18th > October > 2005 Archive

Wikipedia founder admits to serious quality problems

Encouraging signs from the Wikipedia project, where co-founder and überpedian Jimmy Wales has acknowledged there are real quality problems with the online work.
Andrew Orlowski, 18 Oct 2005

Sun gives Unix giants a plus

If you're in the market for a $1m server, then Sun Microsystems has a new system for you. Sun on Monday began selling its highest-end Unix servers - the E20K and E25K - with new 1.5GHz UltraSPARC IV+ chips. Customers have already been able to buy lower-end systems with the UltraSPARC IV+ chip and to replace existing UltraSPARC III and IV Uniboards with fresh ones running on the new processor. Now, however, they can purchase brand spanking new entire systems. Sun used the release of its speedier 36-way and 72-way giants as an opportunity to go after IBM. "We are the first to upgrade high-end servers with next-generation 90 nanometer microprocessor technology, again offering customers true investment protection and the best price/performance in the industry," said David Yen, Sun's EVP in charge of SPARC systems. To its credit, Sun does let users run chips of different speeds and different generations in the same server. Customers can also replace processor boards with the system still running. In addition, Sun, like all of its major rivals besides Intel, can boast the use of high-end, dual-core chips. This means that an E25K server can crank through 144 software threads at one time. Sun used its milestones and monster servers as fodder for bashing IBM, which recently began a Unix server upgrade. IBM has slotted the Power5+ chips into low-end systems but won't give higher-end servers the same boost until 2006. Even then, IBM isn't expected to have a system comparable in size to the E25K. Analysts, however, would be quick to point out that IBM has outperformed Sun in both raw processor performance and Unix server sales over the past two years. The Power4 and Power5 processors helped IBM gain ground against both Sun and HP. More information on Sun's monsters can be found here. ®
Ashlee Vance, 18 Oct 2005
fingers pointing at man

RSA hears from ex-MI5 boss

The sixth annual RSA Security conference was opened by the disturbing sight of David Taylor dressed in a grey, silk dressing gown brandishing a long cigarette-holder like a hirsute Noel Coward. Fortunately the business leader was not reprising the title of his book – The Naked Leader – but opening the Prohibition-themed conference. Taylor outlined the role of Elisabeth Smith Friedman's successful code-breaking in catching rum runners during the Prohibition era. Dame Stella Rimington, the former director-general of MI5, spoke next on the role of government and business in countering terrorism. She said that new technologies like encryption offer both an advantage and disadvantage to security services. She stressed the importance of balancing civil rights with robust anti-terror laws. Talking about MI5 and the Cold War she recommended John Le Carre’s Smiley’s People as an accurate description of “tradecraft”. The final keynote speech of the first day was from Art Coviello, RSA Security's CEO. He said business must make security a boardroom level issue and called on industry sectors to establish specific best practice guidelines. He called on security vendors to ensure their products did not impede access to services but made access easier. RSA announced new provisioning partnerships with Microsoft, Sun, Courion and M-Tech. Details here. RSA Security also released financial results today with revenues for the third quarter ended 30 September expected to hit $76m and earnings per share of $.20 to $.22. The company announced the departure of head of international sales Mark Reeves and Scott Schnell, formerly head of worldwide sales and marketing. Jim Bandanza has been promoted to vice president of worldwide sales and Richard Turner takes responsibility for sales in EMEA and Asia Pacific. ®
John Oates, 18 Oct 2005

IBM piles up earnings in Q3

IBM slipped past expectations in its third quarter results published yesterday with the offloading of its PC business to Lenovo this year still putting a shine on its numbers. The company turned in revenues of $21.5bn for the quarter ending September 30. This was down eight per cent on the previous year. However, once the last year‘s contribution from its former PC business was stripped out, sales were up four per cent. Operating profits from continuing operations were $2.9bn before income tax, up 33.4 per cent, while net profits were $1.5bn down 2.5 per cent. This delivered earnings per share of $0.95, after $0.32 of Homeland repatriation tax charge. Wall Street had been expecting $1.13 per share on revenues of $21.7bn. The offloading of the PC business certainly helped spruce up the vendor’s hardware numbers. Total hardware revenues were up seven per cent to $5.1bn, when the PC business was excluded from last year’s figures. Most of the Systems and Technology lines showed revenue increases except for mainframe, which slipped four per cent on the year. Global Services revenues were up three per cent to $11.7bn, with the vendor’s total services backlog up to $113bn. Software revenues were $3.8bn, up 5 per cent on the year.®
Team Register, 18 Oct 2005
channel

Internet worries US consumers

Americans are more worried than Europeans about identity theft and online fraud. Overall transactions are still increasing and mid-price purchases are the most popular, but spending in some areas is shrinking. Research carried out in Germany, France, the UK and US found that almost half US consumers have little or no confidence that their private information is adequately protected. The government, industry alliances setting security standards, hardware and software companies, ISPs and credit checking agencies were all mentioned. Online spending is also falling in some areas, which researchers suggest could be linked to increasing worries about security. Average monthly online spending in September was €153 with the UK in top slot with €231 and US spending least at €129. Although overall transactions are increasing 16 per cent of those questioned in theUS are spending less and 13 per cent of Brits also cutting spending. RSA believes this may be linked to increased awareness of identity theft. In the US nine out of ten consumers are aware of identity theft while in France and Germany one in three is not aware of it. Less than half of respondents had heard of phishing. The survey was carried out by Momentum Research and spoke to 603 consumers with one or more active online accounts. More details here. ®
John Oates, 18 Oct 2005
globalisation

Lloyds TSB tests password-generators

Around 30,000 customers of Lloyds TSB are being issued with a password-generating device that will add an extra layer of security when they do their online banking. But while it makes customers less vulnerable to internet fraud, the bank says its device is "not the end solution". Person using the Access Code Device at the Lloyds TSB website.The Access Code Device generates a unique, one time only, six digit number that customers enter when they log on to the banking site. The trial of the key ring-sized Access Code Device is the largest of its kind in the UK. Similar devices are already in use in corporate environments and AOL offers them to its US consumers for a small fee. Some banks in the Netherlands and Sweden have been using two-factor authentication for several years. OUT-LAW spoke to Jason Bacon, Lloyds TSB's head of new business and customer development for internet banking, about the bank's latest move to combat phishing and other forms of internet fraud. Customers taking part in the trial will log on to Lloyds TSB internet banking as normal using their user ID and password, but instead of entering their memorable information they will be asked to press the button on the Access Code Device to generate a unique code. The customer then types in this code, which the bank verifies. Customers taking part in the trial will also be asked to use the Access Code Device to generate a new code to authorise some online transactions such as bill payments instead of their normal password. If the code is intercepted, perhaps by someone running a website that purports to be Lloyds TSB's, the attacker has only 30 seconds to access the user's real account before the code becomes invalid. If the criminal gets this far and attempts a money transfer, the request for a second code should foil all but the most sophisticated attacks. Bacon said the trial participants have been selected at random and represent a large cross-section of the bank's online customers. They will not pay to participate in the trial and Bacon did not disclose the costs to the bank of supplying the devices, although he pointed out that their costs are being driven down by competition and economies of scale. He acknowledged that the devices are not without their drawbacks. An obvious one is that if they become ubiquitous for online authentication, customers with several internet accounts could face the inconvenience of carrying several devices. Another drawback is accessibility: the devices do not work for visually impaired users. However, Bacon said that the manufacturers are working on a version that comes with a loudspeaker. If the Access Code Device is ever rolled out as a firm-wide solution, it will be compliant with the Disability Discrimination Act, he said. But it may never be rolled-out firm-wide. "Partly we want to see how customers react to two-factor authentication," he said of the trial. "Two factor authentication is inevitable – it's just a question of what and when." Running the trial gives Lloyds TSB valuable feedback on how its customers will react to added layers of security. The move to two-factor authentication is consistent with guidance published in July by US banking industry watchdog the Federal Deposit Insurance Corporation (FDIC) which said banks should look at implementing multi-factor authentication methods. In the UK, the Association of Payment And Clearing Services (APACS) has also encouraged banks to move in this direction. Bacon indicated that a longer-term security solution for online banking could be card readers. Chip and PIN has been rolled out in the UK as a means of reducing point of sale card fraud. The readers are found in shops but not in cardholders' homes – so they offer no protection against card-not-present (CNP) fraud. According to Bacon, it's feasible that this will change to a card and card-reader solution, allowing consumers to use new chip and PIN credit and debit cards for secure CNP transactions and internet banking. Lloyds TSB will be monitoring these developments closely. APACS has developed a standard for card-readers that is in "a very mature draft form," according to Richard Martin who facilitates APACS' e-banking fraud liaison group. The standard addresses details of cryptography and, for example, the buttons that will feature on the readers. Vendors are working on devices that will adhere to the standard and banks will be able to buy these for deployment to customers. Some vendors are working on readers that will be accessible to disabled users, according to Martin. "We don't think anything is the end solution," said Bacon of the different anti-fraud solutions available and under development. "It's all part of a journey." Of course, the journey changes direction when criminals find new means of attack – Trojans are on the increase, he says – but the bank offers one online banking guarantee that applies to all forms of attack. The guarantee states: "We protect you against fraud on Lloyds TSB Internet banking. We use industry-standard levels of security. Of course, you must be careful, for example, take reasonable steps to keep your security information secret at all times. If you do, we will refund your money in the unlikely event of fraud." We asked Bacon whether customers who fall for obvious phishing scams – those with email lures written in terrible English – are considered not to be taking "reasonable steps" to keep their security information secret. Bacon replied that "a very small number" of Lloyds TSB customers have been victims of phishing and added that refunds "will be considered on a case-by-case basis." He said that the bank has a policy of educating its customers which is perhaps why few of them fall for phishing scams. He said the bank does not differentiate between the quality of scams. "We don't say 'you should have spotted that one as a scam' and only forgive those who fall for high quality phishing attacks." As for the new card readers, Bacon said: "We think that it's a sensible cross-bank solution that will be there eventually." The bank still stresses the need for customers to protect themselves by keeping their account details private. In addition to its online guarantee it is offering customers a free PC security scan to identify spyware; a 20% discount on firewall software from Zone Labs; and a security learning centre at lloydstsb.com, providing customers with hints and tips on what internet scams look like, how to protect their PCs and what to do if they think they might have been the victim of fraud. Copyright © 2005, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 18 Oct 2005
For Sale sign detail

