16th > February > 2005 Archive

Cisco overhauls security line-up

RSA 2005RSA 2005 Cisco aims to help its customers fortify networked systems against a broader range of attacks. The scheme - dubbed Adaptive Threat Defense (ATD) - is designed to contain a wider variety of threats using network devices such as firewalls, intrusion prevention systems (IPS) and routers. Software upgrades across a range of Cisco products are designed to provide defence in depth against Trojans and spyware. The approach adds to Cisco's existing Network Admission Control (NAC) programme for curtailing the spread of worms (such as Slammer or Sasser) across corporate networks. "We're providing more sophisticated analysis versus siloed anti-virus defence," said Jayshree Ullal, SVP of the Cisco's security technology group. ATD has three components: Anti-X defences (adding network anti-virus, anti-spyware, and URL filtering to security enforcement technologies such as firewalls and DDoS mitigation devices); improved application security controls and improved network control and containment capabilities. These improved network control allow security services to be virtualised making it easier, for example, to apply more granular controls on VoIP traffic. Cisco announced the integration of its technology across various products in its security portfolio at this week's RSA Conference. It's available as either free software upgrades or as added blades to Cisco's router and DDoS mitigation appliances. Pricing and availability details can be found here. ® Related stories MS NAP aims to kill off Nimda-style outbreaks Cisco buys 'network bouncer' firm Perfigo Cisco, IBM and MS in network security love-in P-cube goes hunting for zombie PCs RSA 2005 All the Reg stories from this year's conference
John Leyden, 16 Feb 2005
DVD it in many colours

Sun speeds Opteron gear, squeezes SuSE

Solaris x86 ranks as priority one at Sun Microsystems, but the company has not forgotten about its Linux clientele. Fans of the penguin will see price cuts on older versions of Sun's Opteron-based servers as well as new, faster versions of this kit. Sun has thrown in a SuSE upgrade for its user base too. Sun has packed its servers and workstations with the fresh round of Opterons released this week by AMD. The company's hardware will now use the Model 252 and 852 Opterons, which run at 2.6GHz Customers will see up to a 20 per cent price reduction on Sun's V20z and V40z servers that use older Model 244/844 and 250/850 Opteron processors. A 22 per cent cut will also make its way to Sun's W1100z and W2100z workstations with the Model 150, 250 and 246 processors. These cuts go into effect on March 8. Along with the hardware, Sun announced that SuSE Linux Enterprise Server 9 will be supported on the Opteron systems. The SuSE OS joins Red Hat and Solaris x86 as options for Sun customers. Sun delivered this news at the Linux World conference where it is also hyping StarOffice 8 and Version 3.0 of its Java Desktop System operating system. ® Related stories HP celebrates Opteron, IBM doesn't Desktop Linux cracks Freak Mainstream Intel ships 2MB cache 64-bit Xeon AMD slashes processor prices AMD unveils next-gen 90nm Opterons
Ashlee Vance, 16 Feb 2005

Passwords? We don't need no stinking passwords

RSA 2005RSA 2005 Concerns over online security are continuing to slow consumer e-commerce growth. A quarter of the respondents in a recent survey have reduced their online purchases in the past year and 21 per cent refuse to conduct business with their financial institutions online because of security fears. More than half (53 per cent) of the 1,000 consumers quizzed believe that basic passwords fail to provide sufficient protection for sensitive personal information. According to the RSA Security-sponsored telephone survey, poor management of PINs and passwords for access to online services, desktop computer systems, ATMs and other electronic accounts is a major vulnerability. As a major supplier of two-factor authentication products and services that offer an alternative to traditional static passwords, the issues raised by RSA Security's survey are more than a little self-serving. That doesn't mean its analysis is necessarily wrong, though. More and more security experts are lining up against the use of static passwords for e-banking; in part because the technique makes consumers easy prey for phishers. Even so, obituaries for the humble password may be premature. Adi Shamir, professor at Israel's Weizmann Institute of Science and noted cryptographer, said: "Passwords are not completely dead. For low level security apps they are still sufficiently good. It depends on the application". One PIN to rule them all More than two in three respondents (65 per cent) quizzed in RSA Security's survey use fewer than five passwords for all electronic information access and 15 percent use a single password for everything. These figures are unchanged from a similar survey last year. John Worrall, VP of worldwide marketing at RSA Security, said: "The majority of consumers are aware of the problems associated with passwords, but until they are presented with a reliable, easy-to-use alternative, they're going to continue to exhibit poor password management practices." ® Related stories RSA cosies up to AOL as VeriSign enters token market Stunned pundit agrees with Gates over passwords Women are crap with PIN numbers - shock survey Brits are crap at password security Passwords are passport to theft RSA 2005 All the Reg stories from this year's conference
John Leyden, 16 Feb 2005
Cat 5 cable

EMC admits to iSCSI fleet

EMC this week fumbled its way through a new storage system launch, unveiling the fleet of iSCSI boxes that most of the IT reporting community had already unveiled. The big daddy of storage has officially introduced the Clariion AX100i, CX300i and CX500i systems to customers. As the names suggest, these are iSCSI-ready versions of existing Clariion boxes - with only the large CX700 not getting an "i". The new systems will sport the same prices as the standard, Fibre Channel gear. Price was one of the big issues hit on when word of the iSCSI hardware leaked out via "confidential" documents made unconfidential. The iSCSI systems have only half the performance of the Fibre Channel systems. Still, EMC reckons customers going the iSCSI route will save on switch and NIC card prices. One of the most attractive talking points for iSCSI is that it will deliver higher-end storage to customers at a cheaper price than Fibre Channel. However, the lack of iSCSI adoption has stalled some of the expected price cuts. All of the speeds and feeds on the iSCSI kit can be found here. ® Related stories EMC preps iSCSI binge Cisco ups sales, misses estimates HP and EMC ready to settle ancient storage dispute EMC whistleblower says Symmetrix coverup caused nervous breakdown EMC finds vacuum for backup software upgrades
Ashlee Vance, 16 Feb 2005

Questar courts bloody-nosed Linux wannabes

If you live in Europe are looking to get your grubby hands on a copy of the Linspire operating system, then Questar is at your service. The small company based in Milan has been operating as a type of virtual subsidiary for US software makers since 1993. Of late, Questar has focused on creating different versions of Linspire localized for several countries. The company's CEO David Orban is hoping that Linspire will appeal to a group of European wannabe geeks. "There are what I call bloody-nosed geeks," Orban said, during a recent interview at the Desktop Summit in San Diego. "They are people who have tried and failed to install more hardcore Linux distros. With some guilt or maybe no guilt, they will jump onto Linspire, which is damn easy to use." Key to putting Linspire in front of these bloody-nosed geeks will be Questar and Linspire's ability to attract OEMs. The companies need nice hardware/software bundles that make life easy on the consumer. With solid OEMs on its side, Questar could tap into the consumer, small business and government markets throughout Europe, according to Orban. WIthout naming names, he promised some OEMs are already lined up to support Linspire in the coming year. Stay tuned, we're told. In the meantime, Questar has produced English, German, French, Spanish, Italian and Dutch versions of Linspire. If you live in the Czech Republic and can promise 500 users or so, Questar is willing to translate as needed. "The threshold for that being doable is fabulously low," Orban said. "If you are in Lithuania and can sell a couple hundred boxes, we can do it, assuming OpenOffice is available in your language." The localization work includes tweaking all of the menus in the OS, having native speakers for any audio and redoing all the Linspire training material. Questar has similar software reselling relationships with the likes of Business Objects and VMware. Its Linspire software can be found here. ® Related stories Sun speeds Opteron gear, squeezes SuSE Notebook love won't save PC makers in 2005 New top dog for MS Europe's public sector PalmSource's sideways shuffle to Linux HP celebrates Opteron, IBM doesn't Red Hat Enterprise Linux v.4 hits the streets
Ashlee Vance, 16 Feb 2005

UMC HQ raided in China investment probe

Officials from Taiwan's Ministry of Justice (MoJ) have raided the homes of key UMC staffers as part of an investigation into investments made by the chip foundry in China. Investigators also entered UMC's HQ and took away a number of documents. The raids, reported by Chinese-language newspaper the United Daily News (UDN) this morning, were prompted by claims that UMC's, the world's second largest semiconductor foundry, may have invested in one or more Chinese companies without first winning the Taiwanese government's thumbs-up. Taiwanese law forbids local businesses from expanding into mainland China without the approval of the island's administration. Local firms must also declare any investments they make in Chinese companies. While the MoJ has confirmed the existence of the investigation and the raids, it has so far refused to provide details of UMC's alleged transgression. UDN sources, however, claim that UMC vice-chairman John Hsuan was one of those whose homes were raided. Documents filed by UMC with the Taiwanese Stock Exchange suggest the case may centre on an investment UMC is alleged to have made in a Chinese company called Hejian Technology. Both firms deny such a relationship exists between them. ® Related stories UMC Q4 income plummets on inventory adjustments SMIC coughs $175m to settle espionage allegations Toxic gas leak at TSMC fab hospitalises 21 TSMC Q4 decline mirrors chip market iSuppli cuts 2005 chip sales growth target Chips are down for Taiwan foundry giants
Tony Smith, 16 Feb 2005

