HP is preparing to launch a new MSA2000 disk array product family for clustered servers, which it is targeting at SMB deployments and remote offices.
The array uses either 3.5-inch or 2.5-inch Serial-attached SCSI (SAS) drives and supports four Windows or eight Linux nodes.
The MSA2000 (modular smart array) comes in two products:
- MSA2060s with 12 x 3.5-inch dual-ported, hot plug SAS drives. Drive options are: 300GB 15K; 146GB 15K; and 72GB 15K.
- MSA2070s with 25 x 2.5-inch dual-port, hot plug SAS drives: 146GB 10K; 72GB 10K; 72GB 15K; 36GB 15K.
The 2070s would be able to handle more IOPS (I/Os per second) than the 2060s.
The enclosures are two standard rack units high, have four 3GB SAS ports, and the maximum capacity is 3.6TB (3.5-inch) or 3.65TB (2.5-inch).
There is battery-backed cache, which can operate for up to 96 hours, and also cache mirroring.
The products use an MSA2000s SAS Controller. A single controller is standard with the option to have a dual active/active setup. Supported RAID levels are: RAID 0; 1; 1+0; 5; and 6. There are hot swap and redundant power supplies and fans.
These new arrays attach to HP ProLiant and Integrity servers with a 4-node multi-path cluster configuration (dual controllers). There can be a lower availability 4-node single path cluster with one controller. A single path cluster could support 8 nodes with a dual controller. Both Windows (2003) and Linux (Red Hat, SuSE) host operating systems are supported with Windows supporting 4 nodes and Linux 8.
The MSA2000 products support up to 512 LUNs (logical unit numbers) with LUN size limits imposed by the operating systems.
Snapshot functionality will be added in a future release as will expansion capability.
HP is positioning the MSA2000 line underneath the MSA1000, 1510i and 1500cs storage area network (SAN) arrays whose prices start from around US$6,995. The new products will effectively replace the MSA500G2 with its SCSI drives, which starts from around $4,499. The MSA2000 has prices starting from under $5,000.
Wednesday, December 12, 2007
Centric CRM changes name, releases 5.0 version
Centric CRM said Wednesday it has changed its name to Concursive Corp., a move that coincides with the 5.0 release of its product.
The name change was necessary to better reflect the widening scope of the Norfolk, Virginia, company's open-source software, according to Michael Harvey, executive vice president. "We are providing a much broader application than is just captured by the term CRM," he said.
The software, now dubbed ConcourseSuite 5.0, includes Web site creation and deployment tools, CRM functionality, collaboration-oriented features and content management. It is available in both hosted and on-premises form.
Customers can also extend the core platform by plugging in portlet applications. The product comes with a number of prebuilt portlets, including ones for analytics and charting, according to the company.
"It would not be inconceivable for someone to turn every part of the experience we provide off and have everything be done through these portlets," Harvey said.
The company will continue to court primarily midsized companies, not large enterprises. "We're certainly not going to turn down any Fortune 500 companies. ... But quite often those companies will have an entrenched system, so the sale becomes more complicated," Harvey said.
Sheryl Kingstone, an analyst with Yankee Group, said that as Centric CRM, the firm's profile was fairly low, "So if you're going to change your name, now is the time to do it."
Reasons beyond new product features influenced the company's decision, according to 451 Group analyst China Martens: "What they were telling me is they were running into all the other 'centrics' around." Those include Centric Software, which makes applications for product and project management.
Martens said CRM vendors are trying to differentiate their offerings from that of competitors. "Theirs is going to be collaboration and Web 2.0. ... It makes sense. It's one of those areas right next to CRM," she said.
But Martens said Concursive's platform isn't quite baked. "I think we'll get a better sense next year in [version] 6, when everything's fully incorporated," she said.
Maintenance fees for ConcourseSuite Enterprise Edition start at US$250 per seat per year.
The name change was necessary to better reflect the widening scope of the Norfolk, Virginia, company's open-source software, according to Michael Harvey, executive vice president. "We are providing a much broader application than is just captured by the term CRM," he said.
The software, now dubbed ConcourseSuite 5.0, includes Web site creation and deployment tools, CRM functionality, collaboration-oriented features and content management. It is available in both hosted and on-premises form.
Customers can also extend the core platform by plugging in portlet applications. The product comes with a number of prebuilt portlets, including ones for analytics and charting, according to the company.
"It would not be inconceivable for someone to turn every part of the experience we provide off and have everything be done through these portlets," Harvey said.
The company will continue to court primarily midsized companies, not large enterprises. "We're certainly not going to turn down any Fortune 500 companies. ... But quite often those companies will have an entrenched system, so the sale becomes more complicated," Harvey said.
Sheryl Kingstone, an analyst with Yankee Group, said that as Centric CRM, the firm's profile was fairly low, "So if you're going to change your name, now is the time to do it."
Reasons beyond new product features influenced the company's decision, according to 451 Group analyst China Martens: "What they were telling me is they were running into all the other 'centrics' around." Those include Centric Software, which makes applications for product and project management.
Martens said CRM vendors are trying to differentiate their offerings from that of competitors. "Theirs is going to be collaboration and Web 2.0. ... It makes sense. It's one of those areas right next to CRM," she said.
But Martens said Concursive's platform isn't quite baked. "I think we'll get a better sense next year in [version] 6, when everything's fully incorporated," she said.
Maintenance fees for ConcourseSuite Enterprise Edition start at US$250 per seat per year.
Ex-JBoss head Fleury joins startup
JBoss founder Marc Fleury has resurfaced as a paid advisor to Appcelerator, a startup based in Atlanta that makes a toolkit for developing rich Internet applications (RIA).
Red Hat bought JBoss, a maker of open-source middleware, in 2006 for US$350 million. The outspoken Fleury oversaw Red Hat's JBoss division until quitting early this year, and since then has largely avoided the limelight.
He said he hopes to raise Appcelerator's profile in the increasingly crowded RIA space, which is led by the likes of Adobe's Flex, among others.
"The big dog is clearly Flex," Fleury said, but "the fact that it is so crowded and there is no clear winner is also an indication there is a market of opportunity."
Fleury described his role with Appcelerator as his "first engagement with the industry" since leaving JBoss. "I liked the product, I liked the tech, and figured I could help."
But Fleury said he essentially remains retired: "My other projects include family."
Fleury is the second former JBoss employee to join Appcelerator, following the company's hiring of Ben Sabrin as vice president of strategy and business development.
The company describes its Appcelerator Platform as ideal for creating what it calls "service-oriented user interfaces."
The platform provides an abstraction layer that allows developers to use AJAX and DHTML without needing to program in JavaScript themselves, and provides a widget library for pulling together common components. The platform is available under a GPLv2 license, and the company has created software development kits for Java, Ruby, PHP, .Net and Python.
"We're really focusing on RIA-enabling the enterprise," said CEO Jeff Haynie.
Red Hat bought JBoss, a maker of open-source middleware, in 2006 for US$350 million. The outspoken Fleury oversaw Red Hat's JBoss division until quitting early this year, and since then has largely avoided the limelight.
He said he hopes to raise Appcelerator's profile in the increasingly crowded RIA space, which is led by the likes of Adobe's Flex, among others.
"The big dog is clearly Flex," Fleury said, but "the fact that it is so crowded and there is no clear winner is also an indication there is a market of opportunity."
Fleury described his role with Appcelerator as his "first engagement with the industry" since leaving JBoss. "I liked the product, I liked the tech, and figured I could help."
But Fleury said he essentially remains retired: "My other projects include family."
Fleury is the second former JBoss employee to join Appcelerator, following the company's hiring of Ben Sabrin as vice president of strategy and business development.
The company describes its Appcelerator Platform as ideal for creating what it calls "service-oriented user interfaces."
The platform provides an abstraction layer that allows developers to use AJAX and DHTML without needing to program in JavaScript themselves, and provides a widget library for pulling together common components. The platform is available under a GPLv2 license, and the company has created software development kits for Java, Ruby, PHP, .Net and Python.
"We're really focusing on RIA-enabling the enterprise," said CEO Jeff Haynie.
Microsoft buys Multimap to boost advertising strategy
Microsoft continues to make acquisitions to boost its online services and advertising strategy. Early Wednesday the company said it snapped up Multimap, a U.K. company that provides online mapping for Europe, North America and Australia.
The companies did not disclose the terms of the deal. Multimap, based in London, will act as a wholly owned subsidiary of Microsoft and employees will be integrated into the company's Virtual Earth and Search teams in its Online Services Group (OSG), Microsoft said.
Multimap has staff in the U.K., U.S. and Australia, and Microsoft said it is not sure yet if those employees will stay where they are or move to other offices. The Multimap office in the U.K. will remain open and employees will continue business as usual there, the company added.
In addition to providing online maps, Multimap also offers location-based services to find local businesses, hotels and restaurants, as well as business services to provide mapping, proximity searching, routing, aerial images with map overlay, and local information to business Web sites.
