A new website offer subscribers a simple web interface to a caller ID spoofing system that lets them appear to be calling from any number they choose. Called "Camophone", the service functions much like the Star38.com site that struggled with an abortive launch last month: a user types in their phone number, the number they wish to call, and the number they'd like to wear as a disguise. The system instantly dials back and patches the call through with the properly-forged caller ID. Camophone is being promoted in ads that appear when searching for competitor "Star38" on Google. The original web-based spoofing business launched 1 September on a wave of media attention that began with a report on SecurityFocus. Star38 was marketed to collection agencies looking to trick debtors into answering the phone. It asked would-be clients to pay a non-refundable $150 application fee, a twenty-five cent connection fee for each call, and seven to fourteen cents per minute. Some legal experts said collection agencies would likely be prohibited from using such a service under federal fair debt collection laws, and three days after Star38's launch, founder Jason Jepson told the New York Times that he was looking to sell the business, claiming he'd received harassing phone calls and a written death threat. The site went dormant until this week, when it relaunched as a tool offered exclusively to law enforcement officials and "intelligence agencies". A phone message left on Star38's voice mail and an email to Jepson were not immediately returned Wednesday. In contrast to Star38, Camophone is open to anyone with a PayPal account, at a rate of five cents per minute, pre-paid, with a five dollar, 100-minute minimum purchase. The service boasts that it keeps no logs, and the business' owner is a mystery: there is no contact information on the site, and the Camophone.com domain name was registered through a proxy service. But the site performed as advertised in a test by SecurityFocus, in which a reporter made phone calls appear to originate from the White House switchboard. Caller ID spoofing has for years been within the reach of businesses with certain types of digital connections to their local phone company, and more recently it's become the plaything of hackers and pranksters exploiting permissive voice over IP systems and VXML hosting services. Pranks on friends and loved ones are the most common application of spoofing, but not the only one. In August, Secure Science Corporation warned that hackers can use caller ID spoofing to break into the voice mail boxes of T-Mobile subscribers. A U.S. wireless company with 15.4 million customers, T-Mobile permits users to check voice mail without entering a passcode, as long as they're calling from their own phone - an easy matter to fake with caller ID spoofing. In a statement, T-Mobile said that customers can switch on an option that requires them to enter a passcode even when calling from their own phone, and thus foil spoofing attacks. "We recommend that customers take advantage of the security a password can provide," the company said. Secure Science's Lance James says that's not good enough. "It's not on by default," says James. "The majority of people, if not all of them, leave it off." "This has been going on forever," agrees phone hacker "Lucky225." "People are getting celebrity numbers... and it'll be on the default settings. Then they'll listen to the messages and get other celebrity numbers." Another phone hacker, speaking on condition of anonymity, was openly angry about the Camophone service, because he was hoping to be first to market with his own Star38 copycat, for which he's registered the domain telespoof.com. He, too, used a proxy - like the proprietor of Camophone, the hacker plans on remaining anonymous. "I'm not going to put any of my info on it," he says. "I don't want to get death threats." Copyright © 2004, Related stories Caller ID spoofing service for sale US website offers Caller ID falsification service VoIP hackers gut Caller ID
US PC company Gateway will finally ship its long-awaited own-brand digital music player on 15 November, more than a year after its first move on the market was planned to debut. The Gateway MP3 Photo Jukebox incorporates a 4GB hard drive and a 1.6in, 128 x 128 TFT colour display in its compact 96.4g, 9.6 x 5.9 x 1.7cm shell. Despite its name, the device is pitched at Microsoft Windows Media 10-based music services - one month's access to Napster's Napster To Go offering is included. However, in addition to WMA and MP3, the unit also supports ACC, for which we think gateway means AAC, the format chosen by Apple for the iPod, though Gateway notes that its machine doesn't support iTunes Music Store downloads. Picture support is limited to JPEG and BMP files, and can grab photos straight from a digital camera, via its USB 2.0 port. The MP3 Photo Player includes enough RAM - 32MB - for 16 minutes' anti-skip playback and provides up to eight hours' continuous music play thanks to an 820mAh battery. Gateway announced its first own-brand MP3 player back in November 2003, a 20GB hard drive-based model, the DMP-X20, pitched at the standard iPod. Originally, due to ship later that month, it never did. Gateway has since offered a range of music players, most of them Creative products, but nothing under its own name. Until now. The MP3 Photo Player is set to ship on 15 November for $250. ® Related stories Gateway reveals iPod clone Apple unveils color photo iPod iRiver ships Linux portable media players Apple preps 'black iPod' U2 limited edition promo Archos unveils 20GB iPod Mini-sized player Dell to ship iPod Mini rival next month Creative unveils 5GB Zen Micro Virgin unveils 5GB mini music player
