16th > December > 2005 Archive


AMD forced to be more modest with Spansion IPO

AMD is feeling the pinch as tepid interest in its Spansion spinoff has forced a reduction in the IPO price range. In a filing with the US Securities and Exchange Commission, AMD revealed a cut in the price range for the memory company IPO down from between $16 to $18 a share to between $13 and $14 a share. The Wall Street rumor mill pegged even the $13 target as ambitious with some saying a $12 per share target might be more likely. This is hardly the reception AMD was expecting. Spansion looks to raise up to $493m in proceeds from the IPO. By freeing itself of an up and down memory business, AMD's results should appear more consistent. The company has been taking market share from rival Intel, particularly in the server market and has enjoyed record processor revenues in recent quarters. In addition, Intel may be less inclined to be as fiercely competitive on memory prices with Spansion as it was when AMD sold memory in-house. ®
Ashlee Vance, 16 Dec 2005
hands waving dollar bills in the air

Open Source in the mainstream

CommentComment A few things have appeared from various sources lately resurrecting the old discussion of whether Open Source software is “safe” or “right” for mainstream adoption. Whilst many of us consider this issue to have been dealt with long ago, there still seem to be some out there who want the debate to continue. The problem is, however, that such debates often get muddled, confusing discussion of the Open Source approach with the pros and cons of specific Open Source solutions. It is relatively common, for example, for people to use the terms Open Source and Linux interchangeably. As part of this confusion, there is then a tendency to regard any challenges with a particular solution to be somehow associated with its Open Source status. Desktop Linux is a prime example of this. Whilst research indicates that early adopters have often experienced problems with software compatibility and availability, for example, this is simply a function of Linux not yet having achieved critical mass in the desktop environment - it has nothing to do with the origin of the software. Any new commercially developed desktop operating system released into the market today would have to overcome the same hurdles on the way to mainstream acceptance. It is easy to see how confusion occurs, however. Solutions coming out of the Open Source movement are sometimes perceived as being relatively immature at a generic level, because at any point in time we can identify many offerings that are young and/or have not yet achieved the critical mass we were referring to before. But again, this is not a function of the Open Source approach per se, but of the rate the community is growing, and if we look elsewhere, we can see exactly the same dynamics in some parts of the commercial software industry – e.g. in the mobile and wireless solutions space. In the meantime, there are clearly many mature and well proven Open Source solutions out there – Linux (on the server), Apache, JBoss and MySQL - to name a few of the obvious ones. There is then the more fashionable debate about software innovation and Open Source developers not having access to the same R&D budgets as the big commercial software developers. There is a whole philosophical discussion that we won’t get into here, but looking at it pragmatically, it is clear that there is creativity coming out of both camps, suggesting that the approaches they use are just different ways of achieving the same thing. And let’s face it, with organisations like IBM, CA and others donating significant amounts of resource, funding and intellectual property into the Open Source arena, can we really unravel who is driving what kind of research and development and on which agendas? But having gone through all this, the critics then come back with the supposed killer blow of Open Source being a complete lottery from a maintenance and support perspective. This might possibly be the case if you are trying to run your business with software installed from a disk stuck to the front of a consumer magazine, but there is enough money to be made from delivering Open Source solutions now for mainstream suppliers to back them up with full blown support and maintenance services. As an example, when we spoke with some of the management team at JBoss recently, the conversation was no different to the equivalent discussion with a traditional commercial software vendor – it was all about customer needs, component bundling, product lifecycle and release management, software maintenance services, routes to market, integration partnerships and so on. These kinds of developments, along with the commercialisation of Open Source by the likes of IBM, Dell and HP might feel a bit uncomfortable for those at the other extreme who advocate free software and free community support. The reality, though, is that IT Managers and Executives feel more confident with traditional solution delivery mechanisms with clear supplier responsibilities. This can only be achieved if money is available to invest in technical staff, call centre operations, etc. Commercialisation of Open Source also helps to fund the competitive drive into the mainstream, which, quite simply, requires cash and a mechanism for generating it on an ongoing basis. Without this, battling with the marketing machines of commercial software companies and creating interest and activity in the IT delivery channel is extremely difficult. So, what does all this mean from a customer perspective? Well, the obvious conclusion is that most organisations should probably not get too hung up on whether a solution is Open Source or not as this is unlikely to be a significant factor in determining the capability of the product, quality of support, coherency of release cycle, and so on – provided, of course, you are using an appropriate source. Maturity, skills availability and cost of acquisition and ownership are all considerations too, but again, none of them are specific to Open Source. Even the value of savings on licence costs needs to be considered in the overall context as other factors, such as cross training costs, different operational and support requirements, etc may neutralise the benefit in some cases. It is impossible to generalise in this area. In terms of practical advice, we would always recommend people include at least a couple of new or different alternatives on the evaluation list when going through a significant selection process, then offer them up against the business objectives alongside the more obvious solutions. If you do this without prejudice, you will find quite naturally that Open Source solutions will increasingly end up in the mix and it is important to include these rather than dismissing them purely because of where they come from. It is then a case of evaluating options on their merit in the context of what you are tying to achieve. Whether individual solutions are Open Source or otherwise is largely irrelevant to the process. After all, it’s all just software and services at the end of the day. Dale Vile is Research Director at Freeform Dynamics, an independent industry analyst firm.
Dale Vile, 16 Dec 2005
Broken CD with wrench

Intel India earns chance at Xeon redemption

A botched attempt at creating a new Xeon processor won't slow Intel India down, according to a local report. Intel has its Indian designers creating a new multi-core Xeon chip. Intel India has been blamed for the failed Whitefield project. The four-core chip promised to be Intel's most sophisticated Xeon product to date, boasting a high-speed interconnect called CSI capable of competing against AMD's Hypertransport technology found on Opteron. Whitefield was the first major Intel processor design project to take place in India and got its name from an IT-rich township on the edge of Bangalore. Despite the past failures, Intel is ready to give its Indian engineers a second chance. "More or less all the people in the Whitefield project will be reassigned to this (new project)," Intel Technology India director RK Amar Babu told The Times of India. Babu declined to reveal the code-name of the Xeon project or to provide any specifications about the processor. Srinivas Raman, Intel's former general manager at Intel India, led the Whitefield development but left Intel for Cadence when the project was nixed. The Whitefield debacle raised many questions about Intel India's ability to serve as a contributor to Intel's most significant projects. Babu stressed that the new Xeon effort shows Intel's faith in the region in his interview with the Times. You can find the full report here, but beware the pop-ups. ®
Ashlee Vance, 16 Dec 2005

Oracle's Q2 nicked by income drop

Oracle failed to impress investors with a second quarter that saw profits decline and currency effects punish the company's bottom line. The database maker posted revenue of $3.3bn – a solid 19 per cent year-over-year increase. Net income, however, dipped 2 per cent to $798m. Part of the disappointing results could be attributed to "currency moving during the quarter nearly 5 per cent in the wrong direction," according to Oracle's CFO Safra Catz. Oracle also disappointed investors three months earlier when flat database sales marred its first quarter. Oracle noted that second quarter software revenue increased 18 per cent to $2.6bn. New database and middleware license revenue only increased 5 per cent year-over-year, while applications new license revenue surged 24 per cent to $266m. Services revenue jumped 26 per cent to $675m. Fancy suit Larry ignored the immediate financial results to turn the focus back on Oracle's PeopleSoft buy. "Since our acquisition, customers running PeopleSoft products have registered substantially improved satisfaction levels," said Oracle CEO, Larry Ellison. "As a result those customers are now renewing their support contracts at a higher rate than when PeopleSoft was a stand-alone company. Nobody predicted that. They're happy, we're happy." Oracle expects third quarter revenue to come in between $3.4bn and $3.5bn with earnings per share of 19 cents – or one penny below the current analysts' estimate. ®
Ashlee Vance, 16 Dec 2005

