Microsoft has rejected the seriousness of a security warning about its software. On Tuesday the French Security Incident Response Team (FrSIRT) issued an alert about a security bug in Microsoft's implementation of TCP/IP in Windows XP and 2003. The flaw in the Windows IPv6 TCP/IP stack means systems are liable to crash when processing maliciously crafted packets in which the SYN flag is set, and the source address and port are the same as the destination address and port (a so-called Land Attack). FrSIRT said that even systems running the latest, fully patched versions of XP SP2 or Win 2003 SP1 could be crashed using an attack based on the vulnerability. Microsoft disputes this point, arguing that customer running XP SP2 or Win 2003 SP1 or those who'd applied a patch release in April (MS05-019) are protected. No customers have reported attacks based on the reported vulnerability, it says. "We do not consider this to be a significant threat to the security of the Internet. This is similar to other TCP connection reset issues," it said in an advisory published Wednesday, 18 May. According to FrSIRT, Microsoft's April fix only addresses a variant of the latest vulnerability, an IPv4 Land attack risk, not the IPv6 attack that formed the subject of its Tuesday alert. It advises corporates to filter potentially malicious traffic at the firewall pending a more comprehensive fix. ® Related stories Microsoft unveils details of software security process Microsoft hunts web nasties with honey monkeys Networks on yellow alert over ICMP flaw Eight patches - five critical - in MS April patch batch
Garter is advising organizations subscribing to software as a service, delivered by an emerging generation of suppliers, to "read the small print". Customers should draw-up water-tight contracts and monitor their relationship with suppliers, to avoid over-spending. "When you buy a subscription, monitor it - don't keep throwing money at it because another person wants to sign-up," Gartner analyst Joanne Correia said at Gartner's Symposium and IT/xpo 2005, in San Francisco, California. "The [smaller organizations] need to understand the implications because they... don't have the budget." She advises customers to draft contracts including terms that state the suppliers return vital customer data should the supplier go out of business. Gartner estimates 50 per cent of all software licenses will be purchased as a renewable service by 2008, while 80 per cent of companies with revenue greater than $100m will purchase software as a renewable service by 2007. Sixty per cent of today's customers are beginners when it comes to software as a service. The phrase "software as service" describes an emerging category of software delivery. The model, popularized by Salesforce.com among others, sees applications charged on a subscription basis, but they could be hosted remotely by the supplier or installed locally. The concept is expected to appeal to organisations on limited budgets, such as public sector or department-level users, because it avoids the need to pay large up-front license fees followed by separate support and maintenance fees - the traditional approach to charging customers for software. The hosted model has added appeal because it potentially sidesteps the need for installation and integration. Gartner estimates the license fee accounts for just four per cent of the software's total cost of ownership (TCO), while 96 per cent goes into deployment. ® Related stories IBM moves onto JBoss turf with Gluecode buy Sun updates Java Enterprise Outsourcing: prepare to renegotiate your deal, says Gartner
A popular open source scripting language has won its second major database backer, following a development deal between Oracle and PHP specialist Zend Technologies.
Simplified purchase agreements are next in a mission by Microsoft to make it easier for customers to navigate the company's licensing maze. Cori Hartje, director of marketing and readiness for Microsoft's worldwide licensing and pricing organization, told El Reg Microsoft plans to cut the size of its purchase agreements by more than half while stripping out legalese. Purchase agreements average at around 30 pages in length and Microsoft aims to cut this to around 12 pages before the end of the year. "We want customers to have a really good understanding and knowledge of the relationship they are getting into [with Microsoft]," Hartje said. Microsoft is also looking beyond its direct relationship with customers, and hopes that streamline purchasing agreements will make it easier for resellers to explain Microsoft’s licensing to customers, and therefore shift Windows applications and operating systems. According Hartje, simplification would also help the company's long-term mission of moving to e-agreements - but that's "a while out", she said. Purchase agreements specify how many copies of Microsoft product or service a customer has bought; the price; and whether the customers' partners are also entitled to use the product and legal notices. The move towards greater clarity and simplification follows a reduction in size of Microsoft's Product Use Rights (PUR) document, whichs kicks in in July. Hartje said Microsoft is at the "beginning of a journey" to simplify licensing. While the words may be changing, don't expect the numbers to alter. Hartje said Microsoft is not planning any fundamental change to the actual Ts&Cs of purchase agreements that might change how much customers pay for their software and services. ® Related stories Microsoft streamlines licensing 'Get a lawyer!' Sun tells developers Microsoft releasing IP to start-ups
This story has expired from The Register's archive. You can now find it at its original location on the Forbes.com website: http://www.forbes.com/technology/2005/05/19/cx_de_0519ruling.html?partner=theregister.
Eidos's new owner, SCi, has put three of its senior executives on the British games publisher's board after all the previous incumbents quit this week. Out went Eidos chairman John van Kuffeler, CEO Mike McGarvey, CFO Stuart Cruickshank, European MD Jonathan Kemp and Creative Director Ian Livingstone. In come SCi CEO Jana Kavanagh, Commercial Director Bill Ennis and Finance Director Rob Murphy, who now constitute Eidos' board. SCi's offer for Eidos became unconditional earlier this week, following a vote by SCi shareholders to allow SCI's chiefs to make good their offer to swap SCi shares for Eidos stock, and the agreement of a suitable majority of Eidos shareholders to accept the offer. In SCI's case that means raising a £60m through a new share issue in order to pay for the acquisition. SCi denied claims that it plans to rid itself of senior Eidos staffers, though inevitably some people will have to go as the combined operation removes duplicated roles in order to cut costs. Eidos put itself up for sale in August 2004, but a clear potential purchaser only emerged this past March when US-based investment house Elevation Partners made a cash offer for the company. SCi responded immediately with an alternative stock-swap deal. Eidos's board first gave Elevation the thumbs-up, but as the value of the SCi offer increased on rising share prices, it was forced to recommend the offer. On 25 April, Elevation pulled out. ® Related stories UK games industry must adapt or die Bono ditches Lara Croft Eidos board backs SCi bid Eidos board under fire over Elevation bid bias Eidos bidder wins second major backer SCi launches bid for Eidos Bono to buy Eidos
ReviewReview Steve Jobs knows a thing or two about publicity. He gave a fantastic dollop to the latest unauthorised biography about him - "iCon: Steve Jobs - The Greatest Second Act in The History of Business", by Jeffrey S. Young and William L. Simon - by pulling all copies of all books by the publisher, John Wiley, from Apple's retail stores. As the link points out, in 2000 El Steve previously attempted much the same with an earlier bio, The Second Coming Of Steve Jobs, by Alan Deutschmann. Then, he managed to get Vanity Fair to kill a feature by one of its best writers; no mean accomplishment. Let's start with what's great about this book: its title. Wonderfully subtle: are they calling him an icon, or saying that he's perpetrated a con - or both? Certainly Jobs is an icon. He has overseen the fruition of not one but two very successful creative companies, Apple Computer and Pixar. The latter made him a billionaire, through his judicious funding from money from Apple, followed by judicious gathering of stock unto himself before the market flotation. Both have mindshare far beyond their actual revenues, which pale against the Wal-Marts and General Motors and Essos and IBMs of this world. But people know who they are. Yet I don't think he's an icon to business people. Those who know anything much about his management style know he works by winnowing out the chaff - defined as those not both smart enough and psychologically strong enough to bear repeated demands that they produce something impossible (such as a music player where you can access any piece of music within three clicks) and then be told that their solution is "shit". And then hear it suggested back to them a few days later. That's not how most people like to work, or be treated. So in truth, Steve Jobs isn't an icon to any managers, apart from the sociopathic ones. But what about the "con"? Is Jobs conning us? Are Apple and Pixar just smoke and mirrors, built on misguided beliefs that their products are better than they really are? I never got an idea from reading this book of whether that part of the title was intended. Indeed, I spent long periods while reading this book wondering what it wanted to tell me. The problem with profiling Jobs is simple. He's intensely private. He also cuts people dead whom he thinks have been disloyal. Both might be something to do with the fact that he was adopted. Might be - and I had hoped the authors might get a psychologist to explain whether adopted children are more likely to be driven personalities; might get an academic who'd done a study of whether adoptees rise to the top more than those brought up by their natural parents. But they didn't. There's just lots and lots of detail about the early Apple years - which I think you could get, if you wanted it, from any of the other Apple-history books out there. The real problem is that Young and Simon don't seem to have known what book they wanted to write. Is it a business book, offering a lesson for people who might want to do their own second act? No. Though there are references to how badly NeXT and Pixar did, and vague handwaving about the pit that Apple was in when Jobs rejoined in 1996 (indeed, Simon helped write In The Firing Line, the memoir of Gil Amelio, whom Jobs ousted), there isn't the focus on what really has gone right or wrong at Apple during Jobs's watch. For example, the book mentions how Apple cut inventories from 1996. But not how it has completely