29th > March > 2005 Archive

Sony ordered to pay $90.7m in PS2 patent dispute

Sony can continue to sell its Playstation2 games console in the United States, despite an injunction made by a California Court last week ordering it to stop. The judge, in a California court, upheld a ruling last September that Sony had infringed patents held by Immersion Technology on force feedback controllers. At the time, the court ordered Sony to pay Immersion damages of $82m, a figure based on sales of the PS2 Stateside. The award was updated to $90.7m last week. The judge also ordered Sony to stop selling or importing PS2 consoles, but immediately suspended the judgment pending the outcome of an anticipated appeal. Immersion's haptic technology first appeared in a PC joystick in 1996, and with Microsoft the company developed the DirectX force feedback API. But the two subsequently fell out, with Microsoft named as the joint-defendent in the Sony action for infriging Immersion's IP in its Xbox console. However Microsoft settled, paying out $26m and taking a 10 per cent equity stake in the firm. The decision doesn't affect the Playstation Portable, which went on sale in the US this weekend. ® Related stories Microsoft gets touchy feely with $26m Xbox pay-off Logitech makes touchy feely mice WinXP doesn't feel the Force Feedback
Andrew Orlowski, 29 Mar 2005

Silent tech majority invites Mickey Mouse to poison P2P

CommentComment It happened years ago. The "KA" appeared, and everyone embraced it. They hugged that "KA" with all their might, hoping it might correct a collapsing technology scene. Then, when the "KA" grew a sore, they dumped it.
Ashlee Vance, 29 Mar 2005
channel

Oracle snaps up security firm

Database behemoth Oracle continued its shopping spree yesterday when it bought Oblix, a privately-owned security firm, for an undisclosed amount. Oblix provides companies with secure identity and Single Sign-On services. These are increasingly used by businesses to guarantee the identity of people accessing corporate networks over the web. Oblix products COREid, COREsv and SHAREid will continue to be available as individual products. But Oracle is keen to include the best features into its own identity management products. Phil Wainewright, chief analyst at Loosely Coupled, analysts specialising in Service Oriented Architecture, said: “The acquisition plugs gaping holes in Oracle’s SOA line-up. It has market-leading web services orchestration technology after its acquisition last year of specialist BPEL vendor Collaxa, and of course it has one of the leading application server platforms. But there’s been nothing in between. "Its directory services product, like much Oracle technology, is fine for pure Oracle shops. But after completing the PeopleSoft transaction, Oracle faces big identity federation and policy management challenges across a swathe of its newly acquired customer base. The Oblix acquisition is a remarkably good fit for those gaps in the Oracle strategy." Wainewright added that the big question was whether Oracle continues with Oblix's development plans for 2005. Oblix president and chief executive Gordon Eubanks, who used to run Symantec, is not part of the deal. He is leaving the firm to pursue "personal and new interests", according to ZDNet. More details on Oblix.com here.® Related stories Oracle wins Retek bidding war Oracle finally puts PeopleSoft in its pocket PeopleSoft says 'Yes' to $10bn Oracle offer
John Oates, 29 Mar 2005

iTunes.co.uk owner fights on against Apple

Erstwhile teenage dotcom millionaire and porn prodigy Ben Cohen is in dispute with Apple over his ownership of itunes.co.uk. He is taking them to the High Court to try and overturn a ruling from Nominet - the UK's domain name registry - that he should give up the website. Cohen, the 22-year old founder of SoJewish.com, registered the address in November 2000 after he was unable to register tunes.co.uk. Apple did not launch its iTunes service in the US until April 2003. Apple's lawyers got in touch and offered him $5,000 but Cohen was holding out for £50,000. He uses the site to redirect traffic to one of his properties - quickquid.com. Apple's lawyers stopped talking when Cohen made clear how much cash he wanted, according to the Guardian newspaper. Cohen is asking the High Court for a judicial review because he believes Nominet's procedures are biased in favour of big companies at the expense of smaller competitors. ® Related stories Apple wins iTunes.co.uk case Apple threatens iTunes.co.uk owner My Life as a Teenage Dotcom Millionaire
John Oates, 29 Mar 2005
channel

First players based on Taiwan's FVD HD disc to ship next month

Taiwan's answer to HD DVD and Blu-ray Disc was formally launched yesterday. The format's backers claim it offers comparable video quality to blue-laser media but at a fraction of the price. Announced almost a year ago, FVD (Forward Versatile Disc) is based on the same red-laser technology used in today's DVD and CD players. Unlike DVDs, FVDs can store HD content, thanks to the use of Microsoft's Windows Media Video 9 codec, which allows 135 minutes of HD video to be stored on an FVD. The format uses WMA for audio. FVD also offers better copy protection than DVD, with movies encrypted using AES rather than the weaker Content Scrambling System (CSS). A single-layer FVD can hold 5.4-6GB of video content or data, rising to 9.8-11GB for a single-sided, double-layer disc. That's some way off HD DVD's 15GB/30GB single-layer/dual-layer capacity, let alone BD's 25GB/50GB space. However, FVD supporters say the format will still hold a 1920 x 1080i movie. According to a DigiTimes report, the first FVD player is expected to launch in Taiwan next month for around TWD5500 ($175). The player will ship with ten movies on FVD. That is expected to be rather less than the first HD DVD players will cost, though as yet no schedule for that format's roll-out in Taiwan has been made public. HD DVD will be launched in the US in Q4. FVD was developed by the Opto-Electronics Systems (OES) division of the government-funded Industrial Technology Research Institute (ITRI). The format will be maintained and promoted by the Advanced Optical Storage Research Alliance (AOSRA), which comprises 29 local player and disc manufacturers, and media firms. Like China's home-grown EVD format, FVD was created as much in protest to the overseas ownership of key DVD patents as to satisfy a specific market demand. According to ITRI, "for every DVD player [made in Taiwan], royalties can be as high as $10 - about one third of the roll-out price". A desire to be free of those payments was the key motivation for many local firms to join AOSRA. ITRI has ties with the DVD Forum, and is thought to have submitted FVD to the organisation, possibly as an interim format bridging the gap between DVD and HD-DVD. ® Related stories China sends DVD royalties South China favours EVD over DVD DVD Forum punts blue laser HD-DVD China unveils DVD killer video disk format
Tony Smith, 29 Mar 2005

Space-walkers launch 'Nanosatellite'

Astronauts on board the International Space Station released a mini-satellite and installed new communication antennae during a four-hour space walk yesterday. They finished their tasks just before the station's overloaded gyroscopes caused the station to drift and roll slightly. That station should have three gyros, but one has been out of service for the last two weeks because of a circuit breaker failure. The two remaining gyros have had to pick up the slack, and will continue to carry the extra load until a the problem is repaired by visiting astronauts, slated to arrive in two months' time. NASA said that the station was without attitude control for less than 20 minutes, and that the crew was in no danger, according to Associated Press reports. Once the two spacewalkers were at a safe distance, the jets were reactivated, stabilising the station. Flight engineer Salizhan Sharipov released the satellite about two hours into the walk, while mission commander Leroy Chiao photographed its departure. The foot-long, so-called nanosatellite will transmit data on its manoeuvres to scientists as it orbits the earth. The information will be used to develop better control techniques for small craft and new attitude sensor systems. Russian scientists reported that the tiny orbiter had sent a good signal two hours after its deployment. Spacewalks now leave the station completely empty, since the grounding of Shuttle means there are only two, instead of the usual three, astronauts aboard. The stations systems were either switched off or set to autonomous mode during the walk. ® Related stories ISS resupply runs on rails ISS resupply blasts off today Reg chats with ISS veteran
Lucy Sherriff, 29 Mar 2005

