ARLINGTON, Virginia - A security researcher released details of a critical flaw in Oracle's application and Web software on Wednesday, criticising the company for not cooperating with the security community and taking too long to fix software issues that threaten its customers.
A new ruling by the Irish courts could undermine people who have a genuine need for online anonymity and deter whistleblowers, lobby group Digital Rights Ireland (DRI) claims. It issued the warning after a High Court judge ordered Eircom, BT and Irish Broadband to hand over the details of 49 customers who have allegedly been uploading music files onto file-sharing networks. Mr Justice Peter Kelly ordered the Internet Service Providers (ISPs) to disclose the names, addresses and telephone numbers of the 49 holders of the Internet Protocol numbers identified by the music companies. "It sets an unfortunate precedent, there are a lot of good reasons why somebody would want to remain anonymous online," TJ McIntyre, DRI chairman told ElectricNews.Net. "They should have an opportunity to defend themselves before they're stripped of anonymity." He said the issue could have repercussions beyond the issue of illegal file-sharing, and said anonymity is an important right for whistleblowers who want to report corruption, dishonesty or unsafe working practices, without fear or retribution. DRI wrote to the ISPs prior to the case, asking them to present the court with two European precedents, which might have persuaded the court to make a different decision. The courts in the Netherlands found that the manner in which IP addresses were collected and processed by MediaSentry - the same company that collected information for the Irish case - had no lawful basis under European privacy laws. DRI also highlighted a case in the UK, which found that users whose identities might be revealed should be notified, so they would have the opportunity to be represented in court. Only one ISP presented these arguments, according to McIntyre. He said the courts chose not to take these arguments into account in its decision. The orders were sought by EMI Records, Sony BMG Music, Universal Music Ireland, and Warner Music Ireland. The judge said the plaintiff companies had no other way of getting the information on the identities of the 49 persons except by court order. The ISPs did not oppose the making of the orders, but had sought undertakings that the identities of the 49 persons would not be publicly disclosed except in the context of any legal proceedings which may be taken subsequently. Copyright © 2006, ENN
Sun Microsystems wants to prolong its relationship with partner Fujitsu beyond 2008 despite the companies' first, joint high-end servers hitting a delay. David Yen, executive vice president of Sun's scalable systems group, expressed optimism on Wednesday that the company could continue its relationship with Fujitsu in the face of their mutual server enemy - IBM. Yen's enthusiasm came as he conceded that the first fruits of the companies' relationship, the Advanced Product Line (APL) of servers, that are expected to feature Fujitsu's own SPARC64 processor, would not ship until 2007. Originally due for the middle of 2006, Yen said the delay would last "a few months". "You can expect low-end four and eight-way [servers] will happen sooner - before the end of this year. High-end 13, 32 and 64-way [servers] will probably happen in the early part of next year." Yen did not give a reason for the delay. Sun entered into the relationship with Fujitsu nearly two years ago, after canning the planned, and somewhat troublesome UltraSPARC V and Gemini processors. Under the companies' deal, Sun will ship servers using the Olympus edition of Fujitsu's SPARC64 processor instead of using UltraSPARC. The APL product line was scheduled to kick-in during 2006, just as Sun's UltraSPARC IV came to the end of its lifespan. The deal potentially leaves Sun with a hole in its roadmap that is likely to be filled by Sun's UltraSPARC IV+ servers, demand for which outstripped expectations during its second fiscal quarter. Sun already plans a 1.8GHz architecture, but Yen said: "We may even push beyond that." Separately, Sun will open source its Niagara chip by March, with specifications published to www.opensparc.net. "Sun is publishing the chip's architecture so that "SPARC [can] go beyond Solaris and for Solaris to be successful... beyond SPARC," Yen says. The website is designed to off-load the effort of supporting independent development efforts. "To facilitate the Linux porting, and to reduce our support burden, we will publish the API for the internal firmware," Yen said. He added that he already knew of "more than one" effort to port Linux to the T1000 and T2000 (Niagara) platform. ®
Business Intelligence (BI) is an umbrella term for systems and processes that turn a mass of opaque data into useful business information. SQL Server 2005 incorporates radical changes into its BI capabilities. UDM BI typically involves the construction of a data warehouse which pulls together disparate data held in different data sources within (and even outside) an organisation. Constructing a warehouseful of clean, coherent data is not easy. Not only is it hard to build, it’s also hard to maintain. Instead of adding further bolt-on tools, for 2005 the SQL Server development team stood back and attempted to solve the fundamental problems of data warehouse design and development. The UDM (Unified Dimensional Model) and Pro-active Caching are the results. The UDM is essentially a layer that sits between the users and the source systems. This layer models the analyses that users wish to perform on the data. The traditional approach to warehousing is to perform nightly extracts from the source systems and restructure that data into OLAP (On Line Analytical Processing) cubes. The cubes can be accessed very rapidly but the data is never exactly current. In SQL Server 2005 the caching system has been totally redesigned and is much more flexible. OLAP cubes can now act as a ‘pro-active’ cache - the data therein can be refreshed from the source systems much more frequently than every 24 hours. The initial structure of the pro-active cache is automatically determined by the UDM and can be tuned to a desirable balance between query performance and the latency of data in the cache. The cache itself has a degree of intelligence built in, which enables it to learn from the queries that users run against it and respond by modifying the structure of the cache. The UDM and Pro-active Caching bring the goal of real-time data warehousing into the realms of the possible from the badlands of the difficult. Integration Services When the DTS (Data Transformation Services) came out in SQL Server 7 in 1998, it was a good tool with a usable UI. Over the years data volumes have increased and latterly the DTS’s scalability has been seriously called into question. In addition, as we have continued to learn more about how to extract, transform and load data, its ETL abilities started to look long in the tooth. By the year 2005 it was positively walrus-like. For SQL Server 2005, Microsoft scrapped the DTS altogether and started again. One major change is the new name - Integration Services (more information here). Another is that the new product explicitly separates the data control from data flow. There are separate environments for designing tasks that determine data control and those that determine data flow, improving both the design process and later maintenance. Package variables can now be defined, and can be inspected and scoped to a package, task or loop. All packages are stored in SQL Server or as XML in the file system, so that they