Wikipedia science 31% more cronky than Britannica's

Coverage of Wikipedia in the popular press veers between two extremes. It's either the admirable heroics of plucky amateurs - it's Neasden FC winning the FA Cup - or it's the latest net threat to civilization. This week a survey by Nature gave sympathetic news editors the chance to revisit the first view. Accuracy of Wikipedia matches Britannica, review shows, boasts CBC. Wikipedia as accurate as Britannica on science trumpets CNN's website. Business Week, which wants to be the house journal for Web 2.0 badgers, has no doubts. A Vote of Confidence in Wikipedia it shouts. But what's the real story? Science journal Naturechose 50 science articles from both Encyclopedia Britanica and gave peer reviewers a blind test to find mistakes. That gave the free-for-all web site a fighting chance - as it excluded the rambling garbage and self-indulgence that constitute much of the wannabe "encyclopedia" social science and culture entries. 43 reviewers replied, and this is what they found. Britannica turned up 123 "errors", and Wikipedia 162. In other words, the quality of information coming from Wikipedia was 31 per cent worse. Peer reviewers also regarded the Wikipedia entries as poorly written and structured. "They need a good editor," Britannica's Tom Panelas told the BBC. Many Wikipedians will say that this reflects poorly on Britannica. Indeed so, although without a closer look at the reviews, no one should draw firm conclusions. There are errors and there are errors, and some of the Wikipedia science entries were real clangers. It incorrectly described how Mendeleev's work related to that of British scientist John Dalton, and one peer reviewer asked, in amazement, "Who wrote this stuff? Do they bother to check with experts?" For anyone concerned about the quality of information, this is depressing reading. The McDonalds-ization of street food means you can go anywhere on the planet on get a terrible, bland meal of unhealthy junk food. Is the same thing happening to knowledge? Wikipedia, like McDonalds, wants to be ubiquitous. If Nature is correct, the future is going to be a third more unreliable than it is today - a depressing prospect, we think you'll agree. If ever needed proof that a glut of information doesn't mean better information, we now have it. Who could possibly hail this as good news? Two camps, we think. People with a real chip on their shoulder about authority, as we saw earlier this week. People with a contempt for learning, many of you say. But more broadly, only someone more obsessed by process than by the end result can regard this as any kind of victory - something all the popular press missed in their anxiety to gives us an upbeat, good news story from Planet Wikipedia yesterday. [A Wikipedia mailbag special follows later today - in English, not Klingon.] ® Update: Readers Ernest Trurro and Barry Kelly have had a brainwave. Why not count the "error rate"? "You didn't care to compare the average article lengths to find the actual error _rates_, which is what really matters, did you?" huffs Ernest. "I thought not." "It seems you left out the fact that Wikipedia articles are on average longer than the respective Britannica entries," says Barry, who adds, darkly: "Whether that's by malice or incompetence I don't know." Let's put to this to the test. Here's a hypothetical entry, containing two serious errors. Sir Isaac Newton was born in 1462 and published the Theory of Relativity. We can see that it is 13 words long: an "error rate" of one every 6.5 words. Now here's a longer version. Sir Isaac Newton was born in 1462. Badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger badger snake He published the Theory of Relativity. This version is 114 words long, and contains only 2 errors - an "error rate" of one every 57 words. That's almost nine times more accurate - and very much proves Barry and Ernest correct. We unreservedly apologize, and once again, must hail the power of "collective intelligence".
Andrew Orlowski, 16 Dec 2005

Samsung chairman in clear on bribery charge

Senior Samsung staffers no longer face charges that they bribed local politicians, the Seoul District Prosecutors Office said this week. Officials said there was insufficient evidence for the claims, and in any case the deadline for action set by South Korea's statute of limitations has now passed. The allegations were prompted in July this year when local media published tapes of a conversation between Samsung chairman Lee Kun-hee, vice-chairman Lee Hak-soo, the chairman's brother-in-law and Hong Seok-hyun, South Korea’s ambassador to the US. The tapes were said to record them negotiating a KRW10bn ($9.8m) donation to a presidential candidate. However, the recording was made in 1997, more than seven years ago - the limit set by the country's statute of limitations. The Prosecutors Office also said there was no evidence the money being offered belonged to Samsung and not Lee, who has always maintained the money was a donation not a bribe. Lee is being sued for alleged debts relating to Samsung's now-closed automobile business, the Financial Times reports. The tapes were made by South Korean security agencies - actions that have since been declared "illegal" by Hwang Kyo-ahn, the senior prosecutor who headed the investigation. "The prosecution has conducted a thorough investigation of the spy agency’s illegal wiretapping operations on politicians, businessmen, judicial officials and journalists in the past governments,” he said. "However, with the statute of limitations on most illegal activities... expiring and the spy agency already having destroyed a significant part of related evidence, there had been difficulties in pushing ahead the investigation." ®
Tony Smith, 16 Dec 2005

Onetel still looking for a buyer

Centrica is still looking to flog its Onetel phone business despite earlier reports that the utilities giant - which also owns British Gas - had failed to find a buyer. Earlier this month reports surfaced that the company was on the verge of scrapping the sale of its OneTel telco operation after failing to receive a decent bid for the business. While Centrica was reportedly looking for £300m - £350m for the business, it seems it only managed to attract a bid of smidgen more than £100m. But in a trading update published today Centrica said it was still looking to offload its telecoms business, which boasts some 1.7m telecoms and broadband punters. "Discussions are continuing on the sale of Onetel," said the company. Nuff said. ®
Tim Richardson, 16 Dec 2005

Adobe beats targets for Q4

Adobe has claimed a “remarkable” 2005, turning in fourth quarter revenues that were slightly ahead of its targeted range. The software vendor turned over $510.4m in its fourth quarter ending December 2, up 19 per cent on the year. Its target range had been $490m to $510m. Net income was $156.3m, compared to $113.5m a year ago. This worked out to $0.31 per share, or $0.30 on a non-GAAP basis. Analysts had expected $0.29 per share. For the full year, sales were up 18 per cent to $1.97bn, while earnings came in at $602.8m, up 34 per cent. Adobe expects first quarter revenues to come in at $630m to $660m, with earnings of $0.28 to $0.30, excluding charges, including those for its Macromedia purchase. No matter how many beans the company brings in next year, they won’t be counted by CFO Murray Demo. Adobe announced yesterday that Demo plans to leave by the end of March, to spend more time with his family.®
Team Register, 16 Dec 2005

Opteron beats 'Dempsey' Xeon in performance- per-Watt test

Intel's upcoming 65nm, dual-core Xeon DP processor, 'Dempsey', is fast, but its performance comes at the cost of some serious power consumption, a pre-production test using the chip giant's 'Bensley' platform has shown. The trial was conducted by website Anandtech, which immediately went off and ran the same benchmarks and power consumption measurements on a comparably configured Opteron 280-based rig.
Tony Smith, 16 Dec 2005

The Build Master

Book reviewBook review Every development methodology worth its salt pays regard to build management, from the most nimble of agile processes to the tools-heavy methodologies that attach the tag of software configuration management (SCM) to the task of managing the build and the deployment of software.
Dr Pan Pantziarka, 16 Dec 2005

AMD wins access to Japanese Intel anti-trust 'evidence'

AMD vs IntelAMD vs Intel Intel has failed to persuade the Japanese courts to keep evidence of alleged anti-trust behaviour under lock and key. The Tokyo District Court today ruled that documentation collated by Japan's Fair Trade Commission (JFTC) during its investigation into Intel Japan's business practices may be used by AMD in the legal action it has begun against its arch-rival.
Tony Smith, 16 Dec 2005

Toucan cuts BT line rental bill

Toucan - the consumer telco of comms and technology outfit IDT Corp - has started offering its phone service via a single bill following Ofcom's decision yesterday to give the thumbs up to Wholesale Line Rental (WLR). The cost of renting a phone line from Toucan is £9.99 a month undercutting the £11 a month BT Retail will be charging from January. The service is to be plugged to new customers of Toucan and its existing 150,000 punters. Said Toucan MD Joseph Blass: "Toucan customers can now receive the charges for their phone line rental, home calls, internet access and mobile phone, all conveniently listed on a single, easy-to-mange monthly bill." But while Toucan has been swift to embrace WLR, United Utilities-owned Your Communications believes Ofcom has been too hasty in passing WLR as fit for purpose. Your Communications was one of the first companies to trial WLR and insists it has "constructively participated in the process to deliver fit-for-purpose WLR, in the drive towards equivalence and its attendant benefits to our business customers". But according to Your Communications MD Hugh Logan: "We have actively supported Ofcom's efforts, however, we don't believe that WLR is yet fully fit-for-purpose. And, nothing short of a fully fit-for-purpose WLR product will deliver greater competition and choice." "Whilst Ofcom acknowledges there are still some issues to be resolved, these issues have been around for some time. Whilst BT may have given Ofcom commitments to address these issues, congratulations are premature - the proof of the equivalence pudding will be in the eating." In particular, Your Communications wants assurances that consumers can take their existing WLR services with them when they move. "In addition to making it easier to allow end users to switch communication providers, BT needs to deliver systems and processes allowing us to deliver a service that meets our customers expectations," said Logan. ®
Tim Richardson, 16 Dec 2005

Orange France touts video spectacles

Fed up with having to squint at movies, photos, emails and text messages on your mobile's microscopic display? Then Orange France is offering the full heads-up experience, courtesy of its "video glasses". The slimline shades hook up to Samsung's D600E mobile phone by cable to display whatever's on the screen. The glasses also sport a pair of integrated earphones.
Tony Smith, 16 Dec 2005

BOFH: Can you call me a cab?