Toshiba preps minute-charge 'miracle' battery

Toshiba has developed a Lithium-Ion battery capable of being charged to 80 per cent of its full capacity in under 60 seconds. Filling it up takes just "a few more minutes", the company boasted today. That's considerably faster than today's Li-ion rechargeables which can take 1-4 hours to reach 80 per cent capacity, and even longer to fill completely. Toshiba also claimed the new cell offers a greater longevity than today's Li-ion batteries, losing only one per cent of its capacity after 1000 charge cycles, according to the results of its own charge-discharge testing. The battery can operate at temperatures of -40°C, though it's limited to 80 per cent of capacity in such conditions, compared to 100 per cent at 25°C. At 45°C, its longevity begins to tail off, losing five per cent of capacity after 1000 charging cycles. The company lauded the new battery's eco-credentials. With such a fast recharge time, it consumes less energy than today's Li-ion cells, leading to reduced carbon-dioxide emissions, Toshiba claimed. The secret is the use of "nano-particles" to "prevent organic liquid electrolytes from reducing during battery recharging. The nano-particles quickly absorb and store vast amount of lithium ions, without causing any deterioration in the electrode". Toshiba's miracle battery will come to market next year, the company said, initially in automotive and industrial applications. However, there's a clear benefit for mobile devices. Toshiba's prototype 600mAh cell, for example, was clearly developed with compact gadgets in mind: it measures 6.2 x 3.5 x 0.4cm. ® Related stories Nokia sued over 'exploding phone' Landscape fills with PDA smart phones Nokia hologram to expose fake, unsafe batteries Nokia batteries not safe either - Belgian watchdog Dell's big R&D bet - Solar Power
Tony Smith, 29 Mar 2005

Cops warn of internet fraud

Police are warning punters to be on their guard against internet scams after seeing a spike in complaints from victims ripped off by crooks. In particular, cops are concerned at the increasing number of people snared by "phishing" scams that appear to be genuine requests for personal and banking details from well known sites such as eBay and Amazon. Police are also worried about "Second Chance Offer" scams operated on sites such as eBay. In these cases, someone who misses out on winning an auction is contacted later and told the deal has fallen through and offered the chance to snap up the item privately. Although money is sent in good faith, the gear never appears. Said Inspector Alex Harkness of Fife Police: "The people who are committing these crimes are very professional. They create web sites with links that appear to be connected with the genuine sites, people are then conned into passing over credit card or bank details and money is then stolen from them." Two weeks ago police warned that online retailers are likely to become the next target of "phishing" scams. Up till now online banking web sites or auction sites such as eBay have been the main target for scammers. But the National Hi-Tech Crime Unit warned that online retailers now need to be on their guard, ® Related stories Brazilian cops net 'phishing kingpin' Cyber cops foil £220m Sumitomo bank raid Supermarkets next in line for phishing attacks UK card fraud hits £505m eBay provides backdoor for phishers
Tim Richardson, 29 Mar 2005
channel

Sungard goes private

US security and continuity specialist Sungard has been bought by a group of private investors for $11.3bn - the largest such deal since Nabisco was bought by Kohlberg Kravis Roberts in 1988 for $25bn. Sungard owns UK disaster recovery firm Guardian IT. The buyers include Bain Capital, the Blackstone Group, Goldman Sachs Capital Partners, Kohlberg Kravis Roberts, Providence Equity Partners and Texas Pacific Group. The group is led by Silver Lake Partners. The deal is a leveraged buyout - Sungard will be taken private and its shares removed from Wall Street. Sungard shareholders will receive $36 for each share they own. Sungard's board of directors approved the deal and is recomending shareholders vote in favour. The takeover should close in the third quarter of 2005, assuming shareholders and regulators do not object. Jamille Jinnah, managing director of placement and research house Almeida Capital, told El Reg: "We are going to see more of these kind of deals. Private equity groups have enough capital so we're going to see more and more companies being taken private." Jinnah said: "Investors have more control over a company which is private rather than under public and market scrutiny. In the future it is going to get harder to keep talented people within public companies." Jinnah also believes the structure of such deals is likely to change with sellers keeping an interest in the firms they sell. More details on Sungard's website here.® Related stories Sherwood accepts Sungard offer Sungard mulls over Sherwood bid report Disaster recovery disaster finds buyer
John Oates, 29 Mar 2005

Qwest sets MCI April 5 deadline

MCI has until next week to accept Qwest's $8.45bn offer - or the deal is off. So says Qwest's boss Richard Notebaert, who's written yet another letter to the board of MCI asking the US telco to reconsider its offer. MCI is currently being chased by two telcos eager to snap up the company formerly known as WorldCom. MCI has already accepted a $6.7bn offer in shares and cash to be bought out by Verizon. But Qwest got the hump after it said MCI ignored its $8bn bid. Since then, Qwest's bid has been sweetened to $8.45bn and backed up by a barrage of insults. Anyhow, in his latest letter Notebaert maintains that "statements of various MCI stockholders clearly indicated that may MCI stockholders have found our proposal superior to the Verizon offer." And if Qwest has not "executed an agreement [with MCI] on or before midnight, April 5, 2005, our offer will be withdrawn," he said. ® Related stories Telecoms takeover turns into sixth form disco MCI/Verizon/Qwest slanging match continues 'Desperate' Qwest ups bid for MCI Verizon: Qwest can talk to Verizon bride MCI 15,000 jobs to go if Qwest/MCI gets green light
Tim Richardson, 29 Mar 2005

What value your security certification?

CommentComment It was with great dismay that I read of the recent changes to the GIAC certifications. There is now no longer a requirement to write a practical portion to the GIAC, which has recently become purely exam-based. This practical portion requirement was, until now, the one distinguishing feature that separated the GIAC certifications from all the others. To earn this certification one had to, in no uncertain terms, prove in a written format his mastery of the subject matter. The reasoning given by Steven Northcutt, the director of training for SANS' GIAC, as to why they dropped the practical requirement has been widely dismissed by many current GIAC holders, including myself. The GIAC's prominence and value was largely due to the highly technical nature of their various certifications. Without a practical portion to the certification, however, it now becomes one of the same among so many others. This brings to mind a similar problem among certifications that first occurred some years ago. Let's consider the devaluation of the MCSE certification for a moment. For some time the MCSE held value among those in the IT world - that is, until the "boot camps" appeared, which pretty much guaranteed the attendee his MCSE within one week regardless of any practical knowledge that he may have garnered during this time. Thus, the MCSE certification soon lost a lot of its value in the eyes of many - and in particular, in the eyes of employers who were left to deal with having hired new employees who often could simply not function in their complex corporate environments. This phenomenon coined a term that is still in wide use today, that of the "paper MCSE", or more generally, the "paper certification". These terms refer to one who has crammed for an exam and had good memorization skills, but may or may not have have any real practical ability. A great number of people thought at the time that this "boot camp" type of training was just a money grab by some IT vendors. However, I will reserve my opinion on that. With these two examples in mind, one has to wonder about the value of certification for the security industry. Is the certification process a self-serving one that exists for the benefit of educators to make money, instead of imparting knowledge? I regret to say that many believe so. However the reality is that most people don't have a choice anymore, as so many employers demand various certifications before even giving one the opportunity for an interview. Prospective employers now look at the well-known certifications as the bare minimum of accepted competency, or as the piece of paper that gets one in the door for an opportunity to prove his knowledge in other ways. Like it or not, it's certification is a requirement nowadays. This now leaves one with the prospect of choosing which certification provides the best opportunity, and the best value. Arguably the most widely recognized certification out there today is the CISSP. From a network security perspective, the CISSP is still considered the premiere certification. What many people don't realize though is that the CISSP is generally regarded as a management level certification, and is much less technical than the GIAC certifications. However, you can't really go wrong with getting the CISSP assuming that you meet the prerequisites, such as the required work experience in the security industry. One of the other notable features of this certification is the standard of ethics it makes all CISSP holders bound to. In a nutshell, for your training and certification dollars, the CISSP may be your best bet overall. It's still not very easy to attain for many people, and this fact keeps the certification elevated at a high level. Not only that, but unlike the recent changes in the GIAC, the CISSP has remained pretty stable over the years. What about the vendor specific certifications? This is an avenue that should be explored as well. Before making a decision on which certification, one must determine what his job focus will be over the next few years. In other words, there would be no reason for a Windows system administrator to get the RHCE, for example, even if there truly is a security component to that certification. After you have taken stock of your goals, you must then focus your aim at a specific certification. Let's look at the RHCE certification in a more detail though, for there are many who maintain Linux servers. Is this certification worthwhile? For many security people looking to understand Linux better, the answer would be a resounding yes. The RHCE seems to be the last remaining cert that makes you demonstrate your skills via a practical, hands on portion. Unlike the "paper certification" syndrome as mentioned above, the practical segment of the RHCE makes it stand out for all the right reasons. A prospective employer will know that you can actually do the hands on work once you have earned this certification. A second example where you cannot go wrong with vendor certifications is with the CCNA. Routers are key to every corporate network today, and Cisco is still the reigning king of the router world. Unlike the CISSP, there are no prerequisites to obtaining the CCNA. You simply study hard, plunk down your money, and take the test at your local test center. If network security is your mainstay, however, and you have been upset about the recent downgrading of the GIAC certification, then the lack of a practical portion to the CCNA unfortunately puts it in the same league. In that case you should contemplate the CCSP - which is still an excellent technical certification. With these various certification options in mind, and with our discussion on practical portions vs. purely exam based certifications, we have come full circle. What makes a certification worthwhile is ultimately what it means to you, your knowledge, and your career. Having gone through many of these certifications myself, I truly believe you must have a practical portion for the certification to be effective. It is simply too easy to cram for an exam and then have the infamous brain dump, without having really learned anything. This type of exam-based certification really displays little concrete evidence to an employer - and once again, it does little more for your career than to get you in the door. Remember, it is always best to have a certification that will unequivocally show your knowledge in a practical setting. Anything else leaves your skills open to question. I myself hold two GIAC certifications, and must now lament the fact that, in light of recent changes, that they are longer as valuable as before. When looking for a new security certification to pursue, choose wisely and look beyond that piece of paper you'll get in the end. Copyright © 2004, Don Parker, GCIA GCIH, specializes in intrusion detection and incident handling. In addition to writing about network security he enjoys a role as guest speaker for various security conferences. Related stories Boom times ahead for IT security profession Counting the cost of security training Top security graduates offered bursaries
Don Parker, 29 Mar 2005