Liferay after Plumtree

AnalysisAnalysis Plumtree is being acquired by BEA. This raises two points. The first is the perennial question of integration that arises whenever a vendor buys another that has a directly competing offering: how will the two products be merged? How long will it take? Will they, in fact, be merged at all? If not, how long will the acquired product continue to be supported? And so on and so forth. Interesting questions but it is not my intention to address these in this article. The second point with respect to this purchase is that it has been touted elsewhere as representing the demise of the pure play portal vendor, following earlier acquisitions of companies like CoreChange (by Open Text) and TopTier (by SAP). However, this is not the case. There is at least one pure play portal vendor still in the market, which is Liferay. So, why haven’t you heard of Liferay? Because it is an open source vendor and open source companies don’t tend to market themselves very well. As an example, I am trying to get details about the open source KETL ETL (extract, transform and load) product from Kinetic Networks. Now, despite the fact that I have an introduction from Greenplum (one of the exceptions when it comes to open source marketing), which is a partner of Kinetic Networks, the company has continually failed to answer my e-mails requesting more information. Worse, there is absolutely nothing about the product on the company’s web site—not even a mention of it—you have to go to the Greenplum site for that. I think this is a big problem for open source vendors: they are inclined to think that they can get market attention by word of mouth in much the same way that they can get developers to join in their communities. Unfortunately, that is not true—you can go so far, you can get some customers, even significant ones, but more is needed if you really want to get market momentum. Of course, you could argue that it is the product that is more important than the company. There is some truth in this argument, particularly with respect to the open source movement but commercial enterprises want support, training and other back-up facilities that you don’t get without a company to back the product up. In any case, as I have argued before, open source is just another licensing model. Going back to the company then, it is possible that Liferay is only interested in having a good enough business that it will pay for the lifestyles of those involved (indeed, the company gives a proportion of its profits to charity every month) and that they don’t want to conquer the world. This is a perfectly valid business model and I know lots of companies and senior executives that have no ambitions beyond this. Nevertheless, this is not to say that they should eschew marketing or, at least, briefing analysts. The latter, in particular, is important because it not only helps to get the word out about your products or services, it is also (with some notable exceptions) free. It is, after all, the analyst’s job to be informed and up-to-date about whatever section of the market he or she is working in and that means listening to the little guys as much as the big ones. Liferay is by no means a new kid on the block. It was founded in 2000 but was originally developed (this is no longer the case, or not exclusively so) as a portal solution for non-profit organisations. Currently the product is in version 3.6.1, which has recently been released. Salient facts are that there are no license fees and you don’t have to pay more for new users or servers or whatever. Similarly, the product (which is J2EE based) is application server agnostic and takes a similar approach to the development of portlets: you can use Eclipse, NetBeans, JBuilder or anything similar, or even lightweight editors. The open source license is based on the MIT model. So, if you are interested in a portal and like the pure play idea then you could do worse than take a look at Liferay. Copyright © 2005, IT-Analysis.com
Philip Howard, 18 Oct 2005
channel

Sage upbeat on trading

Sage today said it will meet market expectations for the financial year to September 30. In a trading update, the company said revenues were up 14 per cent on last year to £777m and pre-tax profits were up 13 per cent to £204m. The accounting software giant will publish a full set of results on 30 November. Sunny as this may seem, analysts say the numbers might cause some mild disappointment. The company had posted pre-tax profit gains of 16 per cent for the first half of the year, suggesting things became a little sluggish as the year wore on. ®
Team Register, 18 Oct 2005

VeriSign aggregates Moreover

Net infrastructure firm VeriSign yesterday acquired content aggregator Moreover Technologies in a deal valued at about $30m cash. VeriSign plans to combine Moreover's content aggregation services with its own feed technology to create a real-time aggregation platform for bloggers, publishers, enterprises and Web portals. Earlier this month VeriSign acquired ping service Weblogs.com, a major piece of the blogging infrastructure, for $2.3m. The content distribution network that VeriSign wants to build using Moreover's technology will use weblog.com's ping server infrastructure for increased reliability. Ping services provide notification every time a new entry is added to a monitored blog or website. Moreover currently aggregates more than 12,000 news sources and millions of blogs. Customers such as MSN, AskJeeves, and BBC use the technology to supply links to third-party news. Corporates use Moreover to amass real-time information about market and business trends. Moreover Technologies has 35 employees with offices in San Francisco and London. "By combining the intelligent content of Moreover’s aggregation services with RSS feeds and the reliability of our ping server infrastructure, VeriSign will provide our customers with a highly relevant source of real-time information," said Mark McLaughlin, senior vice president and general manager of VeriSign’s Naming and Directory Services. "The new services will make it easier for publishers and bloggers to distribute and track their content, as well as for our enterprise and Web portal customers to improve the reliability and quality of their feeds as the demand for RSS and Blog information continues to grow." ®
John Leyden, 18 Oct 2005

Pipex gobbles up Freedom 2 Surf

Pipex has bought Freedom to Surf (F2S) for £10m, to boost its investment in local loop unbundling (LLU). With 40,000 F2S broadband subscribers under its belt, Pipex's high speed net users now total more than 250,000, giving it sufficient clusters of users in urban areas to make investment in LLU commercially viable. Pipex has already announced plans to install its kit in 60 BT exchanges enabling it to provide broadband services direct to end users. With the extra F2S customers, Pipex reckons it is now able to unbundle a further 40 exchanges as well. "The acquisition of F2S increases customer density around exchanges already allocated for unbundling, improving return on capital," said Pipex in a statement today. Established in 1997 and with its HQ in St Albans, F2S generated £7.2m in revenues during 2004 and made EBITDA earnings of £414,000. Yesterday, Wanadoo UK revealed it has unbundled 150 BT exchanges in five UK cities - Leeds, London, Bristol, Manchester and Birmingham - with plans to install its kit in 500 exchanges over the next 12 months. ®
Tim Richardson, 18 Oct 2005
homeless man with sign

CA casts light on iLumin

Computer Associates is rounding out its BrightStor storage management software through acquisition. iLumin Software Services, bought for an undisclosed sum, brings on email and instant messaging archiving capabilities. The firm's Assentor lines supports Microsoft Exchange, Lotus Domino, Novell GroupWise and other platforms. Now for a quote from Dave Ellison, president and chief operating officer of iLumin, who is joining CA as senior vice president for BrightStor. “By providing email management within the framework of CA's Intelligent Storage Management strategy, we will enable organizations worldwide to gain the cost savings and risk mitigation that result when all enterprise information assets are managed in a common manner.” And what acquisition would be complete without a quote from Gartner, the ubiquitous analyst firm? Here goes: "Companies must address their email retention and management needs now. Waiting until the company defines a plan for electronic records retention or for email active-archiving technology to mature could place your business at risk, given the regulatory requirements and escalating demands for electronic discovery." So there you have it, yet another thing on your plate to chew over. Gartner forecasts the worldwide email archiving market for licensed product at a lick over the next five years, growing from $89m in 2004 to $883m in 2009. ®
Team Register, 18 Oct 2005

