Like Macaulay Culkin after the reality of puberty set in, the Itanium and Opteron processors are suffering from growing pains. Try as they might to conquer the server market, the 64-bit processors from Intel and AMD have yet to show serious gains. The latest server data from Gartner shows that only 6,281 Itanium boxes and 31,184 Opteron boxes were shipped in the first quarter of this year. Together, Itanium and Opteron servers accounted for 37,000 of the 1.6m units moved in the period. Just how bad is the state of the pubescent Itanic? Think of thriving acne with an outside chance of cleansing. The good news for Intel is that the 2004 first quarter sales were well above last year's total of 1,255 Itanium servers shipped. Along with higher unit sales, revenue also surged from $38m to $282m, according to Gartner. That puts the average sale price of an Itanium server at about $45,000 - a midrange box. The bad, face-scaring part of that total is that it makes up only a fraction of the $11.8bn in servers sold by all vendors. So if all Itanium vendors do make up an "ecosystem" as Intel likes to say, it's an ecosystem not much bigger than the grotty vegetable crisper in an undergraduate's fridge. For Opteron, the story is a bit brighter. Think sporadic breakouts controlled by Clearasil dips. AMD's Opteron processor accounted for $93m in total Q1 server revenue. Gartner does not have year-on-year numbers for Opteron, since the chip arrived after the first quarter closed in 2003. The 31,000 units aren't bad, but they hardly match up to the more than 1m Xeon servers shipped in the quarter. Good luck with the dating, boys. ® Related stories Server vendors work hard for their money in Q1 AMD restates dual-core CPU scheme Sun must replace hot air with firm chip detail - Gartner Will Opteron's first birthday be its most memorable?
Yesterday's deal between T-Mobile and Cingular ends a three-year-old joint venture between the two rivals and will have significant effects on subscribers in California and New York - but not necessarily for the mobile phone user. The two carriers have run a network sharing agreement which gives T-Mobile's Californian subscribers access to Cingular's network in California, and Cingular customers access to T-Mobile's infrastructure in New York. T-Mobile has bought part of the original PacBell network covering California and Nevada from Cingular and it gains exclusive access to its New York operations. In addition, it has bought spectrum from Cingular in San Francisco, Sacramento and Las Vegas. The deal cost T-Mobile $2.3 billion and the two carriers will go it alone from next year. Analysts judged that the venture had worked out in T-Mobile's favor, as it had gained more users in California than Cingular had on the east coast. But for long-suffering Cingular and T-Mobile users hoping for better reception in California, celebrations may be premature. Before morphing into Cingular, PacBell's GSM network had excellent coverage, but a relentless sales drive and in influx of new T-Mobile subscribers (now numbering 1.7 million) saw quality nose-dive. T-Mobile users in California are likelier to be the happier, as they lose the Cingular subscribers and gain additional spectrum. Cingular's customers will be bumped onto AT&T Wireless' new GSM network, should the $41 billion mega-merger be approved by the regulator as expected. T-Mobile certainly seemed best pleased: it was the only one of the three carriers involved in the swap to mark the news with a press release. Cingular must be confident that AT&T Wireless' GSM America network, freshly upgraded from TDMA, can take the strain in California. Only the two companies know for sure how much capacity this can handle. Ominously, T-Mobile's experience demonstrates that despite offering less-than-stellar service, a carrier can still gain a large number of subscribers in the medium-term through attractive pricedeals. Cellphone users simply get used to leaning out of their apartment windows to get a signal. Wall Street and corporate bean-counters love mergers because they squeeze costs out of the system. But cost efficiencies aren't necessarily passed onto consumers. Only yesterday the business-friendly Phoenix Center predicted that the merger would result in higher prices for cellphone users of 8.4 per cent. The authors of the report use several metrics including one called the Herfindahl-Hirschman Index, which tries to quantify the amount of consolidation within an industry. The report discounts the many small local operators in the US and focuses on the big five carriers who offer national service: Verizon, Cingular, AT&T Wireless, Sprint, T-Mobile and Nextel. According to the authors, because the largest operators - Verizon, Cingular and to some extent Sprint - were created out of mergers between the Baby Bells (Verizon was created out of a merger between Bell Atlantic, GTE and smaller providers , they find collusion far more attractive than competition. There's a footnote with a damning piece of supporting evidence, citing SBC Chairman and CEO Ed Whitacre. Transcript of SBC Communications Analyst Meeting, FD (FAIR DISCLOSURE) WIRE (November 13, 2003) UNIDENTIFIED PARTICIPANT: Apparently you’re going to be offering a voice over IP product out of region; won’t that anger perhaps Bell South and - EDWARD WHITACRE: Well, absolutely it will. And just like if they come in (inaudible) it’s going to anger us. Of course, the answer to that is, yes, but it’s a non-issue since we have a good partnership and it’s not happening. Uh-huh. ® Bootnote: For a detailed, county-by-county breakdown of who has what spectrum in the AT&TW/Cingular merger, you'll find this document useful [via the FCC: PDF, 2.5 MB]. Related stories Deutsche Telekom acquires US mobile networks Voda, T-Mobile have a spring-clean Voda explains AT&T Wireless defeat
The Californian state Senate has voted to introduce safeguards on email services that, like Google's Gmail, scan incoming and outgoing email for specific terms in order to display advertisements. Google views its new email service as an extension of its advertising business. Despite intensive lobbying, and the full weight of right-wing think tanks and Internet marketing hypesters, keen to exploit the commercial potential of personal data troves, the Senate voted 24-8 to prevent the misuse of the data. Few will object to the terms in Sen. Liz Figueroa's bill, which explicitly allows instant messaging and email providers to scan the text of messages for advertising and to remove spam and malicious code. However, data-hoarders won't be able to transfer it to third-parties or allow their staff to examine emails without consent. Most importantly, the service provider is forbidden from retaining "personally identifiable information or user characteristics obtained, derived, or inferred" from the scanning process. Privacy campaigners have responded to the defense of "don't like it - don't' use it" by pointing to the pervasive nature of the service. Because content scanning is applied to incoming as well as outgoing emails, Internet users have the choice of being scanned or ignoring friends. "We're not going to have any choice but to send mail to people at Gmail just to function in the e-mail world," says campaigner Daniel Brandt. "Quite simply, there is no hue and cry among e-mailers to have ads put into their e-mails, just as there is little or no interest among phone users to hear, at the beginning of a call, 'This conversation is brought to you by?'" the Sen. Figueroa had written, introducing the legislation. "In addition, there is a general abhorrence for the idea that the privacy and confidentiality we expect in virtually every other communicative medium is something that is, or should be, optional." The wording may yet be amended. The bill now moves to the State Assembly, where the Democrats have a majority. ® External link Bill SB.1822 - Privacy: online communications Related Stories State senator drafts Google opt-out Bill Google values its own privacy. How does it value yours? Germans garotte Google Gmail over privacy Google mail is evil - privacy advocates Google's Ethics Committee revealed Google decides banner ads, skyscrapers are not evil Yahoo! blasts back at Google Google files Coca Cola jingle with SEC Big Brother nominated for Google Award
Dell is championing Fibre Channel in its fight back against iSCSI and NAS, with its launch of a £5899 (E8499) low-end SAN kit which includes a Brocade switch, two QLogic host adapters and a new Dell-EMC storage subsystem based on Serial-ATA hard disks. "We are taking Fibre Channel to new markets in smaller businesses and departments," said Neil Hand, the worldwide marketing director and co-lead of Dell's enterprise group. He says that with the right software tools on top, simplified installation and standard services, Fibre Channel SANs can more than hold their own against the competition. EMC boss Joe Tucci agreed, saying that iSCSI has its place and will eventually appear on the AX100, but adding: "We're bringing the cost per Fibre Channel port down to a level people said it would never reach. We are trying to offer a SAN at a price that's very competitive with DAS." Dell hopes the SAN package will appeal to customers who would previously have bought its Powervault SCSI subsystems. It also sees significant opportunities in Europe for a £3499/E4999 direct-attached version of the AX100, which comes with a single HBA and gives the option of building a SAN later. The package is very much aimed at smaller businesses, as its growth potential is restricted. For example, its SAN connectivity takes the shape of Brocade's Silkworm 3250 VL2E eight-port switch. This was specifically designed to cut the cost of getting into Fibre Channel by limiting the fabric to a maximum of two switches, although it is upgradeable to full fabric capability. Similarly, the Dell-EMC Clariion AX100 storage box starts with three 160GB drives for 480GB, or around 320GB usable if you put RAID-5 on it. It takes a maximum of 12 SATA drives, giving 3TB if you fit 250GB units, and beyond that all you can do is add another box. Tucci says that the AX100 is specifically designed to be installed and set up by end users. "I tried it myself and installed it in just over half an hour," he said. "It's geared to a market that EMC has never gone to before," he added, quoting market forecasts that show significant growth for networked storage sales to smaller businesses. "We sold to data centres, but teaming with Dell we have used its experience to drive our technology down to SMEs and SoHo, and also to workgroups and branches within enterprises. "SME customers are much more likely to buy storage and servers from one vendor, and we don't sell servers. Enter: Dell," Tucci added. "And who's our competition there? It's IBM and HP, so this partnership makes us much more effective against them. "So we collaborated with Dell on what do we need to do to hit this market, what price points, what ease of use - ease of use is not something our engineers had concentrated on as much as they might have." Clariion is now a $1bn business for EMC, with a third of that going direct, a third through Dell and the rest through other resellers. With the AX100, the direct share will disappear, Tucci says. "it's a very different model with Dell compared to our other OEMs," he added. "Dell builds, and then pays us a fee per machine, so in one way our margin on a Dell sale is 100 percent, although the revenue is lower." ® Related stories CommVault codes its way onto Dell storage Storage software is all the rage in Q4 Dell deepens ties to VMware
