicmatch iTunes-style service goes live Dell is ready to entertain you
Andrew Orlowski, 28 Oct 2003

FoTW: ‘You are a lier’

Flame of the WeekFlame of the Week From: Jacob Steinberg To: Subject: Your Mac Article At this time, I don't feel like typing anything long, so I'll get right to the point: You are a lier. Apple customers have always been content with their company and it's products. So how much did Microsoft pay you to make up this trash? $100? $200? $500? More? Less? First off, Windows isn't even a legal operating system, seeing that they stole it from Apple. Second, the dock is an excellent feature. I have never had a problem with it, and it is far better than the "start" menu in Windows XP. The Mac's interface and general looks are it's greatest strength. You cannot seriously tell me that Windows beats Macs in this-Windows looks, to be honest, like shit in comparison to the Mac, on both the exterior and the desktop/applications. Don't even try to win this battle, because it was lost for Microsoft before it even began. Sucks for you that you'll be stuck with crap computers. Ah well....better that us intelligent people use Macs while all the dumb ones use Windows. That way, there aren't newbs all over all the Mac sites. Jacob Steinberg Flames are published unedited and in full. Recent Flames Did your dog write this? Which school of journalism did you go to, Moron? My 12-year-old nephew is going to rob your house Writers Workshop How to write a Flame of the Week
Andrew Orlowski, 28 Oct 2003

Security muddle better than FUDdle

Whether it's a student slipping contraband past airport metal detectors, or a researcher modeling an unstoppable computer virus - demonstrations just don't do justice to the real state of security, writes SecurityFocus columnist George Smith. Look at a photo of Nathaniel Heatwole, the student who performed pro bono security testing on Southwest Airlines. Neat and freshly-scrubbed, he's a good fellow at Guilford College, the winner of a cash award for ham radio broadcasters -- a white-hat hacker trying to make air travel safer. Not only did Heatwole push box-cutters and other items symbolically meant to appear menacing through airport security, he also showed that the sharing of information isn't so hot. Heatwole warned the Transportation Security Administration about his work in e-mail. The TSA, however, receives 5,700 e-mails a day. In the electronic blizzard, the notification was missed for weeks. This play has repeated itself in every aspect of physical and electronic security for as long as I've written about the subject. Anyone who has followed the public history of computer intrusion will find the Heatwole case reminiscent of things they have either had to deal with personally or learned of through schooling and the media. Sending Heatwole to trial is a waste of time. No one was threatened or put in danger, and even the agency that received the black eye, the TSA, didn't have its leaders or employees personally singled out for embarrassment. There was no inconvenience or economic loss. Heatwole has even been reticent with the media, so even if an aim was to be showy, he's been low-key about it. However, do such things improve security? After years of thinking about the subject and witnessing similar cases weekly, my gut feeling is they don't. Despite good intent, and even with attention paid, Heatwole will not make security better on the airlines. There are too many carry-on bags to screen with the degree of discernment required to catch everything, and the airlines won't have any customers if they're required to strip search them or nail the bathrooms shut on all flights. In parallel, it's my hunch that the nation is saturated with news and alarms about security. From gaffes at the national labs, to the Government Accounting Office's stream of reports on poor computer security in various agencies, to Bret McDanel who warned co-workers at his former employer that their e-mail was compromised and had to spend sixteen months in prison before justice finally realized he had done no wrong, the word is always present. Security is too porous, people are screwing up, procedures are rotten, problems are going to be exploited and the house of cards is destined to collapse. Maybe it's all true. However, in the rush to publicize that which must be fixed right away the story poorly told is that the infrastructure is managed and kept stable by a just-in-time come-as-you-are workforce. And as a practice -- even though this looks wobbly -- globally and over time, it works. In the past, I've called this laissez faire computer security, but that's not entirely accurate. It doesn't give nearly enough credit to the people who daily keep their bailiwicks running, clean up after the mistakes of others and work collegially across borders to put out whatever electronic fire must be put out. Such tenacity and resilience cannot be measured in government reports, although the cost of their overtime labor is always said to be crippling during computer virus outbreaks or surges in the emergency application of serial Microsoft patches. One could just as well discount such alleged expense with the argument that the people are always engaged in productive work, and that we'd see the real cost of network insecurities only if the entire fix-it crew were to permanently disappear all at once. And the Nathaniel Heatwoles of security, while doing their spot test things, cannot give us an idea about the survivability of a system that during crisis is critically dependent upon people. There's an obvious difference between the galvanizing effect of hiding boxcutters in the bathroom and actually coming out of the watercloset brandishing them. Similarly, describing how a virus can evade anti-virus updates and circle the globe in a flash doesn't really describe its fight vs. people-with-networks and the probable outcome as it transpires. The challenge to security men and women is to separate being part of a process that is ostensibly about security, but without hope of bettering it, from the thankless work of combining ingenuity with the networked world's equivalents of spit and bailing wire. Should you be a showman if you think no one is paying attention? How effective is sowing suspicion and fear of things to come as a security tool? Or is getting pretty good at just gettin' by fine? Whatever the answer over the next few years, it'll have to do. Copyright © SecurityFocus George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.
George Smith, 28 Oct 2003

No effect seen in US hack disclosure law

Consultants are using it in pitches, lawyers are lecturing on it, and in Washington, it's been used as a model for proposed federal legislation. But nearly four months after it took effect, California's unique security breach disclosure law has yet to see any enforcement action. "Our office is not aware of any, nor are we aware of any DA or local offices or private parties bringing them," says Hallye Jordan, a spokesperson for California attorney general Bill Lockyer. "It may be that there have not been any security breaches that the consumers have not been informed about." The law, called SB 1386, passed on September of last year and took effect July 1st. It obligates companies doing business online to warn their customers in "the most expedient time possible" about any security breach that exposes certain types of information: specifically, customers' names in association with their social security number, drivers license number, or a credit card or bank account number. It can be enforced by state officials, or consumers can sue for damages if they become fraud or identity theft victims as a result of an undisclosed breach. Attorneys have warned that the law applies to e-commerce companies nationwide, whenever residents of the Golden State have their information exposed. But observers say that SB 1386 hasn't opened a floodgate of security breach disclosures. "Thus far I have not seen a lot of examples of people notifying," says Scott Pink, deputy chair of the American Bar Association's Cybersecurity Task Force. "My guess is people are either not familiar with the law, or are handling it discreetly." "I can tell you right now, nobody's telling anybody anything," says Dan Clements of CardCops.com. "I don't see it being effective right now. Consumers are still not getting notified." Clements offers consumers a paid notification service, in which he'll warn his customers if he spots their information in the chat rooms and websites frequented by credit card thieves. He says this month alone he traced stolen credit card information to breaches at five different online merchants, ranging from mid-sized businesses to modest mom-and-pop operations. When he contacted a sample of the exposed consumers, he was, in each case, the first to give them the bad news. "They were not informed," says Clements. But the law only requires disclosure when personal information is "reasonably believed to have been" stolen; these merchants may not have known. One of them, an online store that sells collectable sculptures, had detailed order information for forty customers plastered on a public website devoted to credit card fraud. But proprietor James Hunter says he was ignorant of the leak until Clements tipped him off, and that he warned his customers five days later -- delaying that long only at the request of his hosting company, Philadelphia-based Datarealm, which also hosts another merchant exposed on the same carding site. (A Datarealm representative did not return phone calls on the breaches.) "They asked me to wait to let them find out what the problem was so we'd have something positive to say," says Hunter. Pink says it's too early to pass judgment on the California law. "I think the test will be somewhere between six months and a year," he says. Meanwhile, a proposed federal version of SB 1386 called the Notification of Risk to Personal Data Act is stalled in committee, according to a spokesman for senator Dianne Feinstein, who introduced the bill this year. For his part, Clements has begun reporting breaches to the New York Attorney General's office, which has had some success enforcing website privacy policies under existing state consumer protection laws. Disclosure laws, he says, fight merchants' and hosting companies' natural fear of losing of customer confidence if they admit security breaches, and that merchants can face financial penalties from credit card companies when they've been hacked. "I've been doing this for four years, and I've seen over four hundred hacked merchants, and they have one thing in common: they don't want to tell anybody," says Clements. Copyright © SecurityFocus
Kevin Poulsen, 28 Oct 2003
cable

Voice and data – is this network big enough for both of us?