Microsoft has been looking for ways to boost the value, and thus revenue, of OSG, which oversees MSN and Windows Live. Microsoft hopes to leverage these properties to sell online advertising and generate revenue in this area to compete with Google.
Last week the company said it purchased Seattle startup WebFives, formerly Vizrea, which provides a Web-based file-sharing service for Internet and mobile video, photos, audio, and blogs. Microsoft also made its largest acquisition to date to boost the revenue of OSG with its purchase of aQuantive digital advertising and marketing services firm for US$6 billion earlier this year.
In addition to making acquisitions, Microsoft also has been partnering with online content and service providers to offer online advertising. On Monday, the company announced a deal to be the exclusive provider of display and contextual advertising for CNBC.com, a deal similar to ones it already has in place with Facebook globally and Digg in the U.S.
All of these efforts are part of a now two-year push to add services and content for its online brands to boost the revenue of its Online Services Business segment. To date, Wall Street analysts have said they are unimpressed by the growth of this segment, and Microsoft's moves seem to be evidence the company is getting that message loud and clear.
Revenue from online services grew only 8.7 percent from $2.3 million to $2.5 million for Microsoft's fiscal year 2007, ended June 30. For the company's first quarter 2008, during which the aQuantive deal closed, revenue from OSG was better, up 25 percent year over year. But even Microsoft Chief Financial Officer Chris Liddell acknowledged when first-quarter earnings were revealed that Microsoft would like to see more growth from this business segment.
The companies did not disclose the terms of the deal. Multimap, based in London, will act as a wholly owned subsidiary of Microsoft and employees will be integrated into the company's Virtual Earth and Search teams in its Online Services Group (OSG), Microsoft said.
Multimap has staff in the U.K., U.S. and Australia, and Microsoft said it is not sure yet if those employees will stay where they are or move to other offices. The Multimap office in the U.K. will remain open and employees will continue business as usual there, the company added.
In addition to providing online maps, Multimap also offers location-based services to find local businesses, hotels and restaurants, as well as business services to provide mapping, proximity searching, routing, aerial images with map overlay, and local information to business Web sites.
Microsoft has been looking for ways to boost the value, and thus revenue, of OSG, which oversees MSN and Windows Live. Microsoft hopes to leverage these properties to sell online advertising and generate revenue in this area to compete with Google.
Last week the company said it purchased Seattle startup WebFives, formerly Vizrea, which provides a Web-based file-sharing service for Internet and mobile video, photos, audio, and blogs. Microsoft also made its largest acquisition to date to boost the revenue of OSG with its purchase of aQuantive digital advertising and marketing services firm for US$6 billion earlier this year.
In addition to making acquisitions, Microsoft also has been partnering with online content and service providers to offer online advertising. On Monday, the company announced a deal to be the exclusive provider of display and contextual advertising for CNBC.com, a deal similar to ones it already has in place with Facebook globally and Digg in the U.S.
All of these efforts are part of a now two-year push to add services and content for its online brands to boost the revenue of its Online Services Business segment. To date, Wall Street analysts have said they are unimpressed by the growth of this segment, and Microsoft's moves seem to be evidence the company is getting that message loud and clear.
Revenue from online services grew only 8.7 percent from $2.3 million to $2.5 million for Microsoft's fiscal year 2007, ended June 30. For the company's first quarter 2008, during which the aQuantive deal closed, revenue from OSG was better, up 25 percent year over year. But even Microsoft Chief Financial Officer Chris Liddell acknowledged when first-quarter earnings were revealed that Microsoft would like to see more growth from this business segment.
Groups launch new white spaces campaign
A coalition of technology vendors, consumer groups and think tanks has launched a campaign to persuade the U.S. Federal Communications Commission to approve wireless devices that would operate in unused television spectrum.
The Wireless Innovation Alliance, which launched a Web site Wednesday, is an expansion of the tech-centric White Spaces Coalition that has been pushing so-called white-space spectrum as a possible new broadband network. At Wednesday's alliance launch, several other groups, including Free Press, the Media Access Project, TechNet, the Computing Technology Industry Association and Educause, joined the tech companies pushing for the FCC to approve broadcast white spaces for broadband use.
U.S. Representatives Jay Inslee, a Washington state Democrat, and Marsha Blackburn, a Tennessee Republican, also lent their support.
Inslee called white space one of the "greatest untapped" sources for innovation in the U.S. "We're just waiting for government to do its job, to set the rules of the road, so the geniuses in America can really use this tremendous resource," he said.
The white spaces can help bring broadband to areas of the U.S. that have limited or no choices right now, Inslee added. The lack of broadband in many areas is "really a sad comment on our failure to move ahead as a nation," he said. "This is one of my continuing frustrations -- that we have not made adequate progress, and the availability of white spaces is one tool to attack that."
Inslee and Blackburn were among six lawmakers who signed a letter, dated Tuesday, to the FCC, calling on the agency to wrap up its ongoing inquiry into white spaces.
Advocates of white-space technology have run into significant opposition and some technical problems this year.
The National Association of Broadcasters (NAB), representing U.S. television stations, has raised concerns that white-space devices will interfere with TV signals. And more than 55 U.S. lawmakers have raised their own concerns about interference. "Placing these devices in the television band is believed to cause unacceptable interference to television reception for all Americans and impair coverage of news and sporting events by interfering with wireless microphones," wrote Senator Mary Landrieu, a Louisiana Democrat, in an Oct. 9 letter to the FCC.
In addition, the FCC in July rejected a device built by Microsoft and other members of the White Spaces Coalition, saying it interfered with TV signals. Microsoft later said the device was damaged and "operated at a severely degraded level."
In September, Microsoft and Philips Electronics North America submitted new tests from a functioning device to the FCC. The group is awaiting FCC action on the new device.
NAB still has concerns, said Dennis Wharton, the group's executive vice president for media relations. White spaces supporters are "playing Russian Roulette" with TV signals, he said. "It is unfortunate that Microsoft and Google continue to try to muscle their way through Washington in support of a technology that simply does not work."
Blackburn urged the FCC not to "pick winners and losers," but to base its decision on objective tests of the white spaces devices. A lot of areas in rural west Tennessee have no broadband, she said. "It is essential for economic development," she said.
Asked if any other countries are using white-space spectrum for broadband devices, alliance members said they aren't aware of any formal projects.
Other countries are looking to the U.S., said Michael Calabrese, director of the Wireless Future Program at the New America Foundation, a nonpartisan think tank. "The United States has led the world on unlicensed technologies from the get-go and if we don't want to lose that leadership, we need to keep moving forward," he said.
The Wireless Innovation Alliance, which launched a Web site Wednesday, is an expansion of the tech-centric White Spaces Coalition that has been pushing so-called white-space spectrum as a possible new broadband network. At Wednesday's alliance launch, several other groups, including Free Press, the Media Access Project, TechNet, the Computing Technology Industry Association and Educause, joined the tech companies pushing for the FCC to approve broadcast white spaces for broadband use.
U.S. Representatives Jay Inslee, a Washington state Democrat, and Marsha Blackburn, a Tennessee Republican, also lent their support.
Inslee called white space one of the "greatest untapped" sources for innovation in the U.S. "We're just waiting for government to do its job, to set the rules of the road, so the geniuses in America can really use this tremendous resource," he said.
The white spaces can help bring broadband to areas of the U.S. that have limited or no choices right now, Inslee added. The lack of broadband in many areas is "really a sad comment on our failure to move ahead as a nation," he said. "This is one of my continuing frustrations -- that we have not made adequate progress, and the availability of white spaces is one tool to attack that."
Inslee and Blackburn were among six lawmakers who signed a letter, dated Tuesday, to the FCC, calling on the agency to wrap up its ongoing inquiry into white spaces.
Advocates of white-space technology have run into significant opposition and some technical problems this year.
The National Association of Broadcasters (NAB), representing U.S. television stations, has raised concerns that white-space devices will interfere with TV signals. And more than 55 U.S. lawmakers have raised their own concerns about interference. "Placing these devices in the television band is believed to cause unacceptable interference to television reception for all Americans and impair coverage of news and sporting events by interfering with wireless microphones," wrote Senator Mary Landrieu, a Louisiana Democrat, in an Oct. 9 letter to the FCC.
In addition, the FCC in July rejected a device built by Microsoft and other members of the White Spaces Coalition, saying it interfered with TV signals. Microsoft later said the device was damaged and "operated at a severely degraded level."
In September, Microsoft and Philips Electronics North America submitted new tests from a functioning device to the FCC. The group is awaiting FCC action on the new device.
NAB still has concerns, said Dennis Wharton, the group's executive vice president for media relations. White spaces supporters are "playing Russian Roulette" with TV signals, he said. "It is unfortunate that Microsoft and Google continue to try to muscle their way through Washington in support of a technology that simply does not work."
Blackburn urged the FCC not to "pick winners and losers," but to base its decision on objective tests of the white spaces devices. A lot of areas in rural west Tennessee have no broadband, she said. "It is essential for economic development," she said.
Asked if any other countries are using white-space spectrum for broadband devices, alliance members said they aren't aware of any formal projects.