Episode 35Episode 35 There's something indefinable about the Christmas season that makes the whole workplace seem a little brighter. It could be the impending arrival of relatives, the promise of presents or just the knowledge that for a short space of time you're free of the horrors of the workplace. Whatever it is, the workplace becomes a much nicer place to work and people often put aside their petty differences in the spirit of goodwill.
Simon Travaglia, 16 Dec 2005

Equipment recycling law delayed again

The UK Government will delay the implementation of an EU law requiring businesses to recycle their old IT and telecoms equipment for a fourth time. The EU's deadline for implementation was 13th August 2004. The Government last indicated, in August this year, that it would have draft implementing regulations ready for consultation before the year end and passed by June 2006. Today it admitted that the draft regulations won't be published until next spring. The consultation process will then take a further 8–10 weeks before the regulations can be laid before Parliament. The Government today announced that it is undertaking an immediate review of its progress on implementing the Directive on Waste Electrical and Electronic Equipment (known as the WEEE Directive). “We have listened to the concerns expressed by both the business community and other stakeholders over the implementation process and have decided that more time is needed to get the implementation right,” said Energy Minister Malcolm Wicks today. “Although any further delay is regrettable, this will ultimately deliver far greater environmental benefits.” The European Commission has already threatened the UK Government with court proceedings for its failure to implement the law. A Department of Trade and Industry spokesman told OUT-LAW today, "We'll work closely with the European Commission during our review and consultation to reaffirm our commitment to implementing this Directive and implementing it effectively." He also pointed out that Commission proceedings for non-implementation of a Directive can take two years or so – and that during this time, the Government can remedy the problem simply by implementing the law. Background The WEEE Directive aims to address the environmental impact of electrical and electronic equipment (EEE) and to promote its separate collection when it becomes waste (WEEE). WEEE is a priority waste stream for the EU because of its growing volume in the municipal waste stream and its potential hazardousness following disposal. The Directive introduces producer responsibility for waste electrical and electronic equipment (WEEE). Producers will have to finance treatment and recycling/recovery of separately collected WEEE in the UK to specified treatment standards and recycling/recovery targets. Retailers will have an obligation to offer take-back services to householders. Another EU law, the Directive on the Restriction of the Use of Hazardous Substances (RoHS Directive) facilitates the dismantling and recycling of waste electrical and electronic equipment by restricting the use of hazardous substances used in their manufacture. It is due to be in force from 1st July 2006. Member States were supposed to have implementing legislation for both Directives in place by August 2004, but only Greece complied. Regulations implementing the RoHS Directive were laid before Parliament on 7th October and will meet their implementation deadline. See: WEEE Directive See also: IT waste law brings compliance challenges warns PwC, OUT-LAW News, 23/11/2005 Hazardous substances regulations approved, OUT-LAW News, 03/11/2005 Tech recycling must improve, says Greenpeace, OUT-LAW News, 19/08/2005 Equipment recycling rules postponed in UK for third time, OUT-LAW News, 11/08/2005 Copyright © 2005, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 16 Dec 2005

Rock beats Widow to ship first dual-core notebook

UK system builder Rock has won the race to ship the first notebook based on an AMD dual-core processor. While the company was understandably keen to trumpet its achievement - it sent The Register at least five copies of a press release on the matter - we can also confirm that a number of readers received their Rocks early yesterday morning. Rock has been touting its Xtreme 64 notebook, based on AMD's Athlon 64 X2, in the UK for some time. More recently, US system builder WidowPC announced a near-identical machine, the Sting 917X2. Both boxes are based on a barebones chassis from Clevo.
Tony Smith, 16 Dec 2005
hands waving dollar bills in the air

MS and Google team to fund net lab

Arch rivals Google and Microsoft have combined with Sun to fund an academic research lab which aims to pioneer the development of new approaches to software development. The three companies will provide $7.5m over five years to fund research at the Reliable, Adaptive and Distributed systems laboratory, or the RAD Lab, at the University of California, Berkeley. RAD Lab researchers (initially made up of six UC Berkeley professors with 10 computer science graduate students) will focus on developing alternatives to traditional software engineering. In traditional systems, work is completed in sequential stages starting from system concept to development, assessment or testing, deployment and operation. Critics say this approach is often too slow. Instead of infrequent, well-tested upgrades, code for internet services is continually being modified on the fly. This fix-it-as-you-go approach enables speedier deployment, but it also requires a large technical support staff to make sure operations are not disrupted as bugs are resolved. "Right now, it takes a large company employing hundreds of really smart people to support Internet services," said David Patterson, UC Berkeley professor and founding director of the RAD Lab. "Our goal with this center is to develop technology that eliminates the need for such a large organization, opening up innovation opportunities for small groups or even individual entrepreneurs. We can help do this by applying statistical machine learning - the same technology used successfully in the recent autonomous vehicle grand challenge - to the development of computer systems." Google, Microsoft and Sun Microsystems will each donate an average of $500,000 per year to the lab. Along with other smaller contributions, the lab is expected to pull in as much as 80 per cent of its support from industry. Government grants will make up the rest of its funding. Any software and applications emerging from the RAD Lab will be made freely and openly available to the public, with source code distributed using the Berkeley Software Distribution (BSD) license. "We are following in the grand tradition of Berkeley engineering, as with Berkeley's BSD Unix operating system, in making our innovations freely available and unencumbered for research and possible commercialisation in source code form," said Randy Katz, a RAD Lab co-founder. ®
John Leyden, 16 Dec 2005

Arctic Systems tax ruling is victory for family businesses

A husband and wife have won a landmark victory against the taxman, as appellate judges have thrown out the government’s attempt to force small, family-run firms to pay thousands more in tax. Geoff and Diana Jones of West Sussex convinced the Court of Appeal to overturn previous rulings against them. HM Revenue and Customs (HMRC), which took issue with tax arrangements they used in running their IT company Arctic Systems, has pursued the couple since 2001. Despite a turnover of nearly £100,000, Mr. Jones paid himself a salary of £7,000 for running the business, while his wife drew just £4,000 for administrative work. The couple then shared the remaining amount, less tax and expenses, in dividends, which allowed them to pay less tax and national insurance. Mrs. Jones received more in dividends to take advantage of her lower tax rates. Judges in the Court of Appeal ruled that Mrs. Jones’ dividends did not constitute tax avoidance because they were dependent on the company’s performance. Accountants warned the Joneses and other firms with similar arrangements in 2001 that Inland Revenue was not happy with their tax situation and would begin to crackdown. The Joneses brought their case to an HMRC tribunal last year and lost and had their appeal to the High Court also rejected in April of this year. Both ruled that income from a non- or low-earning spouse who co-owns a business should be taxed at the same rate as the main earner. The case has created headlines for the potential impact either ruling would have on thousands of small firms across the country. Small, family firms could have faced tax bills of up to £9,000 each under the HMRC campaign. But now they appear to have been given a reprieve after appellate judges warned HMRC it was going too far. “This is the best Christmas present for the UK’s small family businesses,” said Simon Juden, chairman of the Professional Contractors Group (PCG). “It means proper recognition for the hundreds of thousands of people who choose to run their own businesses, share the burdens and the hard work with their partners, and rightly expect to share the profits of their efforts.” The case was originally scheduled for January but was brought forward so as to give guidance to taxpayers before the 31 January deadline. Copyright © 2005,
Startups.co.uk, 16 Dec 2005