Briefing Note The convergence of voice and data over a single Internet Protocol-based network infrastructure is, at least at first glance, an elegant way of reducing the complexity and costs associated with managing enterprise networks. Sending voice information in digital form over a converged IP network as discrete packets rather than by using traditional circuit-switched protocols across the public switched telephone network means that corporates can have just one physical cabling infrastructure which can be managed from a single point. Additional benefits include the dramatically improved functionality that can come from combining voice, video and data services over a single infrastructure, bringing on board next-generation communication technologies such as unified messaging and computer telephony integration (CTI). IT and telecoms analysts largely agree that IP convergence is making its way into the mainstream enterprise networking world. At last, the technology has matured to the extent that firms can see it delivering technological and commercial advantage in real world deployments. In addition, falling prices for core VoIP equipment such as IP Private Branch Exchanges (PBXs), IP phone handsets and the replacement of legacy Time Division Multiplexing (TDM) PBXs have all helped to drive adoption of IP convergence in the enterprise. The relatively recent deployment of network-hosted IP centrex offerings by service providers, together with the development and deployment of Multi-Protocol Label Switching (MPLS) carrier networks that can guarantee quality of service are also crucial drivers. Throw into this mix the fact that all calls sent over the converged network are free from telco tariffs - a compelling value proposition for firms with branch offices over large Wide Area Networks (WANs) and staff working remotely - and it would appear that IP convergence must be a recipe for success. But the technology's reputation has long suffered from eager vendors touting it as the Next Big Thing when it was simply too immature to deliver tangible business benefits. Clive Longbottom, service director at Quocirca, says: "There has been hype for so long, and there are still companies out there over-hyping convergence; they do not actually do quality of service and on a heavily used network the voice service just collapses." But IP convergence technology is now mature enough to stand up for itself, he says, noting that commercially viable technology, which offers full prioritisation and quality of service, is available from 3Com, Avaya and Cisco and other tier-one networking companies. Steve Kennedy, head of product futures at Thus, also thinks that IP convergence has been the victim of its own vendor hype: “I think the whole technology has been hyped in the past as a panacea to everything and in fact if you do it properly it’s actually difficult to do. Because if you go into an office and say you will put IP phones everywhere and run everything off the 10Mbps shared LAN, the performance will degrade horrendously and you just will not get any quality of service. “So actually installing IP convergence into an existing infrastructure can be relatively expensive, but if you go into a greenfield site you can design it from the outset with switches everywhere, with VLANs and quality of service.” According to Longbottom many companies are missing out by taking an "if it ain't broke, don't fix it" approach to convergence. Many firms surveyed in Quocirca’s primary research are happy to just keep on going with their existing legacy PBX equipment: "The biggest competitor to VoIP in the UK is simply inertia,” he says. "It is coming in at a departmental level; so for example if the helpdesk is being updated, then the new call centre being installed will be IP-enabled and the technology will spread. As firms are looking increasingly to deploy fully convergent collaboration and communications systems - such as unified messaging - VoIP will become a necessity." This view is echoed by Joe Foster, acting director of network engineering for Telewest Business: “Now that the convergence technology and standards have matured, it is a natural evolution of hosted business voice services, such as centrex and contact centre services, to hosted IP converged services. Our customers are focussing on the benefits of the new capabilities enabled by convergence and how this integrates with their current infrastructures, rather than the technology for the sake of technology.” According to Mike Kiely, business development manager for Broadband Communications at BT, increasing use and acceptance of integrated communications such as SMS, email and instant messaging are driving IP convergence deployments. "At the core of most telecoms networks you already have a great deal of convergence. So this is already a reality. At the end user level this is just beginning. While plenty of technology exists to enable convergence, this needs to be supported by propositions, which deliver true user benefits such as increased convenience or better prices." The vital importance of cost savings is highlighted by Forrester Research in its recent report, The price of VoIP in Europe. The study estimates that a domestically focused European company will cut five-year voice costs by more than a quarter with IP connections. The biggest potential cost savings come from the replacement of private WANs based on leased lines and frame relay with public VPNs based on MPLS or IP Sec. By combining VPN technology with route optimisation kit from vendors such as Sockeye Networks, firms can build what Forrester calls redundant arrays of Internet links and shave obetween a fifth to a half from their bandwidth bills. Craig Thomas, head of marketing at Tiscali UK Business Services, notes that broadband is having a profound effect on IP convergence deployments by reducing access costs for remote workers and branch offices. “The arrival of DSL as a business grade – not consumer – service is making it cost effective for the whole of corporate networks to go voice over IP. Voice convergence is really going pan-corporate with DSL as it can now be cost justified. Before the only way to do this was with voice over frame relay and it was just the major sites that were converged.” Forrester recommends that enterprise corporates evaluating the business benefits of IP convergence should conduct a three-stage audit. "First, check with existing vendors to confirm that LAN switches are QoS-enabled with support for 802.1p traffic prioritisation.” Next step, call on presales consulting help from major IP equipment vendors to model network bandwidth requirements for packet voice; and use testing tools to investigate the performance of existing gear. “Finally, verify whether existing firewalls can support packet voice based on the H.323 protocol and SIP," Forrester advises. Almost 90 per cent of the 23 European telecom managers interviewed for the Forrester report expect to deploy packet voice within five years, says lead author Lars Godell. But he notes that although 100 per cent of today's adopters are happy with VoIP, they currently “packetise”, on average, just three per cent of their voice traffic. Alex Winogradoff, Gartner vice president and chief analyst, points out that the operational benefits of VoIP to end users are well-documented - but enterprises are still viewing the technology pragmatically. "For VoIP and convergence to take off, end users must be convinced that VoIP is not just a tactical return on investment-based decision but a strategic decision and commitment that will involve some risk," he says. IDC is more bullish in its predictions for IP convergence growth, citing a recent study which shows that 20 per cent of UK firms consider VoIP a "must have" technology. According to the research firm, VoIP equipment sales worldwide will grow 45 per cent a year through to 2007, when sector revenues will hit $15.1 billion. Paul Strauss, IDC research manager, acknowledges that security problems and standards issues remain, but adds that the IP approach has “seized mind share as a strategic technology and is now strongly supported by such enterprise telephone stalwarts as Avaya and Nortel. This comes on top of such early players as 3Com, Alcatel, and the giant of the sector, Cisco," It is clear that a strong consensus exists among leading industry analysts and service providers who, while conceding that IP convergence uptake has been dogged in the past by hype and immaturity, predict that the technology is now poised for strong growth. ® This data networking briefing note is sponsored by Telewest
Robert Jaques, 28 Oct 2003