Apple sues three journalists for emails

The Electronic Frontier Foundation (EFF) is calling for court protection for three journalists targeted by Apple. The three reporters work for online titles appleinsider and powerpage.org. In November they published stories about "Asteroid", a future Apple device for linking musical instruments to computers. Apple is demanding they hand over documents which could identify the source of that information. The EFF asked a California Superior Court for a protective order to stop Apple forcing the reporters to reveal their sources. The group argues that the three are protected by the same "reporter's privilege" that protects newspaper journalists. This legal protection is the same regardless who holds the actual records. As well as going after the reporters directly Apple has sent subpoenas to their ISP, Nfox.com. The computer giant wants the ISP to hand over reporters' emails which will reveal the identity of their sources. EFF attorney Kurt Opsahl explained: "Rather than confronting the issue of reporter's privilege head-on, Apple is going to this journalist's ISP for his emails. This undermines a fundamental, First Amendment right that protects all reporters. If the court lets Apple get away with this, and exposes the confidences gained by these reporters, potential confidential sources will be deterred from providing information to the media." More details on the EFF website here. ® Related stories French consumer group sues Apple, Sony Apple iPod Shuffle Apple iTunes sales tally hits 250m
John Oates, 16 Feb 2005

NTL to trump BT in March assault

NTL is to launch an all-out assault on BT, in an aggressive marketing campaign against rival broadband providers. From mid March, NTL intends to "match or beat ALL BT Broadband products on price, speed and usage allowance", according to a leaked memo posted on the NTL:HELL forums. The UK's largest cableco - which has three million residential punters and more than a million broadband users - intends to offer free email, security and personal webspace as standard. NTL will also up the speed of its broadband services. From mid-March all new customers will be offered the three new speeds. Current 750k and 1.5Mb customers will be automatically upgraded to the new 2Mb and 3Mb tiers of service at no extra cost. NTL's 1Mb service - which comes with a 3 gig monthly usage allowance - costs £17.99 a month. The 2Mb service costs £24.99 while the 3Mb service is priced at £37.99. Both come with a 1 gig a day usage allowance, although the cableco will not be checking usage allowances "until later this year", reveals the memo. NTL will promote the upgrades to new punters, but it will be up to existing customers to approach the cableco to get the upgrades at "no extra cost". Details of this increased competition in the UK's retail broadband sector comes just a week after BT announced plans to increase the speed of its DSL service to 2Mb at no extra cost for all but its entry-level package. ® Related stories BT in 2Mb broadband giveaway BT 2 meg punters hacked off Browser holes, hackers and rampaging botnets Telewest, NTL unveil VoD services
Tim Richardson, 16 Feb 2005

Is Linux security a myth?

CommentComment There are rare occasions in IT when a particular architecture reaches a point where it stops being purely IT driven and takes on a life of its own. The last year has seen the open source movement reach such a cult status; and at the vanguard of open source fashion can be found the Linux operating system. While the platform appeals at several levels for potential users, some of a philosophical nature and others far more concrete, it is noticeable that a couple of its qualities have recently been called into question. Microsoft, a supplier of operating systems with which Linux competes, has recently taken to the press to question two of the pillars upon which Linux and Open Source have made their names - cost of ownership and security. Now questions concerned with the cost of ownership of any system, Linux, Windows or otherwise, are incredibly complex to resolve and, frankly, very few organisations have any idea regarding how much they spend on IT ownership at a system, application or platform level. However, when it comes to the question of security regarding Linux as a platform, Nick McGrath, head of platform strategy for Microsoft in the UK, has been quoted as saying: "The biggest challenge we need to face centres on the myth and reality. There are lots of myths out there as to what Linux can do. One myth we see is that Linux is more secure than Windows. Another is that there are no viruses for Linux." In one respect, McGrath is correct and this concerns the lack of malicious code threats to Linux. Over the last few months, several instances of malicious code have been discovered that target Linux explicitly. However, the number is extremely small compared to the number of attacks launched against Microsoft Windows, and indeed against several other operating systems. There are several factors behind there being a far smaller number of attacks against Linux. Not the least of these is the fact that the platform, whilst it is gaining traction fast, is still relatively small in the world of business critical production systems. It will be interesting to see how the attack threat develops as Linux continues to move into everyday business use, although the open availability of the code base on which Linux is built should help to minimise the number of security holes that exist in the code. However, some people are also questioning whether the open source model itself can provide organisations with both the security and the comfort that they require to run Linux in vital operations. Once again, McGrath asked the question: "Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux." Missing the point In this area McGrath is completely missing the point. In the vast majority of circumstances, when a customer builds a solution on the Linux operating system, they do so using a distribution of the operating system, not the kernel alone. And when a mission critical system is deployed, it is almost unknown for the organisation concerned not to take out support cover for the operating platform. With major IT vendors such as IBM, HP, Novell (SuSE) and Red Hat offering to support Linux, there is no shortage of suppliers willing to provide as good a security guarantee, in terms of patch management, as that provided for any other operating system, including Windows and the leading Unix platforms. Using Linux is itself no guarantee of "security". The same is true for all operating systems. Each platform needs to be managed actively. Bugs, viruses and other malicious threats to a system will occur. This is why it is vital that every IT system be supported with excellent management procedures to ensure its long term availability and security. Technology alone is never "secure". However, there are no obvious security issues visible today to indicate that Linux is not ready for enterprise deployment. The code base is managed by all of the distributors and enjoys the active backing of many of the largest IT vendors. Security and Linux may be a myth, but no more so than for any other operating system. A Linux platform needs to be managed in the same way as any other. However, at the moment, the number of threat notices that the operating system attracts every day is relatively small. Linux does have an active role to play in business and the platform continues to mature rapidly on all levels, including security. Is it perfect today? No. Is it perfectly secure? No. But then no operating system available today is perfectly secure, although zOS on the IBM mainframe gets pretty close. Is Linux "Security" A Myth? Yes, but then all "security" is a myth; people and processes secure systems, not technology alone. However, Linux is usable, relatively secure and enjoys support enough to allow its use in mainstream business where appropriate. Oh, and it is being used. © IT-analysis.com Related stories More advisories, more security Whatdya mean, free software? Big.biz struggles against security threats
Tony Lock, 16 Feb 2005

UK techies blow 17 days a year yakking to mates

The productivity of UK businesses is being threatened by employees who waste time emailing their friends, new research claims. Forty per cent of UK workers spend an hour or more every day messaging friends and relatives and swapping jokes, according to a poll by Clearswift. UK IT departments proved the worst behaved, spending 17 days a year chatting with friends. Their non-technical colleagues dedicated 13 days to personal email. Clearswift claims business productivity is under threat, as the time wasted in companies survey amounted to 1,700 days a year or the work of seven full-time employees. It urges employers to encourage staff to redirect their attention to more productive company-related activities. However, three-quarters of respondents believe their boss would be unconcerned on finding out about their email habits, while just one in 10 said they never use the company email system for personal reasons. Clearswift's David Guyatt said: "Added to other issues such as loss of confidential information, inappropriate email leads to personal harassment, compliance challenges, spam and viruses. Companies need to set the ground rules with employees on web and email usage through clear policies to ensure productivity does not suffer." The report recommends that firms restrict personal email use to lunchtime, before or after work as well as prohibiting access to inappropriate websites. Copyright © 2005, Related stories 'Frivolous' workers fritter away time online German court rules email blocking 'illegal' Three-quarters of Brit workers drunk after lunch
Startups.co.uk, 16 Feb 2005

ViewSonic VP171b 8ms LCD monitor

ReviewReview Right, let's make this clear from the start: the ViewSonic VP171b has been upgraded from a 16ms panel to a faster, 8ms one. This should be good news to folk who claim that they can notice differences in response time when gaming and watching movies. Myself, I'm sceptical - surely you should be concentrating on taking out the villains rather than measuring the miniscule motion trails left by your targets? asks Jalal Werfalli.
Trusted Reviews, 16 Feb 2005