The United States Air Force is commissioning a fleet of 277 F/A-22 Raptor fighter jets at a cost of $260m each. The first, which was due to be completed on Wednesday this week, is to join a fighter squadron close to Washington, DC. According to Lockheed-Martin, the plane has been in theoretical development since the 1970s when it became apparent that new military threats were arising that the F-15 would not be able to handle. According to the LM site: A new generation of fighters is under development in several countries around the world today. The advent of these new fighters, as well as the continuing export of current air defense and adversary advanced fighter technology to the Third World, put the United States' ability to gain and maintain air superiority, much less air dominance, at increasing risk. The formal design process began in 1985. Astute readers will note that the military threats the US and its allies faced in 1985 are quite different from the threats we all have to deal with today. This is just one of the strands of controversy running through this project. Another sticking point is the cost: at $260m each, these are the most expensive fighter planes in the world – putting even the $45m F-117 Nighthawk in the shade. It is also around four times the original estimate, and as costs spiralled, Congress moved to scrap the project in its entirety. However, pressure from military contractors and union groups kept the contract aloft. The 62-foot Raptor certainly has some impressive sounding stats. Its two engines are Pratt & Whitney F119-PW-100 turbofan engines with afterburners and two-dimensional thrust-vectoring nozzles. Each engine is in the 35,000-lb-thrust class, which means it’ll cruise along quite happily at Mach 1.5 (1,142 mph), but if you’re in a hurry, it’ll top out at Mach 2. By contrast, the F-117 Nighthawk stealth fighter whipped along at a mere 640mph with two General Electric F404 engines with 10,500-lb-thrust each. The B2-Stealth bomber has four, 17,300-lb-thrust engines, but is a long-range heavy bomber, rather than a fighter jet. The Raptor is also invisible to radar, and has a massive weapons capacity. It has three internal bays on the underside of the craft with room for six medium-range, radar-guided air-to-air missiles and two, short-range, heat-seeking Sidewinders. It also has an internal M61 A2 20mm cannon, big brother to the M61 Gatling gun. External bays can take more weaponry, or additional fuel tanks. So, lots of speed, lots of firepower and a great big bill. A report on The BBC notes that the first F/A-22 rolling onto tarmac coincides with Lockheed-Martin announcing a 40 per cent rise in profits. The company is now processing an order for the next-generation fighter jet, the F-35 that both the US and the UK have signed up to buy. ® Related stories Boeing and IBM team up for defence Polymer researchers probe self-healing fuel tanks Eurofighter at risk of 'catastrophic failure'
The world's two largest chip foundries, TSMC and UMC, posted their latest quarterly results this week, each showing solid sequential and year-on-year growth. However, both companies warned of harsher trading conditions ahead, on the back of big declines in fab capacity utilisation. TSMC said sales totalling TWD69.74bn ($2.07bn) yielded a net income of TWD27.93bn ($830m) during its third quarter, which, like UMC's Q3, was completed at the end of September 2004. The foundry's sales were up 27.1 per cent year on year and 7.5 per cent sequentially, on rising wafer shipments and higher average selling prices. Net income grew 84.1 per cent on Q3 2003 and 19.3 per cent on Q2 2004. UMC reported record net income of TWD10.91bn ($320m) on record sales of TWD34.58bn ($1.02bn), up 60.5 per cent year on year and 18.5 per cent on the previous quarter. However, UMC added that it expects sales to drop during Q4 before rising again in Q1 or Q2 2005. Indeed, Q4 will see capacity utilisation fall to 70 per cent, CEO Jackson Hu admitted. Similarly, TSMC said its capacity utilisation will be down in Q4, to 85 per cent. Over the past few quarters, it has been running at over-capacity, and UMC hasn't been far behind. In short, the inventory issues affecting the rest of the chip industry are finally filtering through to the foundries as their chip-selling customers cut back in response to weaker demand from their own customers. TSMC didn't acknowledge the cause of such a large drop in utilisation - 20 per cent, effectively - alluding instead to "some near-term softening in customer demand", according to CFO Lora Ho. UMC's Hu was similarly dismissive of the abrupt decline in utilisation, preferring to point out instead the company's belief that the dip will be a short-term one. "The future of the foundry industry is bright, despite the recent slowdown in the semiconductor market," he said. "We have seen strong demand for advanced process technologies and sustained strength in outsourcing trends. We believe that these factors will be the primary drivers for a recovery for UMC within the next two quarters. We are therefore maintaining our capex level as planned." ® Related stories Chip foundries post positive Q2 gains Chip biz breaks quarterly fab spend record UMC techies boost SOI chip speed by 30% UMC ramps 90nm process to volume output TSMC asks US to ban SMIC chip imports Mobile apps will drive Taiwan silicon
Cash'n'CarrionCash'n'Carrion Since we've just restocked our ever-popular "My job went to India and all I got was this lousy t-shirt", er, t-shirt, we thought that this would be a good opportunity to show the outsourcing apparel masterpiece "in the field". So, cue pic of none other than Reg Strategy Boutique head honcho Pranav J. Oza sporting said shirt after a triumphant completion of this year's London Marathon. Those readers who have ever wondered about the long-term effects on the human body of continual exposure to joss-sticks and whalesong, followed by a swift 26-mile jog for charity, need only examine Pran's Powerpoint-presentation-ravaged visage. Enough said. Still, at least he's still got a job to call his own - even if years of synergistic brainstorming of the Reg brand frontage will eventually do for him. That's more than can be said for all those unfortunate former callcentre operatives whose jobs ended up in Bangalore and who are now scouring slag heaps for scraps of coal with which to warm their malnourished, weeping children. The solution to this humanitarian tragedy? Simple - they should get themselves down to Cash'n'Carrion and buy huge quantities of our India outsourcing shirt with which to swaddle their mewling newborn infants against the winter chill. Or, they could simply wear one down the pub where sympathetic employed people will buy them beer out of embarrassment and pity. The "My job went to India and all I got was this lousy t-shirt" costs £14.03 (£16.49 inc VAT) and features a full-colour transfer print lovingly hand-pressed onto the garment by eight-year-old Indonesian children. It's available - as is the local custom - in sizes ranging from small to XL. And that concludes this shameless plug for our merchandising tentacle. We would just like to add that Pranav J. Oza is available for rebranding flip-chart presentations at weddings, Bar Mitzvahs and funerals at reasonable rates including a discount for students, OAPs and struggling dotcom start-ups. ® Cash'n'Carrion newsletter Sign up here for our monthly merchandising email and receive advance notification of all new products which will be pre-offered exclusively to subscribers at a discounted rate. You'll also get a headstart on drastic end-of-line reductions and special offers.