revamped its supply chain, which is what really makes it profitable. This is now a tight, tight operation, which manages to use Taiwanese manufacturers like all the other PC manufacturers and yet keeps forthcoming products (almost) secret. Similarly, from both the business and the personality viewpoint, the year 2000 was surely a key one in altering Jobs's mindset. In that year, Apple launched the Cube and ignored CD-burning for the then ageing iMac in favour of DVD-ROM drives. Both were decisions by Jobs. Consumers, who are Apple's mainstay, turned away from both. In the January 2001 quarterly results, a $247m loss for the first time since his return, Jobs was contrite. I think that was a key moment. Later that year the Cube was retired (perhaps to get squashed flat and returned as the Mac mini) and Apple launched iTunes and the iPod. You may have heard of them. But the disaster of 2000 doesn't get a mention in iCon. Well, then, is this book about Steve Jobs the person, and how he's grown? Not really, because it can't get close enough to the people who knew and know him. Whereas Deutschmann had many, many first-person interviews with those who had worked directly with Jobs (who gave interviews to neither book), iCon feels recycled. In fact at one point I thought "Wait, I've seen this anecdote before!" And indeed I had - in Deutschmann's book, in a description of how Jeffrey Katzenberg of Disney told the NeXT-pitching Jobs that "I own animation, and nobody's going to get it." Highlighted by an alarming guns & genitals threat. The problem is that iCon tries to cover too much ground, which means it has to compress events instead of letting the characters speak about what happened. Deutschmann started his book in the years after Jobs left Apple, and ended it just as he returned. That compression let him focus on events and people in detail, and gave them room to speak. He got to the people - like the assistant who helped Jobs on his return to Apple, who trailed round thinking "That's not grammatical!" about the 'Think Different' slogan, who observed the long rehearsals Jobs does for his big speeches. Young and Simon insist Jobs does them off the cuff, without rehearsal. I think Deutschmann's right. And, to be brutal, Deutschmann is just a much better writer. Perhaps it's the effect of having two authors, but there were many things in iCon which made me wince. "It proved to be the Mac's one Achilles heel," they write. Well, that's the thing about Achilles' heel - there was only one. Or how Jobs sent few invites to his 1991 wedding: "Maybe .. because Steve was feeling the financial pinch so severely... Or maybe it was just the minimalist, laid-back Steve Jobs doing things his way." Well, which? You authors are meant to be telling me, the reader, this stuff. So OK, here's the skinny on Steve Jobs, to save you reading this book. Started Apple by dint of knowing Steve Wozniak who was brilliant engineer, and having instinctive negotiating skills; screwed up; got pushed out, started hopeless computer company which his wild ideas almost ran into the ground. Meanwhile got intrigued by little film graphics company which would have gone down the pan too but for the brilliance of one person, John Lasseter, whose imagination and drive meant everything Pixar had produced had been touched by magic. Wozniak gave Jobs his first push skywards; as he plummeted back to earth, Lasseter gave him a gravitational slingshot up again. Rocketed heavenwards by Toy Story, floated Pixar, became billionaire, rejoined Apple, took credit for predecessor's work, basked in glow, screwed up a bit, realised error of ways, saw potential of music, bought iTunes, produced iPod, survived cancer (so far), basked some more in new glow. Now sitting pretty on intriguing nexus of computers, animated films and digital music. Has ambitions to do something that will be the terror of all mankind, though none shall know what. But what's his magic? Most likely it is in that combination of ridiculous design demands (which come from an innate sense of what's right, rather than what's feasible), innate negotiating skills, and an ability to evaluate people in moments. The latter two are common to all the big moguls - Gates, Ballmer, Ellison have it - but the former is very rare. The trouble is that you probably won't come to that realisation through reading this book. To be honest, I'd recommend Deutschmann over iCon. Read him, and 2001's much overlooked "High St@kes, No Prisoners" by Charles Ferguson, who is probably the closest in character to Jobs to have written a completely honest account of his time running an internet startup (and who explains in detail how Jobs got Pixar to enrich him). You'll understand Jobs. And maybe if Steve actually gets around to reading iCon, he'll realise that like the Earth, it's mostly harmless, and put Wiley books back on the Apple Store shelves. I mean, biographies are ten-a-penny. But people need Mac OSX for Dummies. ® iCon - Steve Jobs: the Greatest Second Act in the History of Business, Jeffrey S Young and William L Simon, Wiley, ISBN 0471 720 836 published 25 May. Related stories Book giant feels wrath of Jobs Former RIAA chief goes after Apple's 'anti-consumer' CEO Apple settles Eminem lawsuit
Scientists in South Korea have successfully produced stem cells by cloning embryos that are genetically identical to specific individuals. The research team has created 11 new lines of stem cells by implanting genetic material from patients into donated eggs, successfully demonstrating the principle of therapeutic cloning, whereby tailored stem cells could be used to repair damaged tissue, or to otherwise treat diseases without problems of rejection. The team, headed by Professor Hwang Woo-suk, produced the world's first cloned human embryos last year. In that experiment, they only managed to culture stem cells from one of the embryos, having started with 242 donated eggs. The clones were also exact replicas of the egg donors, rather than third parties. This time, however, the researchers extracted DNA from the skin cells of volunteers - patients aged between 2 and 56, and suffering from a variety of illnesses from diabetes to spinal injuries. The eggs' original DNA was removed and replaced with the samples from the volunteers, a process called nuclear transference that was pioneered by the team that made Dolly the sheep. The stem cells are harvested when the embryos are just six days old. The team began with 185 eggs, produced 31 embryos and collected stem cells from 11 of those. Professor Hwang told the Financial Times that South Korea had established its world leading position in the research field because of the supportive political and social attitudes in the country. He contrasted this with attitudes in Europe and the US, where stem cell research is a highly controversial subject. He also said that the availability of eggs from fertile donors was an important factor in his success. He went on to describe the breakthrough as "a giant step forward towards the day when some of mankind's most devastating diseases and injuries can be effectively treated through the use of therapeutic stem cells", the paper reports. While many in the scientific community have acclaimed Professor Hwang's breakthrough, pro-life campaigners are less impressed, saying that experiments on human life have no place in a civilised society. Others called for more research into alternative sources of stem cells. ® Related stories New guidelines complicate US stem cell research Whiskery stem cells grow skin, muscles and neurons Oz boffins grow stem cells from nose
In a case which is gripping the US, a convicted killer wants to donate half his liver to his dying sister before he is executed next week. It couldn't happen in the UK. For one thing, the UK doesn't much approve of lethal injections. Fair enough, but neither does it practice regular live liver transplantation - even though the country has the most acute organ shortage in Europe. Why? In Britain, live liver transplants, where a living donor gives half his liver away to someone with acute liver disease, are almost non-existent. This contrasts to continental Europe, where a third of the 5,000 liver transplants carried out each year are from live donors. In the US the figure is seven percent. In the UK just ten live donor operations were carried out last year in the whole country - in one hospital, King's College in south west London. The patients were foreigners who were at the bottom of the national waiting list for cadaverous liver donations. Yet Britain, if anything, has a greater need for live liver donors than the continent. There is a desperate shortage of cadaveric donors, around 700 last year. The rate is the lowest in Europe, little over a third the Spanish rate. The UK has a comparatively low, and falling, rate of fatal traffic accidents, to supply corpses. A presumption of consent principle - where organs are freely taken from a corpse unless the person had specifically requested not to - operates in some continental countries, but not the UK. The shortfall of donors is seen in the results: with growing cirrhosis rates as drinking hours are liberalised across the UK accelerating, waiting lists for a new liver have grown by 10 per cent in the last twelve months. According to Professor Roger Williams, a hepatologist at UCL, the wait for recipients requiring blood group O cadaver organs in some transplant centres is now around 12 months, which, he said, was "unacceptable". Around 60 people on the waiting lists die every year from acute liver failure. Two academics, David Price and James Neuberger, wrote recently in the British Medical Journal that "making living liver donation available in the NHS will have a small but important effect on the number of people able to receive a graft". In other words, reducing that figure of 60 dead. The NHS shouldn't worry that living liver donations are unpopular. Three quarters of a sample of the general public surveyed in 2003 supported living liver donation. The fact that the liver, unlike other organs, regenerates its size in the donor (and recipient), within weeks, with complete return of function, is undoubtedly a factor in its popularity. There is a risk to the donor - about a half per cent mortality rate, from bleeding complications - but half the surveyed population thought this was risk worth taking, especially if the recipient was a family member. Live kidney transplants, with a mortality rate of little less than that of liver transplants, are offered routinely in the UK. There is no legal barrier against live liver transplants - the Human Organ Transplant Act 1989 only says organs cannot be sold for cash. So there are no opportunities for a modern day equivalent for Sarimner, the wild boar in Nordic mythology that was eaten by the Gods and grew whole every day, to make money by selling half his liver every few months. A spokesman for UK transplant, the NHS special