Oz boffins grow stem cells from nose

Australian scientists have used a grant from the Catholic Church to grow human stem cells from tissue harvested from the nose. The procedure neatly sidesteps the moral issues surrounding obtaining stem cells from human embryos. The cloning of human embryos for stem cell research is banned in Australia, although researchers can utilise cells from spare embryos created for IVF purposes, Reuters reports. The Catholic Church stumped up a A$50,000 ($39,500) grant for the Griffith University research. Lead boffin Alan Mackay-Sim said: "We have got an adult stem cell which is accessible in everybody and we can grow lots of these cells and turn them into many other cell types. Apart from neural and brain cells, they look like they can turn into blood cells, heart muscle and to skeletal muscle." Sydney's Catholic Archbishop, George Pell, enthused: "The significance of this is manifold. This represents a significant advance and I think this will bring a great blessing for people." The UN recently voted to ban human cloning for any purpose, including stem cell research. The decision is, however, non-binding and many nations will continue with this "theraputic cloning" research regardless. Related stories IVF report provokes 'designer baby' rumpus Court backs California stem cell programme UN approves human cloning ban
Lester Haines, 29 Mar 2005
graph up

Quantum crypto comes to Blighty

UK reseller NOW Wireless has signed a deal to distribute MagiQtech's quantum cryptography solution, MagiQ QPN Security Gateway, in the UK. Launched in the US in 2004, MagiqTech's two-box solution, provides secure quantum key exchange between two dedicated sites up to 120km apart. Once secure keys are exchanged, data can be encrypted using standard protocols, switching keys at up to 100 times per second. The technology was first demonstrated outside the physics lab in July 2002 when a team from the University of Geneva and Swiss electronics company id Quantique exchanged keys across a 67km fibre optic network. Quantum cryptography allows two users on an optical fibre network to form a shared key, the secrecy of which can be guaranteed. This takes advantage of the particle-like nature of light. In quantum cryptography, each transmitted bit is encoded upon a single light particle (or 'photon'). Intercepting the data randomly changes the polarisation of the light, irreversibly altering the data. This makes it impossible for a hacker to eavesdrop on the data without revealing his intervention. There are a few problems with quantum cryptography, however. While it cannot be cracked, in the traditional sense of the word, it is susceptible to a denial-of-service-style attack. Although a hacker would still not be able to access any sensitive data, he could disrupt the key exchange and bring the system to a halt. It is also difficult to route, since the routing process itself would access, and thus disrupt the data being routed. Until this problem is solved, QC is limited to use between two dedicated points. Some observers question the value of pursuing ever-harder encryption, pointing out that a system will be attacked at its weakest point, such as personal passwords, or software vulnerabilities. ® Related stories Maths boffins topple Certicom crypto Japanese boffins advance quantum computing Holy Grail of crypto to arrive in three years, say UK boffins
Lucy Sherriff, 29 Mar 2005