Four in ten IT workers have been sick at their Christmas party while more than third admit to snogging their boss or a colleague, according to research from Sussex internet outfit Sigmer Technologies. The research doesn't reveal what proportion of people threw up before snogging their boss. Although the annual yuletide festivities may seem like an age away, IT departments around the UK are already booking their parties. Yet this survey reveals just what goes on when workers let down their hair. As well as throwing up and snogging, a quarter admitted to insulting their boss while a similar number said they'd engaged in some "embarrassing behaviour" such as flashing, falling over or photocopying intimate body parts. Part of the reason for this behaviour appears to be down to the fact that two thirds of firms provide free booze for their Xmas parties fuelling all sorts of shenanigans. That said, it's not all fun and games. A quarter of respondents said that their office Christmas party was "so poor, they wished they’d stayed at home". While one in 20 IT professionals felt their office Christmas party could be improved by a change of location to an ice-rink. Don't ask. ® Related stories HDTVs and iPods set to be Xmas crackers BOFH's Xmas Xperience The BOFH Christmas Spirit
Extortionists have threaten to send out images of child abuse in emails in the name of Blue Square unless the online gambling site hands over €7,000 ($8,900). The sick telephone threat followed a five-hour distributed denial of service attack against the popular site earlier this week, the BBC reports. This DDoS attack was accompanied by an email from Serbia on Monday threatening that the assault would be intensified unless Blue Square paid €7,000 into an account. This DDoS attack was successfully thwarted only to be followed by a phone call to the firm's IT director from a man with an "East European accent" threatening to damage Blue Square's brand by distributing child porn material in its name unless money was handed over within 48 hours. "This is a new twist on the standard 'distributed denial of service' attack," Ed Pownall, communications officer at Blue Square, told BBC News. "Because we can now repel their online attacks so quickly this is obviously an attempt to ramp up the intimidation. It is just revolting." The firm has decided to speak publicly about the issue so that recipients of any depraved emails will know it is not from Blue Square. The attack against Blue Square, launched from compromised PCs in South America, is the latest in a long series of DDoS attacks against online gambling sites, which have intensified this year. In July three men suspected of masterminding a cyber-extortion racket targeting online bookies were arrested in a joint operation between the UK's National Hi-Tech Crime Unit and its counterparts in the Russian Federation. The trio, who investigators reckon netted hundreds of thousands of pounds from the shakedowns, were picked up in a series of raids both in St Petersburg, and in the Saratov and Stavropol regions in southwest Russia. Extortion is not the only motive behind DDoS attacks. In August six men were charged by the Californian courts over the first-ever case involving the use of sophisticated denial of service attacks directed against business rivals. Jay Echouafni, chief exec of Orbit Communication Corporation in Massachusetts, along with a business partner allegedly hired computer hackers in Arizona, Louisiana, Ohio, and the UK to launch computer attacks against Orbit online competitors. "These sustained attacks allegedly began in October 2003 and caused the victims to lose over $2m in revenue and costs associated with responding to the attacks," according to investigators. Echouafni, who faces a five-count federal indictment, is on the run. The modus operandi of DDoS attacks, whatever their motives, remains broadly consistent. Worms such as MyDoom and Bagle (and Trojans such as Phatbot) surrender the control of infected PCs to hackers. These expanding networks of zombie PCs (dubbed 'botnets' by the computer underground) are most often used for spam distribution but they also serve as effective platforms for DDoS attacks. Attacks typically start with crude SYN Flood attacks. If that doesn't scare targets into paying then attackers resort to more sophisticated attacks (SYN Floods, UDP Floods, NB-Gets, ICMP Ping Floods and UDP Fragment Attacks). The effect on unprotected sites can be devastating. ® Related stories Feds bust DDoS 'Mafia' Extradition ruled out in bookie extortion case Russian extortion gang faces 15 years Online extortionists target Cheltenham WorldPay struggles under DDoS attack (again)
Open Source Software is now a viable and credible alternative for government, says a report published yesterday by the UK's Office of Government Commerce. The report, detailing the verdict on a series of proof of concept trials of OSS, which were carried out in conjunction with Sun and IBM over the past year, notes that the three main areas of implementation are at different stages of maturity, but notes that cost savings can be achieved, and signposts OSS' attractiveness as a possible escape route from vendor lock-in. The OGC is not by a long chalk evangelising open source. On the contrary, throughout the document it maintains a measured and balanced tone, addressing the issue of whether it's feasible to consider OSS against proprietary systems in national and local government procurement, and if so, what kinds of roles represent the 'low-hanging fruit' where OSS can be deployed most cost-effectively. So the OGC is not saying that UK government should switch to open source as a matter of policy, it is saying that in many areas OSS can be better, and more cost-effective, than proprietary solutions. Ironically, one pilot study where proprietary lock-in proved such an insuperable problem that the pilot had to abandoned took place at, er, the OGC's executive agency, OGC Buying Solutions. Proprietary lock-in also seems to have been rather more of an issue when it came to communicating with central government systems than it was elsewhere, so Whitehall clearly has some distance to go before it can walk the talk. The report finds that OSS is "viable and credible for infrastructure and for meeting the requirements of the majority of desktop users." Desktop deployments are still limited by "lack of complex functionality", while "for business applications, the lack of Open Source products to compete with large-scale proprietary enterprise-level products" is also an obstacle. It recommends that public sector bodies should "examine carefully the technical and business case" for OSS implementation, consider it for server consolidation, and consider the potential costs and benefits of "migration to an OSS desktop for transaction users, (potentially in conjunction with use of 'thin client' architecture solutions)". The longer range recommendations are more interesting. It suggests identifying the role of open standards in future strategy, taking account of the eGov Interoperability Framework (eGIF), developing skill in OSS development, deployment and operation, reviewing infrastructure and apps well ahead of any planned procurement and renewal, and considering the benefits of incremental change that involves OSS deployment. The forward planning should "determine whether current technologies and IT policies inhibit future choice" and if so, "what steps may be necessary to prevent future 'lock-in'", while suggested incremental changes are in the areas of "Email, LDAP, Web and internet Browser." The lock-in issue comes up repeatedly in the document and the pilot reports and case studies included with it; unsurprisingly, given that the OGC's prime directive is to achieve value for money in government purchasing, and single vendor scenarios are therefore from its point of view A Bad Thing. It isn't however the OGC's role to define overall government IT strategy and policy, so the OGC cannot itself provide a specific answer to the question, 'fine, but where do we go now?' That role falls to the e-Government Unit (formerly the Office of the e-Envoy) which is due to publish an update to its OSS policy shortly. The individual pilot and case study reports are interesting reading in their own right. The MoD Defence Academy, for example, has a Linux-based system using Apache, Zope and Plone, and takes the view that an OSS server infrastructure "is inherently more secure than one based on proprietary software." Central Scotland Police is another notable user, while StarOffice and OpenOffice are (depending on the level of requirements) viable as deployments on both OSS and Windows platforms (the case study with 5,000 StarOffice licences which doesn't want to be named is probably, by the way, Bristol Council, which by a miraculous coincidence in currently known to be deploying 5,000 StarOffice licences). A government department which also wishes to remain anonymous meanwhile volunteers the information that it thinks "the Microsoft monopoly position [is] unhealthy from a procurement viewpoint". Even in the cases where existing systems blocked cost-effective OSS deployment, the view of the subjects tends to be not that OSS is therefore a route that they should not go down, but that they should examine how they got locked in, and investigate how they might be able to break out in the future. Ofwat's experience with its Aquarius software (which uses Excel and relies on Visual Basic macros), for example, "suggests that any new software project should be planned using open standards to allow maximum choice of desktop in future." This sort of talk sounds ominous for Microsoft, but as recent trends in UK government IT procurement have indicated, it isn't necessarily wholly positive from the point of view of the average open source developer. The focus on value for money (a charge that's been led by the OGC) has contributed to the concentration of contracts in the hands of a very few large companies, the NHS IT project (where the most widely-used current GP system is actually being squeezed out) being the most obvious example right now. There is a danger that giving OSS the government seal of approval will simply put Sun and IBM forward in bids as Linux-toting Tweedledums to Microsoft's Tweedledee, and that these two will be just as capable of locking customers in as Microsoft is. An OGC spokesman stressed to The Register that this was not the intention, and that the organisation was aware of the importance of smaller developers. "We look at innovation, we don't look at headcount, and you can quote me on that," he said hopefully. So we did. Microsoft issued a statement on the report, saying: "We understand that it is the role of Government to promote a level playing field and to foster increased competition in any market. However, having read the report in detail the findings do not align fully with feedback we regularly receive from our customers in the market place who have evaluated Microsoft software against Open Source software. We would encourage interested parties to read the report, its recommendations and conclusions, in detail in order to enable them to reach their own informed conclusions." The report can be found here, while other Government OSS policy documents can be found here. ® Related stories NHS OSS white paper is 'disappeared' 'Independent' report used MS-sourced data to trash OSS Gov.UK and MS upgrade licensing deal OGC streamlines purchasing portals Gershon retires from the Office of Government Commerce Microsoft, Sun, IBM and the war for government desktops Open source not ready for desktop, IBM told UK government
An international team of astronomers has identified the surviving companion star to the 1572 supernova explosion witnessed by the Danish astronomer Tycho Brahe. This looks to be the first piece of direct, physical evidence that supports the long-standing theory of how this particular type of supernova explosion actually occurs. Supernovae are classified according to the elements that can be identified in their spectra. Broadly, they are split into Type I and Type II. Type II has a so-called Balmer line, a spectral line indicating a particular transition within the hydrogen atom, while Type I does not. Each main type is further divided — Type I into a, b or c classifications. Type Ia supernovae are characterised by strong silicon emission lines. Type Ia supernovae, of which the Tycho Brahe explosion is an example, occur when a white dwarf star begins to suck in matter from a companion star, usually when it reaches its red-giant stage. This continues until the white dwarf star becomes so massive that its internal pressure is no longer sufficient to support the outer layers, and the star collapses in on itself. The threshold is known as the Chandrasekar limit, after the Indian physicist who first calculated it. In the case of the 1572 explosion, when the white dwarf exploded, the companion star was released from its gravitational influence like a stone being thrown by a sling. It went hurtling off into space with its orbital velocity being retained. This is what alerted the astronomers to its existence. This new research, published today in the journal Nature, identifies the likely companion star to the now-exploded white dwarf. The team studied the star for seven years, using a variety of telescopes, including Hubble, to track how it is moving against the background. Their results show that it is moving three times faster than anything else in the region. Pilar Ruiz-Lapuente of the University of Barcelona, led the research. She notes that this is the first evidence of any specific type of companion star: "Here we have identified a clear path: the feeding star is similar to our sun, but slightly older," she said. However, there are alternative suggestions, both as to how the star could be moving so fast, and of how a type Ia supernova can occur. It is possible that the star is falling to the area from another region known as the galactic halo. Type Ia supernovae can also be generated by a double white dwarf system in which the stars fall into one another, and their combined mass sends them over the Chandrasekar limit. ® Related stories X-ray fireworks could signal supernovae Smart telescopes probe galactic mysteries Astronomers probe Cassiopeia's secrets
George Bush has seen off some stiff competition to win Total Film magazine's movie Villain of the Year, the London Evening Standard reports. Bush was awarded the honour for his role in Michael Moore's Fahrenheit 9/11 and in the process eclipsed the contributions of shortlisted Doctor Octopus, Leatherface (The Texas Chainsaw Massacre), Gollum and Elle Driver (Kill Bill) to the cause of world villainy. Total Film editor Matt Mueller told the Standard: "It is possible that people have been a little bit tongue in cheek here, but they are also saying that Bush was very scary in Fahrenheit 9/11. He was absolutely terrifying in that film. He looked like a man who had lost control - the famous scene where he sits there in a school, absolutely paralysed, after being told about the twin towers, is just one example." Around 10,000 people took part in the Total Film poll - which will be published in full in the magazine's next issue on 4 November, just two days after Americans flock to the polls to vote for their "US Presidential Candidate of the Year". ® Related stories Bush website conspiracy theories darken skies Bush website adopts isolationist stance Lime-sucking Brits absorb heavy US flak Guardian US vote wheeze down in flames Stop calling George 'Dubya', you a**sholes