Other countries are looking to the U.S., said Michael Calabrese, director of the Wireless Future Program at the New America Foundation, a nonpartisan think tank. "The United States has led the world on unlicensed technologies from the get-go and if we don't want to lose that leadership, we need to keep moving forward," he said.
OpenLogic wants to count open-source users - openly
Open-source enterprise software developer OpenLogic wants open-source users to stand up and be counted in a worldwide census -- and is offering a new software tool to help the process.
The number of licenses sold gives vendors of proprietary software a pretty good idea of how many people are using their code, assuming there are not too many pirated copies in use, or licensed copies gathering dust on shelves. They can also draw on information about paid upgrades or service contracts, or sell unique license keys, verified by a central server each time the software is installed -- or even used.
Open-source software developers have no such luck: the very nature of open-source licenses makes such verification methods impossible. One clue they have is a count of how many people have downloaded the software from their Web sites. Reaching 1 million downloads is a rite of passage for open-source projects: SugarCRM, for example, passed that landmark in May.
Such counts, though, may underestimate the number of users, as anyone who obtains open-source software is free to redistribute it by any other means they choose -- as long as they accompany it with a copy of the open-source license and make the source code readily available.
On the other hand, they may wildly overestimate the number: people may download the software with no intention of using it, since there is no financial disincentive to doing so, or they may download it multiple times if they upgrade it, wipe and reinstall their system or have several computers.
To come up with an accurate figure for the number of users of various open-source applications in the enterprise, OpenLogic has released an automated census tool, OSS Discovery, itself available under an open-source license.
It hopes that businesses will scan their machines using the tool and contribute the data about the applications they are using to an open database.
The tool could offer advantages to IT managers too, said OpenLogic, enabling them to build up a picture of the software installed on desktops and servers around their business and compare it with that used in other enterprises.
OpenLogic is looking for partners to distribute or deploy the software and wants open-source software developers to contribute digital "fingerprints" of their applications that will enable the discovery tool to identify them. Those who help with the project will be offered access to the anonymous data gathered.
OSS Discovery 2.0 is based on the company's OpenLogic Discovery tool and is distributed under the GNU Affero General Public License version 3. This recently introduced license extends the GPL license to ensure that changes to software used to power publicly available services will be contributed to the free software community, even if the modified software is not itself distributed.
OpenLogic hopes to begin collecting census data early next year.
The number of licenses sold gives vendors of proprietary software a pretty good idea of how many people are using their code, assuming there are not too many pirated copies in use, or licensed copies gathering dust on shelves. They can also draw on information about paid upgrades or service contracts, or sell unique license keys, verified by a central server each time the software is installed -- or even used.
Open-source software developers have no such luck: the very nature of open-source licenses makes such verification methods impossible. One clue they have is a count of how many people have downloaded the software from their Web sites. Reaching 1 million downloads is a rite of passage for open-source projects: SugarCRM, for example, passed that landmark in May.
Such counts, though, may underestimate the number of users, as anyone who obtains open-source software is free to redistribute it by any other means they choose -- as long as they accompany it with a copy of the open-source license and make the source code readily available.
On the other hand, they may wildly overestimate the number: people may download the software with no intention of using it, since there is no financial disincentive to doing so, or they may download it multiple times if they upgrade it, wipe and reinstall their system or have several computers.
To come up with an accurate figure for the number of users of various open-source applications in the enterprise, OpenLogic has released an automated census tool, OSS Discovery, itself available under an open-source license.
It hopes that businesses will scan their machines using the tool and contribute the data about the applications they are using to an open database.
The tool could offer advantages to IT managers too, said OpenLogic, enabling them to build up a picture of the software installed on desktops and servers around their business and compare it with that used in other enterprises.
OpenLogic is looking for partners to distribute or deploy the software and wants open-source software developers to contribute digital "fingerprints" of their applications that will enable the discovery tool to identify them. Those who help with the project will be offered access to the anonymous data gathered.
OSS Discovery 2.0 is based on the company's OpenLogic Discovery tool and is distributed under the GNU Affero General Public License version 3. This recently introduced license extends the GPL license to ensure that changes to software used to power publicly available services will be contributed to the free software community, even if the modified software is not itself distributed.
OpenLogic hopes to begin collecting census data early next year.
iPhone malware attacks for 2008
Security researchers are warning that the iPhone may generate a new hacker crime wave, becoming "A Primary target for hackers in 2008."
Arbor Networks believes the iPhone will become a major target, subject to a "serious attack" in 2008.
The researchers predict drive by attacks in which malware is embedded into seemingly innocuous data or images designed to attack iPhone via its web browser.
It looks like Apple's battle with iPhone unlockers may generate interest in attacks on the device. Responding to that war, hackers "will be enticed by the possibility of attacking Apple users and the opportunity to 'be the first' to hack a new platform," the researchers said.
The security firm also warns of a rise in 'Chinese on Chinese' cybercrime in the year ahead, noting a dramatic increase in attacks on Chinese language specific software.
This reflects fast-paced increases in Chinese computer users and increasing organization among China's cybercriminals.
"2007 was the year of the browser exploit, the data breach, spyware and the storm worm. We expect 2008 to be the year of the iPhone attack, the Chinese Hacker, P2P network spammers and the hijacking of the Storm botnet," Arbor Networks said.
"Online fraud is soaring and security attacks are now being used in countless and ever more sophisticated ways to both steal and launder money. Financial and other confidential data is being obtained, sold and utilized in the highly developed black market. In 2008 this market will continue to grow and it is important that business implement the processes and technology necessary to protect themselves and their customers."
Arbor Networks believes the iPhone will become a major target, subject to a "serious attack" in 2008.
The researchers predict drive by attacks in which malware is embedded into seemingly innocuous data or images designed to attack iPhone via its web browser.
It looks like Apple's battle with iPhone unlockers may generate interest in attacks on the device. Responding to that war, hackers "will be enticed by the possibility of attacking Apple users and the opportunity to 'be the first' to hack a new platform," the researchers said.
The security firm also warns of a rise in 'Chinese on Chinese' cybercrime in the year ahead, noting a dramatic increase in attacks on Chinese language specific software.
This reflects fast-paced increases in Chinese computer users and increasing organization among China's cybercriminals.
"2007 was the year of the browser exploit, the data breach, spyware and the storm worm. We expect 2008 to be the year of the iPhone attack, the Chinese Hacker, P2P network spammers and the hijacking of the Storm botnet," Arbor Networks said.
"Online fraud is soaring and security attacks are now being used in countless and ever more sophisticated ways to both steal and launder money. Financial and other confidential data is being obtained, sold and utilized in the highly developed black market. In 2008 this market will continue to grow and it is important that business implement the processes and technology necessary to protect themselves and their customers."
Led Zeppelin clips may be hard to wipe off YouTube
YouTube's technology for finding videos posted without the copyright holder's permission may be useless to identify footage posted to the site from Led Zeppelin's reunion concert on Monday.
The company recently implemented digital fingerprinting technology to identify videos that the company has been asked by the copyright owner not to post on the site.
The technology compares posted clips with reference videos supplied to YouTube for analysis.
It relies on identifying consistent qualities in a video, said Struan Robertson, senior associate with Pinsent Masons and editor of the legal Web site Out-law.com.
But the technology doesn't work as well with batches of different clips with different characteristics, even if the clips are all from the same event.
"That's more difficult when you are dealing with a live performance because the sound quality is poor and the image quality is similarly poor and probably very varied according to who was filming and where they were in the crowd," Robertson said.
Video clips of legendary rock band Led Zeppelin's reunion show in London on Monday are reappearing hourly on YouTube despite efforts to remove the material due to alleged copyright infringement. YouTube warns users in its "help center" that they may not own the rights to upload concert footage to its site.
Some links to videos of the band's performance lead to a red warning that says the video has been removed "due to a copyright claim by Warner Music Group."
The situation marks another clash between copyright holders and YouTube, which is owned by Google. Entertainment giant Viacom sued Google for US$1 billion in March over the unauthorized uploading of video clips from its TV shows and movies.
Since then, Google has taken steps to address complaints about material under copyright posted on its site without permission.
YouTube's policy is to remove material after it is notified of the URL (uniform resource locator) of the offending clip, according to a spokesman for the site.
YouTube puts the onus on the copyright holder to notify it, which is one bone of contention in Viacom's lawsuit, Robertson said. However, the notification policy complies with the U.S. Digital Millennium Copyright Act as well as European copyright law.
YouTube would not comment specifically on how many Led Zeppelin clips it had removed because of alerts from Warner, which holds Led Zeppelin copyrights.
But the enormous interest around Led Zeppelin's reunion show means the clips could prove difficult to keep off the site. New reports said more than one million people worldwide entered a lottery to buy some of the 20,000 available tickets, which started at £125 (US$256).
Most of the video clips are grainy with tinny sound, but it hasn't stopped fans from gushing about band.
It's "as if they never aged," commented one person on an eight-minute clip of Led Zeppelin performing "Kashmir," which was still on YouTube as of Wednesday morning. "They are the greatest band ever."