Government moots ID card links for new UK voter database

The Government is moving ahead with plans to establish a centralised national register of voters, together with central checking and verification of the data held on electoral registers. The system, to be implemented in the form of CORE (Co-ordinated Online Record of Elector) schemes, is intended to be brought in via the Electoral Administration Bill currently before Parliament, and is subject to a consultation process ending on 7th March. According to the consultation document (available here), the CORE system is intended to improve the quality of electoral registers, provide more efficient access to registration data, support "modernisation of the voting process" and provide opportunities for reports and research to be produced based on a national dataset. Essentially, standardised electronic systems will be introduced in the UK's voting systems in preparation for the implementation of electronic voting in its various flavours, and the Government has opted for a sort of compromise between maintaining the current decentralised election systems and imposing a national, centrally-controlled one. But only sort of. CORE systems will work via a "CORE keeper", probably an experienced Electoral Registration Officer in the system's initial, regional rollout, but likely to be the Electoral Commissioner once the system is live nationwide. So the Government is giving itself powers to set up CORE schemes, but ultimately only a single national scheme is envisaged. The CORE keeper(s) will perform some of the functions EROs are expected to perform under the current system, i.e. check for multiple registration of electors, for a single elector being issued with and/or casting more ballots than they are entitled to, or for suspiciously large numbers of electors being registered at a single address. Local EROs will provide the CORE keeper with the electoral registration data (possibly as frequently as daily), while the CORE keeper will use the national dataset to spot anomalies and potential frauds, and will then forward details to all the EROs affected. Clearly an element of clunkiness intrudes here, because in principle most of the problems identified by the CORE keeper would - given sufficient resources and motivation - have been tackled directly by local EROs under the previous system. One should therefore expect that the advantages attached to the introduction of a national system should be sufficient to outweigh the disadvantages of inserting an extra tier into the process. So, what are the problems that the new system is intended to solve? Historically, although the UK has had numbers of (relatively mildly) rotten boroughs, the incidence of fraud has been fairly low, and the checks and balances of the old-style system of paper ballots were sufficient to keep it low. The Government's massive extension of the postal ballot system in recent years however effectively short-circuited many of these checks and produced opportunities for industrial-scale ballot-rigging. This has proved difficult for EROs and the police to control, and abuses of the system in recent elections have forced the Government to put the brakes on plans for electronic voting, whether by Internet, cable TV or text message. A centralised system with access to all electoral registers has the advantage of being able to identify people voting in more than one area, but this is a fairly unusual occurrence, to the extent that it's surely barely worth bothering about. It is not however by any means obvious how the proposed system would deal with the kinds of abuses of the postal ballot system we've recently witnessed. Large numbers of postal ballot papers in the names of genuine voters can be, and have been, diverted into the hands of crooked campaigners, while the opportunities to blur the boundaries between sharp practice and full-on ballot-rigging have increased massively. It is fraud to extract large numbers of blanks from the postman and fill them in yourself, but it is not (exactly, perhaps) fraud to 'help' people fill in their form, collect them all together and take them down to the count in a big pile. The several hundred ballot papers in the same handwriting ought to be spotted at the count (so CORE keeper not needed here), but neither EROs nor the proposed CORE keeper system have any simple and obvious ways to spot where 'helping' and/or block voting becomes fraud. The problems produced by large-scale postal balloting are in many cases similar to those which would be produced by electronic voting, but it's pretty clear that the latter will tend to magnify them, in the sense that you don't need to disguise your handwriting in order to forge an electronic ballot. So we certainly have a verification problem to overcome if we're to introduce electronic voting; better verification might also, in principle, do something to stop the rot setting in via postal voting, and might be some help in old style conventional balloting, should we decide not to abolish it entirely (I say 'might' because the old system, although wackily using verification systems without a requirement to present ID, pretty much worked anyway). The plans for a single national CORE keeper would effectively institute an embryonic national voter verification system, and therefore it's no great surprise that verification figures in the "Future possibilities" section of the consultation paper. Nor, indeed, that the approach taken to databases seems awfully familiar: "Accurate and effective data-matching across different datasets requires some form of personal identifier [quelle surprise...) held in common. An immediate obstacle is that no such common personal identifier currently exists within electoral registers, other than the name itself. This is of very little use unless combined with other - more unique - personal identifiers." So... "With a CORE consolidated dataset, it should be possible to check elector records against a dataset requiring much higher levels of verification. The other dataset might also make notification of changes to personal details or addresses a requirement [heard this one before?] and discrepancies could be referred back to an ERO for investigation." So, if you have (for example) a national ID card register that requires people to notify changes in personal details and address, when you find discrepancies you can always get the local Electoral Registration Officer to do the legwork of chasing them up for you. Brilliant. "Verification services were considered in detail in the ID card register proposals. The anticipated high level of security checking and intended requirements for citizens to notify changes may make the ID card register dataset a particularly useful comparator." And as collateral damage, those of us refusing ID cards may also find ourselves being unable to vote... UK electoral registers consist of name and address, while presence on the register indicates eligibility to vote and (at least in theory) a desire to be registered to do so. The anticipated National ID Register will include name and address, eligibility to vote (i.e. age, nationality), so the only thing the electoral register has that the NIR hasn't got is that the electoral register is 'opt-in', and if you don't want anything to do with it, then you needn't have to. One could therefore ask if the preservation of this small freedom justifies the continuing existence of lists that, come the NIR, will be otherwise redundant. Strangely enough, the Government appears not to think much of this freedom anyway ("There may indeed be an argument for a local ERO to automatically register the individual", it says here), and some Ministers have also argued for the abolition of the related refusenikism of declining to vote, by making it compulsory. Along with the ID card tie-in we have the usual collection of 'advantages' of linking Government databases: "One simple way in which links with other databases would bring value for the electoral register is the familiar concept of the 'one stop shop' for the citizen [ever wonder how many of these shops and stops the Government proposes to build?]. When the citizen updated their personal or address details with another public sector database (e.g. the Inland Revenue or the Benefits Agency), that change of relevant elector status could be automatically notified to CORE for onward transmission to the relevant ERO." Also proposed are links to the national register of births, deaths and marriages (and, should the project every fly, through life records) while gaps in the electoral register (e.g. areas, geographical, demographic or both, where large numbers are not registered) can be identified by "linking CORE to other datasets at a national level." Here, the consultation document points to "a new duty on EROs to maintain their registers with the aim of getting onto the register as many eligible voters as possible". this to be introduced via the Electoral Administration Bill. This, you will note, changes the role of ERO from administrator of the electoral system to one of salesperson for voting. So shall we just summarise all that? We started with an 'old fashioned' electoral system that worked, but noting with some anxiety that people seemed less and less inclined to vote,* we started to make it less trouble for them to do so. We haven't been able to make it as easy as 'press red button on remote' yet, but we'll get there. Unfortunately, the hardships associated with old fashioned voting turn out (as the wonks running policy would have known if they'd ever done any actual work in a real-life election campaign) to have had a series of helpful safeguards against abuse built in. In addition to now having a pressing need to deal with the problems we've just created, we also need to figure out how to verify cable TV voting, and text messages that go 'press reply to vote New Labour'. The less trouble we make it to vote though, the more pressing the issue of verification becomes, so we conclude that we can't leave this in the hands of local authorities - we decide we have to handle it centrally, and use data matching with multiple other national databases as part of the verification process. If we were actually thinking this through clearly (of course we're not), it might occur to us that, if the National Identity Register is intended to be the 'gold standard' of identification, then what we should really be doing (and will end up doing anyway) is using other databases (including the electoral registers) to maintain the accuracy of the gold standard, rather than vice versa. That, in any event, is where following the logic of the Government's approach to databases should take us - note, before you write in, that this does not necessarily make it the sensible approach. In the particular case of the electoral registers, decentralised systems which to a reasonable extent did the simple job required of them are to be replaced by a centralised system which initially will at best have the same level of accuracy (because the NIR does not yet exist, and will not be complete for many years), but which promises all sorts of benefits as the spin off of data matching, and comes complete with the security disadvantages ('challenges', in Government-speak) of a centralised system. Might it not be better to modernise the existing decentralised systems? But we presume that's what the Government is going to insist, in the face of the evidence, that it's doing anyway. Naturally, the new centralised system will come with the potential security hole that's becoming pretty much standard issue for giant citizen databases. "Subject to appropriate security being in place, the Information Commissioner's Office has been supportive of the proposal for an individual to access the information held about them online for the purpose of checking and either confirming accuracy or requesting changes." Allowing them to do so live is also apparently under consideration, but surely will not happen. It's also envisaged that "data users" will be able to purchase registration data from CORE, and "we welcome views on what proportion of the income from such sales should go back to EROs who provided the information." That is, instead of local authorities irritating you by selling the electoral register data to private companies, central Government will be doing it instead, charging more because the national data is so much more comprehensive. Remind us - who's supposed to be benefiting from this wonderful new system? ® * N.B., we never consider that more people might vote if we made ourselves worth voting for; we find it far less scary to keep lowering the barriers, and call the resultant increased participation 'commitment to the democratic process.'
John Lettice, 16 Dec 2005

