3rd > December > 2005 Archive

The bizarre world of Patrick Byrne's Overstock

AnalysisAnalysis The SCO Group and Senator Hatch aren't the only strange things you'll find in the beautiful state of Utah.
Ashlee Vance, 03 Dec 2005

HP storage closes in on EMC

Disk was king in the third quarter with storage sales surging a record 13.3 per cent, according to market researcher IDC. The storage vendors pulled in $5.7bn in the period. IDC noted that this was the highest growth rate since it started keeping track of the storage sector in 2001. Total petabytes increased 58 per cent year-over-year to 505 petabytes or half an exabyte. "This is the third consecutive quarter that disk storage systems revenue growth has outpaced that of the server market," said Brad Nisbet, an analyst at IDC. In the external disk market, EMC remained the top dog with $786m in sales and 20 per cent share. HP, however, is catching up after posting a strong quarter and shipped $740m in systems to leave it with 19 per cent of the market. IBM, Dell and Hitachi rounded out the top five. In all worldwide disk sales combined, HP took the top spot, selling $1.3bn worth of gear and eating 24 per cent of the market. IBM finished second with $1.2bn in sales and 21 per cent share, while EMC placed third with $786m in sales and 14 per cent share. Dell and Hitachi rounded out the top five. ®
Ashlee Vance, 03 Dec 2005
hands waving dollar bills in the air

Phishing with Google Desktop

It's nice to see Microsoft and Google's respective technologies working in tandem - but not so nice to see it used to expose data on your own hard disk to a malicious website operator. Security researcher Matan Gillon has published a proof-of-concept flaw that exploits Google Desktop, the search software that runs on a local PC, and Internet Explorer 6. The principal culprit, once again, is Microsoft's lax and inconsistent implementation of Cascading Style Sheets (CSS) in Internet Explorer. A web site can inject code into a page which allows it to execute on a remote machine. "All an attacker has to do is lure a user to a malicious web page. Thousands of web sites can be exploited and there isn't a simple solution against this attack at least until IE is fixed. That means millions of IE users are affected by this design flaw," writes Gillon. Opera and FireFox users are safe. However this particular flaw wouldn't have been possible without careless programming by Google, which amazingly, fails to obey the Google Desktop security model on its own site. Gillon discovered that on certain pages, such as Google News, it was easy to extract the security key that the local copy of Google Desktop needs to permit queries to be executed. "This feature has been in IE at least since IE 6 came out," writes a sarcastic Slashdot member. "That means Microsoft is again leading the field when it comes to AJAX and Web2.0 products." The weight of responsibility for this flaw falls on Microsoft. But Google shares some blame too, for failing to take the integrity of your personal data seriously. ®
Andrew Orlowski, 03 Dec 2005

Cingular pushes the PTT button

Cheeky Cingular took the wraps off its Push To Talk service today, inviting subscribers to join the "largest Push To Talk network" in the US. That honor belongs to Sprint-Nextel, of course, it's a feature that Nextel pioneered using Motorola's IDEN network, birthplace of the chirp that announces an incoming message. Cingular is merely the largest network in the US, a shade ahead of Verizon. Nevertheless Cingular becomes the largest GSM operator in the world to add the feature, so it's a genuine milestone. Cingular will charge $9.99 for unlimited use, or $19.99 for all the phones covered by a family talk plan. GSM operators have been leery about introducing PTT, as amongst other things, it's a natural and much more user friendly replacement for text messaging. You just push a button, and a "voicemail" is delivered to the recipient. Since text messaging forms the bulk of their data revenues, carriers have been reluctant to compromise the cash cow. Cingular desperately needs more phones to support the service: it only works with one model right now, the LG F7200 slider, with the higher-specced Samsung D357 flip "coming soon". While all of Nokia's forthcoming E series support PTT, Cingular surely wants more in alow end that appeals more to the younger demographic. More details in Cingular's FAQ.®
Andrew Orlowski, 03 Dec 2005

Hands on with Hosted Exchange

Running an email infrastructure has always been a thankless job. When it is all going well, you’re lucky to get an odd grunt of appreciation, but the bulk of the feedback generally comes in the form of complaints, threats and abuse when things go wrong.
Dale Vile, 03 Dec 2005

EC opens investigation into dotcom contract

The European Commission has opened an investigation into the new dotcom contract following a formal complaint by a lobbying group calling itself the Coalition for ICANN Transparency (CFIT). According to CFIT, the proposed contract drawn up between internet-overseeing organisation ICANN and registrar VeriSign breaches EU competition laws. It will have "significant anti-competitive effects in markets for domain name registration and for related Internet services which depend on these domain registrations," CFIT argues in the letter to the EC's Competition Directorate. In particular, CFIT claims, it breaches Articles 81 and 82 of the EC Treaty which prohibit agreements that reduce consumer welfare by providing the ability to raise prices, reduce choice or undermine innovation. The letter follows lawsuits lodged in California earlier this week that claim the contract also breaks US anti-trust laws. Changes in the proposed contract will see VeriSign handed effective control of the dotcom registry in perpetuity. VeriSign will also be entitled to increase what it charges for domains by seven percent a year. ICANN's response so far has been to dismiss the legal threats as an attempt to influence the public comment process that the contract is currently going through at its meeting here in Vancouver. ICANN general counsel John Jeffrey also told us that it did not consider the lawsuits as legitimate public comment. That response was supported in part by Ross Rader of registrar Tucows, one of the most outspoken critics of the new contract. He told a meeting in Vancouver on Thursday that he was "not completely supportive" of the litigation. However, there is no denying that the CFIT's professional lobbying effort is having an impact both on delegates and the wider internet community. What remains unanswered is who precisely is funding CFIT. For a body that even includes transparency in its name, CFIT remains suspiciously opaque. Our rough estimation is that it has already spent $200,000 on the lobbying effort so far, and it shows no signs of stopping. And yet the only contributor to come forward, Pool.com, simply does not have the resources to fund the whole effort. Its CEO, Tony Farrow, also confirmed to us that the company had put nowhere near our estimated figure into the organisation. ®
Kieren McCarthy, 03 Dec 2005
globalisation

Cisco’s AON: Jeeves in a router or a box of evils?

At first glance, Cisco’s AON (Application Oriented Networking) looks like a brilliant idea. Essentially, it proposes to suck all manner of security, administrative, and even business policy functions into its routers and switches. That looks as if it should benefit everyone – especially existing and prospective Cisco customers – and might even grease the wheels for quicker and easier adoption of SOA.
Tom Welsh, 03 Dec 2005

Hibernate Object Relational Mapping

How many Java applications have you built that store data in a database? For me, almost all the Java systems I have been involved with have, at some point, involved a database. In general, what has happened is that data held in objects, at some point has been stored into the database, so that it can be restored back into objects later. Thus, the database has acted as a persistent storage device for information required by the Java system. This can of course be achieved in a variety of ways, and the use of JDBC lies at the heart of this process.
John Hunt, 03 Dec 2005