Mitnick sequel fails to hack it

Book reviewBook review Sequels are hard. Just ask John Travolta, currently being panned by the critics for his efforts in Be Cool, the would-be follow-up to the tremendously successful film Get Shorty. In books, as in films and music, following instant success is often harder than achieving it, because the former may be the labour of years but the latter has to be built from what's immediately available. Thus one can imagine the challenge Kevin Mitnick, and his co-author (and already published author) William D. Simon, faced after the plaudits showered on their first product, the 2002 book The Art Of Deception. We need not go over the merits of that book (though you can read them up). Suffice to say they were many, principally because it focussed on social engineering - the technique of getting your victims to help you to break in, rather than sitting whey-faced in a darkened room staring at a screen running Netstat. Social engineering is really, really hard to defend against, because you can't just plug in something and feel safe. It's about people, and people can be persuaded to do and say almost anything. But Mitnick clearly poured much of his life experiences before prison into that book. Now he's a security consultant, whose clients would likely be unhappy about having exploits or weaknesses broadcast to the world. So what to do when the publishers suggest a followup? And what to call it? The solution: pull together tales from other hackers of how they did what they did, and call it something similar to the first book - specifically, The Art of Intrusion (subtitled 'The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers'). Thus the first chapter describes how a team of clever programmers set out to empty the computer-controlled poker-playing machines in Las Vegas by working out how the underlying code worked, and thus a winning hand was on the way. It's Ocean's Eleven sans George Clooney, Julia Roberts, and swish locations; instead there's firmware reverse-engineering and miniature computers concealed in shoes. But the team made a million, at least, and weren't caught. The next chapter is the tale of some hackers who may, or may not, have been encouraged by a terrorist - from al-Q'aeda? - to download details from Boeing, and break into the White House website. The hackers got busted; but what's not clear is whether the person who urged them on truly was a Pakistani terrorist, or an FBI plant to smoke out disloyal (or just dumb) hackers, or perhaps a double agent. It was around this point I got that 'sequel discomfort'. Whereas Art of Deception had a simple theme - how social engineering gets around your computer defences - Art of Intrusion is less sure of its ground. Is it about hacking? But there's plenty of stuff out there, from Clifford Stoll's The Cuckoo's Egg onwards, about that. This didn't have the tidiness of the first book; like real life, it had too many loose ends and uncertainty. My unease continued with the story of some prisoners who had been allowed to get almost unlimited use of computers while inside a US state prison, and the trailing of a hacker through Boeing (again), and the saga of Adrian Lamo, the "Robin Hood hacker" who got hit hard by the FBI when he was found to have - gasp - hacked into the New York Times and even done some unauthorised Lexis/Nexis searches, as well as - shock! - cheekily added his name to the list of op-ed ("leader page", in the UK) contributors. The stories are diverting enough, but what do they tell us? Mitnick does make the useful point that the charges hackers face often bear little relation to the actual damage or cost done; in Lamo's case, he was charged among other things with making $300,000 worth of Lexis/Nexis searches via his intrusion to the NYT. But as Mitnick notes, the NYT pays a monthly fee for unlimited Lexis/Nexis searches, so Lamo didn't cost a penny extra. The injustice of hacking charges, while being a perennial Mitnick bonnet-bee, is however hardly a theme on which to hang a whole book. Only towards the end does a message emerge, and even then I'm not sure it's quite what Mitnick intended. Chapter 8 details how one lone hacker broke into a film software company and stole its latest product's source code. Doing so took months, or years; he then posted the code to one of the underground warez sites. To what end? None, really, since only a specialist could use the program, and would need very powerful machines to create anything usable. The next chapter describes a team who, for fun, hacked the mobile system used by a security company which ferries around prisoners and large amounts of money (not in the same van). Having cracked it, what did they do? Nothing - and they didn't tell the company either. The nihilism of hacking is thus laid bare. Unless it's tied to the task of protecting people and what they do against real criminals, then hacking here lies exposed as a pointless activity, as useful as kicking in the windows of bus shelters; it keeps glaziers employed, but is a disservice to most everyone else. I'm pretty sure that's not the message Mitnick intended. Although there's no sense that he delights in what hackers do, he doesn't question the ethics or sense in stealing a program that few can use to distribute for underground kudos. The point that is made, again and again, is that hackers will find a way in if one exists, and that any sort of communication will somehow be compromised. Against determined hackers, the gods themselves contend in vain. Yes, you should read this if you're nominally in charge of the security of a company system where you value any of your information. The "tips" at the end of each chapter might offer some assistance, but they're less useful than those in the first book. More helpful would be to show a couple of the chapters - particularly Chapter 8 - to whoever holds the purse-strings for your company's computer security. It'll either prompt a huge boost in the budget, or a 100 per cent cut, on the basis that there's no point protecting against obsessives. Then again, you could follow the example of one systems manager who asked Lamo to show him the weaknesses in the system. As Lamo tells it, "They said to me, 'How would you secure this machine?' I pulled out my pocketknife, one of those snazzy one-handed little openers. And I just went ahead and cut the cable and said, 'Now the machine's secure.' "They said 'That's good enough.' The engineer wrote out a note and pasted it to the machine. The note said, 'Do not reattach'." I'd like to think it'll be a while before Mitnick reattaches to the task of writing about hacking. He has a unique perspective, and in Simon, a powerful co-writer. But the problem (and at the criminal end, it's a severe one) needs a mature outlook. Mitnick helps us get inside the minds of hackers. But he needs to get them to see outside their heads too - and realise their actions don't exist in an ethical vacuum. That will be what musicians call "the difficult third one". If I were his publishers, I wouldn't be pushing too hard for it just yet. ® The Art of Intrusion by Kevin Mitnick and William Simon, publ Wiley, ISBN 0-7645-6959-7
Charles Arthur, 29 Mar 2005

VeriSign wins back .net registry

VeriSign has won the battle over the .net registry, reclaiming the five million Internet domains as its own. The decision announced late last night by ICANN will see it and the monster company "promptly enter negotiations... to reach a mutually acceptable registry agreement". The approval follows an independent evaluation by Telcordia which saw VeriSign just edge Sentan on points, with Afilias, Denic and CORE++ coming next in that order. The Telcordia group contained a number of people with close ties to VeriSign, but to suggest foul play would be unfair - VeriSign was always the frontrunner and since it already runs the .net registry, the decision to re-award it to the company will mean the least hassle for all those involved. VeriSign hasn't even bothered to put out a press release about it. However, it does mean a great opportunity to break the control that VeriSign still maintains over the Internet (as the owner of all dotcoms and dotnets) has been lost. We are a little amazed that Sentan came a close second and that Denic came fourth. And we a little bemused by the number-colour system that Telcordia came up with to decide the winner. But, after a review of the 58-page report, we will get back and hopefully explain all. You can read more on ICANN's site here.® Related link ICANN announcement Related stories Boffins to decide future of .net domains The race is on for ownership of .net
Kieren McCarthy, 29 Mar 2005

Creative MuVo V200

ReviewReview Thanks to Apple, white is the new black, and Flash may well be the new hard disk, a least as far as MP3 players go. Hence, in part, the launch of a slick new Creative MuVo, the V200, not so long ago, clad in a shiny white iPod-style carapace. Of course, with the arrival of Apple's iPod Shuffle at round about the same time, the V200's been living under the Apple shadow ever since. Like past MuVos, the V200 comes in two parts: a USB Flash drive-sized unit which fits into an L-shaped AAA battery holder. Assembled, the V200 is smaller than its predecessors and looks more of a piece. It's a good size in your hand, and has a solid, well-built feel. On the side, there are the usual volume controls and jog-dial; on the front the power/play/pause key, microphone and small LCD. Separated, the player half plugs straight into a free USB port, mounting as a generic storage device, ready for MP3 or WMA tracks to be dragged and dropped over - keep them in album folders to help the V200 organise your songs accordingly. You can drag over other files too, using the player as standard USB Flash drive - the player will ignore these. Windows users can run Creative's MediaSource app and copy songs over that way, which they'll need to do if they want to play DRM-encoded WMA files downloaded from Napster, Virgin Digital, et al. Creative has been keener to tout its more compact MuVo N200, it seems, but the slightly larger model is the better product. I didn't like the N200's spongy jog-dial and recessed power key - the V200's are much better. The power key is raised above the body of the player, so it works every time you push it. The jog-dial has some resistance to it, so pushing it up and down is distinguishable from pushing it into the body of the player in order to make a menu selection. Functionally, the V200 is almost the same as the N200 - all it lacks is the latter's line-in port for direct MP3 encoding. But, as I found, that's one of the weakest of the N200's features, offering poor recording quality. The V200 is probably better off without it. The V200 has an advantage over its stable-mate: its supports Audible audio books, according to Creative's web site. There's the same FM tuner, able to record programmes as WAV files, and with the hissy reception you get will all personal analogue radios. The V200 will record voice memos in WAV format too. And there's the same five-band equaliser, with pre-sets and a custom EQ slider screen, to let you tweak the player's audio output. The sound quality, as per Creative's other MP3 players, is excellent. The bundled earphones aren't exactly an expensive set, but they give good reproduction, even at low volume, adding a nice bassy warmth to the sound while retaining the crispness of the higher frequencies. I tried the player with a number of MP3 files, encoded at 160Kbps and 128Kbps, some with joint stereo, others with twin stereo tracks. I wasn't disappointed with the sound of any of them. Verdict An excellent addition to the MuVo range, and clearly superior to Creative's better-promoted MuVo Micro N200. Sure, it's a little bit bigger, but it feels and sounds the better product. You can't complain about the V200's sound quality, build quality or feature set. The price, which recent came down by £10-20 in the UK, isn't bad either. Yes, the Shuffle's cheaper, but it lacks a display. If you're an iTunes Music Store customer, you'll need the Shuffle, of course. But if you prefer more Windows-oriented services, the MuVo V200 is a worthy alternative. ®   Creative MuVo V200   Rating 90%   Pros Stylish (if iPod inspired) looks; great sound quality.   Cons Not as trendy as the iPod Shuffle   Price £70 (256MB), £90 (512MB), £130 (1GB)   More info The MuVo V200 site Recent Reviews Creative MuVo Micro N200 MP3 player Fossil Wrist PDA FX2008 Nokia 9300 Communicator Olympus m:robe 500i media player Nintendo DS handheld games console Netgear MP101 wireless music player Seagate 5GB USB 2.0 Pocket Hard Drive Olympus Camedia C-370 Zoom
Tony Smith, 29 Mar 2005

BT tells industry to 'get on with life'