Intel will ship its Pentium 4 chipset, 'Grantsdale', as the i915 family on 21 June, alongside a set of 775-pin processors, sources familiar with the chip giant's plans have claimed. As reported by Xbit Labs, the sources say Intel will formally announce the i915 name next week at Computex, re-christening its high-end P4 chipset 'Alderwood' as the i925 at the same time. Many of Grantsdale's features - DDR 2 SDRAM support; PCI Express; Serial ATA; Hi-Definition Audio; restyling Extreme Graphics 3 as the Graphics Media Accelerator 900; soft wireless access point technology - are well known, but sources close to the company tell The Register that the Intel will announce a number of features that have not yet leaked out. The GMA 900, for instance, is known to support DirectX 9.0's pixel shader 2.0 specification - vertex shaders are handled in software. It also supports OpenGL 1.4. It can handle dual displays, using RGB, DVI, 1080i and 720p HDTV, s-video, and composite and component outputs. The graphics core is clocked at 333MHz. ® Related stories Hardware vendors descend on Taipei Intel to launch 3.6GHz P4 in June Intel bins 'Extreme' graphics name Intel completes hi-def audio spec Grantsdale DX9 support limited to pixel shader only Intel moots Centrino-style home PC platform Nvidia, Intel target corporates with multi-screen rigs Intel to integrate Wi-Fi into next P4 chipset Intel Alderwood chipset details emerge Intel Tejas , 'Grantsdale' snaps spotted on web
In Brief Cable & Wireless has bought Bulldog, the British ISP, for £18.6m. Set up in 2000, Bulldog has carved out a broadband niche, often using its own equipment to act as principal supplier, rather than as a simple reseller for BT Wholesale. The firm has installed its own gear in 38 BT exchanges in central London, installed under local loop unbundling (LLU) rules. Francesco Caio, C&W chief executive, said Bulldog has an experienced team specialising in LLU services and the acquisition will accelerate the firm's ability to deliver direct DSL connections. ® Related stories Industry warms to BT's LLU price cuts Tiscali is UK's 'fastest-growing' broadband ISP UK DSL coverage reaches 90%
It was five years ago today...It was five years ago today... ...well, take your pick. In this case, it's OS/2 - IBM's ill-fated OS, now remembered with fondness by those who think that the Hillman Avenger is a classic automobile*: IBM exec outlines MS plan to throttle OS/2, Lotus By John Lettice Published Friday 28th May 1999 10:02 GMT IBM exec Garry Norris yesterday detailed a Microsoft campaign to throttle OS/2 in the run-up to the launch of Windows 95. IBM and other PC companies, including Compaq, were threatened with higher prices if they shipped rival products as well as Windows. Norris, program director for software strategies with the IBM PC Co, was involved in extensive negotiations over IBM's Windows licensing deals from early 1995 until 95's launch that August. Microsoft was obviously playing hardball, as Norris claims that that IBM didn't get its final deal until 15 minutes before the launch. An $8 price reduction, he said, was secured for "exclusion of OS2 and expedited shipments of Windows 95." Other manufacturers, including Compaq, agreed not to sell OS/2 after Microsoft threats, said Norris. This is not of course strictly correct, as OS/2 was available from various PC companies, Compaq included. But it wasn't always that easy to obtain, so Norris may be right in some senses. Norris achieved instant fame earlier this week when it was revealed that he'd kept a detailed diary of two years' negotiations with Microsoft, and his testimony seems to be providing the clearest picture yet of how Microsoft used its muscle against PC manufacturers, via a mixture of threats, inducements and hard cash. He came up with some useful numbers, saying that IBM had been paying $9 a copy for Windows 3.1, but that initially with Windows 95 Microsoft wanted $46. The 3.1 fee was probably the lowest price paid by any OEM, while the $46 was higher than rivals. "Microsoft told us repeatedly, `Because you compete with us, you're going to get unfavorable terms and conditions,'" he said, backing it up by saying payments to Microsoft had risen from $40 million in 1995 to $220 million in 1996. Compaq's higher discounts are justified by Microsoft as being because of greater volumes, but this can't have been the case in earlier years, before Compaq shipments passed IBM's. He also provided evidence of linkage by Microsoft between operating system and application sales, claiming that IBM would get better prices if it didn't ship Netscape Navigator and Lotus SmartSuite. For Microsoft Office bundles he was charged "IBM's price" of $250 per copy, considerably higher than the Compaq or HP price. Microsoft might have some justification for claiming volume discounts here, if IBM was shipping fewer copies of Office. "Microsoft repeatedly told us that as long as we were shipping competitive products, such as Smart Suite and OS2, we would not be treated the same as Compaq and others," he said. And the rest, as they say, is history... ® Bootnote *Could irate OS/2 aficionados please direct their emails to someone else, rather than us. Thanks.
LetterLetter Our thanks to Nick Ricioppo for this contribution. Ordering Pizza in 2019 Operator: "Thank you for calling Pizza Hut. May I have your..." Customer: "Hi, I'd like to order." Operator: "May I have your NIDN first, sir?" Customer: "My National ID Number, yeah, hold on, eh, it's 6102049998-45-54610." Operator: "Thank you, Mr. Sheehan. I see you live at 42 Meadow Drive, and the phone number is 01234 56789. Your office number over at Lincoln Insurance is 01324 098765 and your mobile number is 07987 777878 . Which number are you calling from, sir?" Customer: "Huh? I'm at home. Where did you get all this information?" Operator: "We're wired into the system, sir." Customer: (Sighs) "Oh, well, I'd like to order a couple of your All-Meat Special pizzas..." Operator: "I don't think that's a good idea, sir." Customer: "How come?" Operator: "Sir, your medical records indicate that you've got very high blood pressure and extremely high cholesterol. The NHS won't allow such an unhealthy choice." Customer: "Damn. What do you recommend, then?" Operator: "You might try our low-fat soya bean Yoghurt Pizza. I'm sure you'll like it." Customer: "What makes you think I'd like something like that?" Operator: "Well, you checked out 'Gourmet Soyabean Recipes' from your local library last week, sir. That's why I made the suggestion." Customer: "All right, all right. Give me two family-sized ones, then. What's the damage?" Operator: "That should be plenty for you, your wife and your four kids, sir. The 'damage,' as you put it, heh, heh, comes to £16.99." Customer: "Let me give you my credit card number." Operator: "I'm sorry sir, but I'm afraid you'll have to pay in cash. Your credit card balance is over its limit." Customer: "I'll run over to the ATM and get some cash before your driver gets here." Operator: "That won't work either, sir. Your current account's overdrawn." Customer: "Never mind. Just send the pizzas. I'll have the cash ready. How long will it take? Operator: "We're running a little behind, sir. It'll be about 45 minutes, sir. If you're in a hurry you might want to pick 'em up while you're out getting the cash, but carrying pizzas on a motorcycle can be a little awkward." Customer: "How the heck do you know I'm riding a bike?" Operator: "It says here you're in arrears on your car payments, so your car got repossessed. But your Vespa is paid up, so I just assumed that you'd be using that." Customer: "235/427/31" Operator: "I'd advise watching your language, sir. You've already got a July 2006 conviction for swearing at a policeman." Customer: (Speechless) Operator: "Will there be anything else, sir?" Customer: "No, nothing. Oh, yeah, don't forget the two free litres of Coke your ad says I get with the pizzas." Operator: "I'm sorry sir, but our ad's exclusionary clause prevents us from offering free soft drinks to diabetics. ®
Having roundly trashed Nvidia's PCI Express graphics module format, MXM, ATI will tout one of its own, dubbed Axiom, The Register has heard on the grapevine. The specification could be revealed as early as next week. That some such system was on the cards was signalled to us earlier this month by an ATI spokesman who told us: "We have already been empowering upgradeability from an ODM and OEM or an end-user perspective through FLEXFIT, pin and driver compatibility, and modules design, and with PCI Express we will develop this further." (our emphasis). And then, Billy Wang, VP of ATI Asia-Pacific, let slip a few weeks back to Taiwanese news site DigiTimes that the company was on "a PCI Express support module architecture called Axiom". Quite how Axiom differs from MXM isn't known - indeed, very little is known about the ATI spec. MXM was developed to let notebook manufacturers to slot graphics chips into their machines rather than physically add them to the motherboard. That means they can not only update their notebooks' graphics sub-systems more easily, but tout upgradeability to end users. Graphics card manufacturers will then benefit from the creation of an after-market for notebook users of the kind that already exists to sell to desktop owners. MXM has three sub-specifications, for thin'n'light, mainstream and desktop replacement notebooks, respectively. It is not known whether Axiom supports the same segmentation. ATI's pitch is that with a claimed "73 per cent of the discrete notebook graphics market", it's in a much better position to win sufficient support from OEMs, ODMs and graphics card companies to establish a de facto standard of the type Nvidia is proposing. Of course, that's exactly how Nvidia hopes to dent that 73 per cent share - by offering a format that said OEMs, ODMs and graphics card companies can rally to. Whatever ATI comes up with, expect mud to be flung at it by Nvidia - much as ATI chucked the stuff at Nvidia. But unless both specifications are fully interoperable, then the notebook graphics market is not going to change. Vendors will presumably choose MXM or Axiom depending on whether they already favour Nvidia's or ATI's graphics chips, and while end users may be able to upgrade their notebooks, they'll still be stuck with a single vendor. ® Related stories Nvidia rolls out mobile graphics add-in card format ATI readies PCI Express Radeon X880 XT ATI launches R420 ATI confirms no Shader 3.0 in Radeon X800 ATI targets Nvidia's 60% desktop chip share ATI posts strong Q2