can be managed under source control. A DTS 2000 package migration wizard can help move existing packages to the new version, issuing warnings where problems are encountered. For those hard-to-migrate packages the DTS runtime (part of SQL Server 2005) runs old-style packages without upgrading. Data Mining SQL Server 2000 came with two data mining algorithms (Decision Trees and Clustering) as part of the deal. Way, way back then it was astonishing not to have to hand over large wodges of extra cash for such data mining tools. The algorithms themselves were good, although the UI for visualising the results they produced was crude and scalability was something of an issue. However, it was hard to complain overmuch given that you had access to two algorithms for nothing when other manufacturers were charging megabucks. Joining these two in SQL Server 2005 are five further flavours of data mining: Association rules: find rules in data that say This and That lead to The Other. One major application is analysis of web site usage. Naïve Bayes: for classifying data and highlighting differences between separate groups, for instance between house owners and house renters. Neural Nets: finds complex patterns and relationships in data. It runs relatively slowly but may turn up patterns that are not identified by other algorithmic approaches. Sequence Clustering: for analysing a series of events and predicting the likely next event in the series. Time Series: for investigating time-based data. Sales data is a classic example: it can tell whether the purchase of Product X will lead to a purchase of Product Z. Reporting Services When Reporting Services was released during the beta programme it was greeted with such rapture that a version was released for SQL Server 2000. The 2005 version is a major enhancement to the BI toolset with support for ad hoc querying. WOW! It all sounds great! The UDM, Integration Services, new mining algorithms – it all sounds too good to be true. Well, it isn’t, Microsoft is genuinely including world class BI software with certain versions of SQL Server. But there is a problem, particularly for those who have already deployed SQL Server 2000 BI solutions. BI in SQL Server 2005 is like a foreign country, they do things differently there. By which I mean that Microsoft hasn’t just provided a better ETL tool and a new set of mining algorithms. By introducing the UDM and pro-active caching it has totally re-written the way in which we solve BI problems. Why didn’t the big M just leave well enough alone? The answer is that the old ways were developed during the late 1980 and ‘90s. Since then we have learnt a great deal more about BI. In addition, the concept of proactive caching has been around since that time. It has remained unimplemented commercially up until now because the algorithms required to update a MOLAP (Multidimensional Online Analytical Processing - traditional OLAP) cube in real time are necessarily very complex and, in addition, proactive caching soaks up huge resources in terms of CPU cycles and memory. Indeed, cynics might suggest that it is just as well that Microsoft has taken five years to produce this version of SQL Server – the huge delay has allowed CPU development to catch up and RAM costs to drop to the point where we can just about afford to use it. So, bear in mind that if you are an existing BI developer you have a great deal of conceptual material to absorb before you can deploy an effective BI solution using AQL Server 2005. In addition, if you take an existing BI solution and upgrade it without thought, you will end up with a SQL Server 2000 BI solution that happens to run under SQL Server 2005. You will have undergone all of the pain of a migration and you will reap essentially zero reward. An effective upgrade of an existing application will require a total redesign (and probably a new, bigger, box to provide all of those extra cycles). Summary The BI capabilities of SQL Server 2005 form the most important part of Microsoft’s strategy to take over the world, at least in database terms. Ten years ago BI was an incredibly costly game: everything was expensive - the ETL tools, the data mining algorithms and the multi-dimensional database engine. Now, if you happen to be buying SQL Server 2005 as a database engine, the BI tools are free in the box (depending on the version you buy). For many companies this is likely to be a very tempting offer. ®
Slowly but surely the standard tasks of the developer’s daily grind are being absorbed and packaged up by a growing number of vendors. Systems management tools, for example. Vendors have already subsumed much of the management coding that would in the past have been the developer’s lot, and now Intel is casting its beady eye on the potential from the other end of the spectrum. The company has been integrating large amounts of PC real estate into the processor, or the associated chipset, for some time. The graphics controller is one obvious example. But now it is looking at what constitutes a 'server' and starting to identify that functionality as targets it can integrate into its own architectures. It has already integrated virtualisation into the processor with the new VT technology, and has recently also added power management. The next target, due to be implemented into the Dempsey dual-core Xeon DP processor, is Active Management Controller, a module capable of monitoring performance and similar factors that collectively sum up the 'health' of the processor. According to Kirk Skaugen, VP of Intel’s Server Platforms Group, the company is working with the close collaboration of mainstream information management systems vendors such as IBM, HP, BMC and CA, as well as Symantec, LANDesk and Novell, so they can all interoperate with the on-chip functionality. Also expected to appear soon is I/O Acceleration Technology (I/OAT) designed to significantly boost TCP/IP performance, and Skaugen indicated that other targets for integration are under development and scrutiny. Indeed, they will form integral parts of what he called a Formal Usage Model for the company's server platform, which will incorporate dynamic provisioning and services, and node configuration. All this follows a pattern set out by Intel’s law-meister, Gordon Moore, many years ago. Speaking at the 1979 International Solid State Circuits Conference in Philadelphia, he observed that as device complexity increases the number and diversity of functions possible on a chip also increase. The danger with this is that it is all too easy to end up with an all-singing, all-dancing device that is so complex it does not fit the requirements of any server vendor. But targeting increasing amounts of low-level, commonly used functionality has the potential to not only increase the value and margin of each processor, but also increase the dependence of users on the device. A 'Formal Usage Model' will inevitably be a two-edged sword for developers, especially as it grows, for they will have to be ready to grow with it if it is successful. If it does succeed, it will have the effect of creating a new 'baseline' of services and functionality to which developers will have to work. This could have the distinct advantage of effectively standardising a growing range of common functions that will no longer need to be in the developer’s standard repertoire of coding skills. In turn, they will be free to start applying their talents at the next level of abstraction in applications and systems development. But If Intel fails in making this work, either by picking the wrong functionality or by integrating too much functionality too soon, developers may well find those old skills will still be needed after all.