Napster To Go DRM 'threat' astounds media

CommentComment The world's mainstream media has been amazed by reports that the DRM technology intended to protect songs supplied by Napster's To Go can be bypassed, "potentially letting [users] make CDs with hundreds of thousands of songs for free", as one astounded Reuters reporter put it. And it's true, they can. But then they've always been able to. The trick is nothing new. Napster To Go was only launched earlier this month, so it has a fairly high media profile right now. That's really the only reason why it has been singled out for its inability to guard against such techniques. It's no more a blow to Napster's service, its business model or Microsoft's DRM software now than it was on the day before Napster To Go launched. Napster, of course, has other problems facing its music-subscription business, from its own costs to consumers' preference for one-off downloads. Briefly, the DRM bypass technique uses a small software utility to hijack the digital soundstream sent by the DRM-decoding playback application to a PC's sound card and save it to the hard disk as a DRM-less music file. Similar tools exist on Mac OS X and almost certainly on Linux too. It's ultimately no different than burning the songs to CD then re-ripping back in a DRM-less format such as MP3 - it just saves the price of a CD-R and a little time. Users have been able to apply this technique to Napster's other subscription service and, to other online music suppliers, from Apple's iTunes Music Store to RealNetworks' Rhapsody. All these companies are aware of the problem - and the fact that there's very little they can do about it beyond point out the Digital Millennium Copyright Act (DMCA) - which renders bypassing copy protection technology a felony - and state that it's also contrary to the user's licence to use the downloaded music. Efforts are underway to block such tricks by integrating DRM support into the sound chip itself, in effect leaving the decryption process to the very last moment before the digital audio data is converted into an analog sound wave. But that still leaves the speaker output capable of being recorded. For most people, this is too much effort - it's easier just to buy the song, or download it from a P2P service after the track has been posted by someone who did go to the trouble. All the more reason then, to seek out new business models that allow for this kind of thing and still ensure performers, publishers and labels get their cut. And no one has to lose their record collections when they cancel a credit card. ® Related stories Macrovision to tout lock-down DVD tech Sony Ericsson preps Walkman phone Buyers said to favour a la carte music in 2005 No DRM in Mr. Robertson's neighborhood Napster does the maths Napster's Super Bowl ad voted the biggest loser Why Napster will be a fully-integrated flop Napster launches portable player-friendly music service
Tony Smith, 16 Feb 2005