Wanadoo UK - formerly Freeserve - has lost almost quarter of a million punters over the last year but insists its strategy to concentrate on broadband is delivering results. At the end of September, Wanadoo UK had 2.44m users - down from 2.67m a year ago. However, while the number of narrowband punters has dropped steadily broadband growth has been impressive, with numbers growing from 68,000 a year ago to 442,000. Much of this growth is down to Wanadoo UK's aggressive pricing in the marketplace as it slashed the cost of its entry-level service to £17.99 a month in April before doubling the service speed a few months later. At the same time the average revenue generated per user (ARPU) per month has increased from €8.1 (£5.63) to €10.7 (£7.44) and Wanadoo UK maintains that it is "on track to make EBITDA target for the end of the year". A spokeswoman for Wanadoo UK said: "We did expect to lose some narrowband customers as a result of our focus on broadband. We are thrilled with our broadband customers and look forward to growing our base even more. Our vision is to be the UK's most popular broadband services operator." In February this year Wanadoo UK said that it was to make a big push for broadband this year in a change of strategy away from dial-up. At the time a company source said: "This is the year for broadband for us - we're going for it." Yesterday, rival AOL UK announced that it now has more than half a million broadband punters in the UK and a total customer base of some 2.3m customers in all. ® Related stories AOL UK cuts cost of broadband Wanadoo UK punts 1Mb ADSL for £18 Wanadoo UK racks up 192k broadband punters Freeserve to sell capped, cut-price broadband
The UK's e-Government Unit, formerly the Office of the e-Envoy, has finally published the long-awaited update to its policy on open source software in government. But if it didn't have version 2 and today's date on the cover, you might have difficulty spotting it. The new policy says first, "UK Government will consider OSS solutions alongside proprietary ones in IT procurements. Contracts will be awarded on a value for money basis", which is what the last one said. Then it says: "UK Government will only use products for interoperability that support open standards and specifications in all future IT developments." Which again is exactly what the last one said. And so it goes on through "UK Government will seek to avoid lock-in to proprietary IT products and services" and "UK Government will consider obtaining full rights to bespoke software code or customisations of COTS (Commercial Off The Shelf) software it procures wherever this achieves best value for money" to the fifth and last point, which previously said the Government would explore further the possibilities of the use of OSS as the "default exploitation route for Government funded R&D software", but has now been updated. Whew. The policy now reads "Publicly funded R&D projects which aim to produce software outputs shall specify a proposed software exploitation route at the start of the project. At the completion of the project, the software shall be exploited either commercially or within an academic community or as OSS." And there's a footnote to this specifying that this policy won't apply in the areas of defence, national security or law enforcement, or to "software developed by Trading Funds." There's a story behind the change, and the length of time it took to make it. The Register's sources indicate that the Office of the e-Envoy's consultations over this reached a climax of acrimony and bloodshed over a year ago, as warring camps vied over rival licensing models. What we have now might to taken to indicate that the policymakers have deemed it prudent to step back from the cowpat of overtly recommending any specific licence, which is sensible. In the "Next Steps" section (which is the more important part of the document), it says "DTI, eGU and JISC will disseminate information on the distinct types of OSI compliant licenses to support use, development and exploitation of OSS by government organisations and publicly funded R&D teams", so depending on what this information consists of, there may still be recommendations regarding licence models to use. It also commits to publicising and pushing the R&D policy, and says that: "DTI Research Councils and JISC will explore the feasibility of providing unified access to publicly funded R&D OSS", which while not entirely clear suggests some form of central resource is envisaged. Other action points cover the use of open source in the public sector. This, considering the probability that it's been the R&D exploitation aspect that's been holding things up, might have been more usefully be viewed as a separate issue by government. But here it is with the R&D anyway. The "issues involved in supporting the information assurance requirements of OSS for use in government systems" will be examined, and the OGC will "disseminate the lessons" of its proof of concept trials (link below) while the e-Government Unit (which we see has decided to call itself eGU), "will explore with Government, industry and other stakeholders further activities to support OSS use in the public sector." So we're not necessarily doing something, but we're exploring to find the some somethings we can do. It's forward motion of a sort. The new policy has passed muster with the Institute for Software Choice, which numbers Microsoft among its backers and is generally ready to leap on any sign of government evangelisation of open source. But The Register finds its European director, Hugo Lueders, a reasonable and engaging cove anyway. According to Lueders: "Existing commitments regarding neutrality in the public procurement of software have been bolstered by this new provision [the extension of neutrality into the exploitation of publicly-funded R&D] which, among other things, requires researchers to define the exploitation route for publicly funded software research before they start. From now on, rather than obliging researchers to distribute the results of research under an open source license where no mode of exploitation is specified, the UK’s policy maintains neutrality as regards all development models." This, we should point out is an obligation that might have happened, rather than one that had been specified in policy version 1. But close enough, Hugo, all friends for the moment, right? ® New policy document Related stories Open Source ready for prime time in UK.gov, says OGC NHS OSS white paper is 'disappeared' 'Independent' report used MS-sourced data to trash OSS Gov.UK and MS upgrade licensing deal OGC streamlines purchasing portals Gershon retires from the Office of Government Commerce Microsoft, Sun, IBM and the war for government desktops Open source not ready for desktop, IBM told UK government
Sunspot activity is more intense now than at any point in the last 8,000 years, according to researchers at the Max Planck Institute in Germany. The solar scientists have constructed an 11,000 years record of solar activity based on tree ring data, and discovered that the last 70 years have been particularly spot-filled. However, the results should not cause alarm, the scientists say, because 8,000 years ago there was a period of similar intensity, suggesting that the sun naturally cycles through more and less busy times. Sami Solanki, the scientist who led the research, says the sun will probably calm down again in the next few decades. To track solar activity using trees, the researchers had to go looking for the presence of particular isotopes, like carbon14 and beryllium-10, that are formed in the atmosphere when cosmic rays – radiation from deep space – impact the planet. The sun deflects much of the cosmic radiation that would otherwise smash into the planet, but when solar activity is more intense, it deflects even more. As trees grow, they absorb the carbon in the atmosphere and preserve a record of that particular year’s level of Carbon-14, among other things. So, by measuring the amount of the isotopes in each year of tree growth, or each tree ring, the researchers could identify periods of greater or lesser solar activity. Sun spots and exactly how they affect the Earth’s climate is the subject of considerable scientific investigation. Our understanding of exactly what causes them is incomplete, to say the least. What is known is that they are caused by fluctuations in the sun’s magnetic field, which in turn is created by the ionised gas inside the sun acting like a dynamo. Whether or not the spots affect our climate is a more contentious issue, and researchers hope this record could help settle the debate. ® Related stories Cassini gives Iapetus a wide berth Missing galaxies puzzle scientists Stunt choppers to retrieve Genesis probe