e-gov head calls for Transformation Meditation

The head of e-government Ian Watmore has, in defiance of his own job title, called time on e-government, and asked local authority IT managers to get ready for t-government instead. The t, for those of you who can bear it, stands for "transformation", which Watmore says will be at the heart of the government's new vision and strategy for technology in government to be published in the next couple of weeks. Speaking in Brighton today at the annual conference of SOCITM, the Society of Information Technology Managers, Watmore said that e-government is a means to an end, but that now he intends to focus on the end itself. He sees the transformation of frontline government services is that end, and noted that almost all - up to 80 per cent - of this frontline is in local government. Ahead of publishing the new strategy document, Watmore says that at its core are three things: putting the customer (that'll be Joe Public) at the centre of government services, shared services and professionalism. Putting the citizen first means doing things like linking the profiles of prisoners set for release to the public services that should provide support for them in their rehabilitation. "Things like NHS Direct are good, but is only on the margins of what is possible from the NHS," Watmore said. "I want to have access to the doctor for diagnosis, and I want the doctor to have access to the latest information about me through the electronic patient record. I want the same to be true for teachers and police. I want the best information inthe hands of the frontline public servants." To do this, he acknowledged, central government will have to learn from local government, and all parts of government will have to get better at working together. He called on local authorities to get behind the shared services agenda in large groups to help meet the efficiency targets outlined in the Gershon review. He said that the goal must be to find the middle ground between 1,300 bits of government, all unique, all individual, doing their own thing, and a central government "one-size fits all" approach, which "invariably ends up being one-size-fits none" he added. Lastly, Watmore wants IT management to address the question of professionalism. This is essential, he says, if local government is to present itself as an attractive career option to young graduates. He argues that IT management is really seen as a role, or a job, rather than an interesting career that can challenge and reward over a period of time. But he adds that central government has a lot to learn from local government in this respect, referring to professionalism in dealing with suppliers. He says supplier relationships are often poorly managed, lurching from one extreme of openness and collaboration to another of very tough contracts no one could actually deliver. Here, he says, is another place where local authorities must seek the middle ground. ®
Lucy Sherriff, 18 Oct 2005
channel

Say hello to the Skype Trojan

Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software. Net security firm MessageLabs has detected and blocked more than 800 copies of a new variant of the MyTob (AKA Fanbot) Trojan, which is being distributed by email. References and nicknames contained in the code lead MessageLabs to conclude that the malware was probably created by a well known Chinese black hat hacker and not the original author of the malware strain. Maksym Schipka, a senior antivirus researcher at MessageLabs, said the malware is the first he's aware of that mentions Skype and as such represents a new theme for social engineering attacks. The malware arrives in an attachment in messages posing as the latest (v1.4) release of Skype. Legitimate downloads of the software only came out last week, so the attack is timely. If users open the infected payload on a vulnerable Windows machine they will find their PCs transformed into zombie clients (theoretically at least) under the control of computer hackers. Schipka said that compromised machines fail to connect to IRC servers so they are not much use to the bad guys, right now. He added that the release of a variant of MyTob by someone other than the original author showed the source code was available in at least "some circles" of the computer underground. ®
John Leyden, 18 Oct 2005

HM Customs warns of e-Xmas duty

With boffins predicting another bumper e-Xmas, officials in the UK are advising shoppers that they face import taxes and VAT if they buy pressies from overseas. HM Revenue & Customs (HMRC) has rather thoughtfully warned e-shoppers that buying goods that originate from outside the EU could land them with more than they'd bargained for. That's because goods purchased over the net from countries such as the US are liable for Customs import duty (if the amount of duty is £7 and over) and VAT (if the value of the goods is £18 and over). And it doesn't matter whether the goods are received as a gift, are new or used, or are part of a private sale. If the tax is payable then HM Customs will be after their slice. Customs Anti-Smuggling bod Phil Colclough said the warning was meant to help e-shoppers "avoid any confusion about what tax they need to pay". "Many people often don't realise that they have to pay charges on purchases delivered from overseas. We don't want to put people off internet shopping, where there are undoubtedly bargains to be found. "However, we do want to make sure that online shoppers are quite clear about the full costs involved, and that there are no unpleasant surprises when the postman knocks at the door," he said Which is why HMRC added: "Don't let parcels cost you a packet." Geddit? Don't let parcels cost you a packet? Parcels. Packet. Oh, please yourself. ®
Tim Richardson, 18 Oct 2005
For Sale sign detail

Small.biz flocks to the web

More small retailers than ever have a presence on the internet, according to a new study from ecommerce firm Actinic, which shows that a quarter of small and medium sized retail companies in the UK now have their own website, up from just secen per cent last year. The study also found a five per cent increase to eight per cent in the number of businesses providing customers with a method of ordering and paying online. Overall, however, the report reveals that retailers, even in the midst of the current slowdown in high street spending, lag behind other sectors in understanding the profitability of having a web presence. Those firms that are trading online boast a profitability of 70 per cent, Actinic said. "[This year] may prove to be the year when ecommerce finally comes of age," said Chris Barling, chief executive of Actinic. "But there is still a long way to go before the percentage of businesses trading online comes anywhere near the percentage of consumers who are shopping online. "Many small businesses are still missing out on a huge opportunity - and at a time when traditional retail is under increasing pressure." Also encouraging, however, is that 13 per cent of companies said they plan to launch a website in the future, while nearly a half of those already online planning to expand their site. Copyright © 2005,
Startups.co.uk, 18 Oct 2005

3 UK lets subscribers be video stars

Forget all those glossy images of high-powered financiers during due diligence and making stock trades on their 3G mobiles. Hutchison-owned operator 3 UK reckons what customers really want is to be able to download video of complete strangers making complete idiots of themselves – and to upload their own pratfalls. See Me TV is one of a raft of new services the telco unveiled today as it said it would “form its business” around three areas. Communications, Entertainment, and Information services. 3 UK chief executive Bob Fuller said that with a couple of years experience of running a 3G phone service, it was clear that while some customers do indeed want to download stock quotes, many many more want to watch TV trailers, make video calls, and just watch people do stupid things. Fuller pitched 3's entertainment service as both an adjunct to traditional TV services – ie trailers for broadcast shows, clips, highlights – and as a TV channel in its own right. The firm said it is looking to sign on a media agency to help it win ad contracts from potential advertisers. And if advertisers aren’t underwriting content, customers will be paying for it themselves. Fuller and other execs repeatedly emphasized that the firm intended to charge its audience for content. Fuller clearly wants to harvest revenue from other telco’s customer bases, saying, “Shouldn’t other networks users be able to access our world.” On the See Me TV service punters will pay 50p for each clip they upload, and will get 1p, every time another punter downloads the clip. Once a punters’ clip(s) generate 1,000 hits, they’ll get a tenner. No doubt 3 UK hopes that tenner will be recycled back into its coffers, via its revamped music download service, for example. Customers paying 3’s rate of £1.50 for a track downloaded to their mobile will also get a PIN allowing them to download the track to their PC, and from there to whatever device they wish.®
Joe Fay, 18 Oct 2005

Cisco extends network protection

Cisco is extending the reach of its two-year old Network Admission Control scheme to include more devices and more companies. Network Admission Control checks devices before they connect to the network. Cisco security vice president Jeff Platon said it was like security checks before boarding a plane – your passport and ticket are checked to ensure you are who you say you are, and you and your luggage are scanned to make sure you are not bringing anything nasty onboard. NAC aims to do the same thing for computer networks. More background here - http://www.theregister.co.uk/2003/11/18/cisco_combats_network_worms/ From the end of November NAC will be available for Catalyst switches and wireless devices. NAC devices collect the information on machines wanting to access the network and use a new version of Cisco Trust Agent to share it. Cisco is also introducing a new category of partner for auditing devices like laptops, PDAs and IP phones. It is working with Altiris, Symantec and Qualys to audit agentless machines – these results are then fed back to the network. This will make it much easier to check on agentless machines. Cisco is also making NAC available as a hardware appliance for the first time. It will be available from the end of November. Platon welcomed the range of partners involved and said NAC was now an industry initiative not just a Cisco one.®
John Oates, 18 Oct 2005
hands waving dollar bills in the air

Security pros win out in office politics

More than a quarter (25.4 per cent) of the security workforce in Europe spends most of their workday dealing with internal politics or selling security to upper management, according to early results from a new survey. The second annual workforce study from security certification and training organisation ISC(2) also found that either researching or implementing new technologies occupied the majority of time for around a third (30.1 per cent) of the 595 experienced security practitioners and managers quizzed. According to the survey, the efforts of many in the profession to sell their value to the organisations they work for are beginning to pay off. Survey respondents were generally optimistic about levels of influence within their organizations, with a third (33.4 per cent) saying that information security’s level of influence within business units and executive management has significantly increased. The survey, conducted by analyst firm IDC on behalf of ISC(2), also looked at the places inhabited by security functions within organisations. Around one in five (18.8 per cent) of those quizzed report into a dedicated security or information assurance department, with another one in ten (10.5 per cent) reporting directly to the board of directors and 17.4 per cent to executive management. This compares to around a quarter (28.4 per cent) who indicated they reported directly into an IT department. "We are encouraged to see from the study strong evidence that information security is becoming a domain in its own right, separate from IT, and backed by a swell in the desire to professionalise security as a recognised field of practice," said Sarah Bohne, director of communications at (ISC)2. Around two-thirds of survey respondents (62.2 per cent) said they would be pursuing information security certifications in the next 12 months. The demand for training reflects a desire by those quizzed to learn broader management skills, with the top areas of interest including information risk management (51.3 per cent), business continuity and disaster recovery (50.6 per cent) and security management practices (44.1 per cent). A preview of findings from (ISC)2 Information Security: The Shape of the Profession was delivered during a presentation at this week's RSA Europe conference in Vienna, Austria. The full report of global results, including salaries, and the expected rate of growth in the information security workforce, is due to be published in December. ®
John Leyden, 18 Oct 2005