Bye bye Carly, don't forget to write

LettersLetters So, Carly Fiorina has left HP, to the delight of the stock market and Register readers, among them current and former HP employees. Whether she jumped or was pushed is a mere detail, the end result is the same. Out goes the most powerful woman in corporate America, with a $45m golden parachute to help her to a nice soft landing. You had plenty to say about it, none of it terribly complementary. [Bootnote: The predictable slew of "she's a witch"/"she's a bitch" duly materialised, in accordance with the universal law that women executives will be attacked on such grounds. Seriously people: move on. Go after her for bad ideas (merging with Compaq, for instance?), or incompetent management, or something substantial...] There was plenty of praise for the old guard, though: From your article - "HP said on Monday (7 Feb) that Sanford Litvack was leaving the board and would be replaced by Thomas Perkins who was an HP director between 2002 and 2004. He originally left because at 73 he was too old to sit on the board - HP policy says directors should not be over 70 years old." "They're more like guidelines..." - Pirates of the Caribbean Thank you for your article - as a former employee of the company many years back, I look forward to the change in direction at HP - All niceties aside, it appears that Walter Hewlett was right and is vindicated. Bob Wayman is a most capable and experienced HP executive - a perfect choice to lead through the transition - the company is in good hands. Alan About appointing retired execs: It should be noted that the concept is not new to HP, at least in Germany. Jörg Menno Harms quit HP GmbH's management board on April 30th 2000 to join the supervisory board. A search for a successor ensued, with no real results but in April 2002, a successor was finally found (Mr Heribert Schmitz). Months later, Schmitz and Harms changed positions and Harms, then 62, returned as HP's "number 1" in Germany to help with the integration of Compaq. Harms was (and probably still is) very popular in- and outside the company, so that could explain it. He only stepped down just last fall, aged 65. cheers, Rainer I shall miss reading stories concerning CF as they made me laugh. AM very glad not to be an HP employee. So any gossip on what the 'dispute' was? Or did someone on the board say to her (in the style of Harry Enfield), 'Oi, nutter! No!' Roop Steal the company from its originator, combine it with another lost company, stir gently, sell CRAP for products with 90 day warranties, proceed to go out-of-business. Great recipe or not... Randy Must protest your front page characterization of Fiorina's departure from HP as falling on the sword. Falling on the sword implies self sacrifice for the sake of honor or some other noble cause. Carly, quite pleasingly, was kicked rudely down the stairs. Steve "Although the merger was not the disaster many predicted, HP has not reaped that much benefit." It may not have been an outright disaster, but as a result of the Borging of the HP laptop designs (all replaced by Compaq designs with new HP badges), our firm no longer purchases any HP computers whatsoever. We've spent roughly US$100,000 over the past 18 months on new servers and laptops. They're all Dell. Rich After several years at HP, she should easily get a job at a ketchup firm, eg. Heinz ... Mike Class From HP, to Dell and its efforts to build a more environmentally friendly PC: I heard that with some of the early adoption of silver solder used on the electronics boards of PCs, disc arrays etc problems have been encountered when in contact with even small amounts of sulphur in the atmosphere. Best not to smoke too close to these new PCs then. Which is a thought, maybe these are not just green but also healthier machines! Will And from Dell to Apple, and our review of the Mac Mini. As you must know, it is nearly impossible to write anything about Apple without a billion enraged fans writing in to explain exactly how wrong or stupid you are for not loving the product as much as they do. So, what follows is what remains after we have sifted through the splutterings of colour coordinated computer users: I am actually surprised from a technical standpoint that so many people have switched to Mac at all. I think I'm hot stuff. I've switched to Lunix before. How hard can it be? Heh. You know what took the most time? The bloody keyboard. 15 years of keyboard experience out the window. It took months to re-train on this thing. Aristus "Hmmm. The problem is that while Apple machines will join networks of all flavours very happily, talking to Windows machines is another matter. I struggled for hours trying to get an HP laptop running Windows XP SP2 with file sharing on to play nicely with the Mini. So how would Joe Wannaswitch import his bookmarks and Outlook Express files?" My experience with Joe Average The Windows User, that he will not guess that it is even possible to import bookmarks or something from OE. And I have met people who have dumped new computers solely for the reason: frustrating Windows import/export capabilities or their total absence. In the end, I belive, that Mac OS provides best import/export capabilities among other OSs I have used last decade (MS DOS 3-6/Windoz 9x/NT+, GNU/Linux 2.0+). And this is not that Apple didn't wanted people to easily move theirs stuff from Windows, but it is M$, which is reluctant to provide import/export to many of its applications (Outlook anyone? Address book? IE?). Ihar I've read several articles and opinions of this new Mac Mini, and it seems that Apple may be on to something, although no one, including Apple themselves, seems to know what. I'm not a Mac user, nor do I plan on tossing years of experience out the MS Window in order to swap for a more stylish computer. But on the other hand, they have done something that no one else has been able to do and everyone seems to be desperately trying, and that is to make a small, very stylish, cheap computer that is possible to integrate into home entertainment center . I never see myself having a Mac Mini on or under my desk as a primary computer, but when I first saw it, I thought, "That would look great in my entertainment center, I wonder how well it can integrate with all the other equipment." And also the IPod comes into play. I imagine plugging an IPod into a device like the Mini, playing my MP3s while surfing the web, and maybe burning or watching a DVD with it or using the device as a DVR. Or perhaps plugging in a USB drive and viewing documents and emails on my TV or listening to MP3s. The options are endless, and Sure, this is already being done, but mostly in another room, with several dedicated pieces of equipment. There is an empty shelf in my living room waiting for something like the Mac Mini. Look at how well Apple is doing with the Pods. There is no business secret, they gave the consumers what they wanted. If they can expand on the Mac Mini idea with that same line of thought, then I do see an Apple in my future. Patrick I read with some interest your article about the Mac Mini--indeed, I think the whole question is "Will Windows Users Switch?"--but not for the reasons you'd think. Will I Switch - Never! Will I use a Mac Mini? I ordered one last week. Should get here at the end of the month. To explain it a bit, every Mac zealot out there, and quite a few Windows users, think you have to be all or the other. You should either embrace the whole Apple fan mentality with open arms, or stick exclusively to Windows. There's always someone who says "Both are good, both have merits." Yet the truth is they are different machines for different uses. My frustration with Windows is mainly summed up in four things: Product Activation, DRM, spyware, and Microsoftisms. Gates and Ballmer should be hung out to dry for ever bringing Product Activation to Windows. I should add I'm not a pirate and my machines are licensed, but the idea we have to call in and get permission to keep using our software, especially a dated OS such as XP, is just too much. DRM is regrettably a fact of life, but Microsoft seems to have embraced it wholeheartedly. Reasonable DRM would not be much of a problem, but it seems to me the ultimate goal of the entertainment industry is to turn time back to the days of movie theaters and make us pay for every viewing. I maintain no illusions that Apple is really any better, but it seems in the hopes of getting more people to use their software they've been much more open about DRM. Spyware is also a fact of life, and while I've been pretty good at keeping it off my computer, it's a non-stop arms race. The possibility always remains some new thing has found it's way onto my machine, and I won't know until it's too late. Mac users may be smug that they don't have as much of a problem with it, but it's really security-through-obscurity. Still, less of a problem is less. Finally, Microsoftisms. By that I mean the lovely passion Microsoft has for new versions of software (Media Player, DirectX) that can't be uninstalled; or relentless product pushing like tying Explorer into the OS, or how the Microsoft Messenger originally couldn't be closed without whacking all kinds of "critical components" like Outlook, Explorer, and the Quantum Continuum. In other words they lie through their teeth to try and keep us using their versions of software rather than what we choose. It's simple, make it better, not unremoveable. So that brings me to the choice of a Mac Mini. The Pros I see are: Total power use is about 125 watts with an LCD monitor. Power is money nowadays I can get some of the same software I use in Windows, not all of it, but the important parts I can also run some Linux/Unix apps if I want It's so dang little The Cons are simple: Limited upgradeability, (but I'll live with that) and the whole fruity left wing smarter-than-thou mentality of the Mac zealots. Almost invariably men with a few good talents and a lot of compensating. Grow up and get a life, and then maybe they'll see they do more harm than good. My Windows computers (both of them) are going nowhere, I'll still use them for a lot of things, although they may be taken off of the Internet, and I have a little silver CD-Case boxen to look forward to. Sincerely, Scott Staying with Apple, this time the iPod Shuffle. We suggested that Apple had a market in mind when it built this product, and included only enough features to make it function, while still hitting the price range of its intended demographic. No, you said. Apple's designers are just minimalists: I would contend that Apple was not in fact strictly "building down to a price". If they had believed that a display was necessary, it would have been included. People screamed when the first iMac didn't include a floppy drive, but they had designed it that way for a reason. Just build what you need. Part of their elegant and minimalist design credo. At first, I was put off by the lack of a display as well, until I thought about it. It would have added to the cost. It would have reduced durability and increased weight. It would have been one more thing to break... one more complication. It would have compromised the form factor. It would have disrupted the sleek aesthetics. But above all... it simply wasn't needed. They determined that one of the top features utilized by iTunes users (and lets face it, all the members of the 'Pod family are just extensions of the iTunes software) is the random shuffle mode. If one is listening randomly, then it doesn't really matter, and if you are listening in sequential order, then you know what song is next because you are the one who put together the playlist. With the larger iPod, you can carry around your entire music collection, so a display is essential if one is to navigate it. However, the much smaller shuffle-pod is designed to take one playlist only, so you are going to be looking at the song titles beforehand, when you load it up before going out. And if you didn't catch it when loading, you will upon re-loading. We all go home to sit in front of the Big Machine eventually. It's not an oversight, it was a design decision that makes sense on multiple levels. And perhaps cost was one more factor to consider... but hardly the most important one. Even with the addition of a small LCD display, it would likely still be cheaper than it's competitors. Cheers, Jules. Microsoft automatic updates. The bane of your life, or a useful idea to protect your computer from itself? I have just installed the latest batch of updates from Microsoft - the usual set of patches all with almost identical and uninformative descriptions (why do they bother with a description?). I was presented with a pop-up message: "Updating your computer is almost complete. You must restart your computer for the updates to take effect. Do you want to restart your computer now?" So far nothing special. The problem is I can't make it go away. I don't want to reboot just now - I'm trying to do some actual work. But every time I click on "Restart Later", the message just goes away for a couple of minutes and then pops-up again. It appears that Microsoft now knows better than I when I need to reboot my PC and they are not going to give up until I agree with them! I have never been keen on they automatic update service - and this latest effort is not helping. Tony Contact management services, like Plaxo or LinkedIn, might have some fans out there, but not among the Register readership, it seems: Hi Mr Editor, May I suggest the article "How to win friends and influence people" be re-titled "How to lose friends and annoy people". I haven't used LinkedIn, but I have had bad experiences with both Plaxo and Bebo (www.bebo.com). Both of them, are in my spam filter, and both domains are blocked so my internal users can't use them. Why? Well, for starters Bebo has this in their privacy agreement. ---start Acquisition. It is possible that as we continue to develop our website and our business, Bebo's service and/or related assets might be acquired. Notwithstanding any provision in this policy to the contrary, in event of a merger or acquisition, your personal information may be transferred to the acquiring entity, and become subject to the acquirer's data practices. ---end Am I the only one in the world that is interpreting this as: "We reserve the right to allow the dodgy company that we sell your contact details to, to spam you into oblivion if we can get this business model to work"? Plaxo had this too, and were forced to change it, but they only changed it after lots of bad publicity on blogs. The fact that the bastards have my email address already given I didn't give permission for my "friends" to give my email address to them annoys me enough. The thought of somebody not reputable potentially having all my contact details is downright scary. The fact that most of these services don't have a domain based opt-out is annoying. The fact that I have to opt-out of something I didn't opt-in for is even more annoying. Call me a cynic, I don't care. The only useful application I see for this is to help annoying sales people keep their Act! databases up to date. These things suck. Welcome to my spam filter. regards Shane Next up, Philip Howard's article on the fate of UML attracted a few more comments this week. In particular, it attracted the attention of Andrew Watson technical director at OMG: Hi, Philip Howard's conclusion that "UML is past its sell-by date" is based on highly-selective data. Allow me to fill in the gaps. 1. UML is a notation, not a methodology. Catalysis, Fusion, KobrA, UML Components and the UN/CEFACT Modeling Methodology (UMM) are all methodologies that use UML notation, as does the highly-successful Unified Software Development Process (USDP, formerly RUP), and its many variants. With many different methodologies that use (or can use) UML, saying that it has "mandated a methodology" is clearly wide of the mark. 2. Philip has apparently missed a slew of product announcements for tools supporting *standard* UML 2.0 notation. In addition to IBM's "Atlantic" suite (which he mentions), I also know of: Borland Together Designer, I-Logix Rhapsody 5, Sparx Systems Enterprise Architect 4.5, MagicDraw UML Version 9.0, Telelogic TAU Generation2 and Omondo EclipseUML. There may already be others that I haven't heard about - new UML2 tools are appearing all the time. 3. Saying that Rational "pushed [UML] through as a standard" implies that OMG cravenly rubber-stamped one company's specification. Au contraire, if you look inside the front cover of a UML 1 spec, you'll see it's copyright by EDS, HP, IBM, ICON Computing, i-Logix, IntelliCorp, Microsoft, ObjecTime, Oracle, Platinum Technology, Ptech, Rational Software Corporation, Reich Technologies, Softeam, Sterling Software, Taskon A/S and Unisys Corporation. They all contributed. 4. Philip says that UML2 has "yet to be ratified". Not so. The UML 2.0 Superstructure specification was adopted by OMG's board of directors in mid-2003, and published on OMG's web site for everyone to download, study and implement. Send us your bug reports - we're not too proud to take 'em. By misrepresenting UML as a methodology, ignoring cross-industry consensus on the specifications and overlooking most UML 2 tools, Philip concludes that UML is a has-been. Happily, customers know better - over 80% of companies surveyed by BZ Research in August 2004 said they plan to use UML on future software projects. And we all know the customer is always right. I hope you'll find room to put the record straight. Keep up the good work! Cheers, Andrew Philip replies: "Actually, I didn't conclude that UML was past its sell-by date: I posed the question. Similarly, I did not suggest that UML was a has-been. I compared it to SQL - is Drew suggesting that SQL is a has-been? No, it is a lowest common dominator that is useful as a starting platform but is otherwise widely extended and implemented in a proprietary fashion. UML is much the same." Finally, the Rise of the Machines continues, unabated. We thought that the latest attack might be thwarted by the machines' own faulty mathematics. But no! We just weren't thinking big enough: Re the Cuddly menace. We're not out of the woods yet. "According to page 5 of their manual they're expecting to increase the nitrogen content of the atmosphere by 900%. As any graduate of GCSE science will know, our atmosphere is approximately 78% nitrogen already, so a ninefold increase would involve the atmosphere being 702% Nitrogen, and therefore presumably around -600% Oxygen..." This argument does assume that the atmosphere stays exactly the same size. Of course, they could simply dump nine times as much nitrogen into the atmosphere as is currently there, making the whole thing roughly (9 x 78%) larger, and shifting the nitrogen:oxygen balance from it's current 78%:20% to a much more Zogg-pleasing 97%:3%. I'm not sure if the gravity of the earth is currently sufficient to retain an atmosphere of that size, but they may have plans for that too.... So can we still keep on panicking, please? Dave Yes, you have our full permission to panic as loudly and/or messily as you like. But please, put on a tinfoil hat first. ®
Lucy Sherriff, 16 Feb 2005

Domain dispute puts question mark over UK ecommerce

A dispute over ownership of "game.co.uk" could have significant and far-reaching effects on e-commerce in Britain.
Kieren McCarthy, 16 Feb 2005