BT boss Ben Verwaayen has told the rest of the UK's telecoms sector to "get on with life". Speaking to the Financial Times the Dutch chief exec of the UK's dominant fixed line telco once again told anyone who would listen just how much BT has done to "become a service company that does interesting things". According to Verwaayen, BT will become an "innovation company" which will exploit its £10bn investment in its 21st century network (21CN) to provide new and exciting services. And on the issue of the wide ranging telecoms review, Verwaayen also believes that BT has done enough to escape a move by Ofcom to seek the break-up of the former monopoly. Indeed, on the issue of the telecoms review Verwaayen told the FT: "I think Ofcom has done a lot to get the level of discussion going to a level of much more intelligent debate and I think we have done our share by accepting responsibility and then getting on with life. And my invitation to the rest of the industry is the same." Despite Verwaayen's gloss, there are still plenty in the industry who maintain that BT's dominance of the UK's telecoms sector is bad for competition. One insider told The Register: "BT is using 21CN to get Ofcom to give it greater leeway in the telecoms review at the expense of competition." What's more, it seems clear that Verwaayen doesn't believe Ofcom will carry out its threat of splitting up BT if the telco fails to meet demands for "substantive behavioural and organisational changes" - including giving rivals equal access to its wholesale products. Quizzed by an influential group of MPs three weeks ago Verwaayen said such a move would be a "disaster". "Full structural separation," he said, "I cannot imagine that they would do it." ® Related stories Carve up BT, says Energis boss BT has until June to resolve 'equal access' issues BT gutted at Ofcom's 'prolonged misbehaviour' allegations Energis calls for BT break-up BT promises to play fair, in Ofcom appeasement Rivals warn of BT 'delaying tactics'
Tim Richardson, 29 Mar 2005
hands waving dollar bills in the air

Hynix ring-fences $342m against antitrust fines

Hynix has put by KRW347bn ($341m) in case the US government finds it guilty of engaging in anti-competitive behaviour, it has emerged. The fine fund's existence was spotted in a footnote to the memory chip maker's FY2004 results report, a story in Korean paper Joong Ang Daily reveals. The move follows the launch in 2002 of an investigation into the alleged formation of a DRAM price-fixing cartel which operated between 1999 and 2002. The US Department of Justice probe notched up its first victim in August 2004, when Infineon was fined a record $160m for its part in the cartel. Investigators also pursued Hynix, Micron and Samsung - the latter admitted last December it had put in place a $100m reserve in case it too is fined. Last November, Micron tacitly admitted that it had been involved, though it blamed its anti-trust activities on individual employees. At the time, it said it was co-operating with the DoJ probe in order to avoid criminal sanctions and fines. ® Related stories Samsung founds $100m antitrust fines fund Four Infineon execs heading to jail on price-fixing charges Micron employees fixed DRAM prices Infineon pleads guilty to memory price-fixing Infineon cops unexpected loss Memory makers hit by price-fixing claims
Tony Smith, 29 Mar 2005

ISPs share hacker info

Telcos, Internet Service Providers, equipment makers, universities and hosting companies are joining forces to exchange information about attempted hack attacks. The "Fingerprint Sharing Alliance" doesn't actually share fingerprints but rather profiles of attacks. Arbor Networks will collect the information automatically. For instance: a denial of service attack is launched against a customer of yours. Arbor will detect the spike in traffic, check it's not event-based, and give you information to defend against the attack. It will also collect enough information, a fingerprint, to identify the attack and pass that information to downstream service providers hit by the attack. Traditionally this kind of information was shared informally between companies based on personal contacts among security staff. There are some big names backing the network including BT, Cisco, Earthlink, Internet2, MCI, The Planet, University of Pennslyvania and Rackspace Managed Hosting. More info here.® Related stories Cisco buys anti-DDoS firm Vendors sharpen tools to thwart DoS attacks Researchers probe Net's dark address space
John Oates, 29 Mar 2005

EC sees tiny increase in women in science jobs

The number of women in top positions in science, both in academia and industry, has risen, but not by much, according to the latest figures from the European Commission (EC). In a report on gender equality in science, the European Commission has outlined its ongoing work to encourage more women to stay in science, once they qualify. These include setting targets for participation in the Commission's own work and creating ambassadors for women in science, an area it will have to put some effort into, because between 2001 and 2003, the number of women coordinating these programmes actually fell from 27 per cent to 26 per cent. Women account for 44 per cent of graduates in science and technology subjects across the EU, yet by 2002 they held just 14 per cent of the top (Grade A) academic positions. In 1999 this figure was 13 per cent. Grade B positions are a bit more evenly distributed at 32 per cent, up from 30 per cent, and the number of women working on PhDs has surpassed forty per cent (41 per cent in 2002 against 39 per cent in 1999). The European Council has set a target of 40 per cent participation by women at all levels of scientific research programmes, as part of its sixth framework programme. It said that reaching this target is "a crucial element" in reaching the EU's goal of investing three per cent of its GDP in research and development. The EC has earmarked an extra €5.7m for Women and Science in 2005-2006, bringing the total in the sixth framework programme to around €20m. From this, the EC has awarded a €2m grant to establish the European Platform of Women Scientists, which will build networks of women scientists and organisations working towards gender equality in scientific research. ® Related stories Cambridge launches mentor group for women tech researchers DTI calls women back to science and technology The case for women in the technology business
Lucy Sherriff, 29 Mar 2005

Barclays ATM network takes Sunday off

Barclays Bank is still investigating what went wrong over the Bank Holiday weekend to cause its network of cash points or ATMs to crash over the weekend. Barclays customers could not get cash out until 5.00pm Sunday. The problem hit 1,500 machines in southern England. Telephone and internet banking were also affected Some reports suggested this was due to human error - Saturday night was the start of British Summer Time so clocks in the UK went forward an hour. Early reports were that a Barclays employee may have moved a server's internal clock back instead of forward. Barclays, which apologised for the problems, denied the time change was to blame. A spokeswoman for Barclays told El Reg: "We are still investigating what went wrong but early reports suggest a small piece of IT hardware." She would not elaborate on what the equipment is but said it was definitely not a clock. ® Related stories BACS migration - who cares? Barclays to cut IT staff Barclays: Internet scam victim
John Oates, 29 Mar 2005
channel

A case for software benchmarking

CommentComment I do not normally hold much truck with benchmarking, at least for such public tests as TPC-C (the standard for transaction processing) and TPC-H (for data warehousing). These are typically marketing figures – the tests are artificial, limited, and vendors with big bucks can throw enough money at the tests to ensure that they do well. Thus, for example, I did not publicise IBM's TPC-C figure for the latest release of DB2 last year, despite the fact that it was more than twice as good as any previous figure. No, to my mind the only useful benchmarks are those that are performed specifically for individual customers with their data and their workload. But these, of course, are expensive to run. This, at least, was my thought until recently. However, I have recently been discussing benchmarking with one of the founders of benchmarking, then at the University of Wisconsin, back in the 80s. The point was made to me that back in the early days, benchmarks really did have a useful purpose. For example, it turned out that some of the databases that were tested way back then couldn't do such things as three-way joins: the optimiser just thrashed about and produced nothing. The contention therefore, is that benchmarking can be useful where there is only uncertainty and doubt and a lot of marketing hype about performance – in other words, in the early days of a technology. Is there such a technology? Yes, there is. Vendors (recent examples include Software AG, Sunopsis and Informatica) are pouring into the EII (enterprise information integration) space to offer federated query capability. That is, supporting real-time queries against heterogeneous data sources. To date, much of the focus in this market has been on how you set up and define these queries and only a relatively few vendors (notably Composite Software, Callixa and IBM) have been putting much emphasis on performance. But performance is a big issue. Indeed, if you don't get good performance across a spectrum of queries, then it is not worth investing in the technology in the first place. In fact, I know of one major company (which will remain nameless) that, to its credit, has not introduced a product into this space precisely because it cannot get it to perform. I am inclined to think that some benchmarking, perhaps based on a distributed TPC-H model, would be of benefit in this instance; at least in the short term. Vendors can currently wave performance figures around willy-nilly without fear of contradiction, and it is pretty much certain that some federated query projects will fail because the selected solution fails. While benchmarks are only a snapshot, in this case they may serve as an initial method for sorting the wheat from the chaff (if only because the chaff will not participate). To that extent I am in favour of them. © IT-Analysis.com Related stories Sun could quell database hunger with Unify buy IBM benchmark leaves server rivals breathless IBM and HP take phony benchmark war up several notches
Philip Howard, 29 Mar 2005