Doctor Who fans are apparently beside themselves with excitement at the news that former popstress Billie Piper will become Doctor Who's new assistant for the scheduled return of the roving Time Lord. Piper will star as Rose Tyler alongside established thespo Christopher Eccleston when the series returns in 2005. This has pleased large swathes of the Doctor Who fan community, whose approval must come as a great relief to the BBC. Doctor Who Appreciation Society spokesman Antony Wainer confirmed that punters were "very excited" by the casting coup. "She's a very pretty lady, her acting credentials have been proven and she will have a wide appeal," he told BBCi. Indeed. One breathless posting to GallifreyOne.net says: "I think the choice of Billie Piper is absolutely fantastic. With her announcement in the papers, people were discussing her and the show at work like never before. People seem to really like the fact she has matured from a teenage pop star to an actress, getting very good reviews." It's not all clearness and light, though: "Is it just me or does this smack of 'publicity stunt' casting?" asks one stroppy poster. "I thought we'd gotten away from that sort of ridiculous thing when Bonnie Langford proved to be so unpopular." Bonnie Langford? Unpopular? For shame. As for Billy Piper, she has several noteworthy television achievements to her name. The most important is undoubtedly marrying ginger jester Chris Evans and jetsetting off round the world - thereby keeping Evans off UK terrestrial TV since 2000. Meanwhile, the Doc's former companions Leela - played by Louise Jameson - and Peri (Nicola Bryant) have been dispensing essential advice to the new incumbent. "Keep your kit on" seems to be top of the list: "My first scene had me in a bikini and I seemed to wear revealling clothing for the rest of the series," notes Bryant, while Jameson laments: "Leela [was] strong and tough... but I also had to wear a tight leather costume." We agree, and ask that Ms Piper appear fully clad at all times. Having seen a Piper/Evans beach exposé in the Sun last year, we can confirm that a bikini-clad Billie will have the kids behind the sofa quicker than a whole mothership full of Daleks. ® Related stories Hitch-Hiker's Guide to the Galaxy back on the wireless Doctor Who to return to TV official Revealed: Britain's least trusted individuals
Intel will formally announce 64-bit Pentium 4 processors on 1 August - just over a month after launching the first Xeon CPU with its EM64 technology. So claim sources "familiar with Intel's plans" via a timetable leaked to Xbit Labs. The 1 August date is well ahead of Intel's broad desktop release timeframe, which pegs the arrival of 64-bit desktop Pentium 4s to the availability of 'Longhorn', the next major release of Windows. The solution to the conundrum is simple: Intel is enabling 64-bit processing in the Pentium 4 chips it sells into the single-processor workstation market, and they're unlikely to be offered in single, boxed quantities. We understand that the 64-bit P4s will be priced much the same as current desktop-oriented P4s at comparable clock speeds. A month or so before the 1 August launch, on 27 June, Intel will reportedly ship 'Nocona', the first Xeon with 64-bit support. On the same date, it will ship its E7525 chipset, which supports the new server/workstation processor. ® Related stories Intel unveils 64-bit capable Xeon Intel adds more muscle to Xeon MP Itanium and Opteron show spotty sales Intel says Adios to Tejas and Jayhawk chips The point of Itanium keeps floating with new chips
Soaring sales of secure routers helped the enterprise router market grow at a lick in Q1. But the market remains soft. Worldwide enterprise router revenues were £1bn in Q4, eight per cent up on the previous quarter. Annual revenues are forecast to grow at a not-exactly-booming 13 per cent between 2003 and 2007, according to Infonetics Research. The analyst firm projects soaring sales of secure routers during this time, with Cisco leading the charge, but - it warns - it will "only take one vendor with extremely disruptive pricing and a little traction to impact the entire market". Linksys, Cisco's subsidiary, occupies second place by revenue and first by shipments in the Infonetics Q104 league table, D-Link comes in at third, followed by NETGEAR. Last quarter was marked by declines in average selling prices (ASPs). Shipments were up 17 per cent from Q403, compared with the eight per cent growth in revenues. North America posted declines in both shipments and revenues, while EMEA and Asia Pacific experienced double-digit growth. In the mid-range enterprise router market, revenues and shipments grew in all regions, especially in EMEA. Infonetics projects unit shipments in this product category to grow 74 per cent between 2003 and 2007. It was a bad quarter at the low-end, with worldwide enterprise router revenues down 18 per cent on flat shipments, compared with Q403. EMEA had strong growth in shipments in Q4 and Asia Pacific had moderate growth, which means that sales in North America sucked. ® Related stories Cisco outs really big router Linksys falls off Wi-Fi bridge IBM and Cisco feel the networking love
Those UK television viewers who are already considering leaving the country for the duration of Channel 4's fifth outing of human zoo extravaganza Big Brother may not have to jump on a plane after all. Mercifully, there is an alternative to the mud hut in Sudan for those who wish to avoid the daily work ritual of "Hey, did you see Big Brother last night? I reckon [insert name of talentless neurotic wannabe celebrity] will win it, don't you think?". Yes, we can thank UKTV Style's excellent Watching Paint Dry initiative for offering an intellectually-challenging alternative to 24/7 televisual lobotomy. The idea is brilliantly simple: As the country groans at the return of Big Brother, UKTV Style introduces a new take on the reality show genre. We’ve all seen the shows involving celebrities in the jungle, husbands swapping their wives, rugby players being transformed into drag artists and now it’s time for something new. It's time for Watching Paint Dry. One wall. Some paint. You decide. Unlike all other reality shows, Watching Paint Dry will not be based on a ‘will they, won’t they’ situation or luring you in with the promise of potential scandal. It's the first reality show to do exactly what it says on the tin. Every day a different kind of paint will be put on to a wall and you get the chance to vote for your favourite. Confirmed contestants include; matt, silk, gloss, satin, vinyl, eggshell textured and smooth masonry - all of whom are eagerly looking forward to their first brush with fame. Superb. The first finish will be available for public scrutiny around midday today, UK time. We reckon satin will win it, don't you think? ® Related stories Doctor Who fans applaud new assistant Doctor Who to return to TV official Broadband kicks TV into touch
A New York State man who sent at estimated 850 million spam emails using accounts he opened with purloined identities was imprisoned for up to seven years yesterday. Howard Carmack, AKA the "Buffalo Spammer", must serve a minimum of three-and-a-half years in prison following his March conviction for spamming-related offences (forgery, identity theft and falsifying business records). Carmack was convicted of operating 343 email accounts under false names from early 2002 to May 2003, using them to send out junk mail about various get-rich-quick schemes and "herbal stimulant" pills. Atlanta-based ISP Earthlink said it hoped the jail sentence and an earlier $16.4m judgement against Cormack would deter other would-be spammers. EarthLink assisted the New York Attorney General’s office in prosecuting Carmack. ® Related stories US court skins Buffalo Spammer Big US ISPs set legal attack dogs on big, bad spammers EarthLink targets 100 spammers Earthlink brings down the Buffalo Spammer
LettersLetters Yesterday the aviation industry launched a project to develop a quieter plane. An investment of £2.5m over three years, they said. Our survey said: Howdy Folks, The answer already exists, the B-2. Since this is a joint production of Boeing and Northrup-Grumman (or did someone swallow them up), it would be instructive to look at some old promotional footage produced for the commercialization of the YB-49 project or flying wing bomber. I've heard these spectres at air shows and they qualify as being background noise until real, I mean REAL close. They happen to be real fuel efficient too, able to fly without refueling all the way to Moscow and back after searching for those mobile ICBMs (more vaporware). They climb real fast too. Take away all the special stealth stuff to make it invisible to radar (not a good thing for air traffic control) and then you'd have to get the commercial aviation community to accept a mostly plastic airliner. In Veritas, J. H. Appel El Paso, TX Mr Haines, 600mph is just a bit high for an airliner's landing approach speed - 150 is closer. 600mph is nearly supersonic at sea level. The big challenge now is that improvements in efficiency are no longer hand-in-hand with lower noise. For a long time manufacturers have been increasing the size (diameter) of engines for the same thrust and so producing slower jets which make less noise (jet noise being proportional to the jet velocity raised to the power of _eight_). In many cases that's not true any more, we're now seeing airliners that have had to back off from a performance goal to reach a noise goal - the engines were bigger than the performance optimum and produced a bit more drag than they saved in reduced fuel burn. Also for all you say that improvements on existing designs are incremental, remember that for every 3dB reduction in noise (which is pretty much imperceptible to the ear) the manufacturer has had to _halve_ the noise energy the aircraft produces. In 20 years the amount of noise energy that airliners put out has gone down by a factor of around 10,000 (if memory serves). Chris L 'Today saw the launch of an ambitious £2.5m, three-year project led by Cambridge-MIT Institute (CMI) - the Silent Aircraft Initiative (SAI). Its plan is pretty simple: to produce aircraft "whose noise emissions would barely be heard above the background noise level in a typical built-up area".' TWO AND A HALF MILLION POUNDS TO INVENT THE BLOODY DIRIGIBLE?!?!?! 