Cheated wife on spyware wiretap rap

A Florida wife who installed spyware on her husband's PC in order to catch him in flagrante while he indulged in Yahoo! Dominoes with his online lover has been found guilty of violating state law. Beverly Ann O'Brien was found guilty under Florida's wiretapping law of illegally obtaining the online chat records because she "intercepted the electronic communication contemporaneously with transmission", said Judge Donald Grincewicz. The defence had argued that "the monitoring didn't fall under the law's prohibitions and was akin to reading a stored file on her husband's computer - which would not be treated as wiretapping". The three-judge panel rejected this analysis, declaring: "It is illegal and punishable as a crime to intercept electronic communications." The three judges further ruled that O'Brien could not reveal the content of the online conversations, and neither were they admissable as evidence in the couple's divorce proceedings. ® Related stories XXX text man's wife blows gasket Indian Muslim divorces wife by email Corporate PCs 'riddled with spyware'
Lester Haines, 16 Feb 2005

Abbey axes 335

Abbey National is laying off 335 IT staff as a result of its merger with Santander Central Hispano. The firm will cut 200 jobs from its Milton Keynes office, 85 in Belfast and 50 in Glasgow. Another 240 staff from business banking and Abbey's online bank Cahoot are being offered transfers to Isban - the SCH subsidiary which is replacing Abbey's IT systems. SCH is relying on technology to cut £300m from Abbey's costs by 2007. It is ditching much of Abbey's technology and moving the bank onto its own technology platform, called Partenon. Abbey said in a statement: "A further 150 IT employees will be offered roles within ISBAN, a separate company owned by Santander. ISBAN will rollout Partenon, Santander’s industry leading banking IT platform, across Abbey." The bank is cutting 3,000 jobs in total but IT staff should be spared further reductions. ® Related stories PCG slams Abbey's India jobs move EDS Abbey flagship project in doubt Online banking condemned by small businesses
John Oates, 16 Feb 2005

Man sues bigger penis pill company

A US man has filed a lawsuit claiming false advertising against a herbal penis enlargement pill company because its products did not produce the promised enhanced member. The suit states that Florida-based Alzare LLC claimed in "very, very convincing" advertising featuring doctors and porn stars that its pills would add up to an extra three inches, but failed to deliver hard results, Reuters reports. Plaintiff Michael Coluzzi - filing the suit on 21 January in the New Jersey state court - said he paid $59.95 for a 30-day supply of Alzare. The pills contain ginseng, yohimbe bark, L-arginine and other ingredients and are "guaranteed to deliver results within a week". Moreover, the maker boasts a 95 per cent success rate in the "more than 100,000 men who have used Alazare", but Coluzzi "experienced no increase in penis size". He further alleged that he was unable to collect a promised refund from the manufacturer. Coluzzi's lawyer noted: "Males, for whatever reason, may be susceptible because of what they feel they lack," adding that he had expert proof the pills were ineffective. The Alzare suit follows similar actions filed last year against the manufacturers of herbal dietary supplements VigRx and Enzyt, also alleged to have made extravagant claims as to the augmentary powers of their products. ® Related stories Penis pill peddler stiffs AOL spam insider Californian sues penis pill spammers for fraud Man burns penis with laptop
Lester Haines, 16 Feb 2005

Sanyo trumpets Wipoq debut

3GSM3GSM Sanyo has announced the first Wipoq; a messaging hand-held, not a phone. What is it? It's a "personal mobile gateway" peripheral device - but a breakthrough: it's one that doesn't actually need a PMG to work. The news announcement conceals the breakthrough well. It says, blandly, that Sanyo has licensed an operating system for mobile devices; specifically, the IXI Mobile OS. The PMG is a development which everybody in Bluetooth said "that's obvious" three years ago. IXI Mobile built one. It was a GSM phone that didn't have a keyboard or a speaker or a microphone or a display; just a bluetooth wireless. And then they designed "sleek" peripherals. One would be a camera, one might be a message pad, one might be a headset and another might be a handset. There might even be a games console. All those need a connection to the GSM network. None of them has a GSM wireless. So how do they work? Easy: all of them link to that network through the phone without keyboard; the Personal Mobile Gateway. Few people have understood the idea, and there are genuine problems selling it. AT&T are keen on it: they've announced the Ogo message system. It's a PMG but sold purely as a box for SMS and email. Sanyo has gone for something that at first looks similar. But the thing is just a bit cleverer; IXI Mobile has done away with the need for a PMG. The Wipoq works best with a personal mobile gateway. But if one isn't available, it will work almost as well if it can find a mobile phone with the Lan Access Profile (LAP) built in. That's not the majority of the phones in the world; more like 30 per cent at most. Well - not to worry! -it'll work OK if you have any bluetooth phone with the standard SPP serial protocol profile... but it will lose some of the nicest features. But it works. The press release (here) refers to the "first Wipoq device" as simply: "A sleek multimedia messenger with a built-in Java browser, large screen, QWERTY keyboard, and easy to use interface." Sanyo's Dr Yukinori Matsumoto (pictured above with a prototype) said that he expected first volume shipments in September, pricing somewhere between $200- $300 and available to real users by Xmas this year. But he has more plans, and there will be more Wi family devices next year. © NewsWireless.Net Related stories Motorola bares its Bluetooth grin and points to the PMG Hello Ogo : IM a-go-go Buy our products, Sanyo tells employees 3GSM 2005 All the Reg stories from this year’s conference
Guy Kewney, 16 Feb 2005

ISP 'co-op' formed to boost broadband

The United Kingdom Internet Forum (UKIF) is forming an "ISP co-operative" to improve the purchasing power and commercial clout of some of the UK's smaller internet providers. So far around 17 ISPs have signed up to the UK internet trade group's scheme which should help them pool orders for IT hardware and wholesale broadband, thus earning better discounts from suppliers. UKIF is also launching an Enterprise Forum aimed at "helping companies across the UK develop their businesses [while] advancing the growth of broadband in the regions". Although it's early days, organisers hope that Enterprise Forum will also help smaller ISPs win public sector contracts to supply broadband, even though they are excluded from bidding at the moment. A year ago the Government approved 17 companies - including BT, C&W, Energis, NTL and Thus - to bid for public sector contracts for broadband as part of ambitious aggregation plans to pool £1bn of government spending on high-speed Internet services. Since then, though, the future of the aggregation scheme has been thrown in doubt after two regional aggregation boards (ADITs) closed, along with the central umbrella group. The Register understands that some of the ADITs have been frustrated by the lack of co-operation being shown by the 17 broadband companies. For while broadband providers are happy to win contracts for commercially lucrative regions, many are less keen to invest in less economically viable areas. UKIF wants to change that and pressure Government to give smaller broadband providers - which have lower overheads than the larger ISPs - the chance to bid for public sector contracts. Said UKIF MD Jonny Mulligan: "UKIF encourages the development of a network of organisations across the UK. Our research shows us several larger ISPs are interested in developing wholesale partnerships. The introduction of the co-operative buying scheme means that subscribers can secure discounts on wholesale broadband...as well as on hardware products." Adit North East, one of the DTI regional aggregation bodies, is to host the first Enterprise Forum in Leeds at the end of March. ® Related stories Blair's broadband scheme canned Two regional broadband bodies fold Gov UK names broadband aggregation bidders ISPA bigwig resigns over support for UKIF
Tim Richardson, 16 Feb 2005