authority that deals with organ donations, says the UK lacks expertise in living organ transplants, but academics say it is a chicken and egg situation. Prof Williams has argued that the small number of transplant centres in the UK perpetuates the view the view that liver transplantation is a very difficult procedure, whereas in many countries elective grafting with cadaver organs has become almost routine. Some experts have questioned the efficacy of live liver transplants. Back in the US, meanwhile, US medical experts are advising against the killer due to die by lethal injection next week being given a stay of execution because he wants to make a live liver donation to his sister, who is mortally ill. The killer's lawyer said a delay to enable a live transplant was justified as the toxins from the injection would make the killer's organ unusable after his death. But the Indiana School of Medicine's principal advises the sister to wait for a donation from another cadaver with her matching rare blood group because the "results are better than from living donations". Figures quoted by Professor Williams, who has conducted a small number of operations at the Cromwell hospital in London, would dispute this. In a letter to the British Journal of Medicine, he says survival rates in his programme, 77 per cent after five years, exceed the national average of 65 cent after five years. Similar results are found in a far larger survey by Vanderbilt university in the USA published this week, which analysed 17 years of data. The reason is that live donors are likelir to give fresher, and therefore healthier livers, and recipients are less likely to have waited as long for the transplant during their acute liver crisis. Some experts worry that some kind of emotional pressure on family members of an ill person is inevitable, made worse by the sudden nature of a liver crisis and the short time in which a decision to donate must be made. But surely the NHS's clinicians are used to handling the similar dilemmas of live kidney transplants, unless doctors think families of that proportion of liver transplant candidates who are alcoholics need special protection. Few alcoholics who receive grafts relapse. British hepatologists have consistently urged the NHS to start introducing a larger scale live liver donation programme to cut lists and save lives. But they also say living liver donation should not be introduced without public debate and approval. Nor that money should be diverted from initiatives to expand the cadaverous donor pool and develop alternative treatments for end stage liver disease. If those conditions are taken into account, an expansion of living liver donations in the UK is surely right. ® Related stories Quadriplegic controls PC by mind power alone Boffins develop human skin printer NASA field tests ISS robosurgeon
Skype has been forced to recall a batch of geographic UK telephone numbers after issuing them by mistake. The London telephone numbers were made available on the VoIP operator's web site last week. Owners of the new London numbers beginning 020 7 would have been able to have their calls routed to their PCs while anyone calling them would think they were phoning a regular London number. But it seems the numbers issued by Skype were already in use - in one case to a London company that became increasingly irritated by the snafu. One of those who bought a number told us: "I've just purchased a UK number so people can call a landline number and it comes to my PC. Turns out the number they supplied is owned by a company in London already." Internet telephony outfit Skype played down the incident claiming that only a handful of people were affected by the cock-up. In a statement a spokeswoman told us: "An error occurred and a small number of UK geographic numbers were issued to Skype from our carrier partner that proved to be faulty. "The Skype customer support team reacted quickly to stop the batch of faulty numbers from further assignment, so few numbers were affected. Skype has compensated each of the affected customers with a credit to their Skype account in recognition of the inconvenience, and issued a free voucher for a new number." Skype said the mistake wouln't happen again. ® Related stories Cost of net phone calls may rise Yahoo! tests! VoIP! 419ers invade Skype chat One and a half cheers for WiMAX Skype VoIP threat to Euro telcos
Microsoft has head-hunted a senior legal officer from the FBI to become its chief security advisor in the UK. Ed Gibson joins Microsoft in July from the FBI, where he has held senior positions as a special agent for 20 years. Since 2000, he has served as the FBI’s assistant legal attaché in the UK, where he has been responsible for establishing intelligence alliances between UK police agencies, security services, the FBI and private sector companies. Gibson spent 15 years as an investigating agent specialising in asset tracing and confiscation, money laundering, intellectual property theft and financial crime. Since taking on his diplomatic role in the UK, he has lectured widely on cyber crime. He was well known for wearing his trademark dark glasses at the beginning of each presentation, however inclement the weather outside might be, during his frequent appearances at information security conferences. Before joining the FBI, Gibson served for five years as an in-house lawyer for a multi-national company based in Michigan. Gibson fills a role vacated as Microsoft since the departure of Stuart Okin to consultants Accenture in October 2004. Okin has a more technical background than Gibson but a spokeswoman for Microsoft pointed out that Scott Charney, Microsoft's chief security strategist, and VP of the software giant's Trustworthy Computing initiative, is also a former lawyer with wide experience in fighting cybercrime (biog here). Once he joins Microsoft in July, Gibson will report to Nick McGrath, head of platform strategy, Microsoft UK. McGrath welcomed the appointment: "Ed brings to Microsoft a wealth of international experience in fighting crime and fraud, both within the public and financial sectors. As a specialist in tracking and prosecuting criminals, Ed will help ensure that enterprises and public sector bodies more effectively integrate their security procedures getting the most out of their investments in security technologies," he added. ® Related stories MS UK security chief moves to Accenture FBI chides Hotmail and Yahoo! for sidestepping UK laws Feds seize Indymedia servers We seize servers, you can't complain - US gov
I have a funny story. A while back I was showing my son the cool speech recognition features in Microsoft Word. I got out my laptop, went through the configuration and training process by dictating into the microphone. My son, twelve, could barely hold back the laughter as he listened to me read to my computer various excerpts from books such as the Wizard of Oz and Aesop's fables. He was just waiting for the chance to make fun of me. What I didn't realize was that the cheap microphone in my laptop is hardly sufficient for speech recognition purposes and the results were disastrous. This is what happened: I opened up a blank word document, and spoke into the microphone. Microsoft Word did start entering text into the document but it was nothing like what I spoke. For example I said "Testing speech recognition" and MS Word typed "Resting white house Santa Ana." Of course my son who had been already struggling to hold back suddenly burst in laughter at the nonsense it produced. The microphone picked up his laugh and interpreted it as the phrase "and the redneck score that many job I can eat the body to be." Naturally, this made us both laugh, which resulted in the phrase "Barter dismay as boleslav bigoted and it might be what the public into." We laughed more and then Word gave us even more to laugh at. Microsoft is really good at producing software with amazing features that no one ever uses. Microsoft Word is loaded with powerful editing tools and robust customization features, yet I still use just the default toolbars, and I still send faxes with "Elegant Fax" cover sheets. I write as part of my profession yet I rarely use any features that aren't already available in WordPad. Windows permissions are kind of like that. The core security model certainly is sufficient to comply with even the most demanding security policies. The permissions are so flexible you are really only limited by your creativity. The problem is that not enough people take advantage of these features. Consider for example, some of the things you could potentially do: You could remove certain file extension mappings for specific users by denying them read access to the registry keys that contain the mappings; With some applications that don't provide per user settings you can sometimes accomplish the same thing with granular user permissions on the registry keys themselves; You can set access permissions on programs such as the command prompt so that they are only available to certain users, and only if they are logged in interactively at the console; You can set permissions on much more than files and registry keys - you can also set permissions on named and anonymous pipes, directory objects, processes and threads, services, printers, network shares, and kernel objects; You can set one access control list for a folder, another for its subfolders (even if they don't exist yet), and yet another for the files in the folder (again even if they don't exist). That means you could have a directory that allows executables but any new file in the directory is by default denied execution. You never really see people doing stuff like this, but the users aren't all to blame. Back when I was a software developer a friend told me that if my users make common mistakes with my software then my software is probably broken. He explained that software design greatly contributes to user mistakes. Some designs set users up to make the same mistakes over and over. For example, how many times have you sent an email and forgot to send the attachment? Windows permissions are powerful but they set up users to make the same mistakes over and over. The complexity and terminology alone are enough to trip up even experienced users. Sure, once you master terms like ACLs, ACEs, DACLs, SACLs, SIDs, RIDs, and SDDL, it gets a lot easier, but then you have to think about things like inheritance, protected ACL's, trust, and impersonation. So it really should be no surprise how often I see systems with nothing more than the default permission settings. I'm not saying the complexity is bad. The complexity is the power. But you have to ask yourself that if so many users fail to take advantage of these features, maybe something broken. Humans actually deal quite well with complexity. Usually all it takes is a good metaphor, visualization, or object model. Look at Window Explorer - a file system can be complex but few