'Nuff said. The lobbying on both sides of the software patenting issue continues. Richard Stallman was in London last week to do his bit. We went along and took notes: Nice summary of Stallman's position. I heard him give essentially the same talk in Manchester nearly 15 years ago, before anybody had heard of open source or Linux. Despite his prognostications of doom, open/free source is thriving. Why? His argument omits one key point: it costs a fortune to enforce a patent. It isn't worth doing unless a fortune is at stake, and most independent developers don't strike a gold mine. A large corporation is never going to go after some guy who sold a 1000 copies of a $100 package; it just isn't worth it. Large corporations develop patent portfolios to protect themselves from other large corporations. When I heard Stallman I was an academic and bought his argument; since then I've been [with the same company] for 10 years, and authored a number of patents. I can assure you that nobody here scans shareware.com or sourceforge for patent infringements. However, if the little guy hits the jackpot, the situation changes; witness the SCO suit, which I doubt will be the last attack on Linux; there's too much money at stake, and lots of deep pockets to plunder. The situation is far from ideal, but hardly as bleak as Stallman portrays it. -Mario In regard to the article you recently wrote in "The Register", I find Richard Stallman's position hard to explain. The reason is that patenting ideas is specifically prohibited both in the US and in the EU - you can only patent something that "has been reduced to practice". As a long-time inventor who has authored 22 issued and pending patents, I am pretty sure this is still the case in both jurisdictions. I am also sure that Mr. Stallman, for whom I personally have a great deal of respect, is well aware of this fact. I will be the first to agree with Mr. Stallman that the state of the patent system, at least in the area of software patents, is pretty dismal. This, however, has little to do with "ideas"; it is caused simply by the fact that patent offices worldwide have little experience dealing with software and are short on expertise in this area. As a result, there are quite a few cases in which patents were granted for software "inventions" which are either not new, or would be quite obvious to a specialist, and thus should not have been granted a patent in the first place. The issue is not limited to software, and neither is it limited to large companies: in the mid-nineties, an individual inventor made news by suing Intel and other processor vendors, claiming that he has a valid patent on a... microprocessor. What made that case ridiculous is that a US patent used to be valid for 17 years, while people had been making processors for well over 20 years by the time that person brought his claim forward. The only way this could have happened is by someone granting him a patent on a microprocessor years after microprocessors have been invented and companies formed to make them. Vlad This week, ISPs discovered that all these online irritants - the viruses and worms - could actually be costing them money. Something must be done! While ISPs may be suffering the cost of worms they only have themselves to blame. A way they could EASILY cut this problem without any real cost: Get their installation software to turn on the Windows XP firewall. A friend recently had NTL broadband installed. He followed their instructions - the end result was that he had has PC totally open to the Internet. As a result he collected every nasty buzzing around the net within a day. The cost to NTL for turning the option on? Maybe a day or twos programming time. The result would be many of their customers protected against worms and other attacks. Even if the customer isn't running a firewall, perhaps unbinding NetBIOS from that network connection and telling the customer to go to the windowsupdate site would solve a few problems. How about providing a link for customers to get ZoneAlarm or similar? A bit of basic end-user education wouldn't cost the ISPs much would it? Especially as it could save them so many costs in the long term. Mike London Pop quiz time. Software pirates: Should they, or should they not be allowed access to the SP2 upgrade? What do you mean, you don't know? Speaking as someone who hates paying Microsoft one dime and is a member of the "anyone but Microsoft" club, but who has legal licenses for every piece of software on all of his computers (unique licenses I might add, which cost me a pretty penny) I am completely in favor of Microsoft writing their next service pack for Windows XP and Windows 2000 so that it "phones home" if it's installed on a known pirated of Windows and gives Microsoft the public IP address of the computer that it's installed on so that Microsoft can file lawsuits against everyone using known pirated serial numbers for theft. Stealing software by pirating serial numbers is no different than me walking into your house tomorrow afternoon while no one is home and taking your TV, computer, and stereo system. It's also no different than walking into a computer store and shoplifting the same piece of software. Anyone who pirates software deserves to face the same penalty that I would face if I was caught shoplifting that same piece of software from a retail store, and Microsoft has the legal right and moral obligation to see to it that pirates face those penalties. 60 or 90 days in jail, a misdemeanor on their permanent criminal record which would keep them from employment at a number of government agencies such as schools for the rest of their life, a minimal fine, and losing the item which they stole. In this case I'd be in favor of the court erasing the hard drive of their computer and then returning the computer to them. Software pirates are criminals and deserve to be treated as such. If their computers cause damage because they're not patched and they get taken over and used for DDOS attacks or spam relays they need to face the penalty for that also. -- Tim Scoff You might just as well think I wanted to be funny. I don't. "So here is an idea for Microsoft in the future. How about two versions of its upcoming Service Packs: one with only security upgrades, and one with functional and security upgrades. Only the former can be downloaded by all. The latter will be disabled, at least for the pirates Microsoft can detect." What a crap of an idea. You don't punish the pirates. You punish me. I'll have to go search for those twenty odd numbers and migrate my boxes to a pirated identity. And I'm not the only one who wants just one thing from XP2: security updates. Smaller file, no further 'features', a pure, well-come no-nonsense solution. Except my machines are legal and will download all crap, forcing it down my throat. Hold your breath, give us readers a good service: publish some of those numbers and make our (sysadmins) day! Uwe This week, we also wrote that the Net is proving something of a door opener for US soldiers currently in the closet, Official US Military Issue. Could this be a deliberate ploy to get out of serving in Iraq, you wondered: My unit is going back to Iraq, to be shot at, I've developed a distaste for hot sand, and the easiest way to avoid this is for me to post my picture on gaydar and get 'a vengeful ex-girlfriend' to contact the military. The internet these days makes even running away to Canada easier. Or, you could just quit. No conscription anymore...[Or "yet", depending on how optimistic you are feeling - Ed] "All six of them were outed by someone they knew either from a relationship or a roommate situation," Six less sexual deviants in the military assigned to Iraq. Hooray !! Oh dear...that one might get a few responses... Just to clarify: while the US Military operates a "Don't ask, don't tell" policy, we at El Reg operate a "Don't care" policy. Works wonderfully. Wonder what the policy would be on Venus? The concept of floating life on Venus is not new. Google shows "Venus floating plant" or "Venus balloon plant" has been mentioned several times in Web and Groups. I'm sure these are amateur scientists, but I assume those who spend months thinking about Venus also considered the skies. As in my contribution on Usenet (apparently before Google's archive), the topic often is terraforming Venus by seeding the clouds with floating plants. There are plants with floating bladders of various types. If a plant can be made to fill bladders with hydrogen, nitrogen, or methane (or other gas lighter than the Venus atmosphere), it then "merely" has to make enough large bladders and become an air-feeding plant...or be a parasite of an air plant. Dead plants would fall to the surface. Even if most are totally destroyed, if some accumulate on the surface then carbon would be removed from the atmosphere. Getting too much oxygen in the atmosphere might then become a problem, although that might encourage more oxidation of rocks. However, you'll note that the effect of plant life should be in build up of carbon deposits on Venus. If there is native plant life, that might also happen. So if plant life has existed there for a long time, why is the atmosphere still so heavy? Maybe the dead are totally burned and returned as gases, but that should generate some charcoal which would accumulate under a CO2 atmosphere. There is another issue which a biologist might not consider. In recent years it has been recognized that it is likely that Earth's Moon was created by huge splashes from a rock colliding with Earth. The Moon is probably lighter than Earth because a lot of the light stuff on the surface got splashed off. Such an energetic activity could have also splashed away some gases. So we might have an atmosphere which does not crush us, and have access to heavy metals, because we have a Moon. Venus wasn't so lucky as to have been blasted apart. Scot Wilcoxon Moving smoothly from a plan to terraform a hot, lifeless planet, to Australian politics: Our "Five years ago..." series has really been upsetting some of you. Judging by the content of some of the letters, this is because you have not understood the concept. Can we be clear on this: it is vintage Reg, reproduced for your entertainment. A little glimpse back at where we were, all those years ago. [In the pub, if memory serves - Ed]. This next letter is a little different, and we suspect was prompted by our latest wander down memory lane: Hi, I just wanted to say that I am getting quite bored of your continual bad mouthing of the now retired Senator Alston. He was actually quite good at his job, and I don't know why the Register has such an obsession with him, why don't you research your stories. Steve Bradley We don't know, Steve. Have another read of the article for clues on the roots of the obsession. In the meantime...that's probably a good place to call it a day for this week's round up, don't you agree? ®
Reg Kit WatchReg Kit Watch Far Eastern portable digital music player maker iRiver will next month ship the successor to its H100 series of music products: a new, colour range that also offers the ability to display still photography. The H300 series will comprise two models, one with a 20GB hard drive, the other with a 40GB unit. Content is displayed on the machine's 2in colour LCD, and accessed using the PDA-style five-way navigator control underneath. Indeed, iRiver's new machine, with its playback control buttons on either side of the navigator looks not unlike a PalmOne PDA with a shrunken screen. The 40GB H340 even ships with a PDA-style recharge/connection cradle. We've written before about the way the PDA and hard drive-based media player worlds are rapidly colliding, and iRiver - not to mention Sony, which announced a similar device yesterday - seems to be pushing them together. That said, the H300 models still lack the PIM features Apple has long provided in the iPod. Instead, it provides a unit that can handle Ogg Vorbis, MP3 and WMA audio formats, and includes an FM radio, a voice recording facility and the ability to suck photos straight off a variety of digital cameras. For that, the H300s use their USB port, and the fact that some cameras format their internal storage using Windows' FAT-32 file system. The H300 series acts as a USB host and can effectively mount that storage and copy over the contents. Likewise, it can connect to external USB hard drives and Flash storage. In addition to JPEG files, the player will display BMP images, and will even render text files on its LCD. The 20GB H320 measures 10.3 x 6.2 x 2.2cm - at 2.5cm, the 40GB H340 is fractionally thicker. The two models weigh 183g and 203g, respectively. The H300 will ship with all the usual accessories, along with a pair of Sennheiser MX400 earphones. It's powered by a Lithium Polymer rechargeable battery which provides up to 16 hours' playback, iRiver claims. And watch out, Apple, the H300 series is Mac-compatible, as well as running off a Windows-based host. The H320 and H340 go on sale in Japan mid-June for ¥47,800 ($431/£235) and ¥59,800 ($540/£294), respectively. No word yet on UK and US availability. ® Related stories Sony to ship portable video, MP3 player next month Sony unveils colour 'iPod killer' Sony unveils video iPod MS, partners tout Portable Media Center iPod killer PortalPlayer Photo Edition paves way for Picture iPod MS Windows for iPod delayed but still marks death of PDA