Fraudsters expose 100,000 across US

A US credit data company has admitted that fraudsters last October accessed records on up to 35,000 people, according to reports from AP and the LA Times. Georgia-based ChoicePoint Inc. confessed on Tuesday that the scammers "may have stolen credit reports, Social Security numbers and other sensitive information" on thousands of Californians, although it admits that "the number of victims nationwide could total 100,000". The revised figure comes after the company initially insisted that only California was affected - a claim dismissed as "ridiculous" by a computer fraud expert. Fraudsters apparently gained access to the records by making bogus applications to set up more than 50 ChoicePoint accounts, which they then used to trawl the database as would any legitimate paying customer. ClearPoint sells its stored information to the US government and private business - landlords and credit companies are among those who use the reports to make risk assessments on potential clients. It is not entirely clear how the scammers were able to set up these accounts, although ChoicePoint spokesman James Lee told the LA Times that the company "no longer accepted faxed copies of business licenses". He refused to explain how the scammers "circumvented rules that require permission from the subject of a credit report to release the data to a third party", but admitted: "The bad guys are very bright, very smart and very committed." The scam was detected when a ChoicePoint employee noticed a suspicious application to open a customer account. The company contacted the Los Angeles County sheriff's fraud investigators, who discovered 50 active bogus accounts belonging to non-existent debt collection and insurance agencies, as well as other fronts. The fraudsters reportedly used previously stolen identities to set up the fake firms, lending them an air of credibility and a certain resistance to scrutiny. Further investigation revelealed that during the one-year duration of the fraud, personal details on at least 10,000 people had been accessed, and some 750 individuals' identities used to buy goods. Things began to unravel for the alleged perpetrators when another suspicious application for a ChoicePoint account "came in by fax from a Southern California Kinko's". Police replied by fax asking for a new signature and when 41-year-old Olatunji Oluwatosin arrived to pick it up, the net closed. Oluwatosin claimed that he was picking the fax up for someone else, but was charged with six felony identity-theft counts and is currently in jail awaiting trial. ChoicePoint "closed the suspect accounts, restricted access, strengthened site verification, informed law enforcement agencies and cooperated in their investigation" immediately following the fraud. It did not, however, email those in California whose data may have been compromised until last week - in accordance with a 2003 California law which obliges companies "which do business with residents" to inform them when their "unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person". Specifically, the law demands that if a hacker gains access to data for 500,000 or more customers, the company must alert them via email, a "conspicuous" website posting and disclosure to a "major media outlet". Since California is the only state which obliges firms to issue such warnings - and despite ChoicePoint spokesman James Lee's LA Times description of the fraud as "extraordinarily serious" - the company has not contacted potential victims elsewhere. However, the man in charge of Southern California's High Tech Task Force Identity Theft Detail, Robert Costa, told AP that he believes several other people were involved and that the attack "definitely could not have been limited to Southern California". Nick Akerman, partner and co-chair of the computer fraud division of law firm Dorsey & Whitney, agreed, telling AP: "I've never heard of a hacker doing something just to make a company comply with a state statute - that's ridiculous." ® Related stories Feds probe huge California data breach Hacker breaches T-Mobile systems, reads US Secret Service email California indicts Russian hacker
Lester Haines, 16 Feb 2005

Support for proposed eBay strike fades

Hacked off eBay users are threatening to launch a week-long boycott of the auction site from Friday. The "strike action" is due to take place in response to recent increases in fees introduced by eBay. Unrest among some eBayers has led to vocal comments being posted on eBay message boards, threats of people leaving the auction community and almost 24,000 people signing an anti-eBay petition. However, doubts remain about just how effective the strike action will prove to be. Quizzed recently by industry analysts eBay execs said they were unsure whether the strike woud even go-ahead. And a straw poll of eBay's top "PowerSellers" by American Technology Research found that "there appears to be little interest in the reported eBay sellers' strike". Certainly none of those surveyed said they planned to take part in the boycott and didn't take the threat of strike action seriously. The feedback also suggested that despite changes made by eBay, the auction site's top sellers appear to show little sign of ditching eBay and striking up new relationships with other auction sites that have tried to exploit the divisions within the eBay community. This apparent loyalty to eBay comes amid continued fears that fraud continues to pose a problem for genuine traders. Earlier this month eBay was forced to cut some of the fees it charges sellers in the US and Canada after being stung by criticism over fee increases coming in to force on 18 February. Within weeks, the auction site reined back some of its proposals after claiming it was "listening to you, our Community". In an email to customers, eBay North America president Bill Cobb promised to improve customer support, banish annoying and meaningless automated responses and cut fees for listing some items. ® Related stories eBay backtracks as it cuts some fees World Cup 2006 'abused for mega-surveillance project' US hit for $548m in fraud losses
Tim Richardson, 16 Feb 2005

T-Mobile hacker pleads guilty

A sophisticated computer hacker who penetrated servers at wireless giant T-Mobile pleaded guilty Tuesday to a single felony charge of intentionally accessing a protected computer and recklessly causing damage. Nicolas Jacobsen, 22, entered the guilty plea as part of a sealed plea agreement with the government, says prosecutor Wesley Hsu, who declined to provide details. The prosecution, first reported by SecurityFocus last month, has been handled with unusual secrecy from the start, and a source close to the case said in January that the government was courting Jacobsen as a potential undercover informant. Before his arrest last October, Jacobsen used his access to a T-Mobile database to obtain customer passwords and Social Security numbers, and to monitor a US Secret Service cyber crime agent's email, according to government court filings in the case. Sources say the hacker was also able to download candid photos taken by Sidekick users, including Hollywood celebrities, which were shared within the hacking community. According to a Secret Service affidavit filed in the case, Jacobsen came to the agency's attention in March of last year when he offered to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board. Jacobsen had access to some customers' Social Security numbers and dates of birth, voicemail PINs, and the passwords providing users with web access to their T-Mobile email accounts. He did not have access to credit card numbers. The company, based in Bellevue, Washington, boasts 16.3 million U.S. customers. T-Mobile says it has notified 400 customers whose data was accessed, but the company leaves open the possibility that it may identify and warn more victims as the case progresses. "I can confirm that based on the information that we have to date, we have notified all the customers that we are aware of," said spokesman Peter Dobrow said Wednesday. "It's still under investigation." Court records suggest the hacker was in T-Mobile's systems for at least a year, ending with his arrest in October 2004. But the company claimed Wednesday that Jacobsen's access was not continuous throughout that period: at some point they detected him and locked him out, but the hacker was apparently able to break back in. "There were two instances that we were able to identify as having Jacobson's fingerprints on them," said Dobrow. "There were two periods of time, beginning in October 2003." Jacobsen was arrested after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The files were traced to Peter Cavicchia, a Secret Service cyber crime agent in New York who received documents and logged in to a Secret Service computer over his T-Mobile Sidekick - an all-in-one cellphone, camera, digital organizer and email terminal. The Sidekick uses T-Mobile servers for email and file storage. A source close to the case said last month that Jacobsen also amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their accounts and downloading photos they'd taken with the wireless communicator's built-in camera. A friend of Jacobsen's in the hacker community, William Genovese, confirmed that account, and said Jacobsen gave him copies of digital photos that celebrities had snapped with their cell phone cameras. Last month Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton. He said Wednesday that he's since removed the photos at Jacobsen's request. T-Mobile declined to discuss specific victims. Reached by phone, Hilton's manager said the company has not notified Hilton of a breach. Now free on bail and living in Oregon, Jacobsen faces a maximum possible sentence of five years imprisonment. Sentencing is set for 16 May. Copyright © 2005, Related stories Hacker breaches T-Mobile systems, reads US Secret Service email Fraudsters expose 100,000 across US Hackers at mercy of US judges Michigan Wi-Fi hacker jailed for nine years 'Deceptive Duo' hacker charged
Kevin Poulsen, 16 Feb 2005

Qualcomm: WiMax isn't magic

3GSM3GSM Qualcomm rarely needs an invitation to comment on the WiMax bandwagon, and when we met Senior VP Jeff Belk Wednesday, it so happened he had a presentation ready. His timeline slide compares the maturity of UMTS and CDMA EV-DO to 802.11, .16 and .20, and what do you know? UMTS and EV-DO are here and work, and WiMax is somewhere in the smoke and mirrors phase. Belk joked that he used to use a similar slide for comparing GSM and CDMA, only that used to have "issue press release" as the first entry. "WiMax is being presented as a Magic Wand solution," he said, "but it isn't". While the technology holds great promise for reducing backhaul costs, he said, as a voice/data replacement carriers aren't convinced. "WiFi and WiMax will be complementary," he said, warning carriers not to be caught in the middle. "You can never discount Intel," he said, noting that the Santa Clara giant has struggled to gain much traction with its own 3G offerings. With 3G speeds ratcheting ever higher, thanks to upgrades like HSDPA, 3G offers better capabilities, said Belk. WiMax is far from smoke and mirrors, however. British chip company PicoChip which produces powerful, programmable microprocessors for base stations allowing them to be upgraded to run different air interface protocols, has notched up its tenth win for WiMax. "WiMax is real," VP of marketing Rupert Baines says "In large parts of the world where there's no copper, it's very attractive. That's a market of 1.7 billion people." ® Related stories Make-or-break year for WiMAX Global 3G boost for Qualcomm WiMAX turns the screw on 3G WiMAX delay shakes investor confidence HELLO...I'M ON A PLANE...YES...A PLANE!! Motorola damns WiMAX with faint praise 3GSM 2005 All the Reg stories from this year’s conference
Andrew Orlowski, 16 Feb 2005