The company recently implemented digital fingerprinting technology to identify videos that the company has been asked by the copyright owner not to post on the site.
The technology compares posted clips with reference videos supplied to YouTube for analysis.
It relies on identifying consistent qualities in a video, said Struan Robertson, senior associate with Pinsent Masons and editor of the legal Web site Out-law.com.
But the technology doesn't work as well with batches of different clips with different characteristics, even if the clips are all from the same event.
"That's more difficult when you are dealing with a live performance because the sound quality is poor and the image quality is similarly poor and probably very varied according to who was filming and where they were in the crowd," Robertson said.
Video clips of legendary rock band Led Zeppelin's reunion show in London on Monday are reappearing hourly on YouTube despite efforts to remove the material due to alleged copyright infringement. YouTube warns users in its "help center" that they may not own the rights to upload concert footage to its site.
Some links to videos of the band's performance lead to a red warning that says the video has been removed "due to a copyright claim by Warner Music Group."
The situation marks another clash between copyright holders and YouTube, which is owned by Google. Entertainment giant Viacom sued Google for US$1 billion in March over the unauthorized uploading of video clips from its TV shows and movies.
Since then, Google has taken steps to address complaints about material under copyright posted on its site without permission.
YouTube's policy is to remove material after it is notified of the URL (uniform resource locator) of the offending clip, according to a spokesman for the site.
YouTube puts the onus on the copyright holder to notify it, which is one bone of contention in Viacom's lawsuit, Robertson said. However, the notification policy complies with the U.S. Digital Millennium Copyright Act as well as European copyright law.
YouTube would not comment specifically on how many Led Zeppelin clips it had removed because of alerts from Warner, which holds Led Zeppelin copyrights.
But the enormous interest around Led Zeppelin's reunion show means the clips could prove difficult to keep off the site. New reports said more than one million people worldwide entered a lottery to buy some of the 20,000 available tickets, which started at £125 (US$256).
Most of the video clips are grainy with tinny sound, but it hasn't stopped fans from gushing about band.
It's "as if they never aged," commented one person on an eight-minute clip of Led Zeppelin performing "Kashmir," which was still on YouTube as of Wednesday morning. "They are the greatest band ever."
Nokia invests in contactless communications company
Nokia continues to pursue the emerging near-field communications technology with an investment in Inside Contactless.
Nokia Growth Partners, the private equity and venture capital arm of Nokia, led a US$38 million round of investments in Inside Contactless, the fabless semiconductor company that makes contactless chip platforms. Nokia did not reveal how much of the investment it contributed.
The French company plans to use the investment to speed up its expansion into international markets and broaden its product portfolio. Its MicroPass technology is already in place in U.S. shops including some McDonald's and 7-Eleven stores, as well as in Coca-Cola vending machines, New York City and Philadelphia taxi cabs, and major sporting venues including Fenway Park.
Users of a device equipped with a near-field communications (NFC) chip can wave the device near a reader to make a payment or other transaction. The chips can be used in credit cards or phones, which customers can use to pay for items in a store or debit an account to access public transportation, for example.
The investment follows one Nokia Growth Partners made in VivoTech, a Santa Clara, California, developer of near-field communications software and infrastructure.
Nokia has other NFC initiatives as well. It is the majority owner in Venyon, a joint venture company with Giesecke & Devrient, which is developing a service that banks and mobile operators can use to securely manage transactions made by cell phones with NFC technology.
Late last year, Nokia also announced that it was part of a trial in New York City with Citigroup, MasterCard and Cingular Wireless that lets users pay for items in certain shops using their NFC-equipped phones.
Nokia Growth Partners, the private equity and venture capital arm of Nokia, led a US$38 million round of investments in Inside Contactless, the fabless semiconductor company that makes contactless chip platforms. Nokia did not reveal how much of the investment it contributed.
The French company plans to use the investment to speed up its expansion into international markets and broaden its product portfolio. Its MicroPass technology is already in place in U.S. shops including some McDonald's and 7-Eleven stores, as well as in Coca-Cola vending machines, New York City and Philadelphia taxi cabs, and major sporting venues including Fenway Park.
Users of a device equipped with a near-field communications (NFC) chip can wave the device near a reader to make a payment or other transaction. The chips can be used in credit cards or phones, which customers can use to pay for items in a store or debit an account to access public transportation, for example.
The investment follows one Nokia Growth Partners made in VivoTech, a Santa Clara, California, developer of near-field communications software and infrastructure.
Nokia has other NFC initiatives as well. It is the majority owner in Venyon, a joint venture company with Giesecke & Devrient, which is developing a service that banks and mobile operators can use to securely manage transactions made by cell phones with NFC technology.
Late last year, Nokia also announced that it was part of a trial in New York City with Citigroup, MasterCard and Cingular Wireless that lets users pay for items in certain shops using their NFC-equipped phones.
Cisco's EOS online-content platform coming next year
Cisco will introduce next year its Entertainment Operating System (EOS), a platform for delivering multimedia content to online communities.
EOS will be the first major product of Cisco's push into helping media companies connect with their customers. It will combine a delivery system, a social networking platform and a set of tools to help consumers find the content they want, said Dan Scheinman, senior vice president and general manager of Cisco's media solutions group. It will go on sale in 2008, he said.
Two online fan communities, run by the National Hockey League and the NASCAR auto-racing organization, are using elements of EOS today, Scheinman said. NHL Connect, launched last year and uses technology from social networking company Five Across, which Cisco acquired in February.
Content providers like the sports leagues have large and loyal fan bases but don't know how to enrich the fan experience or get them to spend more time on their sites, he said. EOS will be a standardized solution for doing that.
Making online communities stronger benefits both consumers and content providers, according to Scheinman: Fans get to know each other and providers learn more about their visitors. On top of that, more visits can mean more revenue. Sites such as the NHL's and NASCAR's have found that providing legitimate video content leads to more user-generated content as visitors comment on the videos. As they do, visits go up by three to five times, which means three to five times as many opportunities to advertise to the community, he said.
EOS will help visitors find content through a recommendation and relevance engine that looks at a user's activity patterns and makes personalized suggestions, Scheinman said.
The growing flood of information available online begs for this type of approach because users often don't even know what they're looking for, he said.
"Finding anything in this world of infinite information out there is really going to be tricky," Scheinman said. "You want to be able to have content find you."
Cisco's network expertise and recent social-networking acquisitions uniquely equip it to solve this set of problems, he said.
"We've become the only company that can do all of these three things together," Scheinman said.
EOS will be the first major product of Cisco's push into helping media companies connect with their customers. It will combine a delivery system, a social networking platform and a set of tools to help consumers find the content they want, said Dan Scheinman, senior vice president and general manager of Cisco's media solutions group. It will go on sale in 2008, he said.
Two online fan communities, run by the National Hockey League and the NASCAR auto-racing organization, are using elements of EOS today, Scheinman said. NHL Connect, launched last year and uses technology from social networking company Five Across, which Cisco acquired in February.
Content providers like the sports leagues have large and loyal fan bases but don't know how to enrich the fan experience or get them to spend more time on their sites, he said. EOS will be a standardized solution for doing that.
Making online communities stronger benefits both consumers and content providers, according to Scheinman: Fans get to know each other and providers learn more about their visitors. On top of that, more visits can mean more revenue. Sites such as the NHL's and NASCAR's have found that providing legitimate video content leads to more user-generated content as visitors comment on the videos. As they do, visits go up by three to five times, which means three to five times as many opportunities to advertise to the community, he said.
EOS will help visitors find content through a recommendation and relevance engine that looks at a user's activity patterns and makes personalized suggestions, Scheinman said.
The growing flood of information available online begs for this type of approach because users often don't even know what they're looking for, he said.
"Finding anything in this world of infinite information out there is really going to be tricky," Scheinman said. "You want to be able to have content find you."
Cisco's network expertise and recent social-networking acquisitions uniquely equip it to solve this set of problems, he said.
"We've become the only company that can do all of these three things together," Scheinman said.
FTC charges payment company in $200M fraud
The U.S. Federal Trade Commission has filed charges against a payment processing company, accusing it of attempting to debit consumers' bank accounts for up to $200 million on behalf of dishonest merchants.
Those consumers either never received the goods or received worthless items, said the FTC, which filed the complaint with seven other U.S. states. The payment company allegedly violated both federal and state consumer fraud laws, telemarketing rules and FTC regulations regarding the unfair processing of payments.
The payment processing company went by several names, which are listed in a FTC news release. The FTC alleges the company processed payments for fraudulent telemarketers and Internet-based merchants that used deceptive sales scripts and methods.
About $69 million of the $200 million in transactions were either rejected by consumers or returned because of lack of proper payment authorization, the FTC said.
The FTC wants to refund consumers and force the company to forfeit money it still holds from the fraud in addition to other civil penalties. The complaint was filed in the U.S. District Court for the Eastern District of Pennsylvania.
The states that have joined the suit are Illinois, Iowa, Nevada, North Carolina, North Dakota, Ohio and Vermont.