Those readers with a penchant for history will certainly know the story of the redoubtable Henry Wickham - the man who in 1876 "took" 70,000 rubber tree seeds from the Amazon, thereby laying the foundation for the British domination of the world's rubber trade. Well, we're very pleased to report that the sort of spirit which carried fearless men in crumpled linen suits and Panama hats to the steaming jungles of Latin America is alive and well, in the form of Edible Ltd. This intrepid outfit has just signed a three-year contract with a Colombian supplier to export 500kg of local culonas (fat-ass) ants to the UK, where they will compliment the company's impressive roster of edible invertebrates. Among the delights awaiting the gourmet diner at Edible Ltd's website is the Vodkalix Lollipop, described thus: A Vodka flavoured lollipop, which contains a real edible scorpion! The Scorpion is specially bred for human consumption and they are heat treated to remove toxins, so that they are safe to eat. The scorpion may even glow under ultra violet lights, so take them clubbing or you can enjoy them at home. Scorpions are said to have many health benefits, and are also considered to be aphrodisiacs, so even more reason to lick on this exciting lolly! Or if it's something for the kids you're after, check out the Cheddar Cheese Flavour Worm Crisps - 15 worms to a bag for £2.25. Sounds steep? Bear in mind that these are "farm raised specially for human consumption by Edible and are fed on a diet of select grains and cereals". And as for the culonas ants, they sell at £10.95 per 25g bag and "taste similar to crisply fried bacon with an earthy taste". Bootnote Still not sold on the fat-ass ant? Here are further incentives to buy: Hormigas Culonas are harvested in the Colombian Amazon by the Guane Indians, during the short rainy season between March and June. They are then toasted in a mud pot over an open fire by the Indians. The Guane Indians believe that these Ants have youth giving and Aphrodisiac properties and they are often served as fertility giving marriage food during nuptial ceremonies.
AMD is trying persuade a number of PC makers, including HP and Gateway, to build its 64-bit processors into future Media Centre PCs instead of Intel's chips. It also wants the likes Atari and Ubisoft to create 64-bit versions of their games and bundle them on such systems. So said AMD Athlon 64 product manager John Crank in an interview with Reuters, and who are we to doubt him? Or to be surprised by the comment. Of course AMD wants to see its processors incorporated into as broad a range of devices as possible, so it shouldn't shock anyone that it's attempting to persuade computer makers to buy its products. What really defines a Media Centre PC is the software it uses, and there's no reason we can see why Microsoft's Windows XP Media Center Edition shouldn't run as well on an Athlon 64 as a Pentium 4. Microsoft's Media Center UI is essentially just another app that runs on top of Windows XP, and will presumably do so whether the underlying OS is 32-bit or 64-bit. The 64-bit version of XP is expected later this year. At that time, AMD hopes - having persuaded them to do so - that hardware vendors will bundle software that shows off the benefits of 64-bit computing over the 32-bit domain. Crank said AMD is talking to Atari and Ubisoft to get them to develop 64-bit versions of their games and then bundle them with Athlon 64-based computers. "Our intent would be to get those 64-bit versions preloaded on there so when the consumer takes it's home, it's as seamless and effortless as possible for them to realize the benefits of AMD 64-bit technology," he said. ® Related stories AMD targets low-end Athlon 64s at new markets AMD to parade Socket 939 at Computex AMD preps revitalised value CPU line AMD restates dual-core CPU scheme AMD sneaks out 90nm core in 130nm chip AMD slashes Opteron prices
Anti-virus researchers at Symantec yesterday spotted the first virus capable of infecting 64-bit Windows systems. Rugrat was created to prove a point rather than to be released into the wild. The proof-of-concept virus poses no immediate risk to Itanic users, but as the population of IA64 systems grows that risk of 64-bit worms will also increase. The virus is also capable of infecting 32-bit computers running 64-bit emulation software. Symantec explains that Rugrat uses an unusual method "Thread Local Storage" structures to execute malicious code. The virus is capable of infecting files that are in the same folder as it and in any subfolders. "W64.Rugrat.3344 is a fairly simple proof-of-concept virus. However, it is the first known virus to attack 64-bit Windows executables on IA64 systems intentionally, and it does so successfully," the company explains. It adds that Rugrat uses a small number of Win64 API's from three different libraries to avoid crashing systems during infections. The author of Rugrat has also created a number of other proof-of-concept viruses (the Chiton strain), according to Symantec. ® Related stories First Palm virus isolated (low-risk malware) Transmeta pledges 'no execute' security support Exploit Code on Trial
NTT DoCoMo is talking to three mobile network operators about taking its i-mode content platform for the UK, the FT reports. DoCoMo, Japan's biggest mobile operator, has made a series of hugely expensive minority investments in overseas mobile networks, now mostly written-off, to promote i-mode. This platform for data services is hugely successful in Japan, attracting 40m subscribers. But DoCoMo needs full distribution overseas, if it is to be seen as a forceful competitor to Vodafone Live! In Europe, where the bulk of the 2m non-Japanese users of i-mode live, DoCoMo can count on Netherland's KPN Mobile and Bouyges Telecom, of France, Wind in Italy, and Telefonica in Spain as partners. KPN operates in Germany and Belgium too, so i-mode has a presence in four out of five of Europe's biggest economies. The UK is the big lacuna, but how is the gap to be filled? According to the FT, DoCoMo is talking to Orange, T-Mobile and mmO2, all of which have their own mobile data services. Orange today said it was not in discussions with DoCoMo over i-mode. So that leaves two. DoCoMo was unable to persuade 3 UK, in which it held a 20 per cent stake until yesterday, to adopt i-mode, so it will be interesting to see how far such talks progress. mmO2, the smallest, is in our opinion, the only possible taker. The British-owned firm has long been seen as prey, with KPN Mobile and DoCoMo seen as the most likely buyers. In March this year, mmO2 rejected an informal £10bn all-share offer from KPN, Recent strong results, especially in Germany, has had mm02 talking up its game - with company officials saying that maybe it should be buying KPN Mobile, not the other way round. But the company remains a minnow in a world of mobile network sharks. ® Related stories NTT DoCoMo flees 3 UK No killer app, but mobile data will boom Could DoCoMo be the saviour of MMO2? KPN closes wallet on mm02 offer
OK, security pros, let's talk just amongst ourselves for just a minute. You might have seen that recent news item that reported that 70 per cent of people would willingly trade their computer password for a bar of chocolate. I don't know about you, but that left a pretty sour taste in my mouth. Even worse, 34 per cent would give away their password for nothing! WHAT ARE THESE PEOPLE THINKING?! Clearly, we need to better educate the unwashed masses about the importance of keeping their passwords secure. Along with that, helping them come up with better passwords would be nice. I'm sure you're as sick as I am of seeing passwords like "password", "beer", or "123456". Here's my suggestion: copy the letter below and send it to everyone that needs it. You know who they are. Don't send this part - we don't want them to know that we've been talking about them behind their backs. Just send the letter below, and then follow up with a phone call or a short conversation, just to make sure they "got it." It's not going to be a panacea, but it'll be a start. And if one of them returns from a break wiping chocolate off their hands, you know whose password to change immediately. Copy this letter... and hand it out. Safe and Simple Passwords by Scott Granneman © Copyright 2004, www.SecurityFocus.com Hi. I know you probably have a lot to do right now, but I'd appreciate just a few minutes of your time so that we can talk about something that's actually pretty important: your computer passwords. When I say "computer passwords", by the way, I'm talking about the passwords you use to log in to your computer, and the passwords you use to log in to all the websites you visit. Right off the bat, let me say that I understand how many passwords you probably have to remember, and how many times every day you have to type one in somewhere. I agree with you that it's annoying and tedious to have to constantly use all those passwords, and I myself have difficuly remembering all of mine. It can really be overwhelming sometimes. Unfortunately, passwords are about all we have right now in terms of computer security. Oh, you might have heard of "biometrics", which means that some part of your body is scanned to prove your identity, like your fingerprint, or your eyes, or your voice. Biometrics are available now, but they're still kind of expensive, and they don't always work right, and a lot of people have some very valid objections to the technology in terms of privacy, so it's going to be a while before biometrics are widespread. You might also have seen those little cards that some people have, with numbers that change every minute. The idea is that the user enters that number and a PIN, and then they can log in where they need to. As you can imagine, that solution costs a lot of money, and it would be impractical to have a separate card for every single Web site that you wanted to visit. There are other methods as well, but they all have similar issues: they're too expensive right now, or not ready for prime time, or still way too complicated. So, we're stuck with passwords for the time being. Since passwords are what we have to use, we need to be really careful with them. It's important that you keep them as secret as possible. Think of it this way: you probably keep your car keys pretty safe. If a stranger walked up to you on the street and asked for your car keys, you wouldn't let him have them, since you don't know him and therefore have no idea what he might do with your car. Even if friends ask for your car keys, you're probably unwilling to just hand them over, unless it's an absolute emergency. Car keys are one thing, but I'll bet you do the same with your house keys. And your passport. And your