users have problems getting used to Explorer's folder and document model. But once you start using terms like Discretionary Access Control List most of us tend to tune out. You see, for most purposes people simply don't need added complexity. Many systems have two roles - users and admins. Therefore, most files will either be user files or admin files. Most often, you will want users to have limited access to files and admins to have full access. Windows tries to simplify things with generic access permissions such as Read and Write, but this obviously isn't enough. The file permissions user interface in Explorer does little to hide the complexity or to make it more understandable for users. Despite all of Microsoft's research into user interface design, over the years little has changed with the permissions dialog box. This is what bugs me the most about that box: It takes too many mouse clicks to do any advanced permissions editing on a file or directory. It is way too much work to do any significant permissions editing in Explorer. In the basic permission settings box, they tried to simplify things, but checking one box sometimes automatically checks others. However, unchecking it doesn't uncheck the others. I always have to read twice the sentence, "Apply these permissions to objects and/or containers within this container only." The "This folder, subfolders and files" drop-down list takes way too much thought. There is a Clear All button, but how about a Select All button? Oh wait, all you have to do is check the Full Control permission. Of course, unchecking that box doesn't uncheck the others, hence the need for a Clear All button. In an attempt to make things consistent, they combined both file and folder settings on the same box, but it's hard to see the relationship between Traverse Folder and Execute File. Microsoft added an Effective Permissions tab, but this may not always be accurate. It does not take into account how the user logs in. It also does not take into account when you deny Delete permissions on a file but its parent allows Delete Subfolders and Files. And finally, my favorite of them all is that there are check boxes for both allow and deny permissions. You cannot check both boxes, but you can uncheck them both, it means that you neither allow nor deny them those permissions, which really means that you deny them. Many admins don't even bother with Explorer and go straight to the command prompt to adjust file permissions. Windows has the built-in Cacls.exe tool to accomplish this but it has some significant limitations. Microsoft's Xcacls.exe and Xcacls.vbs tools are much more robust, but hardly intuitive. With so many command-line options and non-standard abbreviations, it's hard to use the tools without referring to the help reference at least once. Third-party tools such as FileACL and SetACL are much better, but still suffer from complexity. These tools are definitely not for average users. All of the command-line tools get very difficult to use when trying to set complex inherited ACL's. For the ultimate in control, Microsoft provides the Security Descriptor Definition Language (SDDL). This language is sparsely documented and far from intuitive, but is actually quite powerful for specifying permissions. If you aren't intimidated by the permission string "D:(A;ID;0x1200a9;;;BU)(A;ID;0x1301bf;;;PU)(A;ID;FA;;;BA)(A;ID;FA;;;SY)" well then, SDDL is just right for you. There's no doubt that Windows permissions are complex. Microsoft has at least improved things by using better default permissions so we don't have to bother with it as much. But considering how powerful these capabilities are if customized by users, it might be worth it for them to spend some time rethinking the metaphors and the user interface. Back to the complexity of Microsoft Word for a moment, however. I did find a better microphone headset and retrained MS Word's speech recognition feature. Just like Windows permissions, it turned to be pretty good and quite capable once you know how to use it. Copyright © 2004, Mark Burnett is an independent researcher, consultant, and writer specializing in Windows security. He is the author of Hacking the Code: ASP.NET Web Application Security (Syngress), co-author of the best-selling book Stealing The Network: How to Own the Box (Syngress), and co-author of Maximum Windows 2000 Security (SAMS Publishing). He is a contributor and technical editor for Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle. Mark speaks at various security conferences and has published articles in Windows IT Pro Magazine (formerly Windows & .NET Magazine), Redmond Magazine, Information Security, Windows Web Solutions, Security Administrator and various other print and online publications. Mark is a Microsoft Windows Server Most Valued Professional for Internet Information Services. Related stories MS and security: good effort but no cigar Security holes that run deep WinXP SP2 = security placebo?
Federal agencies in the US are leaving their wireless networks open to attack by not implementing key security measures, according to a report issued by the Government Accountability Office (GAO) on Tuesday. Wireless networks – also known as Wi-Fi or Wireless Local Area Networks or WLANs – can fall victim to malicious hacking techniques, from eavesdropping on company or agency secrets to computer network disruption and the launching of denial of service attacks. Security is therefore a key issue when using a wireless network. Despite this, the report found that nine agencies out of the 24 looked at by the GAO had not issued policies on wireless networks; 13 had not established requirements for setting up the networks in a secure way; 18 had no provision for training in wireless security; and the majority were not able to properly monitor their networks. Of the six agencies physically tested by the GAO, “we were able to detect wireless networks at each of the agencies from outside of their facilities,” says the report. “Wireless-enabled devices were operating with insecure configurations at all six of the agencies,” it explains. “For example, in one agency we found over 90 laptops that were not configured appropriately.” The GAO found unauthorised wireless activity, which had not been detected by monitoring programs, at each agency. The GAO has therefore recommended that the Director of the Office of Management and Budget instruct agencies to ensure that they address wireless network security in their information security programs. © Pinsent Masons 2000 - 2005 See: GAO report (31-page PDF) Related stories WiPhishing hack risk warning Wi-Fi security is getting worse Hotspot paranoia: try to stay calm
Lycos DSL in Germany says it will no longer store dynamic IP addresses of its customers, now that a specialist on data privacy laws from Frankfurt University has threatened to sue the company. Jonas Breyer had asked Lycos what data was kept on him and whether that information was shared with backbone providers, but the ISP refused to co-operate. Probably to avoid further law suits, Lycos has now decided to ditch IP storage altogether. Deutsche Telekom tentacle T-Online faces similar threats from German subscriber Holger Voss, who this week in court argued that dynamic IP addresses are irrelevant for book keeping and shouldn't be stored. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses. A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding from ISPs to disclose the names of suspected file sharers. Courts in both Germany and Canada have recently denied the entertainment industry the right to subpoena the identities of file-sharers. Of course, as most broadband providers use fixed IP addresses for their customers, an audit trail would still be able to reveal their identity. ® Related stories Court rules for German ISPs in P2P identities case German ISP told to cough up customer's details German court protects P2P ne'er-do-well
A small software start-up has gone massive, releasing a search engine aimed at open source developers that can churn through 190m lines of public code. Koders, based in Santa Monica, California, trawled through open source software repositories hosted by universities and consortiums and groups such as Apache, Mozilla, Novell Forge and SourceForge. In so doing, it collected a large chunk of existing open source projects, the language they're written in and the licenses governing their use. Developers are expected to use the Koders.com search engine to identify available packages more quickly. "The idea is that if I'm a Java developer and need to build a shopping cart for my website instead of reinventing the wheel, I can tell the search engine the type of application I want and limit my search to Java software," a spokesman said. This type of service has become increasingly popular with other companies such as Palamida and Black Duck offering a similar premise. Palamida and Black Duck attack the problem more from a compliance angle, providing search engines and databases that churn through code looking for open source packages and their respective licenses. Both companies focus first on making sure large companies known the origins of their intellectual property (IP) and then secondarily on the developer. Koders too might eventually go that route. In the fall, it's expected to release an enterprise product. "Koders Enterprise Edition offers your developers and managers to search your company's internal codebase with the same ease as Koders.com," the company said. "The enterprise version runs inside the firewall and integrates with all your version control systems. From your legacy code to your demo and production code, Koders lets you see and reuse your source code like never before." The company will charge for that product but isn't saying how much just yet. In the meantime, you can have a look at the type of information the Koders search engine brings up with this example for Hibernate and this one for an Apache server. You'll find the code itself, number of lines in the application and a vague development cost estimator that pegs the value of the software based on how many hours it would typically take to create a similar package. The search engine, however, doesn't work as smoothly with less refined queries. Try the Java shopping cart search for instance. You don't quite find exactly what you're looking for right off the bat on that one and the information provided is less detailed. The Koders launch seems to have slipped under the radar of the open source software crowd at large, and it will be interesting to see what the noble geeks will make of the search engine once they get their chocolate-covered fingers on it. ® Related stories Oracle teams up with Zend for PHP love-in Over-compliance is the new compliance, says former SEC Chairman IBM and Red Hat to browbeat Sun Solaris users for free Test your own software code for infringement MS unfazed by OSS schools report Open source ahoy!