Sourcefire, the company founded by the creator of the open source Snort intrusion detection system, has added improved vulnerability detection technology to help customers bolster their security defences. The real time network analysis offered by its Sourcefire 3D system can place security events in context and thereby help reduce the frequency on false alarms by up to 90 per cent, Sourcefire claims. Users can use the technology to enforce policies based on the correlation of detected threat with network vulnerability and asset data. Sourcefire said its Real-time Network Awareness (RNA) Sensors score over vulnerability scanners because they provide constant feedback through passive detection of network activity rather than the snap shot offered by the "potentially disruptive" scanner approach. False alarms - such as alerts about Nimda-style attacks launched against Linux server farms - have been the Achilles heel of intrusion detection systems, the network equivalent of burglar alarms. In response the industry has moved towards intrusion prevention systems (IPS) which automatically block a subset of well-understood attacks. Martin Roesch, founder and CTO of Sourcefire and creator of Snort, said that intrusion prevention and firewall technologies would converge. Firewalls alone can't deal with problems like Nimda-style worms spreading across internal networks and stand-alone intrusion prevention technology fails to defend against anything other than well-known attacks, Roesch argued. "Intrusion prevention is a partial solution because the technology is purely signature based or, in the case of defending against DDoS attacks, rate based. Use of the technology can also creates a bottleneck on the network," Roesch told El Reg. He contrasted the intrusion prevention technology with Sourcefire 3D's learn, block and correct approach. "Users could put our sensors inline if they wanted to. We can deliver intrusion prevention by other means," he said. Firewalls were traditionally designed to guard against network-level attacks - such as IP spoofing and port/network scans - but as more sophisticated application-layer attacks, such as worms and exploits of known software vulnerabilities, have become increasingly common a need has arisen to rejig corporate defences. That much is common ground between Sourcefire and intrusion prevention systems (IPS) vendors. Leading IPS vendors, such as Top Layer, argue that rather than loading extra application-aware intelligence into firewalls better performance can be obtained by using standalone intrusion detection and prevention, such as its Attack Mitigator IPS 5500. It would argue its hardware-based technology is superior at automatically blocking attacks. Sourcefire 3D, released in the US earlier this quarter, is available in Europe from today (28 October). System prices start at approximately $40,000. ® Related stories IPS firm TippingPoint launches European offensive NetScreen touts firewall brawn Cisco buys anti-DDoS firm Don't put app protection on your firewall, Mr Jones (in praise of standalone IPS appliances)
Amstrad is to splurge £2m in the run-up to Christmas advertising its new email-enabled home videophone - the Amstrad E3. The new device was unveiled in September by boss Sir Alan Sugar in a bid to bring video telephony to the masses. The E3 provides the same voice telephony and email services as its predecessors, the em@iler and em@iler plus, but adds a colour display, an integrated digicam and support for MMS messaging, both incoming and outgoing. Retailing at £99, Amstrad is hoping it will appeal to punters in the run-up to the busy Christmas shopping period. Announcing the nation-wide press campaign Amstrad Commercial Director Simon Sugar said: "The E3 is the perfect way for loved ones to see each other - whether they are across town or on the other side of Britain. So though they may see each other in person over Christmas lunch, now with the E3, they can see each other every day." Surely that's a reason for not buying the blessed thing? ® Related stories Em@iler drives Amstrad to increased profit Amstrad unveils £99 videophone HDTVs and iPods set to be Xmas crackers
Reg reviewReg review Vodafone's massive marketing campaign for its RIM-made 7100v is proof enough that the mobile phone networks believe that businesses are desperate for mobile email and that they think most handsets' SMS-oriented keypads won't hack it. It's not just the networks - PDA vendors on both sides of the Palm OS-Windows Mobile divide are touting email on the move for businesses as a key feature of their products.
Orange - the mobilephoneco owned by France Telecom - reported strong customer growth during Q3 adding 1.3m new punters in all. France saw the biggest influx with the addition of 207,000 new customers, while the UK added 140,000 new users. Its "Rest of the World" segment (Orange, segment, geddit? [Clear your desk, you're fired - Ed]) also did well nudging the company past 52m customers around the world. Revenues skipped in at €5.2bn (£3.6bn) in the three months to the end of September - up 9.1 per cent on last year. In the UK, the average annual amount each punter spends with Orange was up £4 to £274 buoyed in particular from revenue from non-voice services. Three weeks ago, Orange UK announced that a number of techie jobs faced the axe as part of ongoing restructuring plans "designed to make Orange more efficient in a highly competitive market". Although Orange decline to say how many faced the chop it's estimated that as many as 300 people could be getting the boot. ® Related stories Orange Mobile Office 3G data card Orange moots 3G delay Orange UK to squash techie jobs
US scientists have taught a monkey to operate a robotic arm to feed itself using only the power of its thoughts. The experiment was revealed Tuesday at a meeting of neuroscientists in San Diego, The Guardian reports, and involves interception of signals from the brain by electrode probes. The signals are interpreted through an algorithm and transmitted to a robotic arm. The robotic arm consists of a mobile shoulder, elbow and gripping device. The onus was on the monkey to learn exactly how to control the arm to achieve a satisfactory result. The team placed food randomly around the restrained monkey, and it 'thought' the required sequences to get the arm to pick up the food, through trial and error. Four years ago a team from Duke University, Durham, North Carolina, used electrode brain implants to link a monkey to the internet to allow it to move a lever 600 miles away in Massachusetts. In 1999, two people with advanced motor neurone were able to compose sentences on a computer by thinking about moving their fingers. It is hoped that this technology will one day be available to help people with spinal cord injuries. ® Related stories Brits design fly-eating autobot Captain Cyborg to risk all for science
O2 maintains that it has resolved a billing issue that is currently being examined by Ofcom after OpenAir - a former O2 reseller - had sent a 67-page report to the regulator detailing allegations that the mobile operator overcharged some of its punters. In one example, it was alleged that O2 billed a business customer £28,000 a month for running 125 O2 phones when the punter should have been billed less than £1,000, said OpenAir. Responding to the allegations O2 said: "We can confirm that OpenAir has passed a report to Ofcom on the wholesale billing issue, which O2 has fixed, and we are in open discussions with Ofcom about the historical billing issue. Ofcom has drawn no conclusions and taken no actions as yet." Separately, O2 has admitted that some of its punters were hit by a billing problem over the summer. As a result they were not charged for any calls that weren't included in their tariff bundle agreements. The glitch - which hit fewer that one per cent of its punters - was caused after O2 migrated punters from a series of inherited old billing systems to a single new system. O2 now intends to bill the punters in November but has offered them a discount. Said the company in a statement: "During the recent migration of customers from one old billing system to this new system, a small percentage of customers (less than 1 per cent) were affected by a technical problem in which they were not billed for calls made outside their inclusive monthly bundle. "This problem has been resolved, all affected customers have been notified and, as a goodwill gesture, given a 25 per cent discount on their next bill - which includes these calls, roaming calls (e.g. calls while abroad) and their normal monthly charges." "While we can't guarantee that there will never be a billing error, we do guarantee that any billing issues are dealt with swiftly, proactively, and in the customer's best interests, offering credit and/or compensation where appropriate." The discounts will cost O2 around £2m, the company said. ® Related stories Ofcom probes O2 billing blunder claims O2 sues 3UK over ad bubbles MP fingers O2 in overcharging rumpus O2 denies 'overcharging' phone users O2 billing blunder cuts off thousands