Cannes demos the next fast thing

3GSM3GSM One of the few reliable laws in the technology industry - if the demo works, it’s probably been faked. Every vendor worth the name is demonstrating HSDPA (High Speed Downlink Packet Access) here this year. The next enhancement to 3G, inevitably known as 3.5G, it promises to make the downlink a whole lot faster – from 384kbps up to 14Mbps and beyond. Nortel and Orange are demoing HSDPA on live commercial spectrum, with a view to launching it on the market in 2006. NTT DoCoMo is also planning a launch next year. If you live in the Isle of Man, you might get it a bit quicker, as O2 is planning an extended trial there this year, with a view to a launch in the rest of the UK next year. As demos go, Orange and Nortel’s was fairly impressive. Using a Sierra Wireless card and a Qualcomm chipset, the system runs at up to 1.4Mbps, averaging over a megabit. It gives reasonably good video quality. Resolution was acceptable on a five or six inch screen– a tiny bit pixellated and jerky, (a fact the demonstrator blamed on the Real Networks codec), but otherwise, perfectly watchable. If they hadn’t chosen to stream Attack of the Clones. The fact that the miniature base station was hidden under the desk just an inch from the receiver might have made things run a little smoother. But the demonstrators showed a video of some Orange engineers driving around Paris enjoying even higher speeds. Siemens demoed HSDPA peaking at over 3Mpbs over a Gigabit Ethernet cable connecting two laptops – only slightly less convincing than the ten-foot yeti which stalked the show floor groping female attendees. Siemens did it for real on its boat out in the harbour, and Ericsson demoed up to 11Mbps, on a yacht which was sadly fully booked. Motorola, which demoed HSPDA last year, is doing private demos for multiple users this year. Nonetheless, Nortel is clearly delighted with HSDPA, and is predicting great things for it. “Some countries will go straight to HSDPA,” said Pascal Debon, president of carrier networks at Nortel. “My bet is that China will go straight to HSDPA.” He outlined further enhancements to the HSDPA standard. HSUPA boosts the uplink speed from 384kbps of plain old 3G to 3.5Mpbs. Further down the line comes HSODA, where the O stands for OFDM, orthogonal frequency division multiplexing, the same multiplexing scheme used in other super-high-speed radio technologies, like Flarion’s Flash-OFDM and some flavours of ultrawide band. “We see that has the potential to go to 40 Mbps, which is a three or four year plan,” said Nortel’s Debon. Demoing in a busy conference hall has its challenges, but getting the technology out on the market is a whole lot harder. The more users in the cell, the more it slows down. Inevitably, the headline data figure is rarely what the user ends up getting. O2 has been saying that 512Kbps will be a more reasonable figure to aim for. That’s not necessarily the biggest problem, though. Availability of handsets and data cards is always a question mark with new technologies, and the thorny problem of pricing has yet to be sorted out. In theory, the big benefit of HSDPA and its offspring won’t just be raw bandwidth (what would you want 40Mbps for?) but cheaper bandwidth. And most people’s beef with 3G data isn’t the speed but the cost. When software upgrades get hard But HSDPA could turn out to be more expensive for some than others. Most vendors of the various flavours of base stations claim that their 3G base stations can be upgraded to HSDPA simply with a software change – ie relatively cheaply, without sending out a man in a van. But this isn’t always the case. HSDPA is a power-hungry technology, and many of the base stations out there aren’t up to the job. The key piece of technology is the power amplifier, which has to be a full power, 45-watt model, to handle the extra data output. Nortel claims that it saw this one coming, and advised its customers to put the full 45 watt PA in at the start. O2 and Orange are both (in part) Nortel customers. Other operators, who may require new power amplifiers to do HSDPA, will find it much more expensive. Whether this will delay further HSDPA announcements, or gets passed on to the customer as extra cost, remains to be seen. It could just be that, with customers slowly coming round to 3G, operators may not want to start pumping up the next big thing when the last one is hardly out of the door. ® 3GSM 2005 All the Reg stories from this year’s conference
Ben King, 16 Feb 2005

UK boffin demos plane-based broadband

Radio scientists in the UK have successfully demonstrated the first air-to-ground mesh broadband connection. A microlight plane established a broadband connection with the South Witham mesh, at an altitude of 2,000 feet. Voice and data traffic was sent over the link. The project, in late January, was prompted by Australian mesh network provider Make Me Wireless, which is evaluating potential new markets for mesh technology. A mesh network is a self-configuring, self-healing network of broadband nodes that routes data, through the network, to an internet connection. Advocates of the technology maintain that it is particularly well suited to regions where it is hard to lay cables. A perfect example of such a region is the Australian outback, where there are many isolated meterological stations. At the moment, data is collected from many of these by hand, with teams driving out to each station in turn to pick up the readings. Collecting data from the outback weather stations is very laborious, and Make Me Wireless wanted to know if the data could be collected by a plane flying over the weather stations instead. The company approached Roy Eddleston, a UK-based radio technology specialist, to find out if ground-to-air mesh networking would be feasible. Eddleston told us: "I thought it should work in theory, but as far as I knew, no-one had ever tried. Mesh technology seemed ideal, because we could mesh and upload data from several stations at once." So he set about trying to find out if it could be done. Simon Steele, director of Make Me Wireless, said: "Roy is joining us in Australia to help develop our Mesh offerings. We discussed that we had been approached about airborne Mesh and the next thing we knew he had liaised with Ofcom, the UK telecommunications regulator, sorted the aircraft, pilot, and arranged the test flight." The test flight was carried out in a microlight aircraft. This has a composite hull, vital to the attempt because the antennae had to be kept inside the plane. Eddleston explained: "If the antennae are externally mounted, you need CAA approval. But an aluminium plane is effectively a faraday cage. So the microlight was the ideal test craft." The amount of data that needs to be collected shouldn't pose any problems, he says. "If you have a downward-facing, omni-directional antenna and you take a circular flight path, there is no problem caused by a doppler effect, and you just fly around that path until you have uploaded all the data." The test was conducted using LocustWorld MeshAP PRO and Asterisk VoIP equipment, and more tests are planned as soon as the weather clears. The trials in South Witham have proved the point, Eddleston says, but it is still early days. Although Eddleston reckons the technology only needs another couple of months of development - mostly on antenna design, he says he doesn't know what stage the weather stations are at. ® Related stories Municipal Wi-Fi access schemes unjust - report BT promises to play fair, in Ofcom appeasement Cambridge wireless network to close Wireless rural BB service names the day
Lucy Sherriff, 16 Feb 2005

BT workers demand 8% pay rise

BT staff are demanding an eight per cent increase in wages to repay them for their "loyalty, hard work and co-operation". The Communication Workers Union (CWU) - which represents around 54,000 of BT's 100,000 or so workers - has submitted a claim for more pay and allowances to meet the increased cost of living. The union notes that BT's profits continue to rise, topping more than £1bn for the first half of the year. And although the average wage of BT workers has risen by 24 per cent since 1997, the chief exec's pay packet has swelled by a whopping 162 per cent over the same period, says the union. "Our claim of eight per cent meets our need to ensure that we raise your level of income realistically while still being well within the company's affordability," said the CWU in a statement. "BT will not want to meet this level of increase and we anticipate that there will be some very difficult and hard negotiations. BT took a tough stance last year and there is no reason to believe that this year will be any easier," said the union. No one at BT was available for comment at the time of writing. ® Related stories BT near to settling London allowance dispute Union calls BT strike ballot over derisory offer Maybe it's because I'm a Londoner (that BT wages get me down)
Tim Richardson, 16 Feb 2005

Verizon's MCI takeover faces shareholder revolt

Verizon's takeover of MCI could be stymied by MCI shareholders who want to know why an apparently higher offer for the firm was rejected. Verizon offered $6.75bn for MCI - the company formerly known as WorldCom - which MCI accepted, despite receiving a offer from Qwest of a reported $7.3bn. Three institutional investors, representing 10.5 per cent of MCI shares, believe MCI should reconsider the higher offer from Qwest or remain as an independent company. John Berkowitz, president of Short Hills, which owns 3.5 per cent of MCI, told Bloomberg the offer was "very disappointing for MCI owners". Paulson and Co and Fairholme Capital Management are the other two hold-out shareholders. Qwest, the unsuccessful bidder seems unlikely to give up quietly. Qwest president Richard Notebaert said MCI's decision surprised him. "We were a very good fit for MCI or we would not have made the proposals as strong as they were. How do you argue leaving a billion of cash? That's a lot of money to leave on the table," he told Bloomberg. But analysts are less certain that Qwest would be a better fit than Verizon. Mexican billionaire Carlos Slim Helu owns over 13 per cent of MCI, which will net him $600m if the deal goes through. ® Related stories Verizon and MCI to tie the knot Verizon close to MCI deal - report MCI 'makes $5m a year from spam gangs' Qwest courts MCI for telecoms take-over
John Oates, 16 Feb 2005

Reseller duo in court for 'bribing' council

Two men from Essex-based IT dealership Orbital Solutions are accused of making corrupt payments to ensure they won contracts from Havering Council. Southwark Crown Court began hearing evidence in the case today, in a trial that is expected to last up to eight days. The prosecution alleges that Havering council official Kevin Barry also took part in the 14 month fraud. He is accused of taking payments from Christopher Clarke and John Brett of Orbital Solutions to feed them secret information about council contracts. Quoted by the Evening Standard, prosecutor Jane Bewsey said: "The allegation is that these men gave corrupt payments to Mr Barry to secure orders from him. In other words, they gave him bribes in return for him placing orders with their company." The three are accused of splitting profits of £145,000 from their activities, the paper said. Barry, Clarke and Brett deny all ten counts of corruption. ® Related stories Man sues bigger penis pill company Man charged in DEC hacking case Ebbers 'drove Worldcom fraud' - Sullivan
John Oates, 16 Feb 2005