Hull-based Kingston Communications has flogged the French operation of Omnetica, the IP networking operation it acquired late last year. Omnetica France, which trades as Arche Communication, has been snapped up by Belgium-based Telindus for €47m (£32.3m). The deal still needs the nod from French competition authorities but is expected to be completed by June. Kingston said it would use the cash to help reduce bank debt. The Hull-based telco bought Omnetica in December 2004 for £169m in cash and shares. At the time Omnetica consisted of Omnetica UK, PRES in Italy (which it sold at the beginning of March) and Arche. Now that both European businesses have been sold, it marks the end of Kingston's European jaunt. Omnetica UK has now been merged with Kingston's Business Services Division and network storage outfit Technica, which it bought in March, to create Affiniti - Kingston's communications integration business. "The sale of Arche allows us to focus fully on our UK operations and in particular on the opportunities for Affiniti," said Kingston chief exec Malcolm Fallen. ® Related stories Kingston Comms buys Omnetica for £169m BT, Kingston face EC illegal state aid probe BT buys Cisco reseller
Episode 16Episode 16 It may be true what they say about being lucky in computing and unlucky in love. Sigh. Of course it might just be me saying that but still there's the odd shred of evidence to support it. Take the PFY for instance, who's as lucky in love as Grace Kelly is at cornering. Sure, he can semi-regularly win Spider with four suits but he still can't manage to hold onto a woman between pay cheques. It can all be a bit depressing for the lad and as both a bystander and a friend I feel obliged to help him out in his time of misery. "GET HARD YA BIG JESSIE!" I shout, playing the tough love card. "You don't see me moping around the place like a Mac geek at a TechNet gathering!" "That would be because you and your missus are still seeing each other," the PFY whines pathetically. "Now, now, you have no proof that the break-up was anything but an ordinary relationship that had simply run its course. Sure, she does spend a bit of her free time with her supervisor, but there's no reason to put two and two together and come up with 69. There may be a perfectly logical explanation for her absences." "Sure," the PFY says, not believing a word of it. "Look, you're just being paranoid!" I say. "There's a bound to be some perfectly innocent reason for her spending time in her boss' company." "Oh yeah, and what's that?" "I'm putting my money on it being work hours - when she's supposed to be at work?" "Yeah, it's all a little too bloody convenient!" he snaps. I can see that I'm going to get nowhere with the PFY and that this is some deeply ingrained upset that may need some special handling. "Ok, before you get a little too off tangent have you done all the normal post-mortem relationship things?" "What do you mean?" "Run conversations back through your mind looking for warning signs, replayed old arguments looking for the straw that broke the camel's back or rifled through her email looking for the confirmation of a hotel reservation - by the hour?" "I..." "Right, so you've done all that - and there's no actual evidence?" "No, but that doesn't mean..." "Doesn't mean you're not being a little paranoid. Tell you what, why don't we get an expert opinion?" "Who?" "The other half - she's bound to know what's been going on." . . . A couple of calls later . . . "Ok, so the PFY's got a little problem in love and he'd like you to diagnose what may have caused the problem, and whether his ex is actually seeing someone else." "Uh-huh," Karen says. "So what happened?" "She just said she didn't think it was working out." "When?" "Monday morning." "And you didn't talk about it the night before?" "No, I was playing on the PS2." "Ok, but what about in the weekend" "I was at the Robot Destroyer challenge most of Saturday, and Sunday I was helping cleanup after the Robot Destroyer challenge." "Ok, when was the last time you talked to her?" "Thursday night." "And what did you talk about?" "What she should pick me up at the curry house on the way home." "And you didn't talk when she got home?" "I WAS EATING A CURRY!" "What about after the curry?" "I'm not sure; I was trolleyed by then because I'd had 10 beers to get the vindaloo down." "Right. Okay, what about the night before that?" "Had a Phal - and 12 lagers. And some ice." "And the night before that?" "She had some birds' night out and I had a Rogan Josh. And five lagers." "Okay, well don't take this the wrong way, but I think I know what your problem is." "Mmm?" "You're not getting enough Naan bread," I say, interrupting with the solution. "More Naan, less heat, then you can save the beers for afters." "Oh yeah!" the PFY smiles. "I WAS GOING TO SAY," Karen interrupts, "that perhaps the problem is that weren't spending any QUALITY time with your ex, and any time you did spend with her you were drunk or asleep - neither of which are attractive in a partner!" "I..." the PFY says in his defence. "She has a point," I say. "So what I think you should do, is send her some flowers." "Uh-huh," Karen agrees. "Apologise in person the next day..." "Mmmm." "Say you've been a fool and perhaps you should start things on a clean slate..." "Yes..." Karen adds "And if she stoops to allow you a second chance you should shower her with gifts, attention and quality time so that she realises that you're a diamond in the rough and that she really is lucky to be with the new you." "YES!" Karen nods approvingly. "Then you dump her like the Boss-shagging piece of trash that she is!" So it IS true what they say about being lucky in computing but unlucky in love. Something my testicles will be reminding me of until well after Karen's cleared her stuff out of my gaff then trashed the place - as an example to others... Sigh. ® BOFH: The whole shebang The Compleat BOFH Archives 95-99 Get BOFH Books here BOFH is copyright © 1995-2005, Simon Travaglia. Don't mess with his rights.