Those consumers either never received the goods or received worthless items, said the FTC, which filed the complaint with seven other U.S. states. The payment company allegedly violated both federal and state consumer fraud laws, telemarketing rules and FTC regulations regarding the unfair processing of payments.
The payment processing company went by several names, which are listed in a FTC news release. The FTC alleges the company processed payments for fraudulent telemarketers and Internet-based merchants that used deceptive sales scripts and methods.
About $69 million of the $200 million in transactions were either rejected by consumers or returned because of lack of proper payment authorization, the FTC said.
The FTC wants to refund consumers and force the company to forfeit money it still holds from the fraud in addition to other civil penalties. The complaint was filed in the U.S. District Court for the Eastern District of Pennsylvania.
The states that have joined the suit are Illinois, Iowa, Nevada, North Carolina, North Dakota, Ohio and Vermont.
Innovators reminisce about the PC wonder years
An Apple II PC being sold by Commodore International in 1982? It came very close to happening, but luckily for Apple, Commodore rejected the idea, instead going with its revolutionary Commodore 64.
Apple was one of the companies that approached influential Commodore to sell PCs, Apple co-founder Steve Wozniak said during an energetic panel discussion to celebrate the 25th anniversary of the Commodore 64 PC, which took place at the Computer History Museum in Mountain View on Monday evening.
"We had this Apple II that we thought was so far ahead of the rest in features -- color, graphics, sound, games -- the computer was the whole deal," Wozniak said.
With no money to build thousands of Apple II machines, Wozniak and Apple co-founder Steve Jobs both approached Commodore with the Apple II. "Chuck Peddle from Commodore came to the garage and he was one of about three people we showed the Apple II prototype ever," Wozniak said.
As struggling 20-year-olds with zero savings and no business experience, the idea of a stable job at Commodore comforted them, Wozniak said. "Steve [Jobs] started saying all we want to do was offer [Apple II] for a few hundred thousand dollars, and we will get jobs at Commodore, we'll get some stock and we'll be in charge of running the program," Wozniak said.
Commodore rejected the idea, preferring to develop its own simpler, lower-cost, black-and-white-only machine without a lot of the pizzazz of the Apple II, Wozniak said. Commodore could do it in a shorter time and thought that would be a better course for the company, he said.
Commodore started selling its Commodore 64 PCs for US$599 and managed to reduce the price to $199 over time, a revolutionary price then. Apple PCs were more expensive, said panelist Jack Tramiel, former chairman of Commodore International.
"We made machines for the masses, they made machines for the classes," Tramiel said, teasing Wozniak.
Tramiel said it was necessary to drive prices down in order to cut down the competition. Keeping prices high invites competition, Tramiel said.
Ultimately, Apple managed to survive the threat posed by Commodore, which filed for bankruptcy in 1994 and liquidated its assets, even after becoming the first to sell a million PCs.
"But we gave Apple a few chips for free," Tramiel said.
Tramiel admitted that Commodore may have failed by not supplying hardware and software in one package. The company almost adopted CP/M OS, but was more focused on supplying hardware to the market.
However Commodore 64 did incorporate Microsoft Basic, an interpreter, and Tramiel reminisced on his business dealings with Bill Gates, now chairman of Microsoft.
Doing business with Gates was decent, Tramiel said. "He came to see me, tried to sell me Basic, and he told me that I don't have to give him any money, all I had to give him was $3 per unit. I told him I was already married," Tramiel said.
Tramiel instead told Gates he'd pay a flat fee of $25,000, rejecting the idea of paying $3 for each Commodore 64 sold. "In about six weeks [Gates] came and took that $25,000. Since then he did not speak to me," Tramiel said.
Another early PC maker, IBM, also remembers working with Gates in the early days. Even though Microsoft had only 110 programmers compared to IBM's 13,000 programmers, Gates was tenacious when working to overcome design and development challenges for OS/2, said Bill Lowe of IBM, sometimes called the father of the PC.
IBM was another PC developer that managed to outlast the iconic Commodore. The PC Junior, manufactured by IBM between 1983 and 1985, never felt threatened by Commodore 64 as it was having problems of its own, said Lowe. "There was a basic flaw in trying to artificially limit the performance in a product, and bring it to market at a different price, and it was a big mistake," Lowe said.
In the early 1980s, computers were not generic brands like they are today, the panelists said. Wozniak said that Apple and Commodore users generated excitement, especially among PC user groups who would discuss what they could do to tweak the PCs and make them expandable.
Apple was one of the companies that approached influential Commodore to sell PCs, Apple co-founder Steve Wozniak said during an energetic panel discussion to celebrate the 25th anniversary of the Commodore 64 PC, which took place at the Computer History Museum in Mountain View on Monday evening.
"We had this Apple II that we thought was so far ahead of the rest in features -- color, graphics, sound, games -- the computer was the whole deal," Wozniak said.
With no money to build thousands of Apple II machines, Wozniak and Apple co-founder Steve Jobs both approached Commodore with the Apple II. "Chuck Peddle from Commodore came to the garage and he was one of about three people we showed the Apple II prototype ever," Wozniak said.
As struggling 20-year-olds with zero savings and no business experience, the idea of a stable job at Commodore comforted them, Wozniak said. "Steve [Jobs] started saying all we want to do was offer [Apple II] for a few hundred thousand dollars, and we will get jobs at Commodore, we'll get some stock and we'll be in charge of running the program," Wozniak said.
Commodore rejected the idea, preferring to develop its own simpler, lower-cost, black-and-white-only machine without a lot of the pizzazz of the Apple II, Wozniak said. Commodore could do it in a shorter time and thought that would be a better course for the company, he said.
Commodore started selling its Commodore 64 PCs for US$599 and managed to reduce the price to $199 over time, a revolutionary price then. Apple PCs were more expensive, said panelist Jack Tramiel, former chairman of Commodore International.
"We made machines for the masses, they made machines for the classes," Tramiel said, teasing Wozniak.
Tramiel said it was necessary to drive prices down in order to cut down the competition. Keeping prices high invites competition, Tramiel said.
Ultimately, Apple managed to survive the threat posed by Commodore, which filed for bankruptcy in 1994 and liquidated its assets, even after becoming the first to sell a million PCs.
"But we gave Apple a few chips for free," Tramiel said.
Tramiel admitted that Commodore may have failed by not supplying hardware and software in one package. The company almost adopted CP/M OS, but was more focused on supplying hardware to the market.
However Commodore 64 did incorporate Microsoft Basic, an interpreter, and Tramiel reminisced on his business dealings with Bill Gates, now chairman of Microsoft.
Doing business with Gates was decent, Tramiel said. "He came to see me, tried to sell me Basic, and he told me that I don't have to give him any money, all I had to give him was $3 per unit. I told him I was already married," Tramiel said.
Tramiel instead told Gates he'd pay a flat fee of $25,000, rejecting the idea of paying $3 for each Commodore 64 sold. "In about six weeks [Gates] came and took that $25,000. Since then he did not speak to me," Tramiel said.
Another early PC maker, IBM, also remembers working with Gates in the early days. Even though Microsoft had only 110 programmers compared to IBM's 13,000 programmers, Gates was tenacious when working to overcome design and development challenges for OS/2, said Bill Lowe of IBM, sometimes called the father of the PC.
IBM was another PC developer that managed to outlast the iconic Commodore. The PC Junior, manufactured by IBM between 1983 and 1985, never felt threatened by Commodore 64 as it was having problems of its own, said Lowe. "There was a basic flaw in trying to artificially limit the performance in a product, and bring it to market at a different price, and it was a big mistake," Lowe said.
In the early 1980s, computers were not generic brands like they are today, the panelists said. Wozniak said that Apple and Commodore users generated excitement, especially among PC user groups who would discuss what they could do to tweak the PCs and make them expandable.
US-CERT: Attackers targeting Access files
Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the United States Computer Emergency Readiness Team (US-CERT) warned Monday.
In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.
These files are "designed for the sole purpose of executing commands," so they should not be accepted from untrusted sources, Microsoft said in a note on its Web site.
Run by the U.S. Department of Defense, US-CERT is charged with coordinating the nation's response to cyberattacks.
Companies typically block the use of .mdb files, but criminals could be using this attack in a targeted strike against an organization that is known to use this particular file-type, said Ben Greenbaum, senior manager for Symantec security response. Symantec itself has seen no evidence of the .mdb exploitation that prompted the US-CERT alert.
The files are not something that the average user would come across on a daily basis, he added. ".Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express," he said. "I am a bit surprised to see active exploitation happening over this vector."
While US-CERT did not say which flaw was being exploited, Greenbaum said the vulnerability could be a recently discovered buffer overflow bug in the Microsoft Jet DataBase engine used to parse Access files.
In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.
These files are "designed for the sole purpose of executing commands," so they should not be accepted from untrusted sources, Microsoft said in a note on its Web site.
Run by the U.S. Department of Defense, US-CERT is charged with coordinating the nation's response to cyberattacks.