Static Control Corp. (SCC) has won an appeal that will allow it to resume the sale of replacement ink cartridges for Lexmark printers pending the resolution of a lawsuit between the two companies. The ruling by the US Courts of Appeals, Sixth Circuit, on Tuesday (26 October) overturns a February 2003 injunction and as is a significant victory for SCC. However, the case is yet to go to trial. Lexmark filed a lawsuit claiming that SCC’s Smartek 520/620 chips violated the US's controversial Digital Millennium Copyright Act laws in December 2002. In February 2003, Judge Karl Forester issued a preliminary injunction banning the sale of Smartek replacement chips by Static Control Components for the Lexmark cartridges, a ruling now lifted by the appeal court. “We have asserted from the outset that this is a blatant misuse of the DMCA and the Sixth Circuits’ ruling solidifies and supports our position that the DMCA was not intended to create aftermarket electronic monopolies,” said Ed Swartz, chief executive of Static Control. "Not only is this a victory for our company and our industry, it is a major victory for the consuming public and American companies." The appeal court's ruling can be found here (PDF). The Electronic Frontier Foundation has published background on the case here. ® Related stories Lexmark unleashes DMCA on toner cartridge rival Lexmark wins Round 1 in DMCA chip case Lexmark loses round 2 in DMCA chip case Printer ink seven times more expensive than Dom Perignon EU recycles Lexmark ink cartridge probe
Several of the largest makers of touch screen ballot machines are submitting at least some of their source code to the National Software Reference Library, the Associated Press reports. This is so that election officials can compare hashes of the original software to hashes of the software they've got, and detect tampering. The publicity stunt is meant to engender public confidence in the design of the machines, but it actually raises more suspicions than it eases. "Voting machine makers said Tuesday they would not submit their most valuable data -- their proprietary source code. And they might not provide the library with copies of software patches, updates and upgrades," the wire service says. Code withheld does imply that the companies have something to hide, like slack work, for example. And since the potential for last-minute patching is quite real, omitting patches from the library makes it impossible for officials to verify ones they are issued, perhaps only days before an election. It's clear that negative press has worried the vendors about public confidence in their kit, and they would do just about anything to address it, short of opening their source code, libraries, and compilers to rigorous third-party examination. No doubt this would reveal numerous snafus, which is why it's not happening. Similarly, their apparent desire to patch at will, without pre-certification and verification mechanisms, itself implies that there is a lot wrong with their software, and raises questions of tampering, by making it too easy for 'unofficial' software to be installed. So this 'library' approach addresses one problem, that of verifying the software one has been issued, but doesn't actually solve it. One might verify one's software with the official checksums three months before an election, then find, after two or three patches have been installed, that (of course) the checksums no longer match. It then becomes impossible to determine whether or not this situation indicates a problem. All you can say with confidence is, you had the right software installed three months earlier. This development will remain a meaningless publicity stunt until security protocols are developed, and mandated by law, requiring that all software be tested and approved by a government body, and that no untested, un-approved software can be installed. This must include all source code, compilers, libraries, and patches. And it is not enough merely to make the checksums available; it must be illegal to deploy a machine unless all have been verified. Touchy screens In related news, briefly, there have been anecdotal reports of touch screen machines registering the wrong choices. Because there are so many different types of screens, and because some use discrete and others continuous touch areas, it is impossible to guess the particular problem here. But we are, no doubt, going to hear a lot more such complaints on election day. We can hardly wait. ® Thomas C Greene is the author of Computer Security for the Home and Small Office, a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux. Related stories E-voting security: getting it right E-voting security: looking good on paper? Dutch e-voting software goes open source E-voting promises US election tragicomedy California preps e-voting ban bill Ireland to scrap e-voting plan California set to reject Diebold e-voting machines UK not ready for e-voting Campaign calls for safe e-voting
Letters specialLetters special Let’s just get straight to it, with a letter from a chap called Frank. Indeed, it is Frank’s letter that has prompted this particular letters special: There have been some rants in your letters pages recently about how the register should be getting out of political debate and sticking to IT. Keep the politics. First off, I like media organisations that wear their hearts on their sleeves. At least you have a chance of working out where they stand. None of this self-serving 'we are impartial' bollox dished up by most US media outlets. As to the staying in politics, well since IT is causing some of the most far-reaching changes in our society since the first industrial revolution, it's practically the duty of an organisation that reports on the technology to also report on its wider social effects. Cheers, Frank Well, Frank, in your honour (and because we can) here is a politics special, courtesy of our beloved readers. No surprise that we’ll start with your thoughts on the news that Bush’s website is only accessible from North America. Really John, it's very simple. It's a US election, why should the rest of the world have an opportunity to be privy to the interests of outsiders and Guardian letter-writers? (Though I'm still waiting for my personal 'gram from someone British and semi-important telling me the world will end if I don't vote for Kerry.) And if the new secrecy of the Bush website happens to involve a planned invasion of Britain, you really don't need to know that either. Scott "How many would-be visitors to GeorgeWBush.com - including US service men and citizens living abroad and now denied their God-given right to freely surf the Land of the Free - will wind up at the satire site, we wonder? We weep for democracy." I suspect that U.S. servicemen connect through a private encrypted network routed inside the U.S. thus allowing them on the site. Wouldn't want our enemies to listen to our communications you know. You should stick to IT related articles. Getting into U.S. politics is not your bag. Tom ...and you have a God-ordained monarch. How middle ages of you! :) Fire Yes, but we keep her strictly for ceremonial purposes... A suggestion as to the root cause of the blockade: I might be able to speculate for you on the lockout of GeorgeWBush.com, being a US citizen. It *might* have something to do with The Guardian, but there's a more likely to do with a series of attacks and vandalism episodes on the President's campaign assets. I don't know how much press it's gotten in the UK but there have been a string of outright attacks (for, oh, about a month now) on a few dozen campaign offices throughout the US. Mostly, they're break-ins, vandalisms, thefts. But, in a few instances, there have been shots fired on the offices during business hours and during a trade union inspired (though, not instigated) riot, one campaign worker's arm was broken. Given the fevered and oft violent pitch of some of Bush's detractors, they're probably afraid of a defacement or DoSing as the election closes down, so they're likely mitigating an attack. That's just my speculation, but given some of the things they've said about these raids, it makes sense. Best, Jared A bitter defense of the northern land's pinko leanings: As a Canadian I can assure you that our only broadsheet newspaper is not 'pinko'. The Sun is a chain of papers actually (http://www.canoe.ca/PlanetSun/home.html) and slightly right of centre by Canadian standards. Which I suppose still leaves them on the left anywhere else in the world. Aside from the Sun(s) and National Post (http://www.NationalPost.com) EVERY Canadian newspaper is 'pinko' so if that were the reason for blocking foreign access Canada would have been blocked first. Andrew I resent your implication that there are no 'Pinko Broadsheet Agitators' in Canada. Though originally from the UK, I assure you that anti-American sentiment increases the closer one gets geographicaly to the US. Canada's exemption to the blocking attempts is easily explained by my 197x copy of Funk and Wagnells Dictionary (US Published). Under the heading "War", it clearly states that the USA won the war of 1812, and therefore must own Canada... Mind you it also says that they won the Viet Nam war... Mel It might be blocked, but we can still see the site. And it doesn't take much in the way of hacking skill, either: I don't know if you've noticed, but https://georgewbush.com/ still works. And if you skip the host header you're still able to see the site. So whatever they tried to do, they did a crappy job doing it. Jonas However, you can access the website by the IP address. Look it up yourself, since putting the information out publicly my be aiding and abetting terrorist activities against the Bush website.... Mark Thoughts on the unofficial annexation of Canada: Regarding the bush website. It's likely canadiens can still acces it because the IP ranges we get are pretty much the same as internet users in the US, making it hard to block us without blocking users in the US as well. Frank Bush technocrats of course think that we in Canada are just another state of course ... OH GOD>..... I've been .... ... ... ... Dubya'd! *grin* Works from up here north of the 49th. Guess we Canadians will have to troop down there to whup butt again. Care to join us fellow Commonwealth types? Alistair Hey John, Seems to work from up here in Canuckistan as of 12:54 EST. Must be that whole longest-unguarded-border thing. Cheers, Chris Has Canada been anexed and I was not informed ? I can access www.goergewbush.com without a problem. Colin It seems that us Canadians are still being granted access to good o'l GWB Jr's website. While it's mightly neighbourly of them, I think I would perfer to be blocked too. Aaron Wellll.... FYI, we consider Canada as part of the US. (Except Quebec, quite a few of those damn cheese-eating surrender monkeys live there....) Flame On! :) Dennis The debate over the cause and outcome of the 1812 rumpus (not the Russian one, the other one) is still going on, and has become intermingled with accusations about our sobriety, and in some places, descended into something of a UK/US slanging match: I feel that I should point out to Mitchell, who certainly let off much built up aggression, and who knows - possibly jealousy in a recent email sent to the Reg, that the British may indeed enjoy a slight tipple or several at lunch time, but alas many people are simply following in one of the Greatest Britons of all time. Sir Winston Churchill was renowned for drinking during the morning, afternoon, evening and night and as himself quite simply put it "I have taken more out of alcohol than alcohol has taken out of me". Now to me if Sir Winston Churchill succeeded in so much, so pissed, so much of the time I am left wondering - why on earth a sober Tony and Bush are doing such a dire job? And on another note, if US citizens were angered by letters from Guardian readers encouraging them to vote and do their democratic duty, would they prefer that the US were invaded, the current regime done away with and a puppet government installed who took orders from the Kremlin? No I did not think so, and nor did the populations of the many countrys the US has sent troops to in order to stem the growth of communism and now 'The Axis of Evil'. Regards, Rit Just for the record, almost everyone here in the US loves Great Britain and most things British. While we would never have a Queen ourselves, we're perfectly content that you have one, and we love her almost as much as you must. Hundreds of thousands of US soldiers, sailors and airmen died on the contient of Europe so the UK could remain a free country. We would never let anyone, paticularly the French, endanger your realm. So, lay off the election or we'll kick your ass. Again. Paul Scholz Count the votes properly this time, or will send in the UN...oh, wait...Nevermind. "The 1812 war? That'll be when the USA tried to expand into Canada and got its arse handed to it by the combined might of the British and Canadian forces, right? Guess Bush supporters not knowing history makes sense... Michael Did anyone else spend a brief moment trying to work out what Napoleon's invasion of Russia had to do with UK and US relations..?" You must remember that as Americans we forget that other countries sometimes our role in history less important then their own. For us the war of 1812 was when we decided to get upity because the British were blockading our merchent vessels from landing in France, among other reasons. We only won one significant battle and that occured after the peace treaty was signed. It seemed that at the time Britian felt it had more pressing issues then to continue thumping us. Ed And thus endeth our political diversion for the week. ®
Google has acquired 3D mapping company Keyhole for an undisclosed sum, and announced that it's cutting the price of the consumer edition from $69.95 to $29.95. Keyhole's EarthViewer mapping service is a technical tour de force, making use of the 3D capabilities of modern PC graphics cards to do the heavy lifting, or rendering in this case. Earthviewer allows you to "fly" between specified points. EarthViewer came to widespread attention during the 2003 invasion of Iraq, when CNN, ABC and CBS used the imaging technology. Last Febuary Keyhole received an investment from In-Q-Tel, the CIA's no-profit investment fund. EarthViewer isn't the only Google technology that's useful to the intelligence community, of course, there's Gmail, too. Why would Google want Keyhole? Well, although the company wisely denies that it's becoming a portfolio, it does, like Yahoo! offer local information. However route planning and direction services, which are are a natural fit with local search, are missing. Google wouldn't disclose what it plans to do with the enterprise version of EarthViewer, but it adds another powerful tool to its armory. ® Related stories Google's Gmail: spook heaven? Google passes on portal Yahoo! acquires searchable email outfit Sauce settlement sours Google results Google finally fixes Desktop security vuln