driver's license. Your credit card numbers. Your bank account numbers. Your social security number. And so on. We've all learned to keep certain things safe because we know that in the wrong hands, they can lead to trouble. Well, the same thing is true for your passwords. The more people that know them, the more likely that something bad is going to happen. In fact, the easier it is for people to guess them, the more likely it is that something bad is going to happen. So you need to pick good passwords (more on that in just a minute) and you need to keep them as secret as possible. Now, I know that you might be thinking: "So what if someone got one of my passwords? I have nothing to hide." The problem isn't necessarily that someone will look at your stuff on your computer. The problem is that some hackers use your password to take control of your computer without your realizing it. They then use your computer to do some really bad stuff, like attack government computers, or traffic in child porn, or send thousands of spam email messages. Since it's your computer that is doing these things, you're in for a lot of hassle when the authorities come calling. Your computer can get impounded as evidence, your house can get torn apart in a search, and you can get charged with a crime. I know you're innocent, and you know you're innocent, but you'll still have to deal with the police, and the courts, and lawyers, and it will cost you a lot in terms of time, money, and energy. It's not just an idle threat - it has happened a lot more than you may realize. So keep your password safe. Don't write it down, and don't put it on a sticky note and hide it on the bottom of your keyboard (everyone knows that trick!). Never tell anyone your password unless you are absolutely positive that they are authorized to get it. Ask for ID, and be sure you understand exactly why they need your password. Ask to speak to a supervisor or manager to clarify that the individual asking for your password really needs it. Treat your password like you treat your car keys, or your passport, or your driver's license. Finally, here's some advice on choosing a password. I'm going to give you a couple of rules, and they may seem scary, but don't freak out. I'm going to let you know a secret that will help you apply those rules in a logical way that you can remember ... trust me! Here's the first rule: a good password is at least eight characters long. Even longer is better, but eight characters is enough. The second rule: you should use a mix of at least three of these four things: small letters, capital letters, numbers, and symbols. If you can use all four, great, but at least use three of them. The third rule: don't use easy-to-guess or easy-to-crack passwords. What's an easy-to-guess password? Your name, your significant other's name, your pet's name, your kids' names, your car, your home address, your employer, your favorite singer, and so on. As for easy-to-crack passwords, you need to know that there is software available called "password crackers" that basically try to guess and guess and guess passwords until they get the right answer. That software makes mincemeat of passwords that are all numbers, so never use that, but it also easily cracks passwords that are based on dictionary words, even if they're words from other languages. (If you'd like to see some examples of bad passwords that you should always avoid, check out this article: http://www.pclinuxonline.com/article.php?sid=8823). And the final rule: good passwords are easy to remember and hard to guess. "password" is really easy to remember, but it's also super easy to guess. "^R49lk#an5#" is really hard to guess, but I can't remember it, and I just typed it out. So how do we come up with a good password that (a) has at least eight characters in it, (b) uses a mix of small and capital letters, numbers, and symbols, (c) isn't easy-to-guess or easy-to-crack, and (d) is easy to remember? Here's how. Everyone has a favorite song or poem. For instance, let's say that your favorite song is Led Zeppelin's "Stairway to Heaven". The first line of that song is "There's a lady who's sure all that glitters is gold." Take the first letter of each word, and you get "Talwsatgig". That's a good start for a password! It's ten characters long, and it's easy to remember, as long as you know the first line of the song. However, it only uses small and captial letters, so let's add more. When you were a kid, you may have played around with a simple code, in which a=1 and b=2, all the way to z=26. Here's another one that a lot of people sometimes used: a=@, b=6, e=3, i=1 (or !), l=1 (or l=!), o=0, s=5 (or s=$), t=+, and so on. Basically, you match the letters to a number or symbol that they sort of resemble. You can do this however you'd like, using whatever makes the most sense to you. If we do that, and then apply these substitutions to the password we've been developing, we get this: "Ta1w5atg1g". Now that is a great password! Is that too hard? Then keep the mix of upper and lowercase letters, and tack a year on the end. Better yet, reverse the digits of the year. So your password might now be "Talwsatgig86", which is still very good. The important thing is, try to get a mix. I know you may be thinking, "There is no way that I will be able to remember that!" But really, it's not hard. You know the song, and you'll be able to remember the simple letter/number subsitution, or the year. Just sing it to yourself (not out loud!), and type. After you do it a couple of times, it will just fly off your fingers, I guarantee. Here's one final tip: as I said above, you should never write your password down. But you can do this, if you'd like something to help jog your memory. Go on the Internet and find a Web site that lists Led Zep lyrics. Print out the words to "Stairway to Heaven" and post them on the wall next to your computer. You'll have a reminder available all the time. If someone sees your lyrics, they'll just think you're a fan, not that your password is coded right there in front of them (unless they read this little piece, that is!). Thanks for reading this. I hope it helps, and I hope you understand a little more why computer people want their friends, family members, and co-workers to safeguard their passwords. If you have any questions, ask the person who gave you this letter - I'm sure they'll be glad to help. Good luck, and be safe! Copyright © 2004, Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients. Related stories Brits are crap at password security Passwords are passport to theft Is password-lending a cybercrime?
NEC Business Network Solutions, a subsidiary of NEC Corp, has pleaded guilty to charges of defrauding the US government, and will pay a $20.6m fine to settle the case. The company was charged with collusion and wire fraud, according to Reuters, and admits to rigging bids and allocating contracts for projects in the privately funded E-Rate program. By way of explanation, NEC's lawyer said: "We've made mistakes." He added that the company had done everything it could to ensure that the same problems could not happen again. San Francisco US attorney Kevin Ryan takes a tougher stance: "This criminal attempt to steal funds from the program comes at the expense of children across the country and is totally unacceptable." E-Rate is a $2.25bn funding programme that provides qualifying schools with funding for net access infrastructure and services. As part of its plea, NEC must continue to "help police with their enquiries" into the E-Rate program. E-Rate has been under investigation by Congress for waste and abuse for some time. In January this year Investigators found that SBC Communications had left $5m of E-Rate-funded telecoms equipment, intended for schools, to gather dust in a Chicago warehouse. ® Related stories eBay scammer gets stung SEC to fine Lucent $25m Porn scamster jailed for 11 years
UK Home Secretary David Blunkett is planning a radical extension to existing electronic tagging and monitoring systems, floating the use of satellite tracking to monitor the movement of sex offenders, and the deployment of lie detector tests to check that the subjects aren't breaking the terms of their release. The satellite systems are to be tested on serious offenders later this year. As regards the lie detectors, these have already been tested with probation services. Blunkett, the IT snake-oil salesman's friend, described these as "21st Century technology", meaning apparently that they're entirely different from the lie detectors of squalid reputation and dubious reliability we know so well. Their deployment, however, does have considerable significance. The Home Office has been testing tagging and monitoring for some years now, and seems to have found them to be fairly effective. It has, however, been dealing largely with the 'low hanging fruit' of tagging subjects - minor offenders subject to curfew orders, early release candidates, non-custodial sentences and so on. This kind of tagging can be sold fairly easily on the basis that it keeps families together, gives minor offenders a better opportunity to return to the straight and narrow and allows former prisoners to be eased back into the community. In most of these cases a pretty high percentage of the subjects are actually going to want to cooperate with the system. So, if it's a simple home-based curfew system that uses a landline to check that they're home when they're supposed to be home, then you can rely on the majority of them to just use the system rather than trying to circumvent it. Plus, most of the people who've been covered so far aren't particularly dangerous. Obvious problems however arise when you contemplate extending the system to people who may be dangerous, are likely to want to circumvent the system or who actively wish to abscond. The lie detector tests are therefore intended to extend the boundaries a little by putting another psychological weapon in the hands of the probationary services. The people being tested will on balance be less likely to lie and more likely to behave themselves, and in that sense it probably doesn't matter greatly whether the technology works or not. Obviously it does matter on the more serious cases who will try to fool them, so again we're talking low-hanging fruit here. The next generation satellite tracking systems Blunkett envisages are now available, and can come small enough (example) to combine GPS and GSM in an ankle bracelet. Blunkett sees this kind of equipment being used to monitor the movements of high risk offenders, making sure they don't stray into forbidden areas, and he has also floated the notion of using such systems to keep track of asylum seekers. There are however some obvious problems here, and the further you widen the catchment area for tagging subjects, the bigger these become. GPS and GSM networks don't work everywhere, so unless the permitted movements of a subject are extremely restricted, practically all the people being monitored will blip in and out of coverage throughout a normal day. You could conceivably build procedures into the monitoring process to allow for this, say, requiring action from the subject within a specific period of coverage being lost, but the addition of these adds complexity to the system and will increase the number of inadvertent defaulters. And as you move away from low-level, low-risk subjects to high risk, as Blunkett intends, you move away from a system which can be administered fairly easily to one that requires sophisticated monitoring centres where red lights flash when something really goes wrong. But, you hope/wish, only when something really goes wrong. Very widespread deployment of tagging and tracking will require very complex back end systems, and the Home Office is likely to find these considerably more expensive and accident-prone than it currently anticipates. And although Blunkett is giving himself powers to tag asylum seekers, it's extremely doubtful that he'll ever find any justification for using them. His concern, surely, is to be able to find failed applicants and eject them from the UK - particularly, he wishes to do this with the ones who don't want to be found. The latest bracelets are tamper-proofed and alarmed, but it's entirely unclear how they could resist an absconder armed with a set of bolt cutters and a bicycle. ® Related stories UK.gov plans satellite tracking of asylum seekers UK Home Office unit looking at electronic offender tagging
Lindows has won the latest round in its trademark fight with Microsoft, with a Dutch court ruling that it can keep its name for general corporate purposes in the Netherlands. The Linux distro had lost an earlier case in the Netherlands over the use of the Lindows name and had to change the name of its operating system and its web site to Linspire. However, it kept Lindows as its official company name. The company originally changed the name of its software to Lin---s, but Microsoft lawyers claimed this was pronounced "Lindash" and therefore bore an "auditive resemblance to Windows". But when Lindash became Linspire, Microsoft again took the company to court, claiming that the word Lindows was still appearing on its website. So, are we now back to Lindows or not? Well, yes and no. Judge Sj. A. Rullmann yesterday said that "not every use of the business name Lindows infringes on the Windows trademark", meaning that the use of 'Lindows' is allowed only for legal and trademark purposes. So the case becomes even more confusing. For the final say, we will have to wait for the court case between Lindows and Microsoft in Seattle in the second half of this year. A jury will decide if the word "Windows" is a generic term before Microsoft launched its first version of Windows in 1985. Microsoft has always claimed that Lindows is capitalising on the name of its Windows product, which runs on more than 90 per cent of the world's computers. ® Related stories Microsoft loses Lindows appeal MS drags Linspire back to court Lindows throws in the tow - l Judge OKs Microsoft Lin---s offensive Lindows asks US court to halt MS worldwide assault
Anti-spam organisation Spamhaus is opening up operations in China with the launch of a new site, Spamhaus.cn, this week. For some time China has acted a 'safe-haven' for spammers offering so-called bullet-proof hosting - in reality, unscrupulous ISPs who pull the plug on spammers when enough complaints are received by their upstream provider. According to Spamhaus, China currently has three of the world's most spam-friendly ISPs: PCCW, Chinanet in Chongqing, and Chinanet in Guangdong. Foreign spammers (many from the US) have exploited China's historically lax attitude to junk mail to offshore spam runs to Chinese ISPs. But attitudes in the Chinese ISP market are changing and local service providers have already shown their willingness to work with Spamhaus is rooting out illegal spam gangs, prompting Spamhaus to set up shop in the country. "Our mission is to help Chinese email and technology providers rid themselves of companies who use the servers to send bulk unsolicited email around the globe. Already a number of email providers in China have started to use the Spamhaus Block List and we're getting good feedback from our partners," Danny Levinson, a representative of Spamhaus based in China, told China Tech News. Last month, the Internet Society of China (ISC) invited Spamhaus's Richard Cox to Beijing and Xi'an for talks with businesses and government organisations on the spam problem. The success of these talks paved the way for establishing Spamhaus.cn. ® Related stories Spam fighters infiltrate spam clubs Anti-spammers press for own domain UUNet tops spammer-hosting super league Spam villains: named and shamed Spamhaus crowned Internet heroes of 2003
A report on US government data mining indicates that the Total Information Awareness project, cancelled last year, is in some senses alive and well. The General Accounting Office lists a total of 199 projects, 122 of which use personal information and 54 of which use data from the private sector. The largest number of the projects have improvement in performance or service as a stated objective, but the GAO lists 14 "analyzing intelligence and detecting terrorist activities", and 15 "detecting criminal activities or patterns." The report was requested by Democratic Senator Daniel Akaka following controversy around TIA, and Akaka comments: "I am disturbed by the high number of data mining activities in the federal government involving personal information. The federal government collects and uses Americans' personal information and shares it with other agencies to an astonishing degree, raising serious privacy concerns. I doubt if the American public realizes the extent to which the federal government collects and uses their personal information and the degree to which their information is shared with other agencies." He added that the report's findings demonstrated the need for policies and safeguards such as those recommended earlier this month by the Technology and Privacy Advisory Committee. The complete record of federal data mining activities (obviously, non-federal ones such as MATRIX aren't covered here) includes predictable ones from predictable organisations, e.g. Homeland Security's Incident Data Mart, which will check for patterns in law enforcement incidents, or the FBI's Foreign Terrorist Tracking Task Force Activity, which uses DHS, FBI and "public" data sources with a view to keeping terrorists out of the US. But the Department of Energy also has several 'counterintelligence' systems tracking foreign visitors to, or terrorist/criminal activity at, DOE facilities. And the Department of Education has the slightly worryingly-named OIG - Project Strikeback, comparing its records with those of the FBI with the object of "analyzing intelligence and detecting terrorist activities." Taken as a whole, the various terror- and crime-related projects add up to something that looks remarkably like Total Information Awareness, the difference here being that there's no longer a single big project for Congress to shoot at, just a large and fast-growing (68 of the 199 are at planning stage) number of data mining operations with little in the way of regulation or oversight. ® Related links: GAO report Akaka press release 'Spot the terrorist' system was pitched to Cheney by Jeb Bush Congress threatens two hi-tech Gestapo programs EPIC TIA page
A major revision of Apple's Mac OS X operating system released this week fails to come bundled with a vital, recently-issued security fix. A security patch (2004-05-24) which guards against a vulnerability in the Help viewer sub-system is absent from the Mac OS X version 10.3.4, despite claims to the contrary by Apple. Reg hardware editor Tony Smith found it's necessary to install the patch manually, confirming reports on Mac enthusiast sites. The OS update does not overwrite previously applied patches, however, and these should show up as available via Software Update. That's providing a user bothers to double-check after being told that he/she is told they are perfectly safe by Apple. This confusion is compounded by Apple, which has thus far failed to address another critical - and easily exploitable - security hole which it wrongly told Techworld was fixed by the Help Viewer patch. An updated version of a security testing tool by Unsanity establishes that even patched systems are vulnerable. So patched Mac OS X systems are vulnerable and unpatched systems are even more vulnerable. Unless Apple faces up to the security issues its users face, its reputation for making secure operating systems, already damaged by its mishandling of these recently discovered vulnerabilities, will be further tarnished. ® Related stories Apple posts Mac OS X update Apple patches critical Mac OS X hole (up to a point) Apple to slow annual OS X update rate
Technology on TrialTechnology on Trial It's very bad luck for USA Today that on the very same day they reported the profound failing of the FBI's digital and computer analysis systems in the Madrid bombings, they published a column suggesting that just such technologies could prevent such attacks in future. Uncritical gee-whizz columns about new technology are nothing new, but this one by Kevin Maney could be the most ill-timed of its kind. As we reported this week, the Spanish authorities discovered a bag of explosives, with a set of fingerprints, a week before the Madrid bombings in March that killed almost 200 people and injured 1,800 more. Unable to find a fingerprint match, they appealed to the FBI who promptly found a "100 per cent" match, and arrested an Oregon lawyer and ex-US serviceman. So convinced were agents they had their man, they persuaded the Spanish authorities to look no further. In fact, the FBI's suspect had nothing to do with the bombings. If the Feds had examined the original fingerprint - rather than a poor digital copy - they would not have believed it was "100 per cent positive" and, perhaps, the horror might have been averted. The FBI was further convinced by a computer-generated network profile that placed former Army officer Brandon Mayfield at the center of the conspiracy. Mayfield had converted to Islam in the 1980s and represented a man in a child custody case who was later sentenced on terror charges. Both pieces of digital evidence fall apart when human judgement is introduced. For example, Mayfield had never been to Spain. However, the FBI regarded the machine logic with superior intelligence to its own human detective skills and intuitions. Of course, since computers don't have any intelligence, and don't perform any magic, they should be used with great circumspection. One of the least controversial declarations is Nicholas "Does IT Matter?" Carr's new books is that "as the strategic value of the technology fades, the skill with which it is used on a day-to-day basis may well become even more important to a company's success." But the dominant tone of technology marketing is the opposite: less humans, and less skillful humans will be needed as the tools become cleverer. Nowhere is this more apparent than in USA Today's breathless summary of the CIA's technology investments. For example, The CIA invested in Tacit Knowledge Systems. The Palo Alto, Calif., company's software could scan all of every agent's outgoing e-mail, looking for clusters of words that tell the system what and who each agent seems to know. It doesn't "read" the e-mail for content, insists Tacit CEO David Gilmour — it's just trying to get to know the user better, "like a really smart personal assistant," he says. Tacit could then recognize that the Albuquerque agent needs cheese sandwich-related information, and it would know the Berlin agent seems to have cheese sandwich expertise. Tacit's system could then tell the Berlin agent that she might want to get in touch with the Albuquerque agent. "We help the good guys find each other," Gilmour says. Actually, it should help cheese sandwiches find each other. You'll note the boilerplate disclaimer by Tacit's CEO: the software that does the reading isn't really doing any reading - a similar argument was made by Google recently over its Gmail snoopbot. It isn't reading, it's simply rubbing up against your leg, like a friendly kitten. 