200 IT workers face O2 axe

O2 could axe as many as 200 jobs from its IT division following the announcement last week it will cut 500 positions from the mobile phone business. Insiders claim the compulsory job losses will be split evenly between O2 employees and contract staff. Last week O2 announced plans to restructure its business by elbowing 500 back office staff while creating 2,000 customer-facing positions. The job losses are expected to be made later this year and cost the company between £40m-£45m. Once done, it should help deliver an "enhanced customer experience and strengthen customer loyalty". Which means that the mobile outfit will spend more time chatting up its punters so they won't up sticks and switch allegiance to one of the discount mobile operators - such as easyMobile - currently making a big noise in the market. Or as chief exec Peter Erskine puts it: "By delivering an enhanced customer experience, and strengthening customer loyalty, we aim to improve customer retention and reduce churn, to create a sustainable basis for enhanced long-term returns." But it's emerged that up to 200 of the 500 jobs losses could be from the mobilephoneco's IT operation. One insider told us: "Yes, O2 will have more care agents on the phones to talk to the customers, but there will be less IT people to keep the systems running." A spokesman for O2 declined to comment on the specific details of the redundancy plans but told The Register: "We are at the very early stages of consultation and nothing is final yet. We will not do anything to risk our major IT projects." A "shocked and dismayed" Communications Workers Union (CWU) has already promised the "strongest possible" response if O2 announces compulsory redundancies as part of the 500 job losses. ® Related stories O2 to axe 500 jobs... CWU 'shocked and dismayed' at O2 job losses O2 gets protective over 'bubbles'
Tim Richardson, 29 Mar 2005

Cop 'downloaded nude snaps' from suspect's mobile phone

A Houston police officer has been taken off the streets for allegedly downloading sexually explicit pictures from a female suspect's confiscated mobe to his PDA and sharing them with colleagues, the Houston Chronicle reports. Christopher Green arrested the unnamed 24-year-old Chinese student on 24 November 2004 on suspicion of drunken driving. Green reportedly discovered nude photographs of the woman on her phone which he subsequently showed to an assistant district attorney and a bailiff at the woman's court hearing in January. His partner, George Miller, is alleged to have called the woman and asked for a date, investigators claim. Both men have been suspended from patrol duties pending an investigation. Houston Police Officers' Union attorney, Aaron Suder, said: "We're sort of waiting to see what's going to happen." Whether Suder is referring to potential disciplinary action or the response to Miller's offer of a night out is not noted. Suder did, however, confirm that neither man is likely to face criminal charges. ® Related stories UK unfurls ratings system for adult content on mobiles Mobile porn is a 'time bomb' US to ban up-skirt voyeur photos
Lester Haines, 29 Mar 2005
cloud

HP sues printer-cartridge refillers

HP has sued a pair of printer cartridge refillers in a bid to protect its consumables business. Yesterday, HP filed a complaint with the US District Court of Northern California against RhinoTek, accusing the refiller of false advertising - it maintains RhinoTek's "packaging and promotional materials are calculated to give consumers the impression that defendants' cartridges are new". HP's filing requests the court order RhinoTek to make it clear that the company is selling used and refilled cartridges. It also requests RhinoTek's profits from the allegedly mis-sold products be handed over as damages. On Friday, the printer giant sued InkCycle for allegedly violating three of its patents: 5,165,968, 5,428,383 and 5,488,402. All three centre on ways of making ink dry more quickly to colours from blurring, a process that effectively reduces the resolution of the printed image. The InkCycle complaint was filed with the US District Court of Western Wisconsin. HP said InkCycle. The InkCycle case is likely to be settled before it comes to court. According to a News.com report, company marketing chief Brad Roderick said a settlement is expected soon. "We've been in direct communication with HP and expect a very near-term full resolution," he said. Both cases mark the latest stage in printer vendors' ongoing struggle against companies who take old cartridges and refill them with ink, or seek to offer alternative consumables to the vendors' own. The vendors maintain their new products are better than refilled ones. That's possibly the case, but it's certainly true that their offerings are more expensive. And very profitable - as hardware prices have fallen, so vendors have been keen to maintain the price of consumables. ® Related stories Canon loses printer recycling case NCR recalls inkjet refill kits EU recycles Lexmark ink cartridge probe Lexmark slapped with anti-trust suit Lexmark wins Round 1 in DMCA chip case EU tells HP et al to scrap inkjet clever chips
Tony Smith, 29 Mar 2005

Whiskery stem cells grow skin, muscles and neurons

It is not just Australian nose tissue that provides a source of stem cells; according to new research from the US, hair follicles will do it too. Scientists at AntiCancer Inc and Massachusetts Institute of Technology (MIT) have discovered that stem cells harvested from mouse-whisker follicles will grow into all kinds of useful things. They successfully grew skin cells, smooth muscle cells, neurons and other nerve cells known as astrocytes and oligodendrocytes, and pigment producing cells called melanocytes, Reuters reports. The researchers said that one day it could be possible to harvest stem cells from a person and use them to grow a tissue transplant. Those with receding hairlines should not worry - the benefits of this research will not be restricted to the more hirsute in the population as there are plenty of hair follicles elsewhere on the body. Stem cells have the potential to become any kind of cell in the body, and it is this flexibility that prompts many scientists to believe stem cell research could lead to cures for diseases like cancer and Alzheimer's. It could also help people with spinal injuries. But the research has been highly controversial: one of the best sources of stem cells is bone marrow, which is as inoffensive as it is inaccessible, but another is human embryos. Although the UK allows for therapeutic cloning of embryos (for research), the US has lobbied hard for a ban. The news of more alternative sources of the cells will surely be welcomed by those keen to avoid the debate about the morality of using human embryos. The results were published in the Proceedings of the National Academy of Sciences.® Related stories Oz boffins grow stem cells from nose UK to gain stem cell 'network' UN approves human cloning ban
Lucy Sherriff, 29 Mar 2005

Verizon finds $1bn more for MCI

MCI likes the look of a new $7.6bn acquisition bid from Verizon even though the deal is almost $1bn less than the more flirtatious Qwest Communications has offered. Verizon hiked the amount of cash it will pay MCI shareholders and added in provisions to its bid that would protect investors against a drop in Verizon's stock. The new deal is well above the $6.7bn offer Verizon had once put on the table but below the $8.5bn offer from Qwest. "MCI’s Board has been closely and carefully evaluating all of the recent developments," said Nicholas deB. Katzenbach, MCI's Chairman. "We believe Verizon’s substantial increase in its offer, the strength of its competitive position and the financial certainty at close make this offer compelling to our shareholders, customers and employees." MCI does seem quite committed to Verizon at this point. It has agreed to pay up to a $240m termination fee should the deal fall through. Qwest has put a 5 April deadline on its bid for MCI. The company is hoping MCI shareholders will pick its cash over what MCI management sees as Verizon's substance. ® Related stories Qwest sets MCI April 5 deadline MCI/Verizon/Qwest slanging match continues 'Desperate' Qwest ups bid for MCI Verizon: Qwest can talk to Verizon bride MCI 15,000 jobs to go if Qwest/MCI gets green light
Ashlee Vance, 29 Mar 2005