The monster iceberg responsible for breaking off a sizeable chunk of the Drygalski ice tongue in Antarctica is on the rampage again. This time, the Long-Island-sized chunk of ice is heading towards the ice tongue of the Aviator Glacier, where the latest images (snapped on 18 May) reveal it is heading rapidly for a collision. The picture was snapped on 18 May with the Envisat satellite's Advanced Synthetic Aperture Radar (ASAR). The ASAR in Wide Swath Mode (WSM) captures a spatial resolution of 150 metres across a 400-km swath. The Aviator Glacier was discovered in 1955, and was named for the airmen who did so much to open the continent up to explorers and scientists. The Aviator is a major valley glacier which descends from the plateau of Victoria Land along the west side of the Mountaineer Range. It meets the ocean at Lady Newnes Bay, where it forms a floating ice tongue that extends into the water for about 25 kilometres. The iceberg, designated B15-A, is the largest remaining piece of an even bigger berg that calved from the Ross ice shelf in 2000. The original iceberg, dubbed B15, was roughly the size of the island of Jamaica. Since the B15-A broke away from its mother-berg, it has drifted into McMurdo sound. Here, it has been nothing but trouble to the locals. Its huge presence blocked ocean currents, leading to a build up of sea ice that decimated local penguin colonies as the birds could not access the open ocean to feed. During the last Antarctic spring, the glacier drifted slowly towards the Drygalski ice tongue, and looked set to strike a devastating blow to the glacial run-off. Eventually the berg struck the glacier with only a glancing blow, nevertheless breaking off enough of the ice tongue that maps of the region needed redrawing. Now it is menacing another stretch of coast, one unusually rich in wildlife. Researchers fear that if the berg stays put for any length of time, it could again lead to a dangerous build-up of sea ice, blocking access to the sea for the local Adelie penguins, Skuas and Weddell seals. If you have the bandwidth, you can check out high-res versions of the picture above, and animations of the Drygalski collision here. ® Related stories Giant iceberg slams into glacial tongue Life on earth follows 62 million year cycle Satellite snaps huge, penguin-killing iceberg
US-based VoIP call company Vonage formally set up shop in the UK today, moving its no-time-limit call package for £10 a month out of the testing phase it's been in since January. The tenner, paid up front by rolling credit-card billing, gives you free calls to other Vonage users and to landlines in the UK and the Republic of Ireland. Calls to mobile phones are priced at 5-15p a minute, depending on whether you call at weekends, in the evening or during working days. International calls are extra too, but it's the same rate irrespective of when you call. Calls to 0845 and 0870 numbers are extra too, depending on the time of day. The package includes voicemail, call forwarding, three-way calls, caller ID and call diversion. Emergency 999 calls are guaranteed. Subscribing to Vonage brings you a new phone number, but you can select from any of the 120 local geographical codes the service currently supports over here. By the end of the summer it will support 400-450 local codes, local MD Kerry Ritz said - essentially all the DSL-equipped local BT exchanges. The catch is the need for not only a broadband connection - cable packages are supported as well as phone-based ADSL links - but you need a phone adaptor too. Unlike VoIP flavour-of-the-month Skype, Vonage's service is designed to be used with a regular handset. The receiver connects to the Net via the adaptor, which digitises the conversation and routes it though an Ethernet port to Vonage's servers and on to the recipient. However you connect, the company said the call quality will be as good as or better than fixed-line connections through telcos. Vonage today launched a Linksys-made router with RJ-11 jacks for the handsets and Ethernet connections for modems and computers. The router will sell through the company's first UK retail partner, Staples, from 1 June, Ritz said. Pricing has yet to be determined, but the package will include the £16.99 set-up fee Vonage charges folk who order online. Vonage will also offer an adaptor that links handsets to existing broadband routers or direct to modems. A wireless router will ship this summer, as will a package to connect a pair of DECT cordless phones to the system. Vonage also offers a software-based phone for £6 a month from which you can make up to 500 minutes' of local calls for free. But you need to have a regular tenner-a-month Vonage account too. That 500-minute limitation also applies to the £19 Vonage Small Business package's fax-oriented second line. The main line is unlimited, like the £10-a-month residential package. Vonage currently has "a little over 700,000 subscriber lines", said Chairman and CEO Jeffrey Citron, most of them in the US. Some ten per cent of those lines are small business subscriptions. Citron said he was not concerned that telcos' ISP divisions will start to cap or even block VoIP traffic in a bid to protect their revenues as Mexico's Telmex appears to have done. Telmex ADSL subscribers can't even access the Skype website, he said. "Such actions are already illegal in the US," he told The Register, "and we think the regulator would look on them very unfavourably in the UK." ® Related stories Cost of net phone calls may rise Yahoo! tests! VoIP! Canada says oui to VoIP Canada mulls VoIP regs Parents blame Vonage over girl's death Vonage rings up $200m investment Vonage bows to 911 pressure AOL launches VoIP service
The company that did more than any other to end the disease of Portalitis in the dot com era has succumbed to the infection itself. Google yesterday unveiled personalization features that allow the user to turn the famously spartan Google search page into a cluttered montage of its various services, and feeds from other sites. Portalitis spread like an epidemic throughout web search engines in the late 1990s, although Google's minimal approach, along with the dot.com crash, helped stamp it out. A further infection broke out three years ago, but was confined to online music services. Not surprisingly, staff at Yahoo! - which has frequently been accused of imitating Google's product roll-out - took the opportunity to gloat. "Imitation is the sincerest form of flattery, and some of us are quite flattered," wrote Yahoo!'s Jeremy Zawodny. "Since it seems that you haven't settled on a name for this 'new' product, I'd like to suggest My Google. We've found that the whole 'my' thing works pretty well over here." Ladies, please. "I feel this is different to My Yahoo!" claimed Google product manager Marissa Mayer. She's correct in one important respect: Google's My Google offers little of the range or flexibility of its chief rival at launch. Only four pre-selected news feeds are available, and not your own, the user can't choose how much of the feed to view, and there's no cosmetic customization. Maps, Local information, Usenet, the Directory and (perhaps thankfully) Froogle cannot be integrated into the personalized page. This may change in the future, or it may not. Much like Orkut, My Google's half-hearted debut has the feel of something Google thinks it ought to do, rather than something it wants to do. If there's one aesthetic to which Google has been consistently faithful, it's one of minimal and uncluttered design. You can catch a dose yourself, here.® Related stories Real and Napster catch portalitis Google can take the web, yawn readers Campaigners quiz Google on China play Google files Coca Cola jingle with SEC Google puts the brake on Web Accelerator GoogleNet - the ultimate embrace and extend?
ICSTIS has yet to recoup a single penny after fining 16 premium-rate phone services £1.3m following a crackdown on rogue operators. In March, the premium rate watchdog warned punters to be on their guard against dodgy operators using illegal Automated Calling Equipment (ACE). The ACE was used to call people telling them they had won a cash prize or holiday, but those who fell for the scam ended up phoning expensive phone numbers for nothing. Using emergency powers, ICSTIS shut down 19 services in all running prize scams. It also managed to fine 16 of the providers a total of £1.3m. At the time ICSTIS director, George Kidd, said that the watchdog had "acted fast to stop the harm". Today, though, a spokeswoman for ICSTIS admitted that so far the regulator had failed to prize any of the fines from those fingered for the scams. The admission comes as ICSTIS fined three other services £100,000 each for running similar ACE scams over the Easter weekend. All three - Interiors London, Ocean 3 Ltd and Telecom Promotion - had their services supplied by Allied Telecommunications, the same phone provider linked to the 16 other services. Allied Telecommunications is currently being investigated by telecoms regulator Ofcom. ® Related stories 16 scammers fined £1.3m Watchdog fines prize call telco £100k Watch out, there be scammers about, warns watchdog Ringtone sellers told to clean up act New 0871 rogue dialler scam spotted Citizens Advice warns of 'shocking' rogue dialler scams
Security researchers have discovered a denial of service vulnerability involving Yahoo!'s popular instant messaging client. Hackers can potentially disconnect users from chat sessions by sending malformed packets to Yahoo! Messenger servers. The flaw stems from a glitch in processing routines used to process URL handler links, as explained in a SecuriTeam advisory (containing "proof of concept" demos) here. The bug affects Yahoo! Messenger versions 5.0 and 6.0. Yahoo! is yet to issue a patch. But don't panic: although the flaw provides plenty of scope for mischief it doesn't by itself offer a way to take over vulnerable systems. SecuriTeam's suggested workaround - involving editing Registry setting - ought to be treated with caution since bungling this process can leave novices with an inoperable machine. Less experienced PC users might do better to wait for a patch from Yahoo! rather than fiddling around under the bonnet of their PCs. ® Related stories Yahoo! IM! in! flaw! flap! Yahoo! fixes Web mail vuln Latest MyDoom hunts victims via Yahoo! Yahoo! has minimal spyware, adware revs streams
Ask Jeeves - the snooty search engine fronted by a butler - has acquired Excite Europe from ISP Tiscali. In a statement Ask Jeeves said that "financial terms of the acquisition were not disclosed". Tiscali, on the other hand, wasn't quite so stuck-up and reported that Ask Jeeves had coughed up €6.1m for the business. The acquisition of Excite Europe extends Ask Jeeves' ownership of the Excite brand beyond the US including Spain, Italy, France, UK, Germany, Austria and the Netherlands. Ask Jeeves acquired the US bit of Excite.com in March 2004. Anyhow, Ask Jeeves boss Steve Berkowitz said that the deal marked the "next step" in the firm's "European expansion strategy", adding: "Access to Excite's pan-European operational infrastructure and market knowledge will accelerate our European growth initiative and provide an instant revenue stream from additional users and advertisers." Tiscali acquired Excite Europe in April 2002. Since then, the European ISP has been forced to sell a number of "non-core" assets including its ISP business in France. ® Related stories Excite rises again like a turkey from the ashes Tiscali to launch Excite across Europe UK flies broadband flag for Tiscali Tiscali UK to invest £61m in LLU Tiscali confirms sale of French opo - finally
ReviewReview Whether they'd top your list when it comes to gaming or not, few can argue that ATI's All-In-Wonder series of graphics cards have continued to lead the way with their powerful blend of multimedia features. Fending off the competition for a year or two is a noteworthy achievement in the cutthroat world of PC graphics, but the fact that ATI has managed to do it since it launched its first All-In-Wonder part back in November 1996 perfectly demonstrates its dominance in this field, writes Wayne Brooker.
CompetitionCompetition Ph-hhrrrt! With the tinny rasp that can only be a fanfare of trumpets encoded at 128 kbps, we proudly announce the winners of our iPod competition. The winner doesn't win an iPod, we're too stingy to allow such generosity and in any case, every competition in the world seems to have an iPod as a prize these days. No, it's our request for suitable health warnings for the device, so that the anti-social iPod user can think and repent. It was inspired by an Australian school teacher who banned the MP3 player from her school because they encouraged children to be selfish and boring. It was difficult to choose a winner. Euan Lindsay draws on the Old Testament for this warning against rampant materialism: Greg Mills puts its succinctly - David Currie sent in three outstanding candidates, of which we liked this one - Especially if you're wearing white shoes. And this unforgiving critique - We don't quite follow the connection here, but Tim Wilkes makes the grade with this offering - And flying the flag for software libre compression schemes unencumbered by patents, here's James Hands' entry. Nothing like a bit of oggro. Er, aggro - and a creative use of colour, a sticky plaster and a Photoshop filter by James almost won him the prize. Before we unveil the winner James Dowling eloquently makes one rational case in favour of the wretched device. "Interesting article but maybe there is another, more positive side to this," he writes. "Your suggestion that "children are only responding to corporate advertising that encourages solipsism - 'to shield ourselves,' as Oscar Wilde put it, ironically, 'from the sordid perils of actual existence' is a valid view but misses something important." "How about another view based partly on Mr Wilde's quote? As an owner of a personal MP3 player (not an iPod), I use it to shield myself from the almost continuous advertising and attempted brainwashing which I'm subjected to when taking the bus and train to work." "We are heading towards a future like something from Ray Bradbury's Fahrenheit 451, where advertising is everywhere and people are actively encouraged not to have individual thoughts, the all consuming but unthinking couch potato public is ruled by a control freak state. My MP3 player keeps all that garbage at bay. I listen to the works I choose and which help keep me a free thinking individual. Think different. Think free. Vive la individualité!" So let's announce the winner, and a Reg T-shirt goes to Matt Korris for this one - A sample of the artwork will be sent to the World Health Organization and any busybody quango we can think of. (Or to anyone who takes competitions such as this too seriously). Thanks to all of you who sent in entries and kind words (thank you, Brett Brennan). Bootnote: We're mulling the inclusion of a "sociability index" for future reviews: DRM schemes, and stupid obstacles that computer companies put in our way of sharing music will be noted, and points lost accordingly. ® Related stories Should iPods carry health warnings? Apple de-socializes iTunes Australian school bans iPod
UpdatedUpdated The US government is seeking powers that will allow it to ban billboards in space. The Federal Aviation Administration has put forward plans to amend regulations so it can prohibit "obtrusive" advertising in zero gravity. The fear is not about adding to the already growing band of space junk but about retaining space as a thing of wonder rather than a giant advertising hoarding. "Objects placed in orbit, if large enough, could be seen by people around the world for long periods of time," the FAA said in a regulatory filing, Reuters reports. "Large advertisements could destroy the darkness of the night sky." The news agency adds that outsized billboards deployed into low Earth orbit could "appear as large as the moon". A chilling prospect indeed. Imagine a far future where children know portions of the night sky as Pepsi, Nike and Virgin Galactica rather than as Capricorn, Taurus and Virgo. Granted, watching astronauts avoiding hoardings punting The Sun newspaper might make space walks more entertaining. But the threat of evil geniuses using oversized board's to blot out the Sun's rays, a la Montgomery Burns, is surely one that ought to be contained. James Bond might be pretty good at dealing with evil kitty-stroking maniacs bent on world domination and armed with laser beams. But strategy boutique types armed with flip-charts and out of this world ad campaigns form an altogether different threat. On the other hand the space billboard ban may be just so the US itself has a clear field of fire for its space cannons, as Reg reader Matt and others have pointed out. ® Related stories Sigourney Weaver books flight with Virgin Galactic Virgin space tourists will blast off to Bowie US man has IT company logo tattooed on head Stripper flogs breast implant on eBay
Apple has asked 128,000 notebook computer users to return their PowerBook or iBook batteries on the off-chance the components could overheat and catch fire. The batteries were produced by South Korea's LG Chem, which also made the 15in PowerBook batteries Apple was forced to recall last August. The recall, which covers all 12in and 15in PowerBooks, and 12in iBooks sold worldwide between October 2004 and May 2005, inclusive. The batteries in question are model numbers A1061, A1078 and A1079, with serial numbers HQ441 - HQ507, 3X446 - 3X509 and 3X446 - 3X510, respectively. You can view your battery's model and serial number by removing the cover and taking a peek. Apple is only replacing batteries with those specific serial numbers. If your battery does, contact Apple via this website and it will ship you a new one free of charge. Apple said the risk of combustion was very small. The recall comes after the US Consumer Product Safety Commission received six reports of batteries overheating, two from the US and the rest from around the globe. ® Related stories Toshiba recalls notebook RAM Dell recalls 4.4m notebook power adaptors Lexmark recalls 40,000 laser printers Apple recalls 15in PowerBook batteries HP recalls notebook RAM Kyocera recalls exploding PalmOS phone battery Dell makes monster notebook battery recall
LettersLetters Your biggest worry this week was the weather. How commendably British of you all. Naturally this was prompted by the BBC's stunning decision to rid the world of clearly legible weather maps, isobars and weather fronts, and introduce new graphics, apparently to confuse and upset the punters. Especially those in Scotland, who quite reasonably point out that they can hardly see their fair country the way things are arranged now: There's a question about the BBC's new weather map which has been puzzling me, and perhaps you can answer. The BBC weather presenters show you what is happening by "flying" beneath the cloud level, and then showing you where the cloud cover is by highlighting the cloud shadows in brown. So what happens when you have fog, or the cloud base is at ground level? Trying to view the weather in Scotland if your eye-level is at 0 metres on the Isle of Wight would be somewhat difficult I imagine........ Darren The Scotland problem on the weather maps appears to me to be the result of showing a picture of a curved earth (not entirely bad in itself) with the virtual camera aimed rather too nearly parallel to the equatorial plane. So the earth curves away, and Scotland is foreshortened. From my own fiddling with 3D graphics, I suspect the 3D virtual globe is too small, or perhaps the BBC is using a wide-angle virtual lens on the camera. And, while a lot of people don't care about isobars and fronts, some people really do care. Dave Of 60 million people, just 240 complained!?! I complain to the BBC all the time, and it almost never makes the news. Why just today I wrote to complain about their web video formats. Why isn't everyone using .mp4 yet? Why streaming? Real and WMV? When will it end? I like the new weather map. Now instead of just getting - fog, wind, rain, sun, clouds - we get to *see* the fog get blown out by wind which sucks in some rain and is followed by sun and then cloudiness. (To be honest, I don't watch the weather. I just assume each British day will include all possible weather variations. British weather reports really *are* a bit pointless.) But give them credit - they made the land a earthy colour and the water a blue colour. It's amazing how often people design maps and paint the land blue! And we wonder why people end up thinking the UK is a lake on the edge of a vast desert. Orville Uhuh. Keep taking the pills there, Orville... *sigh* Another perfectly sensible system which has been screwed-up royally by people trying to be "sexy". It's like the London Underground ripping out all of the current maps and replacing them with "a geographically-representative, 3-dimensional representation of the network viewed from an isometric perspective, cunningly printed on holographic paper to confuse people even more efficiently than ever before"... If it's not broke... Joe Biggest problem with the BBC's weather? You just couldn't see what the weather was going to be like in your area *and when*. The time ticked over, then the map moved, then the time ticked again, then the map moved again. Nothing wrong with the third dimension, but when you sling in the fourth and need to get the TARDIS to help you decrypt the information just so you can work out if it's worth throwing a bit of miracle grow on the lawn this evening, it's all gone a bit too far. Peter We do want our weather flat with some basic detail not over the top fancy graphics which adds no value, just confusion .. the flying country view makes my wife feel quite sick so we have to turn over before the weather now. It’s not a Luddite thing either .. I love beautiful graphics (Mac user ;-) but in the case of a weather forecast it is highly distracting which means I end up knowing nothing about the weather to come ... it defeats the point of the forecast in the first place and breaks one of the basic rules of user interface design - don't upset or surprise your audience ! I mean is a weather forecast about giving information about the weather or demonstrating the talents of an Xbox 360 or PS3 ? - Richard And amid the wails of anguish, a lone dissenting voice cries out: I think your rant is extreamly biased, I've been waiting for weather reports like this for years, those old ones with the symbols don't mean anything, a cloud that covers the entire north west region isn't very good at all. I think your just stuck in your ways and don't really like new technollogy and new ways of doing somthing so traditional as weather reports. Martin Yeah, we hate technology. You can tell just by reading our, erm, website...no, wait... Many people will mourn the passing of ATM. Just to clarify, that's not automated teller machines. Perhaps we should have explained... It's a shame ATM may become extinct. I know our communications networks lecturer said it stood for A Terrible Mistake back in 2003, but it really is good for non-synchronous backbone networks due to its inherently fast switching speed. And it can't have been that bad, he based our coursework for that module on a sensor network running on ATM. John They had better not. I use the ATM to make deposits from my newly acquired wealth at Man Utd. Have you ever stood in line at a bank? (That's queued to you!) Malcolm Glazer Note: we suspect this is not the actual Malcom Glazer. Just thought we ought to mention this for the sake of completeness. Also upsetting you this week are the astonishing prices people are willing to pay for concert tickets. Legitimate or otherwise: Maybe the headline should have been 'legitimate on-line ticket sales fleece punters' as even approved / legitimate sources rip us off. Yes i am talking about booking fees, and credit card fees. Firstly, what is a booking fee? Is this the equivalent of a buying fee... imagine going to the checkout of a supermarket and being told "that's 20 pounds and also 2 pounds as a buying fee".... And credit cards... a fee for using a credit card, when that is the only option? Not all purchases add the credit card fee on top separately, so why should ticket sales.. It should be a law that accepting credit cards is a fee for the merchant not the consumer. If people are silly enough not to shop around on the net for a good price then more fool them!! Good luck to the clearly capitalist folk who have the gaul to try and charge those prices!!! Jeremy I don't know which is more surprising, that some people are willing to pay over £400 to see U2 or that the retail price is £80! The gigs I go to are much over a tenner, I'd expect around £25 for a *really* big group in an arena. It saddens me that they (touts and retailers alike) can get away with such ridiculous prices... but that's supply and demand I guess :( rob It's a simple statement but do they intend to stop or enforce it? Look at tickets for Glastonbury in the UK, Splendour In The Grass in Australia or many of the equivalents in the USA. If you don't get a ticket within 20 minutes for many shows they are sold out. The tickets then appear on e-Bay minutes later. This is made worse by insiders who sell tickets at many times the face value for premium seats before the mug punter can even get access. Unless and until the vendors and promoters do something more to stop sales to people who only want to make a profit any statements to stop buying from scalpers will continue to be ignored. Dave Stolen good showing up on eBay is not a new occurrence, but only rarely does it happen that you find you own pinched kit online, as happened with one woman and her iPod, this week. But iPods are not the only fruit: I also retrieved a lot of stolen items from eBay - although this time, they were somewhat rarer and easier to spot. I'm a professional juggler, and my precious fire juggling clubs, stilts and sound equipment were all stolen three years ago. After I put the word out on the Net to the juggling community someone in Ireland spotted the fireclubs for me. Although we never traced the thief, we got back around 2/3 of the equipment from an 'eBay trader' who had bought them from a car boot sale. I recognised the fire equipment mainly because they were still in the original bag, containing an old instant coffee jar I used to fill with paraffin to fuel the clubs.... Charlie This just shows in a nutshell what's wrong with DRM - get your own ipod stolen and have to pay to repopulate it... its a pity you didn't think to mention this - maybe to shame apple into getting her her songs back. Robbie Microsoft's decision to patrol the net with so-called "honey monkeys" has got you all in a flutter: Sorry if I am seeing too many 'black helicopters', but Microsoft sending out honey monkeys just sounds like a cover a story for the new MSN search service. How on earth else could they explain the fact that various MSN bots (suppose they must be running on Windows) have now managed to have taken 160,000 pages off our site in the last two weeks, while we only have about 25% of that number as actual pages. Why they needed four copies, we don't know. But thinking they fed a honey monkey is a prettier picture than a blue screen of death and a frustrated Microsoft techie wondering how he will ever get search working. Simon "We will tell them, you are being watched," Duhhh... what? Well that's really going to make them change their ways. No, the only way to deal with these people is to firewall them into their own intranet, or (my preferred option), precision munitions. Neil Suggestions that HP might, once again, be about to break out the pink slips in a bid to bring its costs under control have left many readers particularly unimpressed. Carly is dead, long live Carly, seems to be the sentiment: In stark contrast to his predecessor our new CEO plans to increase shareholder value by endless rounds of cost reduction, eliminating all factors identified as non-revenue generating. As employee morale generates no revenue at all, we have to decided to completely eliminate this within HP, though due to outstanding efforts by his predecessor, this will be little other than a mopping up operation. Plans are currently being considered to reduce cost to zero by closing the company completely, thus of course sending shareholder value skyrocketing. Our new uber-CEO can then be paid many tens of millions for his sterling efforts. That's value for money! The rest of us will be attempting strap ourselves under a train to Mumbai in order to compete in the new global economy. Squeegee yer window guv? Anon So what do HP do again? Apart from making plastic printers and sacking lots of people? There was a time when HP were regarded as inventors and innovators. Who killed the vision? Roop A question almost as unlikely to be answered as the commonly asked: "Who stole the cookie from the cookie jar...?" We told you about a clever bunch of scientists who've made a battery that could last for decades. Seems the full implications of such a discovery had passed us by: Your story about the 10-year nuclear battery should be under ROTM, not science. The implications are far from academic. John We admire your alertness, John. We have put him on our watch-list. Lastly, a neat suggestion for the imaging scientists working to uncover the secrets of Titan, moon of Saturn. Having trouble getting a geological feature to come into focus? No problem. Ian has the solution: Why don't they run those pictures through them "algorithms" that we see on CSI? Then we would have a very clear picture! Ian Class. That's it for now. Enjoy le weekend. ®
Zombie PCs infected with the Sober-P worm are set to reactivate on Monday, 23 May. Sober-P posed as offers of a free ticket for next year's World Cup and set up backdoor access on compromised PCs, claiming thousands of victims since its first appearance earlier this month. These infected machines were later used to generate a German hate-mail spam outbreak this week. The sheer volume of this deluge illustrated the potential for further mischief. The German Federal Office for Information Security (BSI) warned on Friday that the Sober P worm will become "active' again this Monday, and may launch another Trojan. Email security firm CipherTrust said that virus authors could reprogram this botnet to send out yet more spam, propagate secondary infections or launch a denial of service attack. As CipherTrust notes, just because this might happen doesn't necessarily mean that it will. It will likely turn out to be a damp squib, as previous warnings - notably made during the Code Red hype cycle - turned out to be. Nonetheless the alert illustrates the pressing need to disinfect machines compromised by Sober-P. ® Related links BSI's Sober P warning (in German) Related stories World Cup worm gives Windows users the willies (Sober-P) Sober infected PCs spew right-wing 'hate spam' FBI blows Code Red all-clear