Companies typically block the use of .mdb files, but criminals could be using this attack in a targeted strike against an organization that is known to use this particular file-type, said Ben Greenbaum, senior manager for Symantec security response. Symantec itself has seen no evidence of the .mdb exploitation that prompted the US-CERT alert.
The files are not something that the average user would come across on a daily basis, he added. ".Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express," he said. "I am a bit surprised to see active exploitation happening over this vector."
While US-CERT did not say which flaw was being exploited, Greenbaum said the vulnerability could be a recently discovered buffer overflow bug in the Microsoft Jet DataBase engine used to parse Access files.
Survey: Interop is top open-source customer worry
The Open Solutions Alliance, a nonprofit group backed by a number of commercial open-source vendors, released a survey on Wednesday that found interoperability is a foremost concern among open-source-software customers.
The group, which includes CollabNet, EnterpriseDB and others, contended in a statement that if its members overcome interoperability challenges, they stand to "out-Microsoft Microsoft by offering a fully interoperable suite of business tools."
"We think interoperability has to be a core feature [of open-source software] from the very beginning," OSA's president, Dominic Sartorio, said in an interview. "Most commercial open-source companies are finding a good amount of success. But how many opportunities are they leaving on the table because they're not interoperable?"
The OSA singled out Microsoft, as opposed to Oracle or SAP, because its member companies mostly target midmarket customers, according to Sartorio. "We have one common competitor: Microsoft."
OSA derived the study's findings from a series of forums it held this year in Europe and the U.S. It said some 100 people attended the events.
Participants cited a variety of interoperability scenarios and concerns, including single sign-on for identity management.
Another involved user interface interoperability. "A lot of people try to plug open-source projects into an enterprise portal, and they want a unified look and feel," Sartorio said.
Customers also cited cross-platform portability and data integration challenges.
In addition, the study found that:
-- Lower up-front cost was the most important driver for adoption of open-source products, but this was tempered by concerns that spending on support and services would be greater. That feeling in turn was mitigated by a belief among respondents that open-source products will become more mature over time and easier to support.
-- Few customers cited the ability to customize source code as a selling point for open-source applications, preferring instead that it handle their needs out of the box.
Sartorio said OSA's work will continue in 2008. "This is going to be an ongoing effort. We're scratching the surface here with issues customers brought up in these forums," he said.
The group, which includes CollabNet, EnterpriseDB and others, contended in a statement that if its members overcome interoperability challenges, they stand to "out-Microsoft Microsoft by offering a fully interoperable suite of business tools."
"We think interoperability has to be a core feature [of open-source software] from the very beginning," OSA's president, Dominic Sartorio, said in an interview. "Most commercial open-source companies are finding a good amount of success. But how many opportunities are they leaving on the table because they're not interoperable?"
The OSA singled out Microsoft, as opposed to Oracle or SAP, because its member companies mostly target midmarket customers, according to Sartorio. "We have one common competitor: Microsoft."
OSA derived the study's findings from a series of forums it held this year in Europe and the U.S. It said some 100 people attended the events.
Participants cited a variety of interoperability scenarios and concerns, including single sign-on for identity management.
Another involved user interface interoperability. "A lot of people try to plug open-source projects into an enterprise portal, and they want a unified look and feel," Sartorio said.
Customers also cited cross-platform portability and data integration challenges.
In addition, the study found that:
-- Lower up-front cost was the most important driver for adoption of open-source products, but this was tempered by concerns that spending on support and services would be greater. That feeling in turn was mitigated by a belief among respondents that open-source products will become more mature over time and easier to support.
-- Few customers cited the ability to customize source code as a selling point for open-source applications, preferring instead that it handle their needs out of the box.
Sartorio said OSA's work will continue in 2008. "This is going to be an ongoing effort. We're scratching the surface here with issues customers brought up in these forums," he said.
Microsoft security patches focus on client bugs
Microsoft has released its monthly set of security patches, fixing critical flaws in the Windows desktop.
The December updates released Tuesday include critical fixes for Internet Explorer, DirectX and the Windows Media Format technology. Security experts say that the most important of these updates is the Internet Explorer patch, because it fixes four separate bugs in the browser. One of these flaws, relating to the way the browser renders dynamic HTML (DHTML) pages, has been exploited in online attacks, Microsoft said.
All of the browser vulnerabilities in this update are rated critical -- Microsoft's most serious rating -- for IE 7 users running on the latest version of Windows XP, Microsoft said.
Though Microsoft has assigned it the less-grave rating of "important," a patch for Macrovision copy-protection software that ships with Windows should also be given priority, security experts say. That's because criminals have already leveraged this bug in online attacks.
The Macrovision issue first cropped up in mid-October, when Symantec spotted attackers exploiting the flaw, but Microsoft was not able to ship a fix for the problem in last month's security updates, released Nov. 13. The flaw could be used by attackers to allow their software to run at a higher level of privilege within the operating system.
The flaw lies in the secdrv.sys driver that is used by Macrovision's SafeDisc system, which ships with Windows XP and Windows Server 2003.
Microsoft also issued important updates for the Windows Vista Server Message Block (SMB) version 2 filesharing protocol, the Vista kernel, and the Message Queuing Service in XP and Windows 2000.
Microsoft did not fix a recently publicized flaw in the way its Windows operating system looks up other computers on the Internet. This bug, which was publicized at a hacker conference in New Zealand, has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Interestingly, the Vista SMB flaw lies in a feature that allows senders to digitally sign SMB data in order to confirm that it is legitimate. Because the signing feature is not properly implemented, however, "an attacker could modify SMBv2 packets and impersonate a trusted source to perform malicious operations," Microsoft said.
"It's a security vulnerability in a security feature," said Eric Schultze, chief technology officer of Shavlik Technologies, via instant message. "SMB version 2 was built for Vista and Windows Server 2008, so it should have been vetted in the code design process. But it obviously slipped through."
In all, seven sets of patches were released Tuesday, fixing 11 vulnerabilities.
Though Microsoft has made much of its efforts to develop more secure software, the company ended 2007 with about the same number of security updates that it had in the year before, according to security vendor Kaspersky Lab. "The situation in 2007 hasn't changed noticeably from 2006," wrote David Emm, a senior technology consultant with Kaspersky, in a blog post. "Last year there were 49 critical, 23 important, and 5 moderate updates. 2007 brought very slightly fewer patches, with 43 critical, 24 important, and 2 moderate fixes."
The December updates released Tuesday include critical fixes for Internet Explorer, DirectX and the Windows Media Format technology. Security experts say that the most important of these updates is the Internet Explorer patch, because it fixes four separate bugs in the browser. One of these flaws, relating to the way the browser renders dynamic HTML (DHTML) pages, has been exploited in online attacks, Microsoft said.
All of the browser vulnerabilities in this update are rated critical -- Microsoft's most serious rating -- for IE 7 users running on the latest version of Windows XP, Microsoft said.
Though Microsoft has assigned it the less-grave rating of "important," a patch for Macrovision copy-protection software that ships with Windows should also be given priority, security experts say. That's because criminals have already leveraged this bug in online attacks.
The Macrovision issue first cropped up in mid-October, when Symantec spotted attackers exploiting the flaw, but Microsoft was not able to ship a fix for the problem in last month's security updates, released Nov. 13. The flaw could be used by attackers to allow their software to run at a higher level of privilege within the operating system.
The flaw lies in the secdrv.sys driver that is used by Macrovision's SafeDisc system, which ships with Windows XP and Windows Server 2003.
Microsoft also issued important updates for the Windows Vista Server Message Block (SMB) version 2 filesharing protocol, the Vista kernel, and the Message Queuing Service in XP and Windows 2000.
Microsoft did not fix a recently publicized flaw in the way its Windows operating system looks up other computers on the Internet. This bug, which was publicized at a hacker conference in New Zealand, has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Interestingly, the Vista SMB flaw lies in a feature that allows senders to digitally sign SMB data in order to confirm that it is legitimate. Because the signing feature is not properly implemented, however, "an attacker could modify SMBv2 packets and impersonate a trusted source to perform malicious operations," Microsoft said.
"It's a security vulnerability in a security feature," said Eric Schultze, chief technology officer of Shavlik Technologies, via instant message. "SMB version 2 was built for Vista and Windows Server 2008, so it should have been vetted in the code design process. But it obviously slipped through."
In all, seven sets of patches were released Tuesday, fixing 11 vulnerabilities.
Though Microsoft has made much of its efforts to develop more secure software, the company ended 2007 with about the same number of security updates that it had in the year before, according to security vendor Kaspersky Lab. "The situation in 2007 hasn't changed noticeably from 2006," wrote David Emm, a senior technology consultant with Kaspersky, in a blog post. "Last year there were 49 critical, 23 important, and 5 moderate updates. 2007 brought very slightly fewer patches, with 43 critical, 24 important, and 2 moderate fixes."
VMWare and SAP forge support agreement
VMWare said Tuesday that SAP will support its software running on VMWare's ESX Server, in 64-bit Windows and Linux environments.