Kill Bill: attack of the phone monkeys

FoTWFoTW We have a saying down here at Vulture Central which is oft repeated by battle-hardened hacks dispensing wisdom to young whippersnappers in the manner of that old boy sitting by a roaring log fire handing his grandson a Werther's Original: you're not a proper Reg hack until you have been well and truly roasted by enraged readers with steam coming out of their ears. It's with great pleasure, then, that we present this round-up of reaction to Bill Robinson's recent Sky TV saga. Kids just died of anthrax? Husband been kidnapped by Colombian guerillas? House burned down? That's nothing - try dealing with Sky customer services and you'll know the true meaning of human misery. Of course, the people at the other end of the line are not going to take this lying down. Oh no: Fuck you i have to deal with fucking assholes like you everyday on the phone PRICK Gonzo So let me get this straight... you're dumb enough to only ring up Sky to move your service over to your new house a week before your moving day. And you expect to jump the queue in front of other customers because of your own incompetence (why... did you think the installers just sit around drinking tea for the 5 weeks?). Have you ever thought that the reason you attract such opprobrium from people is because you're an arrogant selfish c*nt? And evidently a lying one at that. And just so you know, it's part of the terms of service of Sky that the box is connected to a working phone line. It's not just so you can order things, but so they can study and monitor your viewing habits - all information on what you watch is sent to them. Even I knew Sky required a phone line, and I don't have it. You sir are a tosser. What you obviously fail to realise with your smary arse up your bum ways is that the reason you originally had to wait 5 weeks for an installation date is because of people like you insisting on skipping the queue. This is the equivalent of cutting in lanes on a motorway at the last second, causing bumber to bumber phantom traffic jams. You may gloat because you get home 20 minutes earlier, but in return you will spend the rest of your journeys/life stuck at the tail end of a selfish society, rotting in your own self-absorbed car/carcass. May your karma reincarnate you as a minimum wage customer service agent having to deal with wankers like your self. From a patient (yet human) Customer Service Agent FFS... people like you really piss me off. Did you ever stop to think that there might be a *good reason* they said 5 weeks? Did it enter your tiny mind that the "secret customer care dept" is secret because it's where they send rude, ignorant arse holes who don't have the decency to play their part and think they deserve better than ordinary, decent people? And maybe in the midst of your self-congratulation you forgot to remember that your existing sky box has always been plugged into your phone line to allow you to order movies... how did you think it happened, magical dwarf beams?! Your ilk are almost solely responsible for increased cost of customer services and the annual sky price-hike... go on, pat your arse twice and think of all the extra money you've cost the rest of us. John ORourke I seriously hope that article is a spoof. If not, why didn't you call a local Sky Installation Engineer to fit your dish? Are you broke or something? If you had any brains you would know that you only have to connect a phone line to activate the box ONCE. After that you can move to the other side of the country if you like, then you only need the phone line if you want to do orders, etc. Sky tell you to have the phone connected all the time only to try to prevent rogue installers cloning boxes for "free" connections. Plus the "advice" about how to deal with customer service is miguided, I suspect they only sent you flowers to shut you up you whinger Stephen Byrne Magnificent. Mr Robinson, welcome to Vulture Central. ®
Lester Haines, 16 Dec 2005

Got the clap? Email a friend

It's a tricky one: you've just been diagnosed with a dose of the clap and now you've got to tell your partner/s to get themselves sharpish down to the STD clinic. Trouble is, you quite justifiably fear that the news will not be received joyfully and may earn you a smack in the chops, if not a kick in the 'nads. Well, don't panic: the LA health authorities have thoughtfully provided an anonymous e-postcard service which allows you to tell your "boyfriends, partners, ex's, or hookups they may have been exposed to HIV or another STD". For example, why not brighten someone's day by sending: "It's not what you brought to the party, it's what you left with. I left with an STD. You might have too. Get checked out soon." Marvellous. This valuable service is provided by the Internet Sexuality Information Services and partly funded by the AIDS Healthcare Foundation. The foundation's director, Karen Mall, admitted to AFP: "Face-to-face communication is really the way to go, but some people can't do that." ®
Lester Haines, 16 Dec 2005

IT sellers urged to tighten up distance selling rules

The Office of Fair Trading (OFT) has published new guidance to companies that flog IT goods and services via the net or by phone. The advice, available on the OFT's web site, reflects changes to the laws on distance selling published in April. Keen to ensure that IT retailers understand their legal obligations, the OFT wants companies to adopt contracts that are fair and clearly understood by consumers. For example, while a longer cancellation period than is required under Distance Selling Regulations (DSR) might get the thumbs up, insisting that any cancellation notice for an order may only be sent by recorded delivery might not be so welcome by the OFT. "The technical details of computers are not easily understood by many people," said the OFT's Christine Wade. "That is why it is very important that consumers have the reassurance, when buying IT equipment, that the contract is clear and that there are no hidden traps. Our guidance will help businesses comply with the law," she said. ®
Tim Richardson, 16 Dec 2005
hands waving dollar bills in the air

Dasher update pierces Windows flaw

After an earlier unsuccessful attempt, Virus writers have created the first worm that successfully targets a critical Windows vulnerability (MS05-051) patched by Microsoft in October. The Dasher-B worm exploits a vulnerability in Microsoft Windows Distributed Transaction Coordinator (MSDTC) to spread across vulnerable systems. Unpatched Windows 2000 computers are particularly at risk. If successful, the worm establishes a backdoor on vulnerable computers and opens up a link to a remote server for further instructions. The server instructs infected machines to download a copy of the worm itself and a keylogger, which hides itself on infected systems by using a rootkit driver. Windows users are strongly urged to apply the latest Microsoft security fixes to guard against attack. The MS05-051 patch was the subject of early glitches, even after warnings that it was ripe for malware exploitation. "The worry is that the problems with the patch may have prevented it from being successfully rolled out onto some vulnerable computers," said Graham Cluley, senior technology consultant at anti-virus firm Sophos. Success in spreading (albeit modestly) distinguishes Dasher-B from Dasher-A, samples of which were sent to anti-virus firms earlier this week. Coding mistakes in Dasher-A rendered it inert. ®
John Leyden, 16 Dec 2005