International laws for international crimes

RSA Europe, 2005RSA Europe, 2005 Global cooperation on information security is still at the pipe-dream stage if a panel at the RSA Security conference this week is anything to go by. The panel, chaired by Dame Pauline Neville-Jones, debated how the world can counter the international challenge of information security, but the panellists displayed little consensus on the issue. Geoff Smith, a policy maker at the DTI, began by explaining the international action already under way. The UN World Summit on the Information Society met in Geneva two years ago and will meet again in December in Tunis. It is looking at funding and internet governance. Smith said the outcome was still uncertain. The European Commission is also working towards common European policy or legislation. Smith also outlined recent OECD work focussed on: identity, critical infrastructure protection, malware and the regulation of internet content. He believes content regulation is inevitable even if it varies a lot from country to country. Michael Colao, director of information management at Dresdner Kleinwort Wasserstein, was less convinced that regulators were on the right track. Colao said: ”We’ve been hearing for a long time about convergence and unified laws – I just don’t see it. It is not being addressed at a pace which we can see.” He pointed to recent action taken by the French IT regulator against several US firms because their obedience to US laws, Sarbanes-Oxley, put them in conflict with French data laws. He said local laws effectively become international laws for multi-national companies. He said some legislation is so vague as to be useless and some, such as Italy’s insistence on eight letter rather than seven letter passwords, so specific as to quickly become redundant. He said the real problem was a decline in personal responsibilty and that users had to take responsibility for their own machines.®
John Oates, 18 Oct 2005
globalisation

ID card debates need reframing

RSA Europe 2005RSA Europe 2005 Dame Pauline Neville-Jones, ex-chairman of Qinetiq and a former head of the Joint Intelligence Committee which oversees UK security services, told the Register that international agreements on security and technology are needed for the good of the business community and wealth generation, rather than as a tool against terrorists. She said: “Some sort of commonality between nations would be good, and would help guarantee freedoms – corporates will reign in the more ambitious governments.” Neville-Jones said: “Incompatibilities on approaches to security mean governments behave awkardly. Look at the US and biometric passports – the technology did not work and it created hostility and damage to the US economy – many students could not get into the country. And it has not been demonstrated that it had any benefit to US national security.” She also said the UK government should reframe the debate about ID cards to illustrate to consumers the benefits of such a scheme rather than scaring them with talk of terrorists. She pointed out that most of the 7 July bombers would have had ID cards. “ID management in the UK is primarily about business and government service provision – the government needs to explain to people the importance of confirming their own identity rather than discussing it in the context of terrorism. Consumers understand there is a security angle to this but it needs to be discussed in a more measured way.” She welcomed work by the European Commission and the OECD but said there needs to be more international discussion. She also complained that the legal fraternity have not done enough to engage in and promote debate.®
John Oates, 18 Oct 2005

Unisys to decimate workforce after poor Q3

Unisys admitted a dismal third quarter yesterday and promptly promised Wall St it would dump 10 per cent of its workers over the next year. The company said hammering down its headcount would cost $250m to $300m over the course of 2006, but would result in an analyst-pleasing $250m of savings on an annual basis by the end of 2007. Revenues in the quarter ending September 30 were $1.39bn, down from $1.45bn a year ago. Operating losses were $76.2m compared to last year’s $38m shortfall, while net loss was $54.3m, compared to a $25.2m profit a year ago. The revenue shortfall was entirely down to the firm’s technology business, which saw revenues slump from $298.6m a year ago to $213.1m. Unisys said the Q3 numbers reflected weakness in its high-end server business, while its services business saw lower than expected revenues, under-utilization of personnel and higher implementation costs in project business and “continuing issues” in two challenging outsourcing operations. Unisys's current workforce is around 36,000. A year ago it announced plans to cut 1,400 staff.®
Joe Fay, 18 Oct 2005

Bird flu: you'll die but your IT will survive

If the latest news from the wonderful world of Pandemia has got your organisation running around like a headless Romanian chicken, then don't fret: Gartner has released an essential guide to avian influenza, aka bird flu, aka Black Death II, which mercifully states that although you will most likely be lying dead among the smouldering ruins of society, your IT infrastructure can be saved for future generations. Gartner rightly warns that bird flu could be even worse than SARS, which in 2003 killed a chilling 774 of 8,096 people infected worldwide, in the process generating 1.2bn column inches of press hysteria and rating an impressive 7.2 (out of ten) on the international "Imminent Pandemic Apocalypse" scale. That's as nothing compared to avian Armageddon, though, as Gartner explains: The WHO says that "even in the best case scenarios of the next pandemic, 2 to 7 million people would die and tens of millions would require medical attention." The WHO urges the development or updating of "influenza pandemic preparedness plans for responding to the widespread socioeconomic disruptions that would result from having large numbers of people unwell or dying." OK, calm down and try to focus on your "pandemic preparedness plans", including the "possibility of an avian flu pandemic in your business continuity planning and crisis management preparations". Remember: "A pandemic wouldn't affect IT systems directly, but it would likely cause considerable economic disruption through its impact on the workforce and on business activity." Gotcha. Good to hear there is one virus which won't be running amok through our systems. Any other pointers?: Make your workforce aware of the avian flu threat and the steps you're taking to prepare for it. Assess your business continuity preparedness for this type of workforce outage scenario and try to improve it (if necessary). Assign someone in your business to track biological threats such as the avian flu. He or she should regularly review business continuity plans and update them in response to new information. Establish or expand policies and tools that enable employees to work from home with broadband access, appropriate security and network access to applications. Expand online transaction and self-service options for customers and partners. Work with customers and partners to minimize any disruption by developing coordinated crisis response capabilities. We might add the following: Bulk buy flowers and coffins as part of your business continuity preparedness for a permanent workforce outage scenario. Assign someone in your business to stand on the roof and shoot anything with wings. Set up email autoresponders to communicate: "Sorry, I'm out of the office due to death." Lock infected employees in their homes with broadband access and then paint a red cross on the door. Leave a full set of instructions on how to reboot the servers for the next generation emerging blinking into the post-apocalyptic landscape. Try to stay calm. ®
Lester Haines, 18 Oct 2005

UK ID card a recipe for massive ID fraud, says Microsoft exec

Microsoft UK National Technology Officer Jerry Fishenden has warned that the UK ID card scheme could trigger "massive identity fraud on a scale beyond anything we have seen before." Writing in today's Scotsman, Fishenden says that the security implications of storing biometrics centrally are enormous. "Unlike other forms of information such as credit card details," he says, "if core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones." Although he says that a "well-designed UK national identity card could help tackle many problems," Fishenden clearly feels that the current UK scheme does not qualify. He points to the 'honeypot effect' of putting a comprehensive set of personal data in one place, thus producing a "richly rewarding target for criminals," and says that we "should not be building systems that allow hackers to mine information so easily... Inappropriate technology design could provide new hi-tech ways of perpetrating massive identity fraud on a scale beyond anything we have seen before: the very problem the system was intended to prevent." The current design also hands out too much personal information with too little discrimination: "The ID card itself also needs to be carefully designed to ensure it doesn't add to identity fraud problems by carelessly 'broadcasting' personal information every time it's used. Would you be happy if online auction sites, casinos or car rental company employees are given the same identity information that provides you with access to your medical records? It's unnecessary: we can already design systems that ensure the disclosure of personal information is restricted only to the minimum information required (a pub landlord for example needs only to know that you are over 18). Keeping identity information relevant to the context in which it is used is both good privacy and good security practice." Fishenden's Commentary piece for the Scotsman does not appear to be generally available in the paper's electronic version, but much of it is quoted in an accompanying piece, available here. In addition, the attack on the ID scheme by the "Microsoft expert" is given the front page headline, "ID cards will lead to 'massive fraud'", an editorial demanding an immediate rethink ("Mr McNulty's ID scheme is a Dr Who fantasy which only diverts attention from the real war on terror") and a critical article from SNP leader Alex Salmond. It's about time the Scotsman got off the fence and told us where it stands, we reckon. Parliamentary spinwatch: Home Secretary Charles Clarke was today due to announce last minute 'guarantees' concerning the data to be held on the National Identity Register. According to the spin fed to the national press, he will promise that extra personal details will only be included via the introduction of fresh primary legislation, and the NIR will not include any numbers that could lead to the disclosure of sensitive personal details. Police National Computer and National Health Service identifiers are allegedly covered here, which one might take to mean that Clarke is making sure that the ID card cannot be used to check your police or your health records. Except, er, for a couple of things. The enthusiasm of Clarke and Tony Blair for the deployment of the ID card to speed Criminal Records Bureau checks does rather suggest that it'll be some use in checking for criminal records. And it is rather difficult to conceive of how it will defend us against the (largely fictional) threat of health tourism if it is not in some way possible for the NHS to connect the ID card with a valid NHS record. We know how it works with or without numbers, but if Clarke knows he's not letting on. ®
John Lettice, 18 Oct 2005
channel