SAP will offer companies who deploy ESX Server support for "all stages of the software lifecycle, from development and test to production," according to a VMWare statement.
VMWare also said that server products from Fujitsu-Siemens, HP, Dell and IBM have been certified for running SAP software on VMWare.
Parag Patel, vice president of alliances for VMWare, said it took some time for SAP to provide production-environment support due to the company's high standards: "SAP is demanding, they're conservative. They're cautious of what goes into the environments of their customers."
He also acknowledged the technological implications of virtualizing an enterprise's ERP (enterprise resource planning) infrastructure. "Companies run their businesses around SAP," he said. "It's one thing to virtualize a lightweight application and another thing to virtualize something like SAP."
The company's newly strengthened alliance with SAP comes at a time when it remains the dominant market leader for virtualization but is seeing competing products from the likes of Sun and Oracle emerge.
VMWare nonetheless hopes to form an equivalent support pact with Oracle, according to Patel. "I'm optimistic. I think there's a lot to be gained for both companies," he said.
Also Tuesday, VMWare shipped the latest version of VMware Infrastructure 3. The company said the release features improvements in automation, availability and workload performance.
SAP will offer companies who deploy ESX Server support for "all stages of the software lifecycle, from development and test to production," according to a VMWare statement.
VMWare also said that server products from Fujitsu-Siemens, HP, Dell and IBM have been certified for running SAP software on VMWare.
Parag Patel, vice president of alliances for VMWare, said it took some time for SAP to provide production-environment support due to the company's high standards: "SAP is demanding, they're conservative. They're cautious of what goes into the environments of their customers."
He also acknowledged the technological implications of virtualizing an enterprise's ERP (enterprise resource planning) infrastructure. "Companies run their businesses around SAP," he said. "It's one thing to virtualize a lightweight application and another thing to virtualize something like SAP."
The company's newly strengthened alliance with SAP comes at a time when it remains the dominant market leader for virtualization but is seeing competing products from the likes of Sun and Oracle emerge.
VMWare nonetheless hopes to form an equivalent support pact with Oracle, according to Patel. "I'm optimistic. I think there's a lot to be gained for both companies," he said.
Also Tuesday, VMWare shipped the latest version of VMware Infrastructure 3. The company said the release features improvements in automation, availability and workload performance.
Amazon Kindle is 'a bit sad' says Philippe Starck
Philippe Starck, the French designer who champions simplicity of form, has proclaimed Amazon's Kindle e-book reader "almost modern" but "a bit sad."
Starck was a speaker at the Le Web 3 social-networking conference outside Paris on Tuesday. After an energetic, rambling speech about modern design, he was handed a Kindle by the technology blogger Robert Scoble and asked what he thought of it.
"In this type of product, the best design is the least design possible," said Starck. That means it should be small, simple and strong, and not distract from the content, which should be the most interesting part.
The Kindle almost achieves that, "but the designer wasn't quite humble enough to completely disappear, so he made a little slope here, a diagonal there," Starck said. "It's a little sad because the concept is modern, but the design is less modern, because the designer doesn't want to disappear."
"No no," he concluded, "it is almost modern."
The Kindle launched last month for US$399 and allows people to download books and newspapers over a wireless network. It is a fairly plain device with a large screen, a keyboard and gently sloping sides designed to make it comfortable to hold.
"Our top design objective was for Kindle to disappear in your hands -- to get out of the way -- so you can enjoy your reading," CEO Jeff Bezos said last month.
Amazon should consider it got off lightly from the critique. Earlier in his speech Starck said most products today are designed only for profit and without consideration for those who use them. They are "10 percent useful and 10 percent [expletive]," he said.
His speech was billed as "What is social about design" and bore little relation to high technology, although it was probably the most entertaining speech of the day and got the most laughs, touching on furniture designed for sex, Viagra, and the evolution of design over 4 billion years.
"I try to make furniture that makes my friends have better sex," he said, adding that he plans to get married next Saturday.
Starck was a speaker at the Le Web 3 social-networking conference outside Paris on Tuesday. After an energetic, rambling speech about modern design, he was handed a Kindle by the technology blogger Robert Scoble and asked what he thought of it.
"In this type of product, the best design is the least design possible," said Starck. That means it should be small, simple and strong, and not distract from the content, which should be the most interesting part.
The Kindle almost achieves that, "but the designer wasn't quite humble enough to completely disappear, so he made a little slope here, a diagonal there," Starck said. "It's a little sad because the concept is modern, but the design is less modern, because the designer doesn't want to disappear."
"No no," he concluded, "it is almost modern."
The Kindle launched last month for US$399 and allows people to download books and newspapers over a wireless network. It is a fairly plain device with a large screen, a keyboard and gently sloping sides designed to make it comfortable to hold.
"Our top design objective was for Kindle to disappear in your hands -- to get out of the way -- so you can enjoy your reading," CEO Jeff Bezos said last month.
Amazon should consider it got off lightly from the critique. Earlier in his speech Starck said most products today are designed only for profit and without consideration for those who use them. They are "10 percent useful and 10 percent [expletive]," he said.
His speech was billed as "What is social about design" and bore little relation to high technology, although it was probably the most entertaining speech of the day and got the most laughs, touching on furniture designed for sex, Viagra, and the evolution of design over 4 billion years.
"I try to make furniture that makes my friends have better sex," he said, adding that he plans to get married next Saturday.
Cyber lovers warned beware of flirtatious robots
Internet users are being warned about a new malware trend involving the use of natural language dialogue systems that are already deployed within gaming technologies.
The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.
Developed in Russia, the new software is known as CyberLover and has been uncovered by security vendor PC Tools.
CyberLover can be found in chat-rooms and dating sites trying to lure victims into sharing their identity or visiting Web sites with malicious content.
According to its creators, CyberLover can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being.
PC Tools is concerned about the program's ability to mimic human behavior during online interactions and urges Internet users to beware of this new breed of software that can easily be used for malicious purposes.
The company's senior malware analyst, Sergei Shevchenko, said the concept behind this software could be the catalyst for a dangerous new trend in malware evolution.
"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," he said.
"It employs highly intelligent and customized dialogue to target users of social networking systems. Internet users today are generally aware of the dangers of opening suspicious attachments and visiting unusual URLs, but CyberLover employs a new technique that is unheard of; that's what makes it particularly dangerous."
Shevchenko said CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention.
"If it's spawned in multiple instances on multiple servers, the number of potential victims could be very substantial," he added.
According to PC Tools researchers, the CyberLover software: offers a variety of profiles ranging from "romantic lover" to "sexual predator"; uses a series of easily configurable "dialogue scenarios" with preprogrammed questions and discussion topics; is designed to recognize the responses of chat-room users to tailor its interaction accordingly; compiles a detailed report on every person it meets and submits then to a remote source - the reports contain confidential information that the victim has shared with the bot, which can include the victim's name, contact details and personal photo(s).
The predatory program invites victims to visit a "personal" Web site or blog which could in fact be a fake page used to automatically infect visitors with malware.
To date, CyberLover is predominantly targeting Russian Web sites but PC Tools expects the program could make its way down under very soon.
The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.
Developed in Russia, the new software is known as CyberLover and has been uncovered by security vendor PC Tools.
CyberLover can be found in chat-rooms and dating sites trying to lure victims into sharing their identity or visiting Web sites with malicious content.
According to its creators, CyberLover can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being.
PC Tools is concerned about the program's ability to mimic human behavior during online interactions and urges Internet users to beware of this new breed of software that can easily be used for malicious purposes.
The company's senior malware analyst, Sergei Shevchenko, said the concept behind this software could be the catalyst for a dangerous new trend in malware evolution.
"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," he said.
"It employs highly intelligent and customized dialogue to target users of social networking systems. Internet users today are generally aware of the dangers of opening suspicious attachments and visiting unusual URLs, but CyberLover employs a new technique that is unheard of; that's what makes it particularly dangerous."
Shevchenko said CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention.
"If it's spawned in multiple instances on multiple servers, the number of potential victims could be very substantial," he added.
According to PC Tools researchers, the CyberLover software: offers a variety of profiles ranging from "romantic lover" to "sexual predator"; uses a series of easily configurable "dialogue scenarios" with preprogrammed questions and discussion topics; is designed to recognize the responses of chat-room users to tailor its interaction accordingly; compiles a detailed report on every person it meets and submits then to a remote source - the reports contain confidential information that the victim has shared with the bot, which can include the victim's name, contact details and personal photo(s).
The predatory program invites victims to visit a "personal" Web site or blog which could in fact be a fake page used to automatically infect visitors with malware.
To date, CyberLover is predominantly targeting Russian Web sites but PC Tools expects the program could make its way down under very soon.
Facebook, ID fraud and the dark side of the Web
In a year that has seen bullying in blogs, pedophiles on MySpace and an ongoing privacy backlash against Facebook, it was appropriate that this year's Le Web 3 conference started Tuesday with a panel discussion about the "dark side" of Web 2.0.