Gatelinx preps free P2P videocon messenger

Details are slowing emerging from the ambitious projects behind PerfecTV and its videoconferencing sister company Gatelinx, with Gatelinx looking far more ambitious than we originally realized, likely to operate like the free VoIP Skype service, but with videoconferencing in from the get go. The Gatelinx products won’t be free, but they should provide free videoconferencing calls across the Internet. We first came across this tiny subsidiary of the leading DirecTV reseller, Prime TV, three months ago, when On2 Technologies boasted that its V6 MPEG4 codec had been selected for its primary codec. That wasn’t strictly true and product manager at PerfecTV, Mike Chisholm, won’t actually say which codecs (plural) he has settled on. “We’ve looked at Microsoft’s Windows Media 9, at On2 and at three variants of H.264 from Vsoft, UB Video and Nvideo. We are leaning towards H.264 MPEG 4 Level 10, but we may use more than one codec.” So far they have tried H.264 driven by both Texas Instruments and Equator Digital Signal Processors, and are leaning towards the Equator chips, but have them in testing at present. It turns out that multiple codecs are likely to be used, because the company wants to deliver a number of different experiences. Not only is it hoping to deliver streamed and buffered IP video through PerfecTV over broadband lines, but also videoconferencing that will need real time encoding of a video signal as well as decoding. Later PerfecTV wants to offer High Definition TV, which is something of a compression challenge. But the noticeable additional differences this week can be seen on the Gatelinx site. The company has always said that it would offer videoconferencing for kiosks to support sales situations by putting real people as guides to web sites, but now it appears to be set to offer it as a straightforward video version of instant messaging. The underlying technology is similar to Skype’s, using peer to peer software (again, which version hasn’t been announced yet); 256-bit encryption and the same approach to get around firewalls and NAT servers that Skype uses. The first version will run PC to PC, but the final version will be incorporated into the PerfecTV set top boxes to allow free “living room” videoconferencing for any household with a PerfecTV set top. Still no news on who will supply content for PerfecTV, and its launch has been put back by negotiation delays, although the company confirms it is in negotiations with the larger studios and also with TV companies. The launch will now be 2004, but no indications when. However the Gatelinx part of the equation should see the light of day sooner than that. © Copyright 2003 Faultline Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of events that have happened each week in the world of digital media. Faultline is where media meets technology. Subscription details here.
Faultline, 28 Oct 2003

PeopleSoft: tough integration targets

PeopleSoft insists that it will continue to retain and support JD Edwards' product lines along with its own, although questions have been raised concerning the length of time that this will hold true. For now, at least, PeopleSoft has much to gain from maintaining the current portfolio. PeopleSoft has set itself some very public and potentially tough deadlines to meet concerning the integration of JD Edwards, including Q4 for the first appearance of integration between the PeopleSoft and JD Edwards applications. As a result, there will be no let-up in the daily scrutiny it has undergone since June when it announced plans for a friendly takeover of JD Edwards. One of the biggest areas of scrutiny concerns its plans for the three product lines that now comprise its portfolio: the PeopleSoft-based Enterprise line, JD Edwards-based Enterprise One line, and JD Edwards' iSeries-based World line. The company is adamant that it will retain all three lines, and has the resources to fully support and develop them. Responding to comments about possible product consolidation, EVP for products and technology Ram Gupta pointed out that as an industry matures, the issue becomes one of portfolio management and integration rather than a single product focus, with customers requiring the variety that suits their needs but without crippling integration costs. Despite fearsome denials, a nagging question remains about how long they will be retained as separate code bases given the ongoing costs of supporting three lines and plans for intellectual property exchange and common components across the lines. However, this is not a risk factor for the short or medium term as consolidation would totally undermine one of the key reasons for the acquisition from PeopleSoft's perspective, which was to gain a surer foot in the mid-market where its high-end enterprise applications have failed to secure a base, but which is the home ground of the JD Edwards products. The mid-market has become increasingly important to enterprise business application providers because its untapped potential provides vendors with fresh sales opportunities, but it is doubly important for PeopleSoft because it represents a fresh way for it to tackle Europe, which has been slow to respond to PeopleSoft's charms. Source: Computerwire/Datamonitor Related Research Oracle vs. PeopleSoft: Shakeup in CRM
Datamonitor, 28 Oct 2003

Intel Prescott contains non-AMD 64-bit tech – report

UpdateUpdate Intel's upcoming (it hopes) 'Prescott' processor already has 64-bit extensions to the 32-bit x86 instruction set, but they're (a) not enabled and (b) not based on AMD64. So says Xbit Labs, citing an anonymous source. We've heard such claims before, usually in emails from folks unwilling to supply their name or give any indication about how they might know the information to be true. Intel's official line is that 64-bit computing isn't needed on the desktop today, and won't be for a few years yet. Both Apple and AMD disagree, but it's worth bearing in mind that Apple's latest operating system, the rather good Mac OS X Panther, isn't a full 64-bit OS; it merely has enough 64-bit-ness to allow the G5 processor to access more than 4GB of memory. As for AMD's 64-bit OS, well, Microsoft is hardly rushing to get 64-bit Windows XP out the door. In short, neither Microsoft nor Apple are wholeheartedly embracing 64-bit as the future of the desktop. Instead, they are understandably playing cautious, testing the market to see what demand there is (in Microsoft's case) and leveraging what the technology can bring to pro customers (in Apple's). Only AMD is tub-thumping for 64-bit, and that's because its future success depends on it - although it always has the 32-bit compatibility 'Get Out of Jail Free Card' if things don't play out as anticipated. The bottom line then is that Intel is probably better off waiting, like Microsoft, to see how demand for 64-bit on the desktop pans out. Yes, it has a non-x86 64-bit platform already, but Intel is enough of a spinmeister to know it can easily get away with shipping a second, x86-based 64-bit system providing it pitches it right - i.e. at desktops, workstations and low-end servers. It's never been inevitable that 64-bit would come to the desktop, but it's a logical extension of the evolution of desktop computing we've seen to date, first 8-bit, then 16-bit and now 32-bit. Intel can see this, and will have a desktop 64-bit contingency plan in place. It also knows the importance of the x86 software base in the commodity end of the market, and understands the importance of backward compatibility. So some sort of 64-bit extension to the x86 ISA is its logical course of action. It builds on its dominance of the 32-bit space, but still leaves the company plenty of room to market Itanium as a high-end solution. Assuming it doesn't ditch the EPIC architecture, of course - but that's another story. Enter 'Yamhill', the long-rumoured and much speculated upon Intel answer to AMD64. It almost certainly exists, but it's not known if this is anything more than a research project. The comments from Xbit Labs' source - assuming he or she knows what they're talking about - suggest that it has moved out of the lab into the fab. Not so long ago, American Technology Research analyst Rick Whittingtonsaid Intel would implement Yamhill in 2005. That's the timeframe for 'Tejas', Prescott's successor, and also around the time Intel expects applications to start requiring more than 4GB of RAM - ie. "several more years from now", as Intel CTO Pat Gelsinger recently put it. Intel's upcoming 775-pin Land Grid Array pin-out, to be implemented in the upcoming chipset 'Grantsdale', perhaps suggests a wider address bus. The Athlon 64 by contrast has 754-pins, while the current Pentium 4 uses just 478. Grantsdale is being primed for Tejas, but there's a Prescott version coming too. So if Tejas has 64-bit support, so it would appear does Prescott. The shift to 90nm should give Intel plenty of space for 64-bit support, particularly if AMD can do it at 130nm. The extra transistor budget can't have been spent exclusively on extra cache and Prescott New Instructions, surely? The remaining question is whether Prescott and Tejas use Yamhill or AMD64. Some commentators have claimed Microsoft will only support one 64-bit x86 platform, but equally it's hard to see Intel being happy choosing someone else's technology - and it's less likely to give such a public thumbs-up to its rival's platform. 'What, you mean we could have bought Athlon 64s all along?' punters will ask. Microsoft, meanwhile, isn't likely to be willing to pass on selling 64-bit upgrades to all those Prescott and Tejas owners, so we shouldn't put too much faith in an Windows-AMD64 axis. AMD fanboys can spin all this in whatever way they care too, while they moan about Intel's 'malevolence' or Apple's 'lies'. The company itself has a rather better grip on reality and knows it needs to maximise whatever time Intel allows it to build up its 64-bit credentials and user base. Some folk will complain about Prescott's disabled 64-bit support, but AMD is expected to do just the same when it ships Hammer-based Athlon XPs next year. It's not cheating, it's maximising your output, and so long as neither company markets their chips as offering more functionality than they do, then that's OK. It's good business. Update After posting the above, we see (via Linuxworld) Lehman Bros. analyst Dan Niles is predicting that Intel will release a 64-bit x86 part sometime during the first half of 2004 - well ahead of the 2005 timeframe. He too reckons it won't use AMD64. ®
Tony Smith, 28 Oct 2003

AMD slashes Opteron prices by up to 40%

AMD yesterday trimmed its prices, following on from the cuts Intel made to its Pentium 4 and Celeron prices on Sunday. The Opteron line saw some of the biggest cuts, with the price of the 844 falling 40 per cent, but the AMD's focus was its 32-bit Athlon chips. Some parts' prices were left unchanged, other reduced. Among AMD's mobile Athlon chips, the bottom-of-the-range parts were dropped, as was the Athlon XP-M DTR 2500+. The DTR 1900+ went, as did the Low-voltage 1500+ and the mainstream 1700+. AMD made one introduction: the XP-M 3000+. Opteron Processor Prev. Price New Price Change 846 $3199 $2149 -33% 844 $2149 $1299 -40% 842 $1299 $999 -23% 244 $690 $455 -34% 242 $455 $316 -31% 240 $256 $198 -23% 146 $669 $438 -35% 144 $438 $292 -33% 142 $292 $229 -22% 140 $229 $187 -18% Athlon XP 3200+ $464 $325 -30% 3000+ $265 $203 -23% 2800+ $180 $140 -22% 2700+ $137 $117 -15% 2500+ $89 $79 -11% 2400+ $81 $79 -3% 2100+ $69 $66 -4% Athlon MP 2800+ $230 $201 -13% 2600+ $174 $153 -12% 2400+ $131 $116 -12% Athlon XP-M Desktop replacement 3000+   $208   2800+ $185 $145 -22% 2400+ $86 $84 -2% Athlon XP-M Mainstream 2400+ $91 $89 -2% Athlon XP-M Low-voltage 2000+ $112 $97 -13% 1900+ $105 $89 -15% 1800+ $97 $80 -18% 1700+ $80 $71 -11% 1600+ $71 $57 -20%
Tony Smith, 28 Oct 2003

Sober email worm gives Windows users the DTs

A virus which poses as a security fix from an AV firm is the latest menace to assault Windows users. Sober typically spreads by email. The viral messages it generates have infectious attachment names such as typically anti_virusdoc.pif, check-patch.bat, playme.exe and variable English and German subject lines. A full list can be found in anadvisory from Finnish AV firm F-Secure. Windows users foolish enough to open the infectious attachments get the pox. On infected machines, the worm makes certain registry changes and installs its own SMTP client to further its spread. MessageLabs, the email filtering firm, reports that it has blocked the worm more than 3,400 times since its first appearance at the weekend. In three-quarters of the cases , the Sober worm came from Germany. Most AV vendors rate the virus as low to medium risk. Standard defence precautions against viral attacks apply: corporates should consider blocking executables at the gateway and update AV signature definition files to detect the virus. Home users should also update AV tools and resist the temptation to open suspicious looking emails. The use of free spam-nuking tools, such as Spam Assassin, can help. ®
John Leyden, 28 Oct 2003

RIAA nemesis, Senator Coleman voices his thoughts online

Senator Norm Coleman is the leading figure in the US government who is showing concern about the Recording Industry Association of America’s legal suits against music lovers. The Washington Post this week posted a transcript on its web site of a chat session where questions were put to Senator Coleman. Coleman’s position has always been that piracy is wrong, but the industry has to think carefully just how it is going to go about changing people’s attitudes. Coleman listed three concerns about the RIAA approach. “First, the broad grant of subpoena authority has the potential to sweep in folks who may not have done anything wrong. “Second, the civil penalties in this area, including fines up to $150,000 per song, are clearly excessive. They can be used to intimidate and threaten folks who may or may not have done anything wrong. We know that penalty will never be imposed. My concern is the threat of that penalty is so severe that you force someone who didn't do anything wrong to settle because of fear of bankruptcy. “Finally, I also have concerns about the impact on personal privacy protection. The technology used by the RIAA and P2P networks has the potential to undermine personal privacy protections.” Coleman described the new tactic of the RIAA writing to people before suing them as merely“a good first step”, and he confirmed that he didn’t think tinkering with legislation was going to solve the problem, appearing to lean towards a technological solution. He said: “The solution must be led by the industry and be a combination of law, technology, and creative business solutions. The industry has a right to be protected, but you have to do a better job of meeting consumer needs.” In response to one question Coleman agreed that a greater number of smaller fines would be more productive and less worrying than the huge maximum potential threat file sharers are under at the moment. On the subject of the Digital Millenium Copyright Act, he said: “I think one of the problems with the 1998 DMCA is that it was created before the advent of KaZaA, Napster and the P2P technology that is used today to facilitate illegal downloading. This is what I mean when I say the law and technology are not in sync. “It is a great challenge for Congress to "adjust that balance" because technology changes so much quicker than the legislative process.” © Copyright 2003 Faultline Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of events that have happened each week in the world of digital media. Faultline is where media meets technology. Subscription details here
Faultline, 28 Oct 2003

MS ‘Windows for iPod’ delayed but still marks death of PDA

Microsoft's 'Windows for iPods' operating system appears to be taking longer to ship than the company previously forecast. The software giant yesterday said it was working on system software for handheld media players. Now called Portable Media Center, it's a Windows CE.NET variant that will ship in devices "in the second half of 2004", according to Microsoft. The Beast readily admits that PMC is a re-named Media2Go, the Windows CE.NET-based system it began talking up earlier this year at the Las Vegas Consumer Electronics Show. Back then, in January, the company said devices based on the platform would "reach store shelves toward the end of 2003". Whether the delay is a result of Microsoft's coding schedule or simply because licensees - including Creative, Viewsonic, iRiver, Sanyo, Samsung and Tatung - want more time to design hardware and debug products before shipping them in time for either the 'back to school' sales period or Christmas next year, isn't known. Essentially, the PMC is a handheld music player - primarily WMA 9, but also MP3 - that can also show movies and record TV shows, TiVo-fashion. It will also allow users to store all their digital photos. Of course, we can do all this already using a PC, but Microsoft reckons it's a logical extension of that activity to want to take content with us when we're on the move. PDAs can already make a pretty decent stab at mobile media playback, but Microsoft's own Pocket PC format leaves too much to be desired on the battery life front for it to morph into a video iPod just yet. PDAs also need hard drive storage. With the PDA already threatened from smartphones, might iPod-style devices also help pull the rug from under the format's feet? Certainly, the iPod now has basic PIM facilities - enough, at any rate, to display data that has been entered into the system via a host PC. With my calendar and contacts sync'd onto my iPod, do I need to carry my Palm too? It's certainly easier to drop PIM data onto an iPod than carry enough memory cards to make the PDA a worthwhile music centre. It's not too hard to imagine the addition of pen-based text entry - offered by Mac OS X for over a year now - or a phone-style keypad or Blackberry-esque micro keyboard. Equally, upgrading its screen and software for video playback is possible now. Such a system also neatly dovetails with the Personal Server concept Intel has been playing with of late. Chuck in wireless for localised file sharing and things start getting very interesting indeed. Oddly enough, rumours have been circulating about a video iPod for some time now - it was expected by some to debut this past summer - but Apple's mooted tablet-style display system is more interesting as a broader home media platform. Whatever Apple is working on, Microsoft's delay will give it more time to get the thing out and onto the market. For its part, Microsoft will have versions of Windows Mobile that run on all the key portable platforms - smartphones, PDAs and, next year, media devices - so it's covered whichever way the market goes. All three, probably, with the PDA increasingly being squeezed by the other two - until PalmOne or Sony starts building hard drives into Tungstens, Zires or Cliés, at which point the two platforms become one. Exit the classic Personal Digital Assistant, stage left. Enter the Personal Media Assistant, shouting... ® Related Stories MS, Intel talk up portable video players Dell debuts iPod killer, music store
Tony Smith, 28 Oct 2003

Creative MuVo NX MP3 player

Reg ReviewReg Review Creative's Nomad MuVo is a hybrid device. Noting the growing demand for Flash-based ultra-portable storage systems, Creative realised that the keychain drive and the solid-state MP3 player have rather a lot in common. Both are about providing an easy, cheap and convenient way of carrying around data that normally lives on a PC. That data can be anything - pictures, text files, spreadsheets - but if it happens to be music, which not allow the user to listen to it? The MuVo then is essentially a Flash drive with a built-in MP3 player. While the original was perhaps closer to the former, the second-generation of the product line, the MuVo NX, stress the portable music player role by adding not only an LCD screen but a voice recording facility - now de rigueur on MP3 devices, it seems - an equaliser The NX's core is a 5.2 x 2.2 x 1.3cm (2 x 0.9 x 0.5in) unit with a standard USB connector at one end. This goes into a spare USB port on your PC just like any Flash drive does, and appears on your desktop of My Computer window as a removable drive. To load the NX with music, just drag over a stack of MP3 or WMA files into its icon and wait for them to copy across the USB 1.1 bus. Windows, Mac OS X and probably Linux provide no barriers to transferring files this way. There's no need for special jukebox or music transfer software unless you particularly want to manage your song collection. When you're done, just eject the mounted volume and you're ready to go. While a regular Flash doesn't require its own power source, a music player does, so the NX ships with a couple of battery holders - one silver, the other metallic red - into which the above unit slides. The two parts connect using a USB socket built inside the battery pack, which holds a single AAA cell. Now the NX looks like a classic ciggie-lighter shaped micro MP3 player. With the battery pack in place it measures 7.5 x 3.6 x 1.5cm (3 x 1.4 x 0.6in) and weighs about 42.5g (1.5oz), including the battery. Control On the top of the NX is the 3.5cm earphone jack. On the right side is the obligatory jog-dial control and separate volume up and down keys. On the front of the device is a tiny play/pause button which also turns it on. Below it is the microphone and, under that, the 2.6 x 1.9cm LCD. Such a small screen can't provide a lot of information: just the time elapsed since the current track began playing, its file name, the EQ setting, a battery charge indicator and an icon to tell you whether the NX is in playback or recording mode. Alas, you get none of the extra info encoded in the song's ID3 tags, such as song title, artist or album title, all of which are likely to be far more useful than a, say, 'mad_worl.mp3'. And that assumes your songs have 'meaningful' file names and haven't be named numerically - '0001.mp3', for example - to allow you to specify the order in which they'll be played. Now, Creative claims that the NX does use ID3 tag information. However, neither ID3v2 tags inserted by iTunes nor ID3v1 tags appeared on the NX. Flipping the jog-dial in either direction takes the player to the next or previous song - keeping it pressed cycles through the tracks more quickly. It works, but it's not fast - it takes about ten seconds to move through 24 songs. Pushing the jog-dial calls up the player's menu of options, including shuffle and repeat preferences, track delete and - if you're using the device as a Flash drive - a folder skip option that prevents the player from listing files that don't contain encoded songs. The menu also allows you to choose the player's mode. One is music playback, the others are record and voice playback. Recordings are encoded as WAV files. The quality's not bad and is certainly good enough for the odd memo. You can record up to eight hours of your muttered thoughts - enough to fill up the player's 128MB of storage space. Creative is also offering a 256MB version of the NX, and that can hold 16 hours' worth of voice memoranda. The menu also allows you to customise the player's basic settings - the screen contrast, how long the backlight's on for, how soon the NX automatically powers down when it's not being used and so on. One very nice touch is an LCD orientation option, which flips the display upside down the better suit how you prefer to hold the player when you're looking at the screen. The display may be tiny, but Creative has managed to program in a five-band equaliser screen to allow you to apply your own sound settings instead of the four unremarkable pre-sets (Rock, Pop, Jazz and Classical). There's no other bass or treble boost option. Playback Loaded with a couple of albums' worth of 128Kbps MP3s, we went off for a trot around town with the NX. The sound is crisp but trebly, though our bass-boosting custom EQ setting helped a bit. Creative's own earbuds are a little on the tinny side, perhaps, lacking the more rounded sound of our reference iPod 'phones. Out and about with the volume turned up there was little sign of distortion. A personal niggle: they're also of the 'one ear's cord is longer than the other' variety - we like our phone cables to be of equal length, left and right. One plus: Creative has bundled a cheap but cheerful belt clip. The player also ships with Creative's MediaSource music ripping, management amd playback software. For Mac or Linux users who've bought the device because it's one of the few MP3 players that are compatible with their operating systems, that's of little use. Time to address your cross-platform software support, Creative. Verdict The MuVo NX isn't the most feature-packed of MP3 players, but it is one of the best. It is one of the smallest players we've seen that plugs straight into a USB port - and one of the lightest. Its drag-and-drop approach to file transfer makes it ideal for anyone who doesn't use Windows, so it scores points for its cross-platform support - though Creative loses a few for only bundling Windows software. If Rio's parent, Digital Networks, can at least bundle iTunes, so can Creative. We'd also like to see support for the AAC audio format. The NX isn't bad looking, either. Not as stylish as some of the newer Rio players, but more colourful than many of the no-name players coming out of the Far East. And at least Creative provides buyers with an alternative colour scheme with the second bundled battery holder. Most MP3 devices offer decent playback these days, but the NX has a better sound quality than most and while Creative's earbuds aren't entirely to our taste, they're nevertheless better than some of the cheap pairs bundled with too many portable music machines these days. In all, a very fine micro MP3 player. And with on-the-street prices at under £100, good value too. ® Creative Nomad MuVo NX 128MB Rating 80% Pros — Nice, compact size — Doubles up as a Flash drive — Excellent sound quality — Works on multiple platforms Cons — ID3 track idiosyncrasies — USB port not readily accessible — No scope for memory expansion Price £120/$150 (128MB) £TBA/$200 (256MB) More info The MuVo NX web site Recent Reviews Micro MP3 Players Creative SoundBlaster MP3+ Logitech Pocket Digital 130 digicam Asus A620BT Pocket PC Viewsonic V35 Pocket PC Palm Tungsten E Palm Tungsten T3 Palm Zire 71 PDA
Tony Smith, 28 Oct 2003

Nokia's 7700 ‘media device’ – first shot in the PDA wars?

Nokia today unveiled what looks suspiciously like the first phases of its get PocketPC strategy. The tip of the iceberg is the 7700, which you could categorise as kind of the successor to the 9000 series, kind of a Sony-Ericsson P800 me-too and kind of a PDA, and which Nokia categorises as a "media device", but there's enough of the rest of the iceberg showing to be going on with. First, the 7700 is the first device based on Nokia's Developer Platform for Series 90, which was also announced today. This is for "high-end mobile devices with high-resolution, touch-sensitive color screens", so Nokia's developer platform series now consists of Series 40, Series 60, Series 80 UI and Series 90. Series 80 UI, just to confuse you, is for "Nokia's Communicator line of high-end, top-performance business devices, will continue as the user interface for Communicator devices going forward, and will be aligned with Developer Platform for Series 90." So you look at the 7700, wonder 'is it or isn't it', and answer 'hmmm...' We expect interesting things to spring from us regularly gnawing at the junction in this 'alignment', but we'll stick with Series 90 at the moment, which goes approximately as follows: - Java(TM) 2 platform, Micro Edition (J2ME(TM)) with MIDP2.0, CLDC1.0, Wireless Messaging API, Mobile Media API and Java(TM) APIs for Bluetooth - XHTML browsing over TCP/IP - MMS (Multimedia Messaging Service) with SMIL - OMA Digital Rights Management (DRM) - forward-lock - OMA Client Provisioning support - Symbian OS 7 native APIs - Symbian OS installation file "SIS format" for native applications It is aimed at devices with a 640x320 touch screen with 65536 colours, i.e. the 7700 right now, and the UI features handwriting recognition (another interesting one to pursue, this), onscreen/virtual keyboard and the ability to control the device with hardware keys. Nokia today is also 'envisioning' (we would prefer it to envisage, but no matter) "a mobile services mass market", which is one obvious reason why you'd want to get into devices of the class of the 7700 and beyond. The company does not, frankly, go a great deal further than stating an intent here, but it does tell us it expects "virtually all of our future GPRS and WCDMA phones to include EDGE", which is interesting, and the launch of the new Enterprise Solutions group, intended to bring "true mobility to the enterprise space", signals the beginnings of a mobile services for business push. Two new products here are the 6810 and 6820 "messaging devices", the 6820 being the one with the fold-out qwerty keyboard. So what have we got here? As we said at the outset, the tip of an iceberg, but a very interesting tip, nevertheless. The 7700 is at the moment the most interesting/intriguing, because although it's pretty clear Nokia is pitching it at consumer, the larger screen means it seems to have some pretty interesting potential applications, depending on how easily you could expand it. Bluetooth keyboard, perhaps? It'll do FM radio, and with the Nokia Streamer SU-6 attachment it can handle DVB-H network video broadcast video, but how easy, or how hard, will it be to attach other stuff? Note, however, that spec-wise it really does look like something beginning to occupy that vacant Psion space we speculated to Nokia about just last week. It's consumer, which we think likely to reduce Nokia's readiness to view it as something you could build solutions on top of, but it's a clue to forthcoming devices, the same but different and relating in some way to that 80-90 'alignment'. An obvious thing missing right now, we think, is built-in 802.11 - but the game's afoot... ® Pictures 1 It's not a phone, it's a media device 2 The 6820, no compromise messaging, apart from the screen in the middle of the keyboard. 3 Non-challenging 6810 business messaging device 4 The 6230, a fairly straight mainstream business play 5 The fashion-inspired 7200, (it says here), "artistically blends modern mobile technology with contemporary design trends, highlighted by an ensemble of folding, ornamental textile covers." Do we need to tell you we couldn't make it up? Thought not.
John Lettice, 28 Oct 2003

Get this RFID tag off my fatigues

LettersLetters re: Defense Department wants RFID tags on everything but sand The notion of RFID-enabled troops has triggered considerable concern among Reg readers. Many of you out there suspect that the DoD's plan to slap every piece of military equipment with an RFID tag might not be the best idea for performing cloak and dagger type operations. Has it occurred to anyone that a US military force's field positions might be covertly mapped by an opposing force with the foresight to invest in a pie-tin and an RFID reader?," asks James Hannon. "To hell with privacy; isn't 'secrecy' an issue?" Hannon was by no means alone in his feelings. That's really useful. Now, when US forces engage the bad guys, the bad guys can just scan their armoured vehicles to find out how much ammunition they've got, what types of missiles, what armour and communications systems are installed, how many people are inside etc. Unfortunately, the enemy won't be able to determine if the US forces are packing gravel. Still, US technology has provided such a significant battlefield advantage that it's really heartwarming to see the DoD "play fair" by deploying systems to boost the intelligence gathering capabilities of the enemy. Regards Adam Oellermann But the most insightful letter has come from a former Army employee who worked on an RFID project in Germany. He writes: First off, the Army has been using RFID since the IFOR deployment to Bosnia. Initially, of course, it was done in a very limited manner. It was done on a container level, using programmable tags. A soldier would be handed a bill of lading for a single container, and would program the contents of the container onto the tag. The tags themselves could be read in one of two ways -- either a hand-held tag reader or a fixed reader. The hand-held readers were used to locate items in container yards on bases (for example, in Tuzla). A soldier could enter the code for the type of item they wanted, and it would cause the tag on the container to beep and a light on the tag to flash, if the tag had the item they were looking for entered into it's memory. The fixed readers were set up at gates on various bases and were used to confirm delivery of items to bases. The information from fixed readers is correlated on a central server so that the logistics people could determine where supplies were when someone put in a request for them -- so that they could use the nearest supplies, rather (in the case of the troops in Bosnia) than shipping the equipment from Germany. The problem that we found with the system was that people would remove items from the containers and not update the inventory on the tags on the containers, so you as a logistics officer could (potentially) be delivering an empty container somewhere, thinking it was still full. I believe that the RFID tagging of supplies from the manufacturer is being done so that the programmable tags on containers can be automatically updated when items are placed in or removed from the containers. The reason for the introduction of RFID into the Army comes from the first Gulf War. During the war, there was no real system for tracking what supplies were where. They were spray-painting the contents of the various containers onto the sides of the containers in the harbors. When, as in the first Gulf War, you had some 3-5,000 containers to keep track of, it was not an easy task. You also didn't know how much of whatever it was was left in the container without actually taking the container out of the stack and opening it, which further complicated matters. Another reason was that because there was no real en route tracking of material being sent from 'headquarters' (or wherever) to the troops on the front lines, items would be ordered three and four times (and more, in some cases), which meant that far more supplies got shipped to the forward bases (Diego Garcia and Saudi Arabia) that was actually required. Another problem was that the first order would go in at a 'normal' priority, and succeeding orders would go in at higher and higher priorities, which also caused problems. For example, once you get beyond a certain priority level (particularly in areas where there's shooting going on) things are shipped by air, which costs a lot more than shipping by sea, which was the normal case. I've heard stories about the amount of wood and barbed wire that were left behind after the first Gulf War because of situations like that (I've also heard stories - I don't really know if they were true or not - about a 747 that carried a full load of barbed wire over from the US (at considerable cost), only to arrive and have none of it used, since they had already received enough and just hadn't known that it was on the way already....) While I agree that RFID has very privacy issues when used on normal consumer goods -- I'd never knowingly purchase anything that had a tag on it -- I think that for the military it makes sense. Particularly since they have a habit of losing track of things.... (Name supplied)
Ashlee Vance, 28 Oct 2003

Ohio claims AOL ignores the free in ‘free trial’

A deluge of complaints from Ohio consumers has prompted the state's Attorney General to file suit against AOL and its CompuServe subsidiary, charging the ISPs with illegally ignoring users' cancellation of service requests. Over the past two years, more than 250 complaints against AOL and CompuServe have poured into the Consumer Protection section of the Attorney General's office. The consumers have criticized both ISPs for charging their credit card and bank accounts after receiving cancellation orders. In addition, consumers say the companies do not clearly display information about canceling free trial programs. These gripes prompted Jim Petro, AG of Ohio, Monday to file suit against AOL and CompuServe, seeking a $25,000 fine for each alleged violation and refunds for the consumers. “Consumers should be able to cancel an agreement with a business within contractual terms and have the comfort of knowing the business will honor that cancellation,” Petro said. The situation sounds similar to a Freudian battle that Real Networks customers currently face. The Ohio AG went on to charge AOL with ignoring a previous agreement reached between the two parties. In 1996, 1997 and 1998, Ohio, along with other states, called for AOL to make the terms of its service and cancellation options clear. "AOL has not complied with all terms to which they agreed," the Ohio AG said in a statement. Ohio is asking for a permanent injunction against AOL and CompuServe to stop their alleged deceptive practices. This complaint is yet another blow to AOL, which is currently under the microscope courtesy of the Securities and Exchange Commission (SEC) and Department of Justice. Both groups are looking into the company's accounting practices. The SEC is also investigating AOL's methodology for counting subscribers. ® Related Link Ohio statement
Ashlee Vance, 28 Oct 2003

PlayLouder launches royalty paying music share service

UpdatedUpdated Digital music firm PlayLouder and broadband outfit Bulldog have combined forces to launch what is billed as the "world’s first royalty paying ISP". PlayLouder MSP (Music Service Provider) will license rights from music companies to allow its subscribers to download and stream music from other users of the service in a “walled garden” environment. For a monthly subscription, PlayLouder MSP will provide a broadband Internet connection - from Bulldog - bundled with music services. PlayLouder MSP has already secured backing and music from independent record labels XL Recordings, Beggars Group, V2 Music, PIAS Recordings and Ninja Tune. It has also secured licence agreements with MCPS-PRS, the licensing body that collects royalties on behalf of music publishers. Technical trials of the service are due to begin this Saturday (November 1). A full UK launch is scheduled to begin in the first quarter of next year. Paul Sanders, a director of PlayLouder MSP and co-founder of Internet music company State 51, said the service will come in at a price "comparable" to competitive broadband services but with the bonus of legal access to a wide range of MP3 files. The service is likely to cost around £30 per month, he added. By establishing a service that allows music fans to trade files legally (with fellow subscribers of PlayLouder at least), PlayLouder MSP hopes to "revolutionise the way consumers and the music industry look at online music distribution". Subscribers will be able to trade music legally using their favourite file sharing application, while music companies will gain royalties for previously unlicensed and unlawful file sharing activity. Sanders said he was "quietly confident" the venture will reach the 40,000 subscribers it estimates will sign up to PlayLouder MSP during its first year of operation. He believes many music fans irked by the "chaos and unreliability" of the underground file swapping scene came be tempted to embrace a legitimate service. "We think the best way to persuade people to go legal is to build music services into the fabric of network, which we expect to prove popular especially with users who already understand the speed benefits broadband brings," Sanders told The Register. The service will offer a guarantee of quality and authenticity by removing the 'spoofing', spam, and flooding which often bedevils unlicensed file-sharing networks. On top of its ISP function, PlayLouder will provide services tailored to music fans such as radio streaming, exclusive webcasts from high profile live events, and a video jukebox. PlayLouder also hopes to offer money off CDs and cheap gig ticket offers as an additional benefit of subscribing to the service. ® Related Stories iTunes comes to Windows Sony to tie online music service into hardware Napster 2.0 public beta to go live next week P2P swamps broadband networks eDonkey rides like the wind in P2P protocol races Bulldog offers 2Mbps at 512K prices Brit ISPs run ADSL price promos
John Leyden, 28 Oct 2003

Suspected paedophile cleared by computer forensics

IT forensics firm Vogon has explained how its work helped clear a man accused of storing child pornography on his computer by proving his PC was contaminated by Trojan horse infection capable of downloading illicit images onto his machine. Julian Green was arrested in October 2002 after police raided his home and found 172 indecent pictures of children on his hard drive. His solicitor, Chris Bittlestone of South Devon law firm Kitson Hutchings, called in one of Vogon International's forensic investigators, Martin Gibbs, to help. A clone of Green's hard drive was sent to Vogon International in Bicester, where it was imaged and processed in the forensic laboratory using Vogon's specialist software. The data was then extensively examined and a report prepared, which highlighted that the Trojans were most likely to have come from unsolicited emails that Green opened before he deleted them. Gibbs identified 11 Trojan horse programs on Green's computer which were set to log onto "inappropriate sites" without Green's permission whenever he loaded up a browser to access the Internet. These findings were decisive in clearing Green of the 13 charges of making indecent images he faced at Exeter Crown Court this summer. On receiving evidence from Vogon the prosecution decided to drop the case. "The prospects of my client being able to effectively defend himself without Vogon's help were very remote," said Bittlestone. "The stakes for him were extremely high - if he had been convicted, prison was a strong likelihood. "The maximum sentence for possession of such images is ten years' imprisonment, and anyone convicted of such a matter would have become subject to registration with the police as a sex offender for a period of five years. Martin Gibbs' report was pivotal in this very important case." Green's acquittal is one of three recent cases where a Trojan defence has succeeded in a British court. In April this year, Karl Schofield, 39, was cleared of possession of child porn when prosecutors accepted expert testimony that the unnamed Trojan could have been responsible for the presence of 14 child porn images on his PC. Aaron Caffrey, the teenager hacker accused of crippling the Port of Houston's web-based systems, was found not guilty of computer crime offences this month after a jury accepted his story that attackers used an unspecified Trojan to gain control of his PC and launch the assault. The prosecution argued that no trace of Trojan infection was found on Caffrey's PC but the defence was able to counter this argument with testimony from Caffrey that it was possible for a Trojan to wipe itself. Nobody is disputing the validity of these verdicts, however legal and security experts have expressed concerns that the Trojan defence might become subject to misuse. Vogon's Gibbs believes such concerns have been overplayed. "I don't believe, as some have suggested, that recent cases with 'open the floodgates' to Trojan defences in cybercrime cases. When we look at how indecent images got onto a PC, for example, there is more to substantiate a claim that a Trojan was responsible than just the viral infection of a PC," Gibbs told The Register. Gibbs was reluctant to go into details but said that factors like file directory structures and registry entries are among the items it considers when making a forensic examination of evidence. Vogon is asked to carry out computer forensic examinations in a variety of civil and criminal cases, working for both the prosecution and defence. When a Trojan defence is used in a criminal case it is "down to the prosecution expert to dispute the claim", Gibbs added. ® Related Stories Caffrey acquittal a setback for cybercrime prosecutions Teen hacker is not guilty Trojan defence clears man on child porn charges
John Leyden, 28 Oct 2003

Microsoft settles six more suits

Microsoft has reached the "halfway point" in its legal marathon after announcing settlements Tuesday with five more states and the District of Columbia. Brad Smith, general counsel at Microsoft, presided over a conference call with the press to cover deals reached with Kansas, the District of Columbia, North Carolina, Tennessee, North Dakota and South Dakota. All told the class action settlements have a "face value" of $200 million. Microsoft must still deal with five other states and come to terms in suits with Sun Microsystems, Burst.com and the European Union. "I think we have passed the halfway point and perhaps gone a bit farther," Smith said, referring to the sum total of Microsoft's legal troubles. Microsoft has now come to terms with 10 states that had brought class action antitrust suits against the company. Microsoft could pay out as much as $1.55 billion as a result of the deals - the vast majority of that amount coming from a $1.1 billion agreement with California. The settlements are based, in part, on the size of a state's population and its class action lawsuit provisions. In all cases, the class can receive vouchers to be used toward computer hardware, software and training. Large portions of any unclaimed vouchers are then awarded to schools. While the vouchers do not require the purchase of Microsoft kit, the Beast will no doubt see plenty of the cash coming back its way. The pre-call Calypso hold music put reporters in a soft, warm place before Smith jumped on the horn to air Microsoft's dirty laundry. The hardest working man in tech litigation rattled off one lawsuit after another in impressive fashion. He assured the audience of eager journos that Microsoft has learned a lot in its journey through the System. One lesson is that it must work to be kinder and gentler towards the rest of the industry. (Twenty lawsuits will do that to a company.) Microsoft even managed to offer up an olive branch - or was it hemlock - to Sun. "We hope that there may come a day in the future when the relationship between the two companies is more constructive," Smith said. Not bloody likely. Microsoft ranks its battles with Sun, the EU, Burst.com and an appeal from the state of Massachusetts, as the four main legal hurdles it must still cross. The company was also proud to point out that 17 class action lawsuits have either been dismissed or failed to reach class action status. All told, Microsoft has escaped several years of litigation with but a few slaps on the wrist and fines that are hardly noticed in its massive bottom line. Not bad for a convicted monopolist. It's enough even to make Admiral Poindexter proud. ® Related Link Microsoft statement
Ashlee Vance, 28 Oct 2003