IT decision makers are the target of an Eclipse Foundation campaign to make them feel comfortable adopting tools and integration strategies based on the group's open source framework. Eclipse is preparing a roadshow for executives who set IT strategy at enterprises, to educate them about using Eclipse-based software. This will hit four US cities starting next month. The roadshow reflects the expansion of Eclipse's remit to projects that go beyond integrated development environments (IDEs). Eclipse claims that between 55 per cent and 60 per cent of Java developers today use an Eclipse-based IDE. These tools include SAP with NetWeaver Developer Studio, Sybase with its WorkSpace and offerings from a host of embedded systems specialists including MontaVista Software and QNX. Eclipse has 150 member companies and began life in 2001 as an open source tools framework for Java, following a massive donation of code from Java tools laggard IBM. IBM's reason for establishing Eclipse was to broaden support among developers for its own Java tools. IBM with Visual for Java - re-branded WebSphere - lagged behind Borland Software's market share, while control of Java rested with the Java Community Process (JCP). This was - and still is - stewarded by Sun Microsystems, IBM's Java and systems foe. Sun has not joined Eclipse. Since those early days, Eclipse has seen a mushrooming of projects. One notable example is the Business Intelligence and Reporting Tools (BIRT) for business intelligence (BI), which takes Eclipse out of its early, pure IDE focus. Underpinning Eclipse's latest objective - of wooing IT decision makers inside enterprises - is the Application Lifecycle Framework Project (ALF), which started life last summer. The goal of ALF is to co-ordinate and orchestrate the metadata that flows between tools plugged into the Eclipse framework. This takes the original concept of Eclipse, which was to provide a framework for different tools, a step further. The framework itself provides different vendors' tools with a common user interface, menu system and code repository. By sharing metadata, it is hoped ALF will allow a greater degree of collaboration and interoperability between Eclipse tools, making it easier for developers to work together as tools integrate at a feature level. The first ALF "code drop" is due at next month's EclipseCon 2006 in California. Ian Skerrett, Eclipse's director of marketing, told The Register that while Eclipse has had considerable success getting developers to adopt Eclipse through viral marketing, the next phase is to educate those who set IT strategy who, he said, "have heard Eclipse is something their Java developers use". "Eclipse is much more than just a Java IDE. It's a platform that if they implement it they can benefit from," Skerrett said.®
IBM managers are in meetings across the country to hear about changes to the company pension. Observers are speculating that the firm will announce the end of the UK's final salary pension, as it has already done in the US. A flock of major UK - and US - companies have pulled the plug on their traditional final salary schemes in recent years, blaming growing deficits on reduced stock market returns, a harsher regulatory and fiscal attitude from the government, and retired workers' refusal to die early. Strangely, none of them blames the extended "contributions holidays" many of them took during the long stock market bull run in the 90s.®
Abit is to sell its motherboard division to fellow Taiwanese mobo maker Universal Scientific Industrial (USI) for TWD350m ($11m) and 20m shares. USI is forming a subsidiary into which the Abit operation will be merged. The deal brings USI the Abit brand along with the mobo division's intellectual property portfolio, its products, customer relationships and workers, USI said yesterday. It said it expects the merged business to ship more than 10m units a year going forward - Abit ships around 2m to 2.5m units a year, it added.