Virtual War: readers fire back

LettersLetters Our recent analysis on "virtual war", certainly got the keyboards rattling among the Reg readership. No further comment is required. Read on: Your article "Virtual War is worrying" was an interesting and enjoyable read. However, I would suggest you have some misconceived conceptions about the gentility of World War II, or certainly its portrayal to the public. You wrote: "Back in the World War Two days, combat was respectful and life was valued, at least in public...the loss of life on either side was never trivialised and a sense of humanity was always maintained." Whilst the British propaganda was usually restrained - even the black propaganda - one cannot make the same statement for the American propaganda. Contemporary posters and comic book covers used derogatory portrayals of Japanese people and often included slogans tantamount to inciting genocide. Ultimately it is the American audience that today's war games are developed for, so the 'gung-ho' attitude you object to is sadly nothing new. It has merely carried over to a new medium. Yours faithfully, Crispin Giles Walker-Buckton Sorry Will but although I can kinda see what you're saying in your article 'vitual war is worrying' ... "Back in the World War Two days, combat was respectful and life was valued, at least in public" ...is a pretty fantasy-land remark. You're referring to the 'great' war where vast lines of men were made to climb out of trenches into the teeth of machine gun fire to get mown down like blades of grass. This was also the war where chemical agents were first openly used as tactical weapons. Life was valued? Combat respectful? This hasn't been so since the days when the opposing commanders met on horseback in the middle of the battlefield to negotiate terms of engagement prior to kickoff of conflict. Personally I welcome the new generation of first person combat games - while thrilling from an action perspective, they also give me a very real sense of how quick I'd end up dead in the dirt if it were a real situation, which in a way makes me think of all those blokes of my granddads generation who were there in the thick of it. Sean Healey What makes a war game in bad taste is the music. There's no music out there in the "field," where the taste of fear sits in your mouth like a steel knife. Turn off the music, turn up the difficulty, and then play it like your life was on the line. If you play it to experience what the real soldiers went through, then it isn't in bad taste. My uncle received a bronze star for his service in WWII. His company was being persued by the German army. They needed someone to hold off and distract the Germans while they escaped. My uncle volunteered for it. He holed up in a farm house, and put up such a barrage of fire that the Germans thought they were up against the entire company, and dug in. His company escaped, and then he escaped. Brian Miller Interesting article. Yes WW2 was a long time ago, and so i would agree that it would also agree on "the temporal gap" and the distance from reality. This is also reflected by the notion that the war then was more human and respectful than the war now. This is plainly wrong. Not forgetting conscription world war 2 saw blanket bombing of civillian towns. This was on the British side, by the way, Churchill sanctioned the death of over 35,000 civillians in one raid alone (Dresden). Then theres 270,000 by just one of the American atomic bombs. Thats just the Allies, the good guys. No way was WW2 less trivial or more humane. It was uglier, dirtier and more painful. No doubt then, as now, the soldiers wished unspeakable things on the enemy. But time clouds everything. Today we see the "good guys" apologising and explaining pretty much every accidental civilian death. Now, to your article :) I played soldiers in the playground at school. We used to take turns being british or germans. There was also a huge amount of movies about the second world war, Nazi's were killed left right and centre - we didnt see how their lives meant something, how their wives grieved for them, they were mown down on the silver screen by our heros. Same with vietnam war movies. Of course of the buddie of the hero died, well that was another matter. - and this is where I also agree with you about the games, its not the same. Deaths on both sides come too cheaply, and much too cleanly. I want moaning wounded men. Screams. Corpses disappear from the screen. I want the corpses to be left there for me to trip over later on. I want to play a game where i have to drag my buddie off the field and tend his wounds. I wonder if the kids today play Iraqis and Americans on their school playground? Or even actually think about it. Also, to be fair, I would agree that playing a game about Iraq now, whilst its still going on, is in bad taste. Tim Waters Nice to see someone airing a viewpoint on war games similar to my own in the IT press. I don't like war shooters for the reasons you mention, whether theyre WW2, Vietnam or more recent I feel these games trivialise the suffering of the people who were actually involved and are in bad taste. Unlike my friends I only play Doom and Quake style shooters where the enemy is a demon or an alien and the events aren't based on real life. Whenever my friends say "Have you played Tour of Duty 2 yet" or similar they all look at me bemused when I say "No, I don't play those kind of games." Personally I thought 'Saving Private Ryan' was in bad taste, but then I don't immediately think a film is great just because it's directed by Spielberg. (Have I mentioned that ET is the worst film I've ever seen in the cinema.) The portrayal of the war wasn't my problem but the use of real corpses being shot at for the special effects. What did that add to the film exactly? Why should we be doing / watching that? Thanks, Dave Murray Of course, people getting killed, whether on screen or in real life, is as nothing compared to that matter of earth-shattering import - Wikipedia "According to Wikipedia's founder Jimmy Wales, content from the web site may also be burned onto CDs and DVDs for computer users in places like Africa, which lack access to the internet." 'kin hell, haven't they got enough problems?? Colin Jackson So difficult to know what to do. Get the DVD, or put the €9.90 towards the Holy Potato going on eBay. Decisions, decisions. Peter Alexander Wow ! To have the priviledge of actually paying for all the inane babble and unfounded pipe dreams of the lamest bloggers of the planet. My credit card is tingling with anticipation ! After all, why bother subscribing to Universalis when you can get Wikipedia ? Universalis is only a well-respected, properly documented and historically truthful publication that happens to be available online. Universalis, with its long and proven process of verification, doesn't stand a chance against the army of the Wiki who type out new articles faster than the Internet can publish them. And Universalis does not have a complete treaty on Klingon either - which is a must-have in today's wired world. All hail the Wiki ! Pascal Monett Dear Sir, Although I consider Wikipedia on DVD being a bad idea, or Wikipedia being a bad idea full stop, then "according to Wikipedia's founder, Jimmy Wales, content from the web site may also be burned onto CDs and DVDs for computer users in places like Africa, which lack access to the internet," ought to be considered morally irresponsible becasue people who have no exposure to the Internet may confuse Wikipedia with a real encyclopedia and end up with a distorted picture of the world and its history. Lets see how the Germans do. Perhaps they'll be some cases of slander. Yours faithfully, S.L. I'll concede that Wikipedia isn't "polished" like some other "professional" encyclopedias. But to charge that it is useless is simply false, unless you think free, factual information covering subjects such as Calculus, Physics, and the whole gamut of other technical information contained within the body of work put out by Wikipedia is of no interest. Of course, I have yet to see the Wiki-bashers bang on the technical coverage (not to say that it is outstanding or complete - it is neither). Niggling and sniggering at the unsophisticated Wiki-fiddlers seems to be all you oh-so-superior "professional" writers can do in regards to the Wiki. Shame on you for your cynicism at what has been a monumental achievement, with much more to come, carried out by individuals much less practiced at nursing their own egos as the flatulent staff of the now notorious (in this readers mind, anyway) "Reg". You've lost a reader. jesse clark In which case, you'll have plenty of time to trawl your way through Wiki, passing "m" on your travels... http://www.theregister.co.uk/2005/12/12/wikipedia_no_responsibility/page1.html Though it is possible there was no such entry (due to the inherent nature of the Wikipedia) at the time of the writing, there is in fact a wikipedia entry for 'moral responsibility'. A simple search will reveal it, as shown here: http://en.wikipedia.org/wiki/Moral_responsibility Charles Mandeville Moving as rapidly as possible away from the topic of Wiki, we have a few comments on the Dublin server bug kerfuffle. The name of the firm in the first missive has been removed, for obvious reasons: This reminds me of an incident at X... A mass mail of over ten thousand email addresses was attempted, using nothing more than a simle Exchange Server. This, despite the fact that we had a perfectly good 'Lyris' system, for sending out mass mails, in house. The team responsible for doing the mailout, however, were determined not to use the Lyris system, because it ran on Linux - and there were a good many senior people at X who maintained a powerful reality-distortion field, of hostility, when it came to open source software (the same individuals maintained a similar reality-distortion fiield about the merits of wearing leather trousers to the office). So, they tried to use Exchange Server, wiithout realising what they were asking of it: without understanding that the SMTP portion of Exchange's software is essentially based on Sendmail and, like Sendmail, it forks when given multiple jobs to do. Over ten thousand HTML mail messages where therefore launched by (cough) *someone*, who had seen fit to log in as 'administrator'... Nothing could stop it: memory was immediatly consumed, of course, and the paging file bulged, and splurged across the hard drive, wiping the system out. The entire company was withouut email for a fortnight, after that, I kid you not (but it didn't really matter, because we were bankrupt within two and a half months, anyway). There ain't half been some clever bastards. Name supplied Just to let you know, the same thing happened to our company recently. A colleague sent a bulk email to our customers, and accidentally put all the recipients into the CC field and not the BCC field, and the nasty bug in about 6 of our customers SBS mail setups started chucking out millions of mail messages. It took me 3 days to track down all the culprits buy checking mail headers. I think we accounted for a decent percentage of all of UKs internet traffic that week along with successfully taking down 2 small ISPs ;-) To be honest, this sort of thing shouldn't happen at all. We had legal threats made against us, even though we werent the source of the mails! Nasty business this, communications.... Sean The recent Excel vuln auction on eBay was, of course, pulled by the fun-loving powers that be at the world's favourite tat bazaar. Richard Kay raises the following related point: If any consensus exists about how long a vendor should be given before public disclosure of a vulnerability, giving a vendor 30 clear days to patch their products seems reasonable. If they can't fix and distribute patches in this amount of time their products are effectively unmaintained or too expensive to maintain effectively. It also doesn't seem reasonable for a security researcher to be expected to forgo the benefits of this kind of work, in connection with the reputation that comes with identification of vulnerabilities, based on which future research services may become legitimately marketable for a higher price . If the vendor of the vulnerable product wishes to compensate the researcher adequately to cover future expected loss of earnings they should be willing to do so in exchange for an extension of the 30 days period of grace. Releasing vulnerability information into the public domain giving the vendor less than 30 days to distribute patches seems irresponsible. It would also be irresponsible to regard those who discover flaws in products vendors are unable, or unwilling to maintain as being responsible for exploitation of these flaws if the vendor is unwilling to pay the market price for non-disclosure by the researcher beyond the normal period of grace which should reasonably be given to enable the vendor to evaluate the flaw and to enter into negotiations concerning the value of non-disclosure. Right, that's enough serious. Down to the truly frivolous: Re: Dutch Piracy Site Returns Sorry to query you but how in heaven's name can "Eight people in nine different locations were arrested on suspicion of..."? Usually a person can only be arrested in one location... Unless there is something about the Dutch that we really don't know. :) Cheers - Virgil Yes - they can't count. Enough said. Something useful now in the Firefox department, courtesy of the many, many readers who wrote in to recommend it: Re: /2005/12/14/39_mega_pixel_camera/ There is a far superior plugin to IEView. It is called IETab. Same idea, but rather than opening IE itself, it re-renderes the page in a Firefox tab, but using the IE engine. And you can create a list of sites for which it will do this automatically. Very clever stuff and works a treat. Tom Richardson Good work. IETab cab be found right here. Where, we wondered was the mass clustering of geeks at which blonde nymphs cast aside their apparel and throw themselves on networking hardware? RE: Swedish nymphs The answer to your first question looks like it's tattooed on her tit .... coach trip to the Isle of Man anyone ? Wrong... I guess the pictures of the swedish nymphs where taken at Dreamhack. The worlds biggest LAN-party. So drop by next time you're around. :) http://www.dreamhack.se/dhw05/en.100.html take care wille Ta very much. Mark us down for five tickets. A miraculous crucifix in a humble spud? Bah, that's nothing: i was peeling potatoes for sunday lunch, 11th december 2005, and cut the potato only to reveal a star of bethlehem, i have still got the potato which is in my deep freeze. It is like a 3d image, and is much more realistic than the american holy potato. Karen Kendall Good, we look forward to seeing it on eBay. And finally, a concerned reader writes: can't help noticing that at about the time your fragrant science correspondent Lucy Sherriff went off on a three week shoe buying expedition, a certain Mr Snoop "The Rotting Dog's" Bollocks became a semi-regular pundit. Are these two events in any way connected? ps I believe I might have a photo of Mr Bollocks; see http://samugliestdog.com/IW4C0045-CROPPED-copy-web.jpg . Presumably you'd tell us if you were regularly employing journalists who looked like this at Vulture Central? Nice one: yes, we can see a certain resemblance. More silliness next week. Have a top-notch weekend. ®
Lester Haines, 16 Dec 2005