30 degrees of guilt There's worse to come. We discover, Systems Research & Development (SRD) created something called Non-Obvious Relationship Awareness. That sounds like a New Age marriage-counseling technique. But it is actually a technology for sorting through vast amounts of information to find the tiniest hints of collusion. Tiniest hints? An unfortunate phrase, given Mr. Mayfield's treatment. In the New York Times story titled Spain Had Doubts Before U.S. Held Lawyer in Madrid Blasts Ibrahim Hooper, spokesman for the Council on American-Islamic Relations points out that, "it becomes the whole Kevin Bacon game — no Muslim is more than six degrees away from terrorism." SRD's software, Maynes tells us, can find relationships "at up to 30 degrees of separation" which proves that if nothing else, the CIA will have a new definition of tenuous. The backlash against social networking software like Friendster and Orkut is a consequence of the inadequacies of representing aspects of real social relationships. Friends and strangers are given the same weight, and users often find themselves receiving large quantities of unwanted email. (That's only the start of the trouble: Orkut, you'll be pleased to discover, allows you to enjoy just seven categories of humor). We know what these problems are, and they can't be wished away. Who's to blame? Partly it's the inadequacy of the computer researchers themselves, who have become very adept at recognizing patterns, but not at placing them in any kind of meaningful context. You can't have escaped hearing excitable chatter about "memes" - a reductive model of looking at the world which strips these ideas from their psychological or historic contexts. In meme-world, we're simply dumb transmitters for ideas, fashions, or scientific theories, which choose us rather than the other way round. So people who get excited about "memes" aren't interested in why a piece of information belongs in a particular context. It's a fun excercise, but it doesn't get us very far. Employing a cultural dweeb-detector before allowing people to write software may be too draconian, but we certainly need researchers who recognize the limits of their explorations. (Looking over DARPA's catalog of robot ant armies and self-healing minefields, you could conclude that their researchers aren't up to the task either, as they're more interested in making silly toys). And equally, we could be a lot more reactive when confronted with dishonest technology marketing. It's partly teleological, in that we've become numbed into thinking that technology always improves, and generally makes things better. Technological innovations "emerge", so they must be good, OK? In fact, our models are very primitive. However, the linear march of progress is a faith, and explains why technology marketeers are permitted such a sunny, optimistic tone. If technology was met with the same skeptism that greets medical innovations, we wouldn't have such a problem. The FBI's blunders reflect a change in criminal investigation procedures since computers began to play a significant part of detective work. Policing now involves aggregating vast silos of digital information in the belief that some clever software robot can be unleashed later, to make sense of it all. Intuition and common sense have been correspondingly downgraded, and that's a real loss. Most technology disasters such as ERP overruns and commercial security compromises don't seem to affect us very much. We pay a price, but it's very indirect. In dealing with the threat of terror, a technology disaster has a very high price - a human price. How do we start to fix it? ® External link CIA's spy tools make Maxwell Smart's look like toys - USA Today Related stories FBI apology for Madrid bomb fingerprint fiasco TIA lives? Report lists US gov 'dataveillance' activities Invisible GIs to heal selves, leap tall building with nanotech US puts on pair of robotrousers Boffins buff bugging bugs A back door to Poindexter's Orwellian dream Meet the transhumanists behind the Pentagon terror casino The self-healing, self-hopping landmine
The US patent office has outdone itself this week, awarding dating company eHarmony a patent covering online matchmaking. In patentese, US patent no. 6,735,568 describes a computer implemented method for "identifying people who are likely to have a successful relationship". In real terms, this amounts to a series of psychometric style questions and multiple choice quizzes - 430 in all - about your likes, dislikes, preferences and so on. It asks things like "Do you smoke?" to "How much does the word 'dominant' describe you on a list of one through seven?" and "How often do you feel depressed?" The system then ranks people in 29 categories, like sexual passion and spirituality. Critics complain that reducing all of human relationships to an empirical test takes away the mystery. However, researchers at eHarmony maintain that a psychological profile is a good predictor of marital success. "Opposites might attract, but in our research they don't stay together," said Dr. Galen Buckwalter, vice president of research at eHarmony. Pardon the cynicism, but this sounds like a teen magazine love-quiz-on-steroids to us: Just17, Bella et al should claim prior art immediately. ® Related stories Xerox to fight patent validity ruling Free software guru speaks on patents Email filter patent puts industry on edge
A student who was booted off his degree course for plagiarism is to sue the university. He says tutors at the University of Kent should have spotted what he was doing and stopped him sooner. Michael Gunn, a 21-year-old English student, freely admits using material downloaded from the Internet to complete his assignments. He told the Times: "I hold my hands up. I did plagiarise. I never dreamt it was a problem." His problem, then, is not that he was caught, but that he was caught too late. He argues that the university should have warned him of the consequences earlier. "I can see there is evidence I have gone against the rules," he concedes. "But they have taken all my money for three years and pulled me up the day before I finished. If they had pulled me up with my first essay at the beginning and warned me of the problems and consequences, it would be fair enough." University authorities wouldn't comment directly on the case stressed that the university is very clear on the subject. David Nightingale, the deputy vice-chancellor said: "All students are given clear guidelines as well as practical advice and support as to what constitutes plagiarism. These spell it out that it is not acceptable under any circumstances." ® Related stories 'Not the sharpest of knives' - praise heaped on Linux study author Exam cheats reveal MMS killer app
The proposed 2004-5 budget for the Internet Corporation for Assigned Names and Numbers (ICANN) has hit a snag - the rest of the world is refusing to pay its share of the bill. ICANN last week proposed a budget of $15.8m for next year, nearly twice as much as its current annual expenditure. However, the Council of European National Top Level Domain Registries (CENTR) - an organisation which represents the Internet registries of 39 countries - is refusing to play ball. In a letter dated 26 May [pdf], and addressed to Paul Twomey, the head of ICANN, this powerful body has revealed its irritation with ICANN's attempt to become a global Internet institution. The three-page missive by CENTR chairman Paul Kane makes it plain that ccTLDs (country code top level domains) are unprepared to offer the additional finance that ICANN wants. Also the letter questions ICANN motives in seeking the budget hike. ICANN knew it was liable to anger the rest of the world's countries by asking them for more money, so it increased the amount it asked from them by less than a third - where most others will have to pay double. ICANN even accepted that ccTLDs would pay less in "ICANN-tax" - 20 cents on a domain rather than the 25 cents for everyone else. This approach has been dismissed out of hand. In its letter, CENTR accuses ICANN of a "lack of financial prudence" and refuses to support it "financially or otherwise" in its "unrealistic political and operational targets". This is not good and at the centre of it lies the function of the Internet Assigned Names Authority (IANA) - which is the control panel of the Internet. The rest of the world is unhappy with the way ICANN uses its control over IANA. And ICANN will relinquish control of IANA over its dead body. Unfortunately for ICANN, CENTR asks a legitimate question: how come that IANA has gone from costing $250,000 in 1996 to $5m next year when the amount of work has barely moved? That's a 20-fold increase, the letter points out. "The draft budget seems inordinately high," the letter states, and threatens "last year, ICANN secured around $600,000 from ccTLD registries, it would be prudent to expect the global income from ccTLD registries for this year to be around the same" (our emphasis). This is not what you would call a friendly response. But it gets worse. "We also question the appropriateness of ICANN operating any Root Servers directly" - root servers are the main reference bibles for the Internet, there are 13 dotted around the world but most are in the US. "Root Servers according to ICANN's own Security and Stability Committee should be located at key peering points and managed by dedicated infrastructure personnel. There are many in the community more suitably qualified to run the Root Servers than ICANN..." In short, if the budget was a brilliantly assembled prospectus for ICANN opening up as the Internet school par excellence, CENTR has informed its head that most of the pupils will not be attending next year unless it reduces its fees and makes changes to the curriculum. So what, you say? ICANN is looking at a $15.8m budget and ccTLDs only account for just over $1m of that. Leave them to their own devices. Except without the rest of the world on side, ICANN is master of nothing but its own backyard. The International Telecommunication Union (ITU) has already made it clear that it would like to take over, and if ICANN can't get worldwide consensus, the ITU will be in a strong position. ICANN is relying on the fact that Europe's Internet registries (although CENTR, despite its name, represents far more than just European interests) will want to have ICANN in charge more than they will want an international body controlled by governments (the ITU). With ICANN pulling in governments and asking for funds to become the Internet body, the distinction between it and the ITU blurs - and not in its favour. We have a Mexican stand-off and currently ICANN has more to lose. ® Related story ICANN grows up at last