Well, here's a bit of agreeable news for those readers who dread getting up in front of the board to deliver that mission-critical Powerpoint presentation: indulging in full-on rumpy-pumpy beforehand will help you face the ordeal in a state of hormone-induced calmness. That's according to Stuart Brody, a psychologist at Scotland's University of Paisley, who "studied nearly 50 men and women who recorded their sexual activities for two weeks and analysed its impact on their blood pressure levels when under acute stress, such as when giving a speech", as Reuters explains. Brody found that volunteers who had sexual intercourse (a dirty job, but someone's got to do it) were the "least stressed and had blood pressure levels that returned to normal more quickly than people who engaged in other types of sex". That's right - it has to be the Full Monty, so it's no use relying on a Lewinsky or executive relief before hitting the podium. Why? Well, Brody believes release of the "pair bonding" hormone oxytocin might have something to do with it, provoking as it does a sense of calm wellbeing. Those who did not indulge in sex at all "the highest blood pressure response to stress", the research also found. The moral? For payrise-provoking, flipchart-assisted oratory, engage in 100 per cent beast with two backs action as close as possible to the main event. Just make sure to lock the stationery cupboard door first. ®
Nvidia has confirmed speculation that it will announce its next-generation graphics chip architecture at CeBIT. The head of the company's Taiwan sales operation, Paul Sun, this week said the chip maker will introduce a new high-end GPU in early March. Sun, cited by DigiTimes, also said a full line-up of GeForce 7-class GPUs will be available worldwide by 1 February, suggesting an imminent product announcement, quite possibly the rumoured GeForce 7200 and 7600.
Nintendo is indeed planning to ship a redesigned version of its DS handheld console, despite apparent denials that such a move was being contemplated. The so-called 'DS Lite' is scheduled to ship in Japan on March 2, the video games pioneer said today. As its name suggests, the DS Lite isn't as heavy as the current version, weighing 218g to the standard DS' 275g. It's smaller too: 13.3 x 7.4 x 2.2cm to 14.9 x 8.5 x 2.9cm. 'Lite' also suggests brightness, Nintendo said, hence the new machine's shiny white carapace, toned to appeal to the iPod generation.
Infinium Labs, the company behind the Phantom games console and broadband content service, yesterday said it had won $5m in funding - money it needs to begin manufacturing its Phantom Lapboard gaming accessory. Infinium will receive $625,000 when it registers the investment with US regulatory authorities. It can then take some or all the full $5m, of which it will presumably use $2m to fund the production of the Phantom Lapboard - the figure the company said would be needed when it announced the product in late December 2005.
Brits can all sleep easier in their beds now that the UK’s Atomic Weapons Establishment has handed over £20m for a shiny new Cray XT3 super computer. The AWE said the 40 teraflops box of tricks will be used for a range of jobs such as “weapons physics, materials science and engineering” which will “underpin our continued ability to underwrite the safety and effectiveness of the Trident warhead in the Comprehensive Test Ban era.” We think that means that seeing as boffins can no longer check the nukes are in working order by letting one off every now and then, they’re going to be running simulations on the XT3. Cray will ship the XT3 in the second quarter, and it should be humming along nicely in the second half of the year. Those who really care about these things will be glad to know the XT3 runs on AMD’s Opteron processors. The company did not say how many processors the AWE’s machine will run but the system at the US’ Sandia National Laboratory accommodates upwards of 10,000 and the architecture is designed to scale up to 30,000. Which, we're sure you'll agree is a pretty good platform for playing Sim Apocalypse.®
World+dog bought 244.9m mobile phones during the final three months of 2005, market watcher Strategy Analytics (SA) said today, adding that the figure is a record one. For the year as a whole, some 810.5m handsets shipped, up 19.1 per cent on 2004's total, 680.5m. SA reckons shipments will rise 14.8 per cent this year, to 930m units, before shooting past the 1bn mark in 2007.
Xerox has slashed its European distributors from 49 to just three. Ingram Micro was the first to blow its trumpet as one of the lucky trio. But the copy vendor has said there may be local variations to this pan-european - or as we used to say in the trade, oligarchical - arrangement. Other distributors may continue to sell its products, but will have to subdistribute from the master three.
Washington State and Microsoft have joined forces to sue a firm that allegedly used scare tactics to sell ineffective anti-spyware software. New York-based Secure Computer is accused of using spamming and pop-ups in an aggressive and allegedly deceitful marketing campaign designed to promote sales of a product called Spyware Cleaner. The firm is the first to be sued under Washington's newly enacted anti-spyware regulations. It also stands accused of violating federal anti-spam laws, as well as other state and federal consumer protection legislation. In a lawsuit, Washington's Attorney General Rob McKenna alleges that Secure Computer's anti-spyware software falsely claims that PCs are infested in an attempt to coax users into paying $50 for its software. Spyware Cleaner only changes security settings on PCs rather than doing anything to clean machines of any infection. Washington State alleges the software actually "renders computers more susceptible to attacks" rather than protecting them. Some of the emails punting Spyware Cleaner pose as messages from MSN Member Service with subject lines such as "Special Security Alert for MSN Members". Other messages allegedly arrive as pop-ups via Windows Messenger. These alleged tactics prompted Microsoft to file a federal lawsuit against Secure Computer alleging the firm used its trademarks without permission to suggest Microsoft recommended the ineffective software. The lawsuit brings charges against Secure Computer company president Paul E Burke, and owner and manager of web domains for Secure Computer Gary T Preston. Both New York-based men reportedly made in excess of $100,000 flogging Spyware Cleaner through various affiliates. Other defendants - Zhijian Chen, of Portland, Oregon; Seth Traub, of Portsmouth, New Hampshire; and Manoj Kumar, of Maharashtra, India - are alleged to be affiliate advertisers of Spyware Cleaner. ®
UpdatedUpdated A BBC survey into Brits' views on evolution has found that while 48 per cent of people opted for evolution as that which "best described their view of the origin and development of life", 22 per cent opted for creationism and 17 per cent for for intelligent design. The remainder of the pollees "did not know". Asked which of the three theories should be included in school science lessons, 44 per cent said creationism should be on the agenda, 41 per cent voted for intelligent design, while 69 per cent backed evolution. According to the Beeb - which conducted its probe of 2000 participants for a programme entitled: Horizon: A War on Science - this is evidence that "more than half the British population does not accept the theory of evolution". Horizon editor Andrew Cohen said: "I think that this poll represents our first introduction to the British public's views on this issue. Most people would have expected the public to go for evolution theory, but it seems there are lots of people who appear to believe in an alternative theory for life's origins." Hmmm. In fact, we could claim that almost 70 per cent of Brits back the teaching of evolution, although we concede that, according to the figures, they must also have backed the inclusion of at least one of the other two options. Typical woolly-headed liberal thinking there. Regarding what people actually believe, as opposed to what they think their kids should be subjected to, the 22 per cent who got behind creationism is hardly a shocker, being as it is a de facto tenet of much of Christianity. In fact, just 17 per cent of Brits believe in intelligent design - just ahead of the 13 per cent who really don't know or don't care. The one interesting fact to come from the survey is that "participants over 55 were more likely to choose evolution over other groups, while those under 25 were most likely to opt for intelligent design."* Horizon: A War on Science is on BBC Two tonight at 2100 GMT. ® Update * Thanks to those readers who have written to say the BBC's original version of this story now reads: "Participants over 55 were less likely to choose evolution over other groups." Well, when we published our piece at 12.30 today, the piece certainly said: "Participants over 55 were more likely to choose evolution over other groups, while those under 25 were most likely to opt for intelligent design." We now have no idea what people under 25 think, so you can make of the correction what you will. There's not a lot of intelligent design in there, we reckon.
Book reviewBook review I'm not that keen on the word “hacker” in the modern, pejorative sense (I remember when it meant a good UNIX programmer) and I'm generally not that that impressed by hackers either - mostly they're not particularly clever and just got lucky.
Research in Motion (RIM) will appear in court on Friday, 24 February to hear if it must close its Blackberry push email service to US customers or, at the very least, make them implement an upgrade. Judge James Spencer yesterday named the date at which he will hear arguments from RIM and patent holding company NTP over whether he should ban Blackberry for violating NTP's intellectual property, a verdict already reached at both District Court and Court of Appeals level.
European aircraft manufacturer Airbus has announced it will create 650 new jobs as part of an expansion of its wing-manufacturing plant in north Wales, the BBC reports. The factory at Broughton in Flintshire already employs over 6,000 people in the construction of wings for the Airbus A350 and A380 "superjumbo". It is Wales' largest manuafcturing facility. Airbus is currently on a roll, and last week boasted it had a 2,000 aircraft order backlog. It last year upped deliveries by 18 per cent to 378 aircraft. As well as the new jobs, Airbus's Broughton factory will also enjoy a £5.2m Welsh Assembly government to "help boost production". An enthusiastic Flintshire council chief regeneration officer, Dave Heggarty, described the announcement as "wonderful news", adding: "The company now employs well over 7,000 people on the site and around north Wales there are around 12,000 people employed by companies that supply Airbus. The wage bill in Broughton alone is around £6m a week. "Employing people in an industry like aerospace manufacture is extremely expensive - training costs are particularly high. The 650 recruited will go through a lengthy programme and the grant will assist with that training." The A350 is due to hit the skies in 2010. The A380 had its maiden flight back in April last year and is due into service with Singapore Airlines at the end of 2006. ®
Creative experienced a dip in profitability during the final three months of 2005, the second quarter of its 2006 fiscal year, despite big sales gains pushing revenues to their highest level in five years. Revenue for the period totalled $390.8m, up 4.2 per cent from Q2 FY2005's $375.1m and 39.5 per cent on the previous quarter's $280.2m. Net income was $8.2m (ten cents a share) down from the year-ago quarter's $11.8m and up on Q1 FY2006's $700,000 (one cent a share).
South Korea's second largest phone maker, Pantech, has launched a slider phone aimed at the local mobile media player market, touting the handset's near-widescreen display and its MP3 and video playback facilities. The IM-U100 sports a 2.6in display with a 15:9 aspect ratio. It's not quite the 16:9 ratio you see on a widescreen TV, or even a 2.35:1 you get at the movies, but it's better than the 4:3 ratio most phones offer. It's backed by a "high quality loud speaker", Pantech said.
CommentComment The IEEE has abandoned its effort to create a UWB standard, but has agreed on a draft for the next generation of WiFi, 802.11n. The conventional wisdom is that this week's events are great news for Wi-Fi, and a disaster for Ultra-Wide Band, UWB, and by association, Bluetooth. In fact, the exact opposite is likely to be the judgment of the future.