Imagine a cup

Students – do you want to be rich, famous, and get a proper curry? If so, then the fourth appearance of Microsoft’s annual competition, the Imagine Cup, may be for you. For those who haven’t heard of the event before, this is an annual competition offering students from across the world the chance to vie for a whole bunch of goodies, such as xBoxes, and get the chance to take a share in a $125,000 prize fund. There are six competitions, or "Challenges", running as part of the competition. These include making a short film, designing a user interface, coming up with an algorithm, writing a simulation program, and demonstrating proficiency in the science of networks, databases and servers. All of these Challenges have a top prize of $15,000. Top of the pile however, and a Challenge that could well interest student readers of Reg Developer, is the $25,000 prize pot that will go to the team winning the Software Design Challenge. The objective here is to create some software technology that "facilitates a healthier lifestyle".........perhaps a Supermarket Health Card that checks what you should buy with what you have bought and loudly calls you names at the checkout when you get it wrong? Student entrants – in teams of two to four with an academic mentor – have to use Microsoft’s .NET Framework and Windows platform and are "expected to demonstrate how their technology will make a real difference in the lives of people everywhere". That covers the fame and fortune aspect, but the curry? Well, stage one of the event is a series of national finals around the world, with a clutch of prizes for those winners. The world finals, however, are being held in Delhi, India, during August next year. The UK winners will be mentored by Microsoft on the run up to those finals. Students looking to enter the UK leg of the Cup should have a look at the event's website. Submissions have to be in by March 1, next year.®
Martin Banks, 16 Dec 2005

Typepad goes titsup

Users of Six Apart's TypePad platform have suffered their worst outage yet, with bloggers left stranded since the early hours. The past week's blogging has also disappeared. In true "Web 2.0" fashion, the marketing web pages remain accessible - so you can sign up - but the blogging service itself has croaked. Netcraft issued a status note at midday today, UK time. Six Apart has had persistent problems with keeping the service running reliably and with decent performance, notes Netcraft. But even non-bloggers will notice this outage. Postings published by the service in recent days have disappeared. High profile users of Typepad include Dilbert creator Scott Adams. Six Apart is targeting the corporate market, where a greater value is placed on uptime and reliability. "Six Apart have lame crap excuses for this on their site. There's no frigging way I can stick with this shower of shit," writes one professional user. At least it wasn't a Californian attempt at humor - like Flickr. He continues, "I see value in this technology as a metaphor for publishing. But not when it's run by a bunch of rank amateurs like Six Apart. I'm off to get this moved to a host that knows what they're doing and with a product that has 'proper' community support." Ouch.® Update: A status update posted at 9:03 am Pacific Time (5:03 pm UK Time) states that blogging is available, but recent posts are missing, and commenting is not possible.
Andrew Orlowski, 16 Dec 2005
hands waving dollar bills in the air

£15m+ lost in tax credit fraud

HM Revenue & Customs estimates crooks have made off with at least £15m after defrauding the tax credit system by making false claims in the name of job centre workers. The estimate came when HM Revenue & Customs executive director David Varney appeared before the House of Commons Public Accounts Committee on Thursday to answers questions from MPs over an attack on the revenue which is far worse than first suspected. HM Revenue & Customs shut down its tax credit portal website at the start of December after uncovering an attempt to defraud the system using the identities of Department of Work and Pensions (DWP) staff. Varney said the fraud against the tax credit systems was enabled by illicit access to government payroll records. This illegal access was likely facilitated by corrupt insiders. Initially it was thought that up to 1,500 job centre workers might have had personal information stolen. Now it is feared that up to 13,000 job centre staff might have been exposed to attack. Fraudsters are reckoned to have secured the National Insurance numbers, names and dates of birth of thousands of job centre staff working in London, Glasgow, Lancashire and Pembrokeshire. The information obtained was enough to make fraudulent tax credit claims redirected to false addresses and accounts controlled by crooks. False claims of up to £1,000 a year appear to have been siphoned into fraudsters' bank accounts. Crooks took advantage of a lack of comprehensive checks of online applications to make an easy killing. Varney told MPS that losses identified so far come to £15m, a figure that's likely to rise since the revenue is only at an early stage of investigating the scope of the fraud. A criminal investigation has begun into the case. It's not the first IT-related crisis to hit the tax credit system, which was established in its present form two years ago as a means to pay supplements to families on low incomes. EDS was fired by the revenue after the system it put in place degenerated into chaos, with families being over-paid credits, only to be hit with big claw-back demands from the government department. The National Audit Office claimed in October that mistakes by claimants - along with fraud - had resulted in over payments of £460m. ®
John Leyden, 16 Dec 2005
Fuji FinePix S5600 Zoom

Fuji FinePix S5600 Zoom

ReviewReview The 5600 is around 30g heavier than its predecessor, weight that's in no way a burden but arises from the larger - but still small by today's standards - 1.8in colour screen. It's bright and crisp though, so is a cinch to use and it even comes with a fast, 'LCD brighten' button for fast switching if you suddenly find yourself in the spotlight - or in bright sunshine. Other new technology includes Fuji's 'Anti Blur Mode', in effect a boosted ISO setting. That means the camera can achieve a faster shutter speed due to the increased sensor sensitivity, helping reduce camera shake or subject blur.
Doug Harman, 16 Dec 2005

With SCA, reality bites J2EE again

AnalysisAnalysis With the announcement last week by IBM, BEA, Oracle, SAP, Siebel, IONA and others that they are collaborating to develop a language neutral programming model tuned to the needs of SOA initiatives, it looks like a little more lustre has rubbed off J2EE. But it also looks a little like something deeper could be going on: the biggest vendors are shifting their attention to a wider market opportunity. Can they avoid the mistakes of J2EE?
Neil Ward-Dutton, 16 Dec 2005

Apple axes 'iRingTones' project

ExclusiveExclusive Apple has canned a software project that was guaranteed to prove controversial, just weeks ahead of its slated announcement at MacWorld Expo next month. The project would have seen Apple move into the ringtone retail business in direct confrontation with cellular carriers, with whom Apple already has a stormy relationship.
Andrew Orlowski, 16 Dec 2005

Mere think-tanks not welcome in EC MS anti-trust case

A European Court has said "tanks but no tanks" to a group of Microsoft supporters seeking to extoll the virtues of Redmond in its ongoing anti-trust case with the European Union. The Court of First Instance in Luxembourg was unmoved by the pleas from the International Intellectual Property Institute, the Institute for Policy Innovation and the Progress & Freedom Foundation. In fact, the court demeaned the groups, saying that "they are in reality mere ‘think tanks’ whose objects include, in particular, the promotion of strong intellectual property rights in the information technology field". We'll not have paltry think-tanks in our court, thank you very much. Fond of the word merely, the court continued. "The interest which IIPI, IPI and PFF claim is in fact merely an indirect, and purely abstract and academic, interest." Oh snap! The court rejected help from the International Association of Microsoft Certified Partners, Inc. as well. "The Court finds that, contrary to IAMCP’s contention, its objects do not include the protection of its members’ interests or the representation of its members," the court said. "In reality, its essential objective is to promote, among its members, an exchange of information and discussion on trade and technical issues of interest to them and also partnering, to help its members to cooperate with Microsoft and other bodies active in the software and information technology sector and to organise meetings and conferences." Oh snap, again! Microsoft continues to appeal the €497m fine handed down by the European Commission in March of 2004. Numerous parties both for Microsoft and for the EC have already been permitted to let their opinions flow during the appeals process. ®
Ashlee Vance, 16 Dec 2005

Spansion settles for IP Low

Flash memory venture Spansion started off the day with a humble IPO but managed to reach a reduced target by the end of Friday's trading. Spansion - the joint venture of AMD and Fujitsu - had once been looking to pull in between $16 and $18 per share from its IPO. Earlier this week, however, it reduced that target to between $13 and $14 per share and ultimately began trading today at just $12 per share, as we predicted. Trading on the Nasdaq under the ticker symbol SPSN, Spansion closed Friday's at $13.55 per share. At that price, Spansion raised $506m in funds. Tepid interest in the spin-off stems from the heavy costs of running a memory business and the fierce competition from rival Intel, which has been aggressive on memory pricing. AMD was losing money on flash memory before spinning off Spansion. The poor performing flash unit marred the strong recent performance of AMD's processor group. Today, Spansion also sold 10-year notes worth $250m to pay back debts. The company has a market cap of close to $1.4bn with AMD owning 40 per cent of the firm and Fujitsu taking 26 per cent. ®
Ashlee Vance, 16 Dec 2005

Microsoft sues resellers over MAPs 'abuse'

Microsoft has filed 10 lawsuits against resellers and individuals in the US, accusing them of software piracy. Seven lawsuits have been filed against nine individuals from California, Maryland, New York, Texas and Virginia, alleging breach of a software agreement by which the individuals obtained a number of Microsoft Action Pack Subscriptions (MAPS). The MAPS Initiative is a programme that provides eligible partners with discounted Microsoft software packages for product evaluation and internal use. The MAPS-related lawsuits, the first that Microsoft has filed, allege egregious use of the programme by people who have repeatedly and knowingly broken the terms of the agreement. According to the firm, some of those named in the suits have allegedly attempted to sell software from their subscriptions to consumers through online auction sites. "Our partners are negatively affected by the activities of those who compete unfairly by either selling illegal software and components or abusing agreements that other partners abide by," said John Ball, general manager for Microsoft's US System Builders Partner Group, which works with businesses that manufacture computers. "These dishonest resellers sell products at minimal costs, undercutting the business of legitimate resellers. Those who operate ethically within the law take a hard financial hit. We like to see our honest partners succeed." Microsoft said that it became aware of abuses of the subscription service through its own monitoring of the MAPS program. Such abuses allegedly include subscribers falsifying information to receive the program benefits and software titles multiple times. The MAPS agreement stipulates that partners may subscribe to the MAPS program only once each year, that the software may not be resold, and that the software must be used only at the partner's primary business location and only for business purposes such as application development and testing. "The lawsuits announced today are a necessary step to help ensure that those who knowingly and repeatedly violate known and widely accepted standards will not be given free rein to do so. We want to protect the business of honest resellers and try to ensure a level playing field for our partners," said Mary Jo Schrade, senior attorney at Microsoft. Microsoft has also filed lawsuits over alleged software piracy against three companies in Florida, Ohio and Pennsylvania. The lawsuits came as a result of a number of customer complaints to a confidential software piracy hotline. In these cases, Microsoft purchased software from each of the defendant companies to test its authenticity in response to the complaints. When it was confirmed that the software was illegitimate, Microsoft sent cease-and-desist letters to the companies with educational information about how to operate legally. The firm said that lawsuits were filed only after the alleged perpetrators would not change their behaviour. Microsoft has started taking a hard line on software piracy of late. In September the firm filed lawsuits against eight companies in the US over counterfeiting and has indicated that it intends to do so again in the future. Copyright © 2005, ENN
ElectricNews.net, 16 Dec 2005

NSA uses ECHELON against US citizens

Washington RoundupWashington Roundup Who would have believed that twitchy paranoiacs are actually onto something? Incredibly, they are: the New York Times has revealed that the US National Security Agency (NSA) has been spying on American citizens. Previously, the Agency had shown itself to be scrupulous about avoiding this sort of activity. But according to numerous un-named sources paraphrased in the Times, the President signed a secret order authorizing him to intercept phone calls and emails from US persons in communication with persons outside the US, and all without the slightest bit of judicial oversight. The White House claims that a September, 2001 Congressional resolution authorizing the so-called war on terror gives the President authority to conduct domestic surveillance without a warrant, even though it is forbidden by federal law. Interestingly, the Times says that the spy program was curtailed when it became clear to the Administration that the story was about to come out, which implies something a bit shy of full confidence that the order really was legal. The US Senate on Friday declined to re-authorize the 16 sunset provisions of the so-called "Patriot" Act, and promptly packed its bags for the holidays. Senate Republicans fell short of the 60 votes needed to halt a Democrat filibuster, and the Act's 16 sunset provisions are therefore bound to expire at the end of the year. A large minority of Members believe that the re-authorization conference report lacks adequate provisions for judicial oversight. Senate majority leader Bill Frist (Republican, Tennessee) has threatened to keep the Senate in session until the Act is re-authorized, presumably very briefly, say, until Congress comes back to work next year. But Frist is on the record saying that a temporary re-authorization is unacceptable, and the White House has echoed this as well. It does not seem likely that Frist would get more than a temporary agreement, so keeping the Senate in session hardly seems worth the bother. Meanwhile, the House last week rolled over on the Pat Act and approved the conference report, but it did something uncharacteristically brave as well. It defied the White House on torture as a method of fighting the so-called war on terror. The Administration has been extremely keen on stopping an anti-torture bill sponsored by past torture victim and current US Senator John McCain (Republican, Arizona), notwithstanding the fact that the President, the Secretary of State, and the Attorney General have all insisted publicly that the USA does not torture anyone, or condone torture at the hands of its allies. So why the Administration should be so adamantly opposed to a bill which outlaws something it never does sure is a puzzler. Although the House passed a resolution, rather than the actual bill, it sent a clear signal to the White House that the veto it had threatened can easily be overridden. And this had the very pleasant effect of persuading the President to praise McCain and his bill during a press conference. Updating our recent item It's official: Diebold election bugware can't be trusted, we find that the North Carolina Board of Elections has certified Diebold systems (and two competitors' systems) without obtaining all of the source code as required by state law. Now, it's quite possible that there's not much of a story here, as it's unclear if Diebold is being given a pass, quite understandably, because it simply hasn't got the source code to some of the software it uses (physical impossibility is a mighty good defence), or if it's being given special permission to flout the law. We will know more soon, as the EFF is suing the state elections board. "The Board of Elections has simply ignored its mandatory obligations under North Carolina election law," EFF spokesman Matt Zimmerman explains. We'll soon see if it really is that simple. It is also worth noting that company CEO Walden O'Dell resigned unexpectedly last week, to the delight of investors and critics alike. O'Dell had the rather poor judgment to express publicly his dedication to seeing "Ohio deliver its electoral votes to the President." The company has failed to shake off the suspicions raised by such a partisan statement from a fellow in charge of a company that makes notoriously buggy election terminals. In entertainment news, Washington's most popular lobbying outfit, the Motion Picture Ass. of America (MPAA), has given the kiss of death, otherwise known as an NC-17 rating, to a documentary movie critical of - you guessed it, the MPAA. The movie, entitled This Film Is Not Yet Rated, will premiere at the Sundance Film Festival and will be aired on the Independent Film Channel. MPAA says that it axed the movie due to "some graphic sexual content". Quite a few movie theaters and video rental outfits refuse to carry NC-17 movies, so only a very small number of people will be perverted by its erotic naughtiness, or its skepticism. ®
Thomas C Greene, 16 Dec 2005
For Sale sign detail

Researchers: Flaw auctions would improve security

The auction may have set a record price for a highlighter pen and an 8-by-11-inch sheet of paper. The last reported bid before the listing was deleted without ceremony was $1,200. The price might seem excessive, but the value lay in what some researchers believed was on the paper: Information about an unpatched vulnerability in Microsoft Excel.
Robert Lemos, 16 Dec 2005

Spending on compliance and corporate governance soars

Increased corporate spending for compliance and corporate governance is having a significant impact on IT budgets, says Gartner, and financial compliance management spending will swallow 10–15 per cent of IT budgets in 2006, up from less than 5 per cent in 2004. In October and November 2005, Gartner sponsored a financial compliance management survey of 326 audit, finance and IT professionals in North America and Western Europe. Preliminary results indicate that compliance initiatives, as defined by the Sarbanes-Oxley Act (SOX) in the US and related regulatory mandates in other geographies, are diverting a large amount of new IT project discretionary resources to support corporate governance efforts. French Caldwell, research vice president for Gartner, said: "Projects that were not aligned with compliance and corporate governance were delayed or cancelled, and SOX efforts inhibited the purchase of large amounts of software related to building new technologies and deploying new projects." Although software is not required to pass a SOX audit, Gartner analysts said it can help to significantly reduce the compliance burden. The majority of the initial spending for SOX projects was for professional services focused on consulting, audits, process management and workflow, documentation, and planning. New software that will be purchased for these projects will provide business process management, corporate performance management, information access and decision support, document and records management, security, IT operations management and storage using established systems. "Companies should look for solutions to support multiple regulations and multiple business units," said Tom Eid, research vice president for Gartner. "Sustainable compliance, that is, a level of effort that is sufficient but not excessive, will only be achieved by consolidating compliance efforts through a programmatic rather than project oriented approach." Gartner said through 2007, companies that choose one-off solutions for each regulatory challenge they face will spend 10 times more on IT solutions for compliance than their counterparts that take a sustainable programmatic approach. The pressure of meeting SOX deadlines may have led many CIOs to implement one-off projects and miss opportunities to secure long-term benefits for their businesses. This will, in some cases, mean more budget will be spent to advance these projects in 2008 and 2009. "IT organizations need to implement IT controls for compliance management without increasing architectural complexity. This requires that IT organizations work hand-in-glove with financial, legal and business operations to manage operational risk," said Eid. "Expanding compliance and operational risk demands offer an opportunity for IT to build long-lasting value for the firm, or face the threat of becoming a scapegoat for operational and legal deficiency." Copyright © 2005, OUT-LAW.com OUT-LAW.COM is part of international law firm Pinsent Masons.
OUT-LAW.COM, 16 Dec 2005