Opera and Orange seek phone browsing perfection

Orange has confirmed that it is working with browser maker, Opera Software, to research and develop a web browser interface for mobile phones. The collaborations come as the developer claimed its Opera Platform is ready for commercial deployment. Opera said the customisable browser will make it easier for mobile phone users to access data services, and so drive data revenue for mobile operators. Essentially, the browser becomes the mobile phone's interface, and can be configured according to the whims of the operator. Subscriptions to news tickers, RSS feeds, weather data and email can all be fed directly to the "front page", and, Opera said, phone users will be able to access the web more easily from their handset. Eric Dufresne, head of Orange's R&D centre in Boston, said that Opera's standards-based approach was part of the attraction, because it makes it easier to provide a better end-user experience across platforms. He expects data use to rise when the data services are closer to the end user, and easier to access: "This will be a real revenue booster that takes advantage of our investment in high-capacity networks," he said. As well as subscription-based services, users will be able to access all web content using the browser platform. "Operators can't plan for what every user wants but the browser renders all sites," explained Jan Standal, product manager at Opera. "So you can go where you want." The platform is totally independent of the operating system, so operators can deploy the same code on all phones. Content developers already know how to write for it, because it is based on web standards, and it gives operators the opportunity to add features to the phone even after the initial sale. Opera says its it has had lots of interest from mobile operators, and expects to announce commercial deployments by the spring of this year. The press release is here. ® Related stories Cannes demos the next fast thing Orange to offer 3G, Wi-Fi palmtop smart phone Orange shuts out adult content
Lucy Sherriff, 16 Feb 2005

SiS signs Intel bus licence

SiS has licensed Intel's 1066MHz frontside bus specification, a move that heralds the chip maker's support for Intel's latest Pentium 4 Extreme Edition processors. That said, it will be some time before SiS' updated chipsets ship: the company will not offer such products until H2 2005, it said in a Taiwan Stock Exchange filing. The document reveals SiS intends to ship updated versions of its 656 and 670 chipsets. The former will sample in Q2 before going into mass production in Q3. Intel has already said it expects to launch dual-core P4EE processors in Q2, though volume shipments are not expected until early Q3, so SiS' timing isn't bad. The 656 currently supports FSB speeds of up to 800MHz. It provides PCI Express support for graphics, and 400MHz DDR and 667MHz DDR 2 SDRAM support. The 670 is an integrated version of the 656, adding in a Mirage3 DirectX 9 graphics core. ® Related stories Nvidia 'nForce for Intel' wins PCI-E certificate Intel, Nvidia were Q4's graphics chip winners VIA unveils P4 PCI-E chipsets Nvidia signs Intel bus licence deal Intel lost 6.7% chipset market share in Q3
Tony Smith, 16 Feb 2005

PlusNet to trial BT's 8Mb broadband

Sheffield-based PlusNet has confirmed that from April it will be trialling broadband DSL at speeds up to 8Mb as part of a wider pilot scheme announced by BT Wholesale two weeks ago. The UK's former telecoms monopoly has already announced plans to deliver higher speeds for its wholesale ADSL products to meet what it described as "increasing demand for more bandwidth-hungry applications such as video". Trials for the increased va-va-voom - which should support line speeds up to 8Mb "dependant on line characteristics" - are scheduled to begin in April ahead of a national roll-out beginning in the autumn. PlusNet - which already works closely with BT following an agreement inked in December - is planning to offer free speed upgrades and a brand new product range. "From April, all PlusNet customers will be able to take advantage of the increased speeds as they become available," said the ISP in a statement. "Existing PlusNet customers will be able to upgrade free of charge to the maximum available DSL speed. The changes enable the ISP to determine its customers' actual speed setting, instead of this being set at BT's local exchange." From April, PlusNet will be providing 8Mb from £14.99 a month although this will be subject to availability and usage conditions. ® Related stories BT DSL price cut undermines LLU competition Easynet squares up to BT with wholesale broadband Insight exits PlusNet, raises £15.8m
Tim Richardson, 16 Feb 2005

Scammers say 'No' to drugs, 'Yes' to fraud

RSA 2005RSA 2005 Better credit card fraud detection techniques are encouraging crooks to look for easier pickings elsewhere. "The path of least resistance is moving on from credit card fraud to checking [current] account fraud. Fraud on debit cards, ATM transactions and money transfers are all on the rise," said Avivah Litan, research director at analyst Gartner. Gartner's research suggests that cheque forgery and account fraud often happens offline. By contrast, data disclosures that lead up to credit card fraud predominantly occur online. An April 2004 Gartner survey estimated that 9.4m US adults were the victim of ID fraud over the preceding 12 months. Gartner puts losses at $1.2bn a year, the bulk of which finds its way to criminal syndicates in Eastern Europe and African states. "Banks do not move at lightening speed, but they are losing money. It's a sensitive subject. They don't like to talk about it, but they are hurting," said Litan. Credit card fraud is "less risky and more lucrative than drug dealing" so criminal gangs are expanding into the arena. Addressing losses through phishing scams and the like is driving spending on security technology in the financial services industry. By 2007, Gartner predicts 70 per cent of banks worldwide (and 75 per cent in the US) would move on from using static passwords alone to protect online accounts. "Banks won't necessarily be using tokens but they will be using something stronger than passwords," Litan said. The analyst also said that stronger authentication needs to be supplemented by intelligent back-end fraud detection. "Good fraud detection techniques are in place for credit card fraud, so consumers will get a call if suspicious transactions are put through their account. This needs to be replicated across the (financial services) industry," she said. ® Related stories Passwords? We don't need no stinking passwords Tech industry puts phish on diet Florida man sues bank over $90K wire fraud ID thieves rip off 7m US adults a year (July 2003 survey RSA 2005 All the Reg stories from this year's conference
John Leyden, 16 Feb 2005

3PAR adds DIY tool for snapshots

It's not just Windows that has adopted the possessive language of childhood, with *My* Computer, *My* Network and *My* Documents, now it's enterprise storage too. Array developer 3PAR has come up with software called mySnapshot, which enables users - the initial target is software developers - to create and delete their own clones of working data. 3PAR marketing veep Craig Nunes says the task can easily be done today with the company's Virtual Copy software, but it requires high level privileges which storage admins are reluctant to grant to users - although this may be out of wisdom rather than possessiveness. The new software therefore gives users a single command to unmount a snapshot, delete it and refresh it. "In areas such as financial services, you tend to have software developers run into situations where they need copies of data to test against, then have a glitch and need a new copy. Having to provide those slows the database and storage admins down. You could script it, but the user could still do the wrong thing," Nunes says. "The key is to reassure the admins by creating a security mechanism that identifies the user, providing a subset of the privileges needed to create and delete snapshots, and a list of the snapshots they have access to. The prerequisite is it has to be extremely simple and secure." 3PAR is among those pushing the idea of utility storage - storage as an on-tap resource, like water or electricity - and Nunes reckons mySnapshot is a good example of this. "It's great to put storage value into the user's hands that previously needed a storage admin," he enthuses, adding that the snapshot utility is already shipping to 3PAR users, bundled with Virtual Copy. ® Related stories NetApp's storage virtualisation evolves Europe's SAN avoidance strategy Computacenter signs 3PAR for utility play
Bryan Betts, 16 Feb 2005

Sun burns Solaris and Linux staffers

Sun Microsystems has sent some of its operating system staff packing as it finishes up a long period of layoffs. Sources have informed The Register that a larger number of staffers in Sun's operating platforms group have been shown the door. Many of these workers had been cranking away on new versions of Solaris and the Java Desktop System - Sun's version of Linux. With that work mostly completed, the staffers became expendable to Sun. This looks like the tail-end of a long round of layoffs, which started last year and claimed more than 3,000 jobs. A large chunk of staff in the UK were particularly hard hit, according to our sources. The layoffs generated comments such as "Sun is decommitting from Linux" and "Sun has abandoned Linux." One source, however, insisted that Sun is fully behind Linux and that these remarks came from embittered ex-staffers. In May of last year, Sun culled hundreds of server staffers from its UK and Ireland offices. Up to 40 likely lost their jobs today, according to our sources, with more cuts in the US. Sun could well cut more staff if its revenue totals don't start to rise. Its worker count is still relatively high given that Sun has been punished so hard in the post-bubble era. ® Related stories Sun carves off a few more UK, US workers Sun sends European server team packing Sun erases fourth quarter profit with $1 billion charge Sun shocks showgoers with layoffs
Ashlee Vance, 16 Feb 2005