Confusion and lack of leadership is leaving many UK businesses exposed to mobile security risks, according to a new study. Four in five (80 per cent) of 2,035 IT pros surveyed by market analyst firm Quocirca, say ordinary workers constitute the main mobile security threat. But one in five companies that already have a wide deployment of mobile devices (such as wireless PDAs and smartphones) admit they've failed to implement effective security policies. Even among respondents that have mobile security policies, three in five (60 per cent) admit the policies are not enforced. This raises questions about leadership within organisations and whether senior staff are treating security as a high enough priority, according to mobile telco Orange, which sponsored the online study. "Responsibility for security is being placed firmly in the hands of the user, but it's essential that attitudes change and security becomes a shared responsibility between the company and the employee," says Alastair MacLeod, vice president of Orange Business Solutions UK. "There are a number of simple ways to encourage responsible behavior and the first obvious step is to set out a sensible security policy and to engage users through consultation, not prescription. Communication is key." The survey found business managers were content to leave staff - rather than IT managers or the board - responsible for the data security of mobile devices. Staff were often given a choice over what device they wanted, and the use of passwords or PIN protection was often left up to to them. Even firms with a better understanding of mobile workings frequently failed to keep track of devices or take steps to provide access to corporate resources in a controlled manner. "There is widespread naivety and neglect in handheld device security," said Rob Bamforth, principal analyst at Quocirca. "However, it is important to realise that both employees and employers have to play their part. Organisations have a duty to develop, communicate and enforce an effective security policy which employees should understand and abide by. Since some users will still have a lax attitude, businesses should place a safety net of measures to deal with the most likely eventualities including backup and contingency planning." ®
ReviewReview Now that German's Beyerdynamic has returned to studio-level audio equipment, it's let Sennheiser carpet the portables market with the kind of spread that Beyer boasted in the 1990s. At the same time, Sennheiser has updating the looks and prices of its headphones to make them attractive enough to replace regularly with the latest model...
Germany is leading the scramble to snap up new European domains, while the UK is being a tad .eusceptic. According to the latest stats, the European domain name registry has received more than 166,000 applications for .eu domains since the registration period opened on December 7. Germany accounts for a third of all applications followed by The Netherlands (16 per cent) and France (13 per cent). Just one in ten applications has come from the UK. "The demand for .eu has been very strong, though it is worrying that British businesses are so far behind their European rivals in protecting their brands online," NetNames business development director Jonathan Robinson said. "British companies must act quickly to ensure their online brands are protected across Europe. Applications are dealt with in the order they are received, so any delay could cause your brand significant damage if your trademarks and names are registered by another party," he said. ®
Nintendo has opened its wallet to fund a £1m gaming retrofest at London's Science Museum where teary-eyed old timers can chew the fat about Space Invaders, Pac-man and Donkey Kong. According to London's Evening Standard, the expo will open later this year and run until 2007 when it will be replaced by "an interactive gallery built to inspire aspiring programmers", which will wow the crowds until 2009.
A Syracuse University research team has discovered something quite remarkable, if not immediately useful in everyday life*: bats belonging to species where the females are promiscuous have bigger testicles than those in species where the girls are more family-oriented. There is, however, a price to pay: the bigger your 'nads, the smaller your brains, according to team leading biologist Scott Pitnick, who quipped: "It turns out size does matter." Pitnick's research, which according to AP features in last December's Proceedings of the Royal Society: Biological Science, concludes that males in some species "make an evolutionary trade-off between intelligence and sexual prowess", as bat-mating expert David Hoskens of Exeter Uni explained. Pitnick's team examined 334 bat species, finding that in those with monogamous females, males had testes ranging from 0.11 per cent of their body weight to 1.4 per cent. In contrast, in species with promiscuous females, the testicles ranged from 0.6 per cent to 8.5 per cent of the males' mass. Rafinesque's big-eared bat was apparently the species with the league-topping testes. "Bats invest an enormous amount in testis, and the investment has to come from somewhere. There are no free lunches," Hoskens illuminated. The reason your bat might be obliged to invest so much in the trouser department is simple. "If female bats mate with more than one male, a sperm competition begins. The male who ejaculates the greatest number of sperm wins the game, and hence many bats have evolved outrageously big testes." Naturally, if you've put all your energy into record-breaking nuts because the girls on your block are putting it about, you might have an "adaptive advantage", but there simply is not enough energy left to invest in a bigger brain. Bat chaps are not the only males who walk bow-legged with a vacant expression on their faces - chimpanzees too are promiscuous and their cojones are much bigger than those of gorillas, where one bloke controls several females without fear of competition. Bootnote * Oh, alright then - it's a real dinner party show stopper: "Yes, it's true: the poor thing had bollocks like bowling balls but was as thick as ten short planks nailed together..." And thanks to reader John Emery for the testicular heads-up.
Say hello to the latest weird watch: the Kerala Trance. Sounds a bit Ibiza to us, but it's got a geek angle too: the display's in binary. Two rows of four LEDs tell the time; hours above, minutes below. Next to each LED there's a number - add up the numbers whose lights are illuminated and you get the time. If the LEDs marked 8 and 1 are lit, it's Nine O'clock; if the lower-row 16, 8, 4 and 2 LEDs are on too, it's 9:30. Maybe that's not the kind of mental gymnastics you want be doing if you're trying to catch the last train home after a evening in the pub, but you get the idea. It's easier to decide whether you want to shell out the £100 UK distributor Firebox wants for it. ®
The Information Commissioner cast an eye over the Shoreditch home surveillance project this week as the man behind the controversial scheme assured residents their civil liberties will be protected. Daniel Hodges, CEO of project architects Digital Bridge, had a visit this week from the Information Commissioner (IC), who wanted to make sure the project in East London would not offend any privacy laws. Admitting homeview CCTV was "on the borders of what's acceptable", Hodges said he had taken legal advice and safeguards will be in place to avoid offending privacy laws. The scheme will be piloted in March and could eventually give 40,000 homes access to a network of CCTV cameras across Hackney, East London, through set-top boxes connected to their televisions and home computers. "The main safeguard in relation to this is that residents do not have control of the cameras and don't have the capacity to zoom in and follow people," Hodges said. "It won't be possible to see people's faces or identify them," he said, because cameras would be placed up high and images would be rotated from camera to camera every 30 seconds. Another safeguard would prevent residents from recording the images transmitted from CCTV cameras. The signals will be encrypted using the same technology used to prevent Sky movies from being copied, said Hodges. The IC will provide a written assessment of the Shoreditch* scheme following a period of consultation. Its opinion on whether the scheme complies with privacy laws will be sent to Hodges by letter before the pilot begins. * The last reference in The Register to the IC's interest in Shoreditch as an "investigation" may have been misleading. The IC's investigation is not formal, though its opinion would likely form the basis of any formal investigation were the scheme to offend privacy laws when it started.®
The UK Government plans to toughen up computer crime laws under proposals outlined in the Police and Justice Bill on Wednesday. The bill would double the maximum jail sentence for hacking into computer systems from five years to ten years, a provision that will classify hacking as a more serious offense and make it easier to extradite computer crime suspects from overseas. Denial of service attacks, something of a grey area under current regulations, would be clearly classified as a criminal offense under amendments to the 1990 Computer Misuse Act (CMA) proposed in the bill. Industry pressed for changes along these lines even prior to the 2004 inquiry by MPs that recommended changes to the CMA to modernise UK computer crime law. Other provisions in the bill are likely to prove far more controversial. Clause 35 of the bill contains provisions to ban the development, ownership and distribution of so-called "hacker tools". But the clause fails to draw adequate distinction between tools which might be used for legal as well as unlawful purposes. Reg readers have been quick to point out that the distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run DOS attacks and one designed to stress-test a network, are not properly covered in the proposed legislation. Taken as read, the law might even even make use of data recovery software to bypass file access permissions and gain access to deleted data, potentially illegal. "As far as I can see, this looks a complete dog's breakfast of a clause as it fails to consider that many so-called 'hacker tools' have perfectly legitimate uses," writes Reg reader Dave Lambert, who runs the Talk Politics blog. Spy Blog describes the bill as a "pathetic hodge podge" that's being prepared without proper consultation. It describes Home Office attempts to modify the CMA as "ineffectual and pathetic". "This bill extends the powers of the police, mucks around with existing policing structures, creating extra bureaucracy, and contains a portmanteau of ill-thought out miscellaneous measure," Spy Blog rants. Modifications in computer crime law make up a small, but important, section of the wide-ranging Police and Justice Bill. The bill is largely concerned with attempting to drive up standards across the police service via modifications to existing police structures and empowering communities to take an active role in tackling anti-social behavior. Police will also get more powers, including the ability to demand passenger and crew data on journeys within the UK. Airlines and ferry companies would have to provide police with advance details of the name, date of birth and nationality of passengers in advance, The Guardian reports, adding that the measures could lead to delays at ports. The Police and Justice Bill can be found here. ®
VoIP networks such as Skype and Vonage might be used to control networks of compromised machines because of security shortcomings that give hackers a better opportunity to cover their tracks, security researchers warn. Boffins at the Communications Research Network (CRN), which involves academics from Cambridge University and the Massachusetts Institute of Technology as well as industry experts - reckon that VoIP applications provide a means to anonymously launch denial of service attacks. Networks of virus-infected machines under the control of hackers (so-called botnets) are generally controlled using IRC networks. Attack commands might also be sent via instant message. But if control traffic were buried in streaming IP Telephony packets it would be far harder to trace it origins, and catching those responsible for DoS attacks would become much more difficult. The Communications Research Network’s working group on Internet Security argues the ability to dial in and out of VoIP overlays allows for control of an application via a voice network, making it almost impossible to trace the source of an attack. In addition, proprietary IP Telephone protocols inhibit the ability of ISPs to track denial of service activity. Encryption for user privacy, P2P systems to assist with call routing and NAT/Firewall traversal further obscure the command traffic. "While these security measures are in many ways positive," says the CRN’s Jon Crowcroft, the Marconi professor of communications systems at Cambridge University. "They would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks. Although one could slowly shut down and patch or upgrade the exploited machines, it would be much harder to find affected computers and almost impossible to trace the criminals behind the operation." CRN doesn't have any evidence that hackers are using VoIP network to hide their nefarious activities. Nonetheless CRN reckons use of the technique is only a matter of time. CRN has spoken to VoIP network providers to raise its concerns prior to going public this week. It reckons the security loophole it identifies could be closed if VoIP providers were to publish their routing specifications or switch over to open standards. Suspects in denial of service attacks have generally been arrested by tracing money offered to them as pay offs, sometimes as part of sting operations. Follow the money rather the following the packet remains a far more straightforward investigative technique. While the points that CRN makes about the possible use of VoIP networks to obfuscate attack data (which isn't happening just yet, even according to CRN) are valid, we can't help feeling that in focusing on how attack networks are controlled it's missing the bigger picture that there an unknown, but large number of compromised Windows PCs out there that need to be identified and fixed, a problem that has become a major project for security vendors and ISPs over recent months. ®