Passenger screening gimmick stuck at the gate

The US Transportation Security Administration (TSA) is behind schedule in developing a new terrorist-busting database system called Secure Flight, a report by the Government Accounting Office (GAO) says. After confronting the obvious defects in the old pre-9/11 CAPPS (computer-assisted passenger pre-screening system), which allowed 19 violent terrorists to board flights on a single morning, the TSA set out to develop CAPPS-2, supposedly an improvement. When that project failed to result in a working system, TSA announced that it would re-work the entire scheme. Proposed improvements included letting the government, rather than airlines, administer the system, so that secret counter-terrorist intel could be used, and merging airline passenger data with commercial data such as that stored by privacy invasion outfits like ChoicePoint. TSA got off to a strong start, successfully changing the system's name, for example, but has since fallen behind on lower-priority modifications, such as establishing privacy standards, and basically making it work. Congress established ten milestones that Secure Flight must pass before its intended roll-out in August. Of these, nine remain to be satisfied. (An advisory committee has actually been chosen as required, but the criteria on which its advice will be based are still up in the air.) According to the report, the nine milestones remaining are: "Stress test system and demonstrate efficacy and accuracy; Assess accuracy of databases; Make modifications with respect to intrastate travel to accommodate states with unique air transportation needs; Establish effective oversight of system use and operation; Install operational safeguards to protect system from abuse; Install security measures to protect system from unauthorized access; Life-cycle costs and expenditure plans; Address all privacy concerns; Create redress process for passengers to correct erroneous information." That's quite a shopping list, and it is hard to imagine a bureaucracy like DHS/TSA getting through it, even in the highly unlikely event that everything goes well. And if there are major problems, they will have to be identified and corrected, after the customary blame game has been enacted on Capitol Hill. So the chance that this scheme will actually be implemented in August is very slim, especially when one considers the extraordinary capacities that it is expected to have. An anti-terrorist machine According to GAO, the required system capabilities are: "Comparison of data contained in the passenger's reservation (PNR) with information contained in government watch lists; Matching information in the PNR to CAPPS I rules to identify individuals who should be subject to additional security screening; Checking PNR data against commercial databases to assist in confirming the passenger's identity; Matching PNR data against lists of international fugitives and government 'wanted lists' to identify known criminals; Using algorithms developed through intelligence modeling to identify previously unknown terrorists; Maintaining a list of individuals, who have been previously cleared under credentialing programs, to minimize the volume of passengers that must be prescreened; Providing the capability to create a temporary watch list based on information extracted from current intelligence reports, such as blocks of stolen passports." A computerized system that could reliably satisfy one of those requirements day-in, day-out, with passenger volumes as heavy as the USA's, would be mighty impressive. But here we have something out of Star Trek, in which taxpayers are investing billions, with so many potential points of failure that it will be a miracle if it doesn't increase the risk of hijackings. It will be full of bad data that will repeatedly flag and inconvenience the wrong travellers. (The existing CAPPS system didn't stop the 9/11 hijackers, although it did catch US Senator Edward Kennedy and former singer Cat Stevens, for example.) Worse, a system such as this is, by design, exceptionally easy for terrorists to reverse-engineer. By making a series of 'dry runs,' a terrorist crew can easily learn which members get flagged and which don't, insight of tremendous value for choosing the individuals most likely to succeed in an actual attack. So it comes as no surprise that TSA should have fallen behind in developing a system intended to do the impossible. The only odd thing here is the fact that the law enforcement establishment, the public, and Congress foolishly persist in believing that "information technology" is the answer to real-world security problems. ® Related stories DHS comes clean on CAPPS, lets self off hook ID theft is inescapable Uncle Sam demands all air travel records Airport snoop system thrown in $102m garbage can Airport security failures justify snoop system
Thomas C Greene, 29 Mar 2005
channel

IBM server breaks time - marketing continuum to tie Dell to market

IBM has pulled off a minor marketing miracle by delivering a four-processor 64-bit Xeon server well ahead of schedule. IBM today officially started selling the highly touted x366 server. This is the first system to use IBM's new Hurricane chipset. It's also one of the first boxes from a major vendor to ship with Intel's 64-bit Xeon processors designed for four-processor and larger servers. IBM, Dell and HP all joined Intel today to announce new systems using the Xeon MP chip. But you have to work really hard to find any of this out. At the time of writing, it's almost impossible to place an order for the x366 on IBM's website. The server doesn't appear as an option on IBM's standard server sales page. You can, however, find the four-processor gem if you're willing to do a bit of digging. Being good sports, we'll save you some time and point those interested right here. Now this is where the miracle comes in. IBM first announced the x366 in February but said at the time that the server would ship "within 90 days". A typical translation of this vendor-speak comes out as "it will arrive in three months". But IBM gave us a personal call today to say that the x366 had started shipping well ahead of schedule. How courteous, no? Well, not exactly. An IBM spokesman was upset that we placed Dell ahead of both IBM and HP in a story yesterday about Dell's upcoming four-processor Xeon server. Silly us, we took IBM at its "within 90 days" word. The IBM spokesman asked that we fix our Dell story to indicate our ability to see into the future. We should have known yesterday that IBM would release its box today, hence actually tying Dell to market with product. "Dell was not first," the spokesman said. "Actually, we announced on 2/22, you should well remember. From our press release on 2/22: The IBM eServer xSeries 366 server is planned to be available in volume within 90 days." Anyhow, IBM reckons the homemade Hurricane chipset gives it a huge edge over rivals Dell and HP who don't spend cash on in-house Xeon chipset designs. So, if high-end Xeon gear is your bag, have a look at the x366. It's now available. ® Related stories Dell gives Xeon servers a 64-bit injection IBM and Novell grease Linux development wheels 'Get a lawyer!' Sun tells developers IBM rediscovers ancient plan for renting powerful computers Microsoft's Sun server fetish revealed
Ashlee Vance, 29 Mar 2005
chart

HP bets on the Hurd mentality for CEO

NCR CEO Mark Hurd has risen from the "shortlist" of HP CEO candidates right on up to the CEO post. HP today announced that Hurd, 48, will succeed Carly Fiorina, who was ousted last month by HP's board. The former NCR chief had been named yesterday as the likely HP CEO candidate by BusinessWeek. In the story, sources described Hurd as being adept at running a "mini-HP." "Mark came to our attention because of his strong execution skills, his proven ability to lead top performing teams and his track record in driving shareholder value," said Patricia Dunn, HP's non-executive chairman. "He demonstrated these skills by turning around NCR, which, while smaller than HP, is a complex organization with multiple business segments. As we got to know Mark, we were impressed by his emphasis on developing internal talent while reaching outside for new skills, his understanding of the role of culture in a company's success and his personal integrity." NCR also confessed to Hurd's departure once word of the HP hiring hit the news wires. "NCR today announced that Mark Hurd, president and chief executive officer (CEO), has resigned from NCR, effective immediately, to accept a position with a large global technology company," NCR said. NCR is now hunting for a new CEO. Could Carly get in the ATM game? Hurd was tapped as NCR chief in March of 2003 after working in various positions at the company since 1980. In its most recent quarter (Q4), NCR saw revenue rise 9 per cent to $1.8bn and reported net income of $124m. NCR posted revenue of $6.0bn in 2004 versus $5.6bn in 2003. Hurd will be charged with adding new life to HP's server, storage, PC and software businesses, while keeping its printing and imaging and services organizations strong. Most importantly, investors will look to the new CEO to produce steady profits in all of HP's major businesses. Fiorina was canned, in part, because of inconsistent results. Hurd is just the second outsider to take the helm of HP - Fiorina being the first. He starts on April 1. Get it? ® Related stories HP eyes 'younger man' for CEO post - report Carly tipped for World Bank job HP serves up bland post-Fiorina Q1 Bye bye Carly, don't forget to write
Ashlee Vance, 29 Mar 2005