Pearl casts 950 jobs over to Tata

Some 950 back office and IT jobs at UK insurance outfit Pearl Group are to be transferred to Tata Consultancy Services (TCS). Staff were told of the move this morning and have been told that no jobs will be lost as part of move. Some 150 of the group's current 1,100 staff will remain at Peterborough-based Pearl. As part of the deal, valued at £486m over the next 12 years, India-based business process outfit TCS intends to create a separate company in the UK to employ the workers. The new subsidiary will specialise in Business Process Outsourcing (BPO) for life and pension businesses kicking off with Pearl Group's business. TCS then intends to bid for business from other life and pensions companies to further expand its BPO service in the UK. ®
Tim Richardson, 18 Oct 2005

UK political party flogged on eBay

The MP3 Party, a UK political party which aimed to simplify British government and civil administration, has put itself up for sale on eBay. The party, which was officially registered as a political party in 2002 by the UK Electoral Commission, is currently on sale on the online auction site for a starting bid of £2,000. The political party has been for sale on eBay for the past three days and has yet to attract a single bid. The founders of the party, who include Russian-born Ruslan G. Fedorovsky, have decided to sell up, saying they are "too preoccupied with their own projects to make MP3 Party into real political force". They say they hope the new owner will be someone who can take the party forward. In addition to becoming the new owner of the MP3 Party, a successful bidder will get all rights to existing party logos, the party domain names - www.theMP3Party.com and the www.MP3Party.co.uk - and all current party officials will be replaced by the lucky bidder's new party officials at the UK Electoral Commission. The inspiration for the party's name is drawn from the MP3 community, who swap digital media files online. Based on the mathematical theory of complex systems, the party's philosophy states that complex systems of any kind are inherently dysfunctional. Therefore when social, legal and administrative systems reach a certain level of complexity they cease functioning. The MP3 Party wanted to apply this mathematical theory to politics and government. In addition to attracting voters from amongst the MP3 community, the party was also targeting young voters were uninterested in old-fashioned political process and systems. The party sought to implement its simplification policy into all aspects of life in the UK, including taxation, law, economics, foreign policy, immigration and the monarchy. One of the proposed slogans for the party read: "Elect us and we will delete one regulation per day, one law per week, one subsidy per month and one tax per year." Copyright © 2005, ENN
ElectricNews.net, 18 Oct 2005

Black helicopters prompt burnt toast pandemic

LettersLetters The government has pitched the price of a standalone ID card at a mere £30, presumably to try to encourage a buy-early-to-save-money rush on the things, if they do manage to get them through both houses of parliament. You still don't seem to like the idea of them very much, but your thoughts on the subject do seem to be tending towards the rather desperate humour of the condemned man: If it's £30 for an ID which will replace the need for a passport all over the EU, and it's three times that for a passport, that should kill dead sales of passports, at least for Euro travelling. Will RyanAir accept the ID card or will they still insist you buy a passport to take advantage of their cheap fares? Jonathan I wonder if this is intentional, seeing as you will presumably need to raise the £93 to get a card before you can get a job, or apply for benefits isn't that going to be a little challenging if you have no money? Perhaps this will lead to unfortunate people asking not for change for a cuppa, but change for an ID card? Funnily enough, I can do all of the things that this card "can be used for" without an ID card, or with my current passport. It's just another case of trying to justify this abhorrent waste of public money, a large chunk of which will of course go into the back pocket of the friends of the current government. As a metric of how expensive government projects are to the tax payer, I propose a new system of measurement: blokes with shovels. This simple system compares how much a project costs with simply paying blokes to shovel the money into a huge pit. (Perhaps the millennium dome inverted?) Ed I don't believe your pricing estimates, & question the validity of your data. Orwell was right, but 25 years out ibn his estimate not 1984, 2005 Rob Er, not our pricing, matey, Charles Clarke's...and for the record, we too question the validity of his data, almost on principle. The LSE says that US companies get more out of their IT kit than do European or British businesses. Your response has generally been along the lines of "Well, they would say that, wouldn't they?": LSE makes over-reaching conclusion to confirm own point of view shock! The US owned firms are probably successful enough to have invested across 2 continents (assuming that it isn't just some American guy who's come over and bought a company). Companies of that size tend to get the magic Microsoft slush fund chequebook and pen treatment (and not just from Microsoft) - cue huge discounts and better value for money; cue greater effect from IT spend. In other news, the LSE conclude that, because celebrities get lots of free stuff, they must be better shoppers than poor people. Poor people should therefore adopt a celebrity lifestyle. Richard Good plan. We'll be off to Chanel Couture to get new Register T-Shirts made up just as soon as we're done here. Don't computers cost relatively more in the UK than they do here in the US? I noticed personal computers tended to cost nearly the same number of pounds when I visited Britain in 2000 as machines here cost in dollars. That made something like a 1.5-to-1 higher cost including taxes. If you spent relatively similar amounts UK users would then get less productivity because they had less machine. It could be a smaller ratio than the above cost differences since most machines these days have quite a bit of power and memory even at the low end. Of course the price differential may be less since the dollar is much weaker against the pound currently. Anyhow, I don't personally think IT is more poorly managed over there - we are adopting ITIL here and it started there, for instance. Gary Next up, the ongoing push to get Blighty's shoppers to use chip and PIN when paying for their goods. Some reasonable questions about this technology remain unanswered: Mmmm... Chip and PIN. 1\ Ideal for mugging the OAP at the checkout. Stand in queue behind old lady. Watch her enter her PIN. Wait to leave store. Mug old lady outside. Go and empty cash machine. 2\ Ideal for teenagers. Stand in queue with parents. Watch PIN. Have full access to any pocket money at any time. 3\ How do I know that the reader is legit and not just some chip cloning machine? So, if chip and PIN is going to be the only way, how will my local petrol station cope? They have a kiosk where one pays. They tried using Chip and PIN, but customers are stupid. And they kept dropping and smashing the card readers. So now it is signature only.... Technology eh? Why is it designed by idiots? Any why don't they think about the idiots that are going to use it? :) Cheers, MAllen I refuse to use chip and pin as I believe it make me less secure even though it makes the banks and possibly the retailers more secure. The shift of liability is the main issue although there are others I haven't time to go into now. The technology while flawed is not the main problem. Like with ID cards convenience is not the most important thing in this area for me security is. I recommend this website for more information about some of the problems. Disclaimer: I do know Mike Bond and have on occasions met Ross Anderson and took his Computer Security courses as part of my Computer Science Degree. http://www.chipandspin.co.uk/ Joseph Our beleaguered security correspondent often gets emails from people who want lessons in hacking, either computers or mobile phones. You will not be surprised to find out that many of these emails comes without capital letters, punctuation or even the slightest tribute paid to accurate spelling. Here follows an example: hi i am from puerto rico and dont speck much enghish so listen i want to lear how covert in hacker i want to hack plz help me to hack i lear faster and plz dont hack my computer lol cya We suspect these sorts of letters may be prompted by occasional articles like this which confuse the very hard of thinking into believing that we are a hacking tip service. Fortunately, we have escaped any more such missives so far this week: SMS messages are based on a technology imaginatively called 'Signalling System No.7", SS7 or C7. I used to work in this area, and the feasibility of denial of service attacks was a regular topic of conversation over lunch. The basic problem is that few people have heard of SS7, even fewer understand it conceptually, and fewer still know enough about network design to spot the weak points. It is true to say that you can bring down an entire network with SMS, and I'd heard anecdotal evidence that it's taken place in Asia. The SMS messages traditionally go down the same channels as the call control messages, so if you overload them with SMS nobody can make calls either. Because this was already a problem with the unanticipated success of SMS generally, most operators will have a way to offload SMS traffic onto larger bandwidth but lower QoS links. Also, the way an SMS system is designed creates some natural bottlenecks so you'd have to really know what you're doing to exploit them. The primary defence against this attack is that few people could do it, and the way it would work is different for each operator. I'm not convinced, as the article quotes others saying, that operators really have their networks firewalled properly against this kind of attack, but the principle is definitely not new. It's possible a government agency could have the knowhow to cause a problem, but few else. I could point you in the direction of PCI boards capable of putting out tens of thousands of SMS messages a second, and that could cause some indigestion on almost any network. It just has to be connected in the right place, and that's the hard part! David So what is this "free" method of sending unlimited text messages they intend to use to send spam....? I'm sure if it existed we would all be using it. Nathan the denial of service on a mobile phone via text messages is EASILY achieved by means of a slow dialup connection. this is actually an old oddity nobodies seem to notice, until obviously now... although the proof of concept has been measured much time ago. absurd to think that only now could it be achieved when the proof of concept was originally achieved using no more a machine that could handle only Windows 95 on an unfortunate dialup connection to the internet. it left the test phone's operating system... whats a good way to put it... destroyed. the cell phone had to be sent back to the factory, and was eventually just replaced by the factory with another. a fix was never published, and as im aware, there is no phone currently with the capability to handle an attack like this! the problem stems further since the medium in which the text messages are sent have nothing in place to protect the phones. the problem is bigger than one would think... as a current computer with a broadband connection could not only take one phone down, but most likely hundreds (if not thousands with some just ali'l 'beef' to it) at the same time. Jordan Texans are up in arms about RFID tagging, and have decided to protest against the technology being deployed in supermarket chain Wal-Mart. Two mains schools of thought out there on this one. One: these protesters are paranoid loonies need small, dark, quiet rooms in which they can lie down for a while. Two: Just because you're paranoid doesn't mean they aren't out to get you. You ain't seen me, right? Sigh. when will people realise that if companies and governments really were to work in co-operation - like this book suggests - they would have done it already. Tracking what someone buys? why, the government could simply sync up credit card purchase details vs. credit card owners vs. transaction locations vs. tax records vs. mobile phone accounts vs. mobile phone triangulation vs. whatever the hell else! true, cash might make this somewhat harder, but lets look at all the CCTV footage of shop counters and start to build a face recognition database! - ridiculous. (And can you imagine a system capable of aggregating all this data?!?) as an industry analyst covering RFID as a prime area of focus, it's frustrating to hear of people like Katherine playing on people's fears. newsflash Katherine: 99% of what you complain about regarding RFID can do can already be done! if companies/governments are doing that now (at least i hope not! black helicopters again?!) why would they start with RFID? most of the educated general public i speak to about RFID are more than happy to leverage the benefits of having the right products on shelves when they go shopping, being able to have more advanced warranty claim information, feeling safer knowing their pharma products aren't counterfeit, being able to purchase cars with some 2000 configuration possibilities - i could go on for hours! I'm not saying that companies and governments should just ignore the general public. they should communicate with them more! look at the pilot of Marks & Spencer in the UK - market education is the best way to go about allaying people's fears. writing some book based on half truths to enhance personal gratification is not the right answer! Adam I wonder if anyone wants to point out to the paranoid masses that the location of that mobile phone in their pocket can also be tracked, and better still the entire infrastructure required already exists... They're called cell phone masts. Ah, can you hold back on this one, I just need to dump some Nokia shares. Steve I am disappointed that Lester has decided to ridicule efforts to warn the public about this major invasion of privacy. On the Internet some "cookies" are far less innocent than their name implies. Now data-miners have found a way to implant cookies not just on PCs but directly on people. Simply using a debit, credit, air miles or club card with a purchase can tie you to an RFID item in a store's database. It is then simple and of immense commercial value to track this items through the mall and to other destinations. Since legislation is always decades behind the technology, we need public outrage to keep the more egregious possible abuses of this technology at bay. Until these Corporations publicly declare what they will and will not do with this information and under what conditions it will be handed over to Governments, we should be very concerned about this erosion of privacy. Mark Hi Lester, I will forgive you for making fun of my "black helicopters" if you can tell me if running my trash through a Staples Paper Shredder will destroy the RFID spychips? Or do I need a special "de-spychipper" similar to what they use at the library to disarm books from setting off the alarm bells? If it is the latter, do you know where can I buy a de-activator or do I have to get it from Q (Desmond Llewelyn) ? Gar Haven't you heard? Q's been retired! I can agree with CASPIAN on this one. I don't even give retail markets my postal code or telephone number when they ask me at checkout time. And, a lot of US retailers have implemented the loyalty card scheme, to which I promptly filled in false information on the applications. I don't think retailers need to know who's buying what where. The only thing I think retailers need is how many of each item is sold at a specific location - And that can be done entirely with the store's own inventory and ordering system, with no information required from the customer. There was a car audio retailer here that used to require customers to fill out their name, address, and phone number on all purchases - Even cash purchases. For the use of a personal check, I can understand wanting this information in case the check bounces, but this is also why checks are printed with the account holder's name and address right on it. In backing up CASPIAN's allegations over the misuse of customer information, this same car audio retailer went out of business shortly after legal action resulting from 6 customers of this shop who all had their vehicles broken into no more than three months following their purchases. Aeryck Black helicopters ? Would you have said so when the first person had mentioned that supermarket loyalty cards would enable them to collate a list of what you buy ? No, they'd never do that, would they ? Now, we have ChoicePoint and friends. You really need to distinguish between what is done now (and they probably do not do any kind of RFID-to-person logging now) and what they can do, and certainly will do in the future, when the tech and its powers/limitations becomes more known. It's all about business. If it can get you money, you'd be mad to not at least look into it. Nah, let me rephrase that: you would not be doing your due diligence by not looking into it. And that, for a business, is a no no. Anon Statistics are fun. You can find apparent relationships between all kinds of unrelated things, use the same data to prove contradictory points, or, if you are a little less sophisticated, add the numbers up wrong. This week we learned that 55 plus 43 does not equal 100, thanks to research into the sex of the average gamer. Now'we're going to learn some more things about sex, gender, embryology and basic maths: As a transgender person, please allow me to update you on terminology regarding people who don't fit into the binary of two sexes and genders. The last paragraph explains how this more expansive take on gender may explain why there are so many non-male/non-female gamers Genderqueer and intergendered people consider themselves neither male or female, both male and female, or between male and female. Intersexed people would include people who are born with ambiguous genitalia, are chimeras, or have genetic differences that make determining sex different. The term "hermaphrodite" is considered by most intersexed people to be a pejorative term. Transsexuals are people who at some point in their lives experienced their sex (what's between the legs) as being different from their gender (what's between their ears). Sexual reassignment surgery (SRS) aligns sex and gender. These folk would all fall under the umbrella term "transgender," which these days is being is being a descriptor of folk who in some way don't fall under the binary system of male and female. And, in counting non-male and non-female gamers, any transgender folk might decide that the either/or of the male and female checkboxes don't quite apply to them personally. This is significant because most transgender people I know that are under 35 are gamers -- and are usually into sci-fi and fantasy games. If you for a moment has to imagine themselves as not quite fitting into the male and female boxes, that unorthodox perspective would lend itself to games where uncommon imagination is advantageous. Many transgender people search to find ways to constructively use their unconventional imaginations -- including gaming -- because its a way to find acceptance -- or an acceptable use -- for their offbeat outlook on life. Autumn We shall consider ourselves told. However, we reckon it is more likely that the researchers cocked-up somewhere in their adding-up, than that they even had "transgender" as an option on the research questionnaire. I don't believe you spent adequate time looking at the whole picture, if you would allow me to puruse the journalistic angle you esteemed vultures have missed. 35% of players are under 18 years. 43% 18-49 19% 50+ years The remaining 3% are obviously practising whilst in vitro. 55% are male, 43% are female, the remaining 2% are perhaps the above mentioned feotuses (feotusi?) at less than 12 weeks. 1% of which are beyond 12 weeks and so have all their bits, dangly or otherwise. 79% of game players exercise or play sports an average of 20 hours a month, we can only assume the participants of this in depth study were answering as game players and so played EA sports an average of 20 hours a month. Either that or 79% of gamers are liars. Who plays games online? 56% of online game players are male, 44% of online game players are female. there is no internet access in the womb, this further compounds my theory. until we get a universal serial bellybutton adaptor for wi-fi access in the womb; a greater divide between the haves and the have-nots will continue to expand. Cavan But by far the most important question to be settled this week was exactly how wide should a toast soldier be? I'm a bit concerned about a blanket 22mm soldier size when it's patently obvious that the size (and shape) of the egg comes into play as much as the strength and absorbility of the bread. We need to know more? What size or sizes of egg were involved in the tests? Will a 22mm soldier be lost in a "large" egg and will it completely fail to gain entrance to a "small" egg (*). I think is must be a conspiracy. I expect we'll find that this research was based upon a single size of egg and so, in an effort to "follow standards" the other two sizes of egg will be undersold and so lead to redunancies for chickens with the wrong size output devices. I dread to think how we will deal with the multitude of bread sizes that are not equally divisible by 22mm... Peter (*) Must admit I "lost" egg sizing after the introduction of the seven metric egg sizes in the 80s to replace our GOF imperial Large, Medium and Small and then the final migration back to that plain and simple categorisation just confused me even more. How can people write recipies if consistant egg sizes cannot be guaranteed? Damn those pesky irregular chickens... Sirs, In reference to your recent article, thetoastshop.co.uk would be more than happy to offer hybrids of its "Buckingham" toast product that might suit the needs of those seeking the perfect toasted soldier. http://www.thetoastshop.co.uk Director of Marketing TheToastShop That's enough for us. Back on Friday. ®
Lucy Sherriff, 18 Oct 2005
homeless man with sign

IBM takes hardware route to SOA

IBM has bought XML device specialist DataPower to improve the security, performance and integration of web services messages running on Service Oriented Architectures (SOAs). Terms are undisclosed. DataPower has brought up a family of three hardware devices that deliver wire-line performance by offloading XML traffic from regular servers. Security is added through support for WS-Security - the specification authored by IBM, Microsoft etc. - and other standards. DataPower's secret sauce is called XG3. This architecture uses the company's patented compiler-centric technology to speed-up web services traffic. The patent, granted in 2004, includes elements such as an XSLT compiler and describes methods for the interchange of data between arbitary data formats. Performance is further boosted because security and integration takes place in the hardware of the company's devices - called the XS40 XML Security Gateway, XA35 XML Accelerator and XI50 Integration Appliance. Support for latest web services security specifications is kept fresh in the devices because DataPower loads the code for specifications in to the flash memory, instead of coding it into the hardware, which makes modifications and updates to specifications relatively easy. According to Robert LeBlanc, IBM's general manager for WebSphere, DataPower's products have helped customers manage an increase in web services traffic as they move to more modular businesses processes and architectures under SOAs. ®
Gavin Clarke, 18 Oct 2005
graph up

PC shipments surge

PC shipments are on the increase again, despite rising interest rates and spiralling oil prices. According to research firm IDC, PC shipments grew by more than 17 per cent in the third quarter, driven by low-cost and portable systems, and beating a more conservative August forecast of 13.3 per cent. International markets have continued to expand rapidly. In Europe, Middle East and Africa (EMEA), portable and desktop systems have surged, thanks to small business and consumer purchases related to European Union expansion, general infrastructure investments, and low prices. Robust growth for the final quarter of 2005 is predicted, fuelled by a solid back-to-school market. The PC market grew 11 per cent in the US, fuelled by demand for notebooks and aggressive pricing in the desktop market, IDC said. "The third quarter is typically defined by the back-to-school season, which was particularly strong this year," said Richard Shim, senior research analyst of client computing at IDC. "Notebooks were a significant influence in the consumers' back-to-school shopping and that carried over to other markets." In Japan, the consumer market continued to improve in the third quarter, with new product launches pushing growth into double-digits, the company said. Low prices and rising adoption continued to fuel both business and consumer purchases in the Asia/Pacific market. Portable PCs now account for over 20 percent of total shipments in the region. "We continue to see remarkable growth in the PC market and relative independence from broader economic trends," said Loren Loverde, director of IDC's Worldwide Quarterly PC Tracker. "Currently, the economic environment is not the critical factor affecting PC adoption cycles. What we're seeing now is a combination of PC replacements and new users responding to low-price milestones." Despite expectations that slowing economic growth will eventually limit PC demand, the outlook is predicted to stay strong. Meanwhile, research firm, Gartner, has released figures that show a similar picture in the PC market. According to its latest data, worldwide PC shipments grew 17.2 per cent year-on-year in Q3 to 55 million units. The growth is attributed to lower prices and demand for notebooks The EMEA region saw PC shipments grow by more than 18 per cent in the period, Gartner said. Despite the stabilising PC prices, demand is expected to continue at a strong pace; Gartner analysts have speculated that this may indicate price points for consumer mobile PCs have reached an optimal point, encouraging new users and replacement buyers to buy earlier than expected. In the US, PC shipments totalled 17.9 million units in the third quarter of 2005, a 10.5 per cent increase from 2004, while PC shipments in Japan grew nine per cent in the third quarter of 2005, Gartner said. In terms of growth, Asia/Pacific was the star performer, with shipments increasing by 31 per cent, thanks to demand from China, Taiwan, South Korea, Hong Kong, as well as India. Latin America also saw significant growth, with a 22 per cent increase in PC shipments. Both reports are in line with IDC's predictions earlier this year that the PC market would stay strong throughout 2005, despite economic concerns. ® Copyright © 2005, ENN
ElectricNews.net, 18 Oct 2005
homeless man with sign

Fujitsu breaks from Intel-only camp, embraces Opteron

AMD continues to add big names to the Opteron camp with Fujitsu today revealing plans to sell two servers based on the dual-core, 64-bit chip. Later this year, Fujitsu will roll out the Primergy RX220 rack server and the Primergy BX630 blade box. The systems will run on the latest versions of AMD's Opteron chip and sit alongside SPARC-, Itanium- and Xeon-based gear already in Fujitsu's stores. With Fujitsu on its side, AMD can now claim four of the top five server vendors as customers. Dell insists on sticking with Intel only. "The inclusion of AMD Opteron in the PRIMERGY family offers our customers the widest range of choices for how they build out their data centers to meet both current and future needs,” said Richard McCormack, an SVP at Fujitsu Computer Systems. “With AMD Opteron-based servers, our customers will be able to achieve greater density and price performance, two top-level data center goals.” A number of hardware makers have become more vocal about their support for Opteron since AMD filed an anti-trust lawsuit against Intel. Motherboard supplier Supermicro, for example, agreed to appear in an AMD press release about third-party Opteron server sellers. And now Fujitsu is pointing to the power consumption, performance and price benefits of Opteron over Intel's Xeon chip. For some reason, such impressive edges mattered less to customers just a few months ago. The RX220 will ship in December, starting at $1,700. It will be a 1U server aimed at high performance computing centers. The BX630 will ship in mid-November at a starting price of $2,350. Fujitsu will support linking two of these two-way blades together to create an eight processor core packed dynamo. The new blades will fit into Fujitsu's existing BX600 chassis and can be used alongside Xeon-based kit, if you can stand the heat. Intel recently put out its first real response to the dual-core Opteron with the Paxville - aka "Hot Carl" - version of Xeon. The chip giant expects to roll out more sophisticated dual-core chips next year. In the meantime, it seems AMD will happily pick off formerly Intel-only customers. Reporters and analysts who have covered Fujitsu for any length of time will relish one of the more amusing angles of this deal. A couple of years back, Intel's marketing staff saw Fujitsu's embrace of Itanium as the signal to unleash a flood of anti-Sun gossip. Intel staffers insisted that Fujitsu, in secret, had already agreed to give up on SPARC and go Itanium only in the long run. Well, er, that didn't quite pan out with Fujitsu and Sun signing an extensive engineering and sales deal around SPARC, Itanic turning into a total disaster and now Fujitsu picking up Opteron. Worth a chuckle. ®
Ashlee Vance, 18 Oct 2005

MySQL destined for 'majority' market share

With MySQL experiencing a possible backlash, it seems the company can confidently flip the middle finger to certain critics with the latest market share numbers from Evans Data Corp (EDC). MySQL is fast approaching majority market share among software developers, with 44 per cent using the open source database to meet their needs. Use of MySQL has surged 25 per cent during the last six months according to EDC. Overall deployments of open source databases have grown 20 per cent. EDC polled 400 developers in North America. EDC did not go into why MySQL in particular is growing, but noted that database security is an important facet of database development overall. "Evans found that proprietary database servers are almost twice as likely to have suffered a [security] breach in the last year compared to open source database servers," EDC said. A major factor in MySQL's success has been its close association with Linux, the Apache web server, and the Perl/Phython/PHP scripting languages - a combination known collectively as the LAMP stack. LAMP is being used by a growing number of developers to provide a low-cost, reliable platform for web-based applications. MySQL has also been especially successful in embedded systems, which compose more than 60 per cent of the company's business. MySQL decided to take its embedded business a step further in September by agreeing to jointly develop a certified version of the company's database with SCO for the OpenServer 6.0 operating system. SCO estimates 85 per cent of its Unix-based deployments require a database, with the company enjoying large use in the retail sector. The SCO deal opens the door to wider uptake of MySQL in the retail market. MySQL's decision, though, has produced reports and reaction over the "ethics" of doing business with the Linux pariah. Furthermore, a pillar was apparently whipped out from beneath MySQL's business with Oracle's decision to buy MySQL developer partner Innobase. Innobase develops open source discreet transactional database technology InnoDB, which provides many vital database features and is distributed with MySQL. Innobase's contract with MySQL is up for renewal next year, and Oracle has said it "fully expects" to negotiate an extension to the relationship.®
Gavin Clarke, 18 Oct 2005

Old dog VMware learns new server partitioning tricks

VMware stands as a rarity in the virtualization game. It's an old timer - a grizzled veteran. Few, if any, other companies in the x86 market can claim such a diverse, virtualized customer base or say they're on the third, fourth or fifth generation of a product. VMware this week will talk up its maturity during the VMWorld user conference in Las Vegas because it has to. Microsoft and the Xen clan have mounted young but potentially formidable attacks against VMware's workstation and server partitioning stronghold.  To prove that it's still well ahead of the competition, VMware will show users its upcoming high-end ESX Server product, a slew of more sophisticated software management tools and fresh services programs. "We are moving forward and adding value, while the other vendors are playing catch up," said Brian Byun, vice president of products at VMware, a subsidiary of EMC. "These are things that we've talked about for awhile and are delivering on." So what can VMware customers expect to see with ESX Server 3? Well, first off, VMware has created even tighter links between ESX Server and the VirtualCenter 2 (new release as well) management software. Advances with this software pairing have let VMware deliver something it's calling "distributed availability services." Essentially, VMware is proposing that customers cluster together virtual machines just like they have done with physical servers in the past. It doesn't claim that many companies will turn to this option for their crucial Oracle databases, but it does suggest that customers will choose to use virtual machine clustering on a host of applications they would usually deem not crucial enough for typical clustering. The obvious idea is that by clustering within the same server customers save on hardware costs and other overhead. This means you might consider clustering less crucial applications just because you can. VirtualCenter will detect if a virtual machine crashes or even worse if a server crashes and move OS and software images around a physical cluster or virtual cluster, doing load balancing along the way. It can also shift applications around if a spike in load is detected. In addition, VMware has bulked up the ESX product to handle larger workloads. The software can support up to four virtual processors and up to 16GB of memory. That's an improvement over support for just two virtual processors and 3.6GB of memory in the current version of ESX Server. Along with the new software, VMware has added some new services programs that again give it the look and feel of a mature player in the virtualization market. It now has tools for surveying a data center to see which applications and servers could benefit most from partitioning. With this tool, services teams can assess a data center three to five times faster than in the past, Byun said. VMware can now also give customers more detailed roadmaps for long-term partitioning plans. Both ESX Server 3 and VirtualCenter 2 are in beta testing and will ship in the first quarter of 2006. Most customers will typically install VirtualCenter on a dedicated server and then add ESX Server to different systems. A Virtual Infrastructure Node combining ESX Server, Virtual SMP and a VirtualCenter Agent starts at $5,000.®
Ashlee Vance, 18 Oct 2005
Broken CD with wrench

Legal charge mars Intel's sparkling Q3

Intel cited broad success across all of its major product lines during a healthy third quarter FY2005. Despite record revenue, however, Intel missed earnings expectations by a penny due to a large legal charge. The chipmaker reported an 18 per cent year-over revenue rise to $9.96bn. Net income also rose 5 per cent to $2bn with earnings per share (EPS) coming in at 32 cents. That EPS total fell below the 33 cent per share figure analysts had been expecting. Intel took a 2 cents-per-share charge as a result of a settlement with MicroUnity. Intel will resolve the patent infringement dispute by paying MicroUnity $300m. "In the third quarter, we achieved all-time records in company revenue and unit shipments across all of our major product lines," said Paul Otellini, Intel president and CEO. "Execution remained solid as we launched our new dual-core server platform ahead of schedule and began shipping microprocessors built on our industry-leading 65nm process technology." But execution really wasn't all that solid as the dual-core chip Otellini mentioned arrived six months after AMD shipped a competing part. In fact, Intel won't have an honest to goodness competitor to AMD's Opteron chip until next year. AMD's server chip technology lead over Intel has helped it woo most of the major hardware makers, including a new deal with Fujitsu. Despite the competitive pressure, Intel pointed to a number of major gains during the third quarter. Chip sales set a record as did chipset shipments. Flash memory shipments also hit a record and so did shipments of processors designed for mobile devices such as cell phone and PDAs. The only real down spot for Intel was lower motherboard sales and flat overall processor ASPs. Intel expects fourth quarter revenue to come in between $10.2bn and $10.8bn. ®
Ashlee Vance, 18 Oct 2005

Motorola's Zndr toasts record Q3

Motorola claimed 19 per cent of the worldwide market for mobile phones, its highest share for some years in a booming third quarter. The company reported record earnings of $9.42bn, up from $7.5bn in Q3 2004, and net earnings up almost fourfold to $1.75bn from a year ago. Tumescent mobile sales accounted for most of the growth. The phone division grossed $5.6bn, up 41 per cent from last year, and made up almost 60 per cent of Moto's entire business. The company shifted over 38m mobile devices in the period, gaining a percentage point of share quarter-on-quarter. The strategy of misspelled brand names that's been so successful with the Razr phone, and less so with the Rokr, looks set to continue. Motorola will unleash the Pebl and the Slvr this autumn. Motorola's CEO Ed Zndr, said it was a ringing endorsement of Motorola's "seamless mobility", a tagline appropriate for a catsuit manufacturer. Networks grew 7 per cent year on year grossing $1.56bn, and solutions 4 per cent to $1.62bn. The smallest division, home consumer electronics, grew by 28 per cent, earning Motorola $710m. Motorola has been buying back shares and writing off debts, and finished the quarter with $8.4bn cash in the warchest. ®
Andrew Orlowski, 18 Oct 2005

Bird flu fever hits eBay

Internet auctioneer eBay has shut down sales through it service of Tamiflu, which can help reduce the severity of avian flu, amid growing concern of a potential pandemic that could kill humans. An eBay spokesperson told The Register that the company had pulled a handful of listings from its UK website, because the sales contravened eBay's policy over the sale of controlled substances and prescription drugs. eBay acted as packets of Tamiflu, which comprise 10 capsules, had reached £104 and attracted 84 bids. Tamiflu is usually available through prescription only, for between £25 and £30. News of the auction on eBay.co.uk comes as the first cases of avian flu are confirmed in Europe, in Romania and Turkey, with further cases suspected in Greece. No case of auctions on eBay's US website have yet been confirmed, although four cases are confirmed of sales of non-controlled substances that claim to boost the effect of Tamiflu. A Google search revealed numerous cases of sites across the internet that are offering to sell Tamiflu.®
Gavin Clarke, 18 Oct 2005

Apple and Disney's two-inch disappointment

OpinionOpinion The AP went with "groundbreaking." Robert Iger, Disney's new chief, exclaimed, "This is the first giant step to making more content available to more people online." Such praise, however, shot well over the rather humble news last week that a video iPod arrived which will play ABC TV shows for $1.99 a pop. This isn't an anti-Disney thing nor is it an anti-Apple or anti-Apple freak thing. We love Mickey Mouse and can't think of anything better than seeing the rodent with a white cord dangling around his neck. No, the cynicism stems from how hard the industry as a whole - IT, content owners and media included here - tries to hype what consumers don't care about or want. Paying $1.99 to watch 40 minutes of TV on a 2.5 inch screen? Why not offer us an Orange Julius fetched from the toilet or an asbestos jockstrap? Anyone who decries the use of P2P technology or fingers BitTorrent as evil can look at this Apple and Disney announcement and then bite his tongue. These technology and media companies are quite plainly mocking consumers by offering up such teeny content. Hasn't the video on a portable device idea already played out as a disaster over and over again? And the press is no better. All types of media outlets ran around last week, touting the revolution of paying for miniscule images on miniscule screens as a great thing. Er, you can watch the same programs for free on your massive TV, and this is considered pretty unimpressive. Hardly any of the reporters even mentioned that consumers could actually watch fullscreen versions of the TV shows on their computers via iTunes. That's the bigger news, although we're not sure it's even all that big. (John C. Dvorak recently hit on the media's terrible Apple fetishism and so did Jack Shafer over at Slate. Examples of the shameful Apple coverage can always be found on the pages of the New York Times and Wall Street Journal where David Pogue and Walt "My Assistant Will Segway Me a Latte" Mossberg puke up non-stop advertorials for Steve Jobs.) This week has seen local Team Rodent affiliates, actors and union groups gripe about the Apple and Disney deal. Don't their concerns more or less prove that Disney knows this whole thing will be a flop? Would the media giant really not tell any of its major partners about such a plan just so it could secure a prominent place on the iPod or even iTunes? We don't think so. No, the content holders still want to wall themselves off in an old world. They'll toss the occasional bone out here and there to make it seem like they know what consumers want, but in reality they don't care. Take, for example, MLB.com, which has been charging well over $10 a month all season to let consumers watch baseball games live on their PCs. Well, when playoff time hits, all the games go to FOX and ESPN, and MLB.com shuts up shop. Even though you've shelled out tons of cash during the season, you can't watch the games you really want to see, if like us your favorite team is in the playoffs. Go Astros. Still, MLB.com claims you can see them. It has a "Postseason Package: Live" offering up for sale now. Only, it's not live at all. You can only watch archived games. The only live option actually available is streaming radio. And here we thought Americans were technology savvy capitalists and that radio was a thing of at least Web 0.4. And why not deliver the live TV? All season, viewers have seen ads just like the TV watchers sitting at home. Can't FOX keep showing you the same ads and make some extra cash off subscribers? It sure could, but the content owners would hate to sell something you'd actually want. You can be sure that kids and adults the world over will keep downloading their favorite TV shows and hunting down music if the best these companies can up with is 2 inch programming and DRM-laced tunes. The only thing worse than these feeble offerings is a press corps that cheers the move. Why not at least point to the more impressive selection of 5 shows via iTunes and then go ahead and criticize that for being a mediocre selection? That would be the right thing to do. Sue the kids for getting what they want? Not in America. You're supposed to sell it to them. ®
Ashlee Vance, 18 Oct 2005