Mobile phone average selling prices are in decline, Nokia warned today as it reported its Q4 FY2005 financial results. Sales for the period hit €10.33bn ($12.68bn), nine per cent higher than the year-ago quarter's €9.46bn. The mobile phone giant sold €6.22bn ($7.64bn) worth of handsets in the quarter, up just six per cent on Q4 FY2004's total, €5.87bn ($7.21bn). Nokia's net income was €1.07bn ($1.31bn), down a single percentage point from the year-ago quarter. Then, the company made €1.08bn ($1.33bn) in net profit. By contrast, earnings were up year on year, from 24 cents a share to 25. Nokia said it will spend €6.5bn ($8bn) this year buying back stock, raising the prospect that earnings will continue to rise. ASPs, on the other hand, will continue to fall, Nokia said. In Q4, they dropped to €99 ($122) from €102 ($125) in Q3 and €111 ($136) in Q4 FY2004. Analysts had forecast a Q4 FY2005 ASP of €100 ($123). The ongoing ASP decline will be "primarily driven by a mix shift in our volumes to markets where low-end models predominate", Nokia said, and "consistent with the industry trend, specifically the strong volume growth in emerging markets". For FY2005 as a whole, Nokia reported income of €3.62bn ($4.44bn) on sales of €34.19bn ($41.98). Those figures amounted to increases of 13 per cent and 16 per cent, respectively, on FY2004's totals. The phone division reported annual sales of €20.81bn ($25.55bn), 12 per cent higher than the €18.52bn ($22.74bn) Nokia announced this time last year. ®
The Linux kernel is not moving to the next version of General Public License (GPL), following objections from Linus Torvalds to the license's stance on digital rights management (DRM). Torvalds told a mailing list on Wednesday the Linux kernel would remain under GPL 2.0, despite work underway at the Free Software Foundation for GPL 3.0. The sticking point is DRM. According to the first draft of GPL 3.0, published last week, the software it covers will "neither be subject to, nor subject other works to, digital restrictions from which escape is forbidden". The license adds: "DRM is fundamentally incompatible with the purpose of the GPL, which is to protect users' freedom." But Torvalds says it is "insane" to require people to make their private signing keys available. Such keys are typically used by individuals to generate a digital signature, or to decrypt messages and files. The creator of Linux won't make his own keys available. "I don't think the GPL v3 conversation is going to happen for the kernel, since I personally don't want to convert any of my code," he says. While some Linux kernel files can be licensed under GPL 3.0, Torvalds notes, the kernel in general is - and will - remain under GPL 2.0. Joining a debate on the mailing list about the feasibility of conversion from GPL 2.0 to GPL 3.0, he says: "The default is to not allow conversion. Conversion isn't going to happen." Torvald's stance will further dismay Linux diehards who are convinced the only good source is open source, and follows the controversy that followed last year’s revelation that Torvalds used the proprietary, closed-source Bitkeeper for Linux kernel development. ®
One in five PCs - and one in four desktops - now has AMD Inside, according to analysts at Mercury Research. The silicon contender saw the strongest growth in the server market, climbing from 12.7 per cent in Q3 2005 to 16.4 per cent in the final quarter of 2005. Desktop share climbed from 20.4 per cent to 24.3 per cent, while AMD took 15.4 per cent of the mobile market, up from 12.2 per cent.
Component shortages and a lack of manufacturing capacity have forced Microsoft's Xbox 360 console into hibernation, a situation that looks set to continue until Spring. Despite its spectacular launch in November, US retailer Circuit City told USA Today earlier this week that "supplies are going to remain pretty tight for the next 90 days", with the consequence that the chain won't be promoting the console. There's no point throwing resources at a product it can't sell.
Microsoft may not be off the hook with the European Commission (EC), despite this week's sweeping promise to license Windows Server communications source code. An EC spokesperson has reportedly called it "premature" to assume that access alone to the code would solve the problem of Microsoft's failure to comply. Microsoft had hyped its licensing offer, by claiming the company is "going far beyond European Commission's March 2004 decision and its legal obligations to provide technical specifications". The Commission in March 2004 had ruled that Microsoft had abused its dominant market position on the desktop to harm the competition in low-end servers and media players. "The company hopes to dodge the EC's threatened $2.4m-a-day fine for non-compliance with the EC's ruling that it open up Windows. Microsoft's offer would allow software developers to view, but not alter, the Windows source code. Unfortunately for Microsoft, the EC seems to be aware of the difficulties with a similar Microsoft program in the US - the Microsoft Communications Protocols Program (MCPP) - covering the release of Windows communications protocols. MCPP was created by Microsoft in August 2002 to demonstrate "good will" and help minimize the impact of the, then, pending anti-trust settlement with the US Department of Justice (DoJ) and prosecuting states. It has been consistently criticized and "substantially" revised during its four-year life, with Microsoft compelled to reduce the price it charged ISVs to license Windows protocols, to eliminate nondisclosure agreements (NDAs) with ISVs, and to slash the amount of paperwork associated with licensing. MCPP came in for its latest criticism this week, ahead of the company's offer to the EC, with the DoJ accusing Microsoft of having "fallen significantly behind" in submitting technical documentation to officials overseeing its program. In a new twist, Microsoft said it would offer the DoJ the same terms for the MCPP for licensing of Windows protocols as it has proposed in Europe on sever protocols to "foster consistency between both licensing programs." ®