Supremes leery of P2P ban

Hollywood vs P2PHollywood vs P2P Two Supreme Court justices expressed concern today that outlawing P2P software would have deleterious consequences for the Republic. The Court is weighing an appeal by Hollywood to hold the makers of P2P software responsible for the widespread copyright infringement that takes place on the P2P networks. The Court needs to decide if the software also has "substantial" non-infringing uses, which of course it does. An appeals court agreed that it did last year. Justice Scalia worried that inventors and entrepreneurs would be discouraged by the threat of litigation. Such chilling effects are hard to quantify, but it's remarkable that no company has marketed an "AirPod" in the United States, when the appeal of such a device is so compelling and the technology so cheap and trivial to implement. Justice Breyer noted that P2P potentially offered "some really excellent uses" that are legal. On the other hand, most P2P sharing is of copyright infringing material, and artists don't get paid. Justice Kennedy fretted that building a business on this was morally questionable, which is also true. From a historical perspective there is nothing new about P2P technology. In ten years time, when most music sharing will take place on ad hoc personal area networks (on the bus or in the street), the Supreme Court may well be hearing the same arguments from Hollywood only about another kind of technology. "We are doing all the things we should be doing to move into this digital age. That is true no matter what the outcome'' claimed RIAA Chairman Mitch Bainwol. Which is almost exactly the opposite of the truth. The Supreme Court should send the two sides packing to draw up a settlement which compensates the artists: just as the technology companies and artists' representatives did after the invention of player pianos, loudspeakers, and the radio set. The only thing that the RIAA needs to do, is pursue a traditional compulsory license settlement. Without it, its legitimacy is highly questionable. The case continues, and we'll have full analysis of the exchanges later today. ® Related stories P2P promises economic Valhalla - Grokster et al Supreme Court to probe P2P in March Digital music: flat fee futures
Andrew Orlowski, 29 Mar 2005

Never Hurd of the new HP boss?

ProfileProfile There's a theory that British Prime Ministers, and England football managers, alternate between being bishops and bookmakers. A risk-taking rascal is succeeded by a dull, safe pair of hands, until the public clamor for the rascal once again. By replacing the high-profile Carly Fiorina with the low-impact Mark Hurd from NCR, Hewlett Packard would appear to be following that script. The appointment of Hurd seems to signal that the board thinks HP's core business is sound, and requires an administrator rather than a visionary. What's needed at HP, they seem to want to tell us, are a few nuts tightened and tweaked, here and there. It's a steady-as-she-goes appointment. HP's executive team bio for Hurd prizes, as his top asset, "successful efforts to improve operating efficiency" - a message to Wall Street that at least one aspect of Carly's tenure will remain unchanged. So differences between the ousted CEO and its new leader may only be nuances of style. In addition, by appointing Hurd, the board looks to have tightened its control over the company to ensure that an autocratic Fiorina-style figure never has such power again. The bio notes that Hurd [built] "a strong leadership team" - in contrast to Fiorina, who left behind weak senior management and no obvious internal successor. The man and his words Much of what we know about Hurd can be gleaned from published interviews and a recently-published book he co-authored, which reveals him to be a fully paid up member of the information cult. It's a book of staggering blandness, but in fairness, no more than thousands like it: the CEO's management manual. Hurd's contribution to this heaving bookshelf is called The Value Factor: How Global Leaders Use Information for Growth and Competitive Advantage - a title to send anyone to sleep. Here's an example. In "Risk Management 101", a helpful box-out found on page 100 of The Value Factor, in the chapter named "CONTROL" (!), - Hurd writes, "Customer risk is the internally generated risk that we lose customers or they act in a way that damages our business." (An example of the latter being customers who refill their own ink cartridges). Then there's "Market risk" - "the externally generated risk of surprises in the marketplace" - and Operational risk, which hardly needs to be spelled out. Clearly this is the cautious, actuarial approach of an accountant, forever weighing one risk against another - classic Bishop material. But what is Hurd's advice? You can probably already guess. "Customer risk, market risk and operational risk all stem from the same source - lack of information." It's the foundation of his world view, and a point Hurd soberly stresses in interviews whenever he can. Two years ago he told CNET, "Great companies align people throughout their organization. But if the information isn't aligned, it's hard to align the people." [our emphasis] What's wrong with this picture? The information cult When someone praises or blames "information", they're usually blowing smoke. "Information" is not some special kind of stuff, and simply deifying "information" doesn't tell you anything about what's going on, because it's contingent on its context. Information doesn't mean knowledge, and knowledge doesn't mean wisdom. There's much more to running a business than aligning "information", as if this was some kind of neat arrangement of I-Ching sticks. You need to know what the "information" means. The information "flows" generated by a hit portable music player - look very different to the information flows from an unsuccessful product - such as an unsuccessful line of workstations. The CEO may become expert at pattern recognition (and HP has had plenty of New Age advice on that front), but staring at the patterns doesn't help with the predictive instincts that often go into making a hit product. That's the essential risk of entrepreneurship, and it's a wildly unpredictable factor. The technocratic management culture of the modern MBA school tries to minimize that risk, and so we have remedies such as "Information Alignment", which tell us nothing. Hurd is very much a product of his time. "Boards and investors hate surprises," he writes, as he praises "the kind of reliability market recognizes." [p.5] "Surprises disrupt the momentum of a company and can destroy value." HP established its reputation with great products and great services, and Hurd may yet surprise us all. We'd love to have an HP CEO who wrote a hair-raising book on how their hits and flops came to market. But thanks to the banality of the MBA culture the US doesn't seem to produce such CEOs any more. We have an Information Cult, instead. Globalization is beginning to resemble a race to the bottom - with industrial giants in each continent being required make cost-cutting ("operational efficiencies") the top priority. But when buyers favour quality over quantity, and demand great products and great services, it's then that the cash registers really start going "Ker-ching!". And that's called the Value Factor. ® Related stories HP bets on the Hurd mentality for CEO 'Fear and Loathing at HP' – say internal docs The old DEC, the New HP, the price of The Right Thing
Andrew Orlowski, 29 Mar 2005
channel

IBM plans storage blitz on EMC's turf

If there were such a sport as "Relentless Storage Virtualization Strategy Launching," IBM would be the alpha athlete of the competition. The Register has learned that IBM plans to hold yet another storage virtualization event tomorrow in Cambridge, Massachusetts. Close storage observers will be getting that déjà vu sensation right about now. In the past couple of years, IBM has launched and then relaunched storage virtualization file systems, management packages, controllers and servers. Now we've been told IBM won't even have product on display at the Wednesday event - it's a momentum thing. IBM will drag new storage GM Andy Monshaw in front of the "select" press invited to the event, as phase one of the show. Monshaw is then expected to lay out IBM's plan for taking market share from its rivals - one can guess EMC will be named often since the IBM event if taking place just 20 miles from EMC's Hopkinton headquarters. IBM is also expected to talk up the 1,000th customer to buy its SAN Volume Controller, but from what we hear the "customer" on display will actually be a close IBM partner. The big thrust of the event will be IBM's momentum with storage virtualization products. Its software can connect into more gear from more vendors than similar product from anyone else. (Think of this as a preemptive strike against EMC's StorageRouter product due out in the next couple of months.) To IBM's credit, it has pioneered much of the technology behind the virtualization movement and has a great track record with this type of complex software. The sales momentum story, however, has its cracks. IBM, for example, trailed all its major rivals in storage software revenue growth in 2004, according to the latest data from IDC. The research firm showed EMC's revenue rising 27 per cent, Veritas' rising 17 per cent, CA's rising 13 per cent and HP's rising 13 per cent. IBM managed solid 9 per cent growth but still fell behind rivals for the year. And IBM sold just $617m worth of storage code in 2004, IDC said. That places it fourth in the market and well behind EMC's $2.4bn in sales and Veritas' $1.7bn. If IBM was moving a lot of the SAN virtualization product, you might expect it to push these sales totals significantly higher. No such luck just yet. IBM holds an impressive position in the hardware market, taking the number 2 slot with $4.3bn in disk storage sales in 2004. But that metal is not helping Big Blue move pricey, high-end code from what we can tell. We'd be interested to hear what Monshaw has to say at the event. He's the third storage GM for IBM in as many years and has a tough sell ahead of him. ® Related stories IDC's storage winners and losers IBM rediscovers ancient plan for renting powerful computers Intel Developer Forum 2005
Ashlee Vance, 29 Mar 2005