Shareholders approve Palm, Handspring merger

Palm shareholders today voted to approve the company's acquisition of Handspring, the firm created by the PDA pioneer's founders after leaving Palm in 1998. Handspring's shareholders gave the move their thumbs up too. The agreement of both sets of stakeholders means the acquisition will now go ahead, having already been granted regulatory approval. Last week, Handspring settled two lawsuits that might have blocked the takeover. And with the deal done, Palm OS development business PalmSource now becomes a truly independent entity, and the Palm Solutions Group rechristens itself PalmOne with the PLMO Nasdaq ticker symbol. PalmSource stock will be traded as PSRC. Palm shareholders will get the 86 per cent of PSRC stock Palm holds, each receiving 0.31 PalmSource shares for every Palm share they own. Immediately afterward, Palm becomes PalmOne, which will then issue 13.9 million shares to Handspring shareholders on an exchange rate of 0.09 PalmOne shares for one Handspring share. It's all timetabled so that Handspring shareholders do not receive any gratis PalmSource stock. ® Related Story MS 'Windows for iPod' delayed but still marks death of PDA
Tony Smith, 28 Oct 2003

NGSCB, aka Palladium, in next generation of CPU, says Gates

Microsoft's Next Generation Secure Computing Base (NGSCB, aka Palladium) will be built into the next generation of CPUs, Bill Gates claimed yesterday, effectively making security via hardware ID an integral part of the Windows PC platform. And Microsoft is talking to the chip and PC companies about the introduction of hardware ID, so we will likely be seeing some decidedly NGSCB-like features well ahead of Longhorn. Bill has a talent for what Lady Mary Archer has described as "imaginative precis", so we can never take his presentation material as absolute gospel. It is however extremely valuable in determining where it is that Microsoft wants us to go tomorrow, and how Microsoft proposes to get us to go there. This time around, the security imperative figures high in the company's drive to wrest what remains of your control of your computer from you. Over to Bill, and we'll unpick as we go: "Another enhancement that hasn't been talked about very broadly is the fact that the next generation of processors will build in a new security capability called, kind of obscurely [remind us who it was who renamed Palladium, Bill], Next Generation Secure Computing Base, or NGSCB is the acronym for that. What that does is it allows you to still run arbitrary third-party software to be able to make security guarantees, that the decryption keys and some software is running in such a way that third-party software is isolated from it." As is so often the case with Bill, you just about know what he means, as opposed to what he said. What he means here is that NGSCB machines will still run standard software, ringfenced off from the secure components, but its point is that it uses the secure components and software to establish trust relationships. Check here for a longer explanation of what NGSCB is, and how it will operate. Note also that although it is not DRM, it is a very useful base for DRM systems, while the S-word is a very useful cover for such systems. If the particular next generation of processors Bill is talking about makes it to market before Longhorn, then it's perfectly feasible that at least some of NGSCB can be catered for before Longhorn. Microsoft has never specifically said that NGSCB is a Longhorn product, just that it's a long-range product. The hardware ID component of NGSCB was initially intended to use a TCPA-compliant chip on the motherboard, and this can still happen to enable more immediate secure systems, while getting it onto the CPU itself will allow Microsoft to make NGSCB into a standard. Call it DRM, people will run, call it security, then maybe not. Microsoft is calling it security. If we go back to Bill's presentation and focus on SP2, we get: "So we have an update to the client that turns the firewall on by default. It's got changes in Outlook Express and IE for safer e-mails and browsing [we expect he doesn't mean Mozilla by this]. It uses some of the new hardware features in the newer chips to block a large class of exploits. It changes the way we do some of the code protection. We recompile a lot of the key modules. That goes into the beta later this year, SP2." We shouldn't read too much into that, because Bill isn't being specific either about what these new hardware features are, or how Microsoft is going to use them. It does however signal that security-driven changes in hardware are being introduced now, as part of an ongoing ramp, rather than being something that won't happen until 2005-6. Speaking about NGSCB in his own presentation, which followed Gates', Jim Allchin said "we're working with the hardware vendors to be able to create a system so that we can boot and ensure that we're booting securely and that we can create shadowed memory where code can execute but you can't debug it." Note that he says hardware vendors, not CPU vendors, so we have Microsoft, the chip companies and the PC companies all talking about the introduction of hardware security. Gates himself had a couple more nuggets. In his speeches lately he's taken to complaining that one of today's big problems is anonymous email, so we don't know who's really sending it. Yesterday was no exception: "We have a number of things that are weak links in the security picture. Passwords over time will not be adequate to deal with critical information. The fact that e-mail, you don't really know if it came from the person it appears to come from, and even the fact that Internet packets can be spoofed, so at many levels of the standards that we have we need to add security capabilities." From Microsoft's perspective the solution here is clearly hardware ID, supported by Microsoft software. This clearly has implications for the rest of us, and it would possibly be useful to consider the implications of the elimination of anonymity, which seems to be what is being proposed, now, and for Microsoft to start sharing with us its security-driven plans for amendments to Internet standards. But don't hold your breath. Microsoft's intentions to switch on the XP firewall by default, and to upgrade it to deal with outgoing as well as inbound traffic, are fairly well known. But it also has rather more wide-ranging plans; what about this, for example: "And when I say firewall, I mean that in a very broad sense. I mean scanning files that come through e-mail or FTP, I mean being able to look at a machine that's been connected up to the Internet and, when that machine VPNs in, being able easily to scan it to make sure it doesn't have a problem and that software is up to date, or perhaps taking that same machine and carrying it in to the corporation and connecting it up, then it's behind the firewall again that needs to be scanned." Bill clearly means firewall in a very broad sense indeed - compulsory but easy to conduct full body searches on machines connecting to the network are obviously going to be attractive to the corporate market, but if the technology can do it there (probably with the aid of hardware ID, again), then it surely won't stop there. You could envisage submitting to the body search and taking your nice patches as being the entry tab for all sorts of connections, and you could see Windows as becoming pretty much compulsory for such scenarios, considering it's such a tricky call for what rivals there are. These will be faced with the question of whether to agree with, and follow, Microsoft or to stay out and risk having the security can tied to their tails. Or to join forces and invent a rival "open" hardware-linked rights-denial system. Ah, you say, but haven't previous attempts in this kind of area been stymied by indignant consumers? Has not Intel already had to climb down over unique IDs? Hasn't Microsoft? Well, yes indeed, but that was then and this is now. Consumers are currently outraged by security breaches, spam, virus attacks, ID theft, and most people are blaming Microsoft for much of this. But most people would also like something done, and will tend to agree that new technologies that get that something done are A Good Thing. So if Microsoft plays its cards right it can move from the position of hesitating over their introduction to acceleration. And then untie the security can from its own tail and hand it to whoever's objecting. Arguing against it will be a lot more difficult than it has been in the past, and ignoring it may not be an option, if you're going to end up ignoring the bulk of the market by doing so. Microsoft is seeding it slowly into its own presentations now, and if we don't start objecting now, then soon we could discover it's too late. ®
John Lettice, 28 Oct 2003