"The Internet is just another form of human expression, so it's subject to human imperfection like any other conduit," said Chris Alden, CEO of blogging company Six Apart, who was on the panel with executives from Facebook and the South Korean Internet giant Daum Communications.
The problem with the Web is its anonymity, which erodes people's sense of social responsibility and encourages offensive comments in blogs, or worse, the executives said. People can be asked to register, but screen names are invented and few people with evil intent provide their real names and addresses.
In South Korea, the government has tried to tackle Web unruliness by issuing user names that are linked to people's real-world names and addresses. But storing such information centrally makes it vulnerable, and thousands of South Koreans had their personal data stolen soon after the system went live, said Loic Le Meur, the French blogger and entrepreneur who organized the conference.
"The centralized government approach links your real and online identities, but the privacy problem is bigger than the other problems in the online world," said Jaewoong Lee, Daum's founder. "The government system can help identify people who do bad things, but the cost is to sacrifice privacy,"
A better approach, he said, is to let people's online history be a measure of their trustworthiness. People who have been Daum customers for five years are rarely the ones who post offensive material, he said. Alden agreed. "When you start to look at the history of comments and build up a profile, then people start to have a real online identity."
The idea is that people would earn permission and credibility based on the trust they accumulate from their past usage of a site.
Facebook has less trouble with fake identities, since its value depends on being visible to real-world friends. But the site has struggled with the flip-side of fake identities and the other cloud that hangs over the Web 2.0 world -- that of privacy and how people's personal data is used.
Dan Rose, Facebook's vice president for business development, was asked to explain the company's controversial Beacon system, which tracks the activities of Facebook members at partner sites such as Blockbuster and Fandango. The company made it easier for users to opt-out of the system after an outcry over privacy, but Facebook is still being criticized for collecting data after people have logged out of the site and for collecting data about non-Facebook members.
The company made two mistakes, according to Rose. It reacted too slowly to the criticism, and it did a poor job of explaining what Beacon is. He argued that Beacon was not conceived primarily as an advertising product, but as a way to let users share what they do outside of Facebook with their friends.
That doesn't jibe with what Facebook has said about Beacon in the past, when it called it "a core element" of its advertising system.
Later, Rose said Facebook is trying to build a "new social-advertising system."
"Advertising works on the Web when it feels like it's part of the content," he said. "We're trying to do that with this new social-advertising system we're trying to build. Bloggers do that organically, and that's where advertising on the Web is going. It's going to be more social, and it's going to be more tied to the person on the Web."
Le Web 3, held just outside of Paris, continues Wednesday. There are Twitter pages for the event here and here, a Facebook group here and postings at other sites are tagged leweb307.
"The Internet is just another form of human expression, so it's subject to human imperfection like any other conduit," said Chris Alden, CEO of blogging company Six Apart, who was on the panel with executives from Facebook and the South Korean Internet giant Daum Communications.
The problem with the Web is its anonymity, which erodes people's sense of social responsibility and encourages offensive comments in blogs, or worse, the executives said. People can be asked to register, but screen names are invented and few people with evil intent provide their real names and addresses.
In South Korea, the government has tried to tackle Web unruliness by issuing user names that are linked to people's real-world names and addresses. But storing such information centrally makes it vulnerable, and thousands of South Koreans had their personal data stolen soon after the system went live, said Loic Le Meur, the French blogger and entrepreneur who organized the conference.
"The centralized government approach links your real and online identities, but the privacy problem is bigger than the other problems in the online world," said Jaewoong Lee, Daum's founder. "The government system can help identify people who do bad things, but the cost is to sacrifice privacy,"
A better approach, he said, is to let people's online history be a measure of their trustworthiness. People who have been Daum customers for five years are rarely the ones who post offensive material, he said. Alden agreed. "When you start to look at the history of comments and build up a profile, then people start to have a real online identity."
The idea is that people would earn permission and credibility based on the trust they accumulate from their past usage of a site.
Facebook has less trouble with fake identities, since its value depends on being visible to real-world friends. But the site has struggled with the flip-side of fake identities and the other cloud that hangs over the Web 2.0 world -- that of privacy and how people's personal data is used.
Dan Rose, Facebook's vice president for business development, was asked to explain the company's controversial Beacon system, which tracks the activities of Facebook members at partner sites such as Blockbuster and Fandango. The company made it easier for users to opt-out of the system after an outcry over privacy, but Facebook is still being criticized for collecting data after people have logged out of the site and for collecting data about non-Facebook members.
The company made two mistakes, according to Rose. It reacted too slowly to the criticism, and it did a poor job of explaining what Beacon is. He argued that Beacon was not conceived primarily as an advertising product, but as a way to let users share what they do outside of Facebook with their friends.
That doesn't jibe with what Facebook has said about Beacon in the past, when it called it "a core element" of its advertising system.
Later, Rose said Facebook is trying to build a "new social-advertising system."
"Advertising works on the Web when it feels like it's part of the content," he said. "We're trying to do that with this new social-advertising system we're trying to build. Bloggers do that organically, and that's where advertising on the Web is going. It's going to be more social, and it's going to be more tied to the person on the Web."
Le Web 3, held just outside of Paris, continues Wednesday. There are Twitter pages for the event here and here, a Facebook group here and postings at other sites are tagged leweb307.
Sandisk to sell flash drives, MP3 players in Vietnam
Sandisk on Monday said it plans to start selling the Sansa digital music player, mobile phone cards and USB flash drives to people in Vietnam, citing a growing consumer class in the nation.
The company has teamed up with FPT Corp., a Vietnamese distributor, and Ingram Micro Inc., of Santa Ana, California, to tap into Vietnam's market.
There are 23 million mobile-phone users and 17.8 million Internet subscribers in Vietnam, Sandisk said, all potential consumers. The nation boasts a population of around 87 million people.
The Southeast Asian country has become a hotbed of investment for global IT makers in recent years.
Earlier this year, Taiwan's Hon Hai Precision Industry, which assembles gadgets such as the iPod for Apple, the PlayStation 3 for Sony and mobile phones for Nokia, announced plans to invest US$5 billion over the next five years in Vietnam.
Last year Intel Corp. announced it would expand a chip packaging and testing project in Vietnam into a $1 billion affair, more than triple the size of the original plan.
The company has teamed up with FPT Corp., a Vietnamese distributor, and Ingram Micro Inc., of Santa Ana, California, to tap into Vietnam's market.
There are 23 million mobile-phone users and 17.8 million Internet subscribers in Vietnam, Sandisk said, all potential consumers. The nation boasts a population of around 87 million people.
The Southeast Asian country has become a hotbed of investment for global IT makers in recent years.
Earlier this year, Taiwan's Hon Hai Precision Industry, which assembles gadgets such as the iPod for Apple, the PlayStation 3 for Sony and mobile phones for Nokia, announced plans to invest US$5 billion over the next five years in Vietnam.
Last year Intel Corp. announced it would expand a chip packaging and testing project in Vietnam into a $1 billion affair, more than triple the size of the original plan.
New tool finds race conditions in multithreaded apps
Coverity, a company that specializes in detecting coding flaws in software, has added a new feature to one of its products that finds problems that can cause multithreaded applications to crash.
Using static code analysis, it aims to find race conditions that can occur when two threads are trying to access the same piece of data, said Ben Chelf, Coverity's CTO. When two threads are running in parallel, it is not always possible to say whether a particular instruction from one thread will run before a given instruction in the other thread, or after it. The two instructions may execute in a different order each time the application is run, Chelf said.
The problems occurs if developers write code that doesn't take into account this possibility, and instructions accessing a shared resource execute in an order the programmer didn't expect. This can crash the application or corrupt data.
Race conditions typically take a long time to diagnose and to patch, Chelf said.
Coverity's tool, which is included in its Prevent SQS product, analyzes code to find inconsistent treatment of a shared piece of data, Chelf said. The tool takes about four to six times as long to analyze the code as it takes to "build" the code, or assemble it into an executable file, Chelf said.
Chelf said the false-positive rate for the tool is less than 15 percent, but that figure never goes down to zero since it's impossible to know exactly how a batch of code will behave until it actually runs.
Prevent SQS is used for analyzing programs written in C, C++ and Java. Chelf said Coverity has been selling its product to embedded developers creating applications for telecommunication and wireless applications, among others.
Prevent SQS starts at US$6,000; the enterprise-level version starts at $35,000.
Using static code analysis, it aims to find race conditions that can occur when two threads are trying to access the same piece of data, said Ben Chelf, Coverity's CTO. When two threads are running in parallel, it is not always possible to say whether a particular instruction from one thread will run before a given instruction in the other thread, or after it. The two instructions may execute in a different order each time the application is run, Chelf said.
The problems occurs if developers write code that doesn't take into account this possibility, and instructions accessing a shared resource execute in an order the programmer didn't expect. This can crash the application or corrupt data.
Race conditions typically take a long time to diagnose and to patch, Chelf said.
Coverity's tool, which is included in its Prevent SQS product, analyzes code to find inconsistent treatment of a shared piece of data, Chelf said. The tool takes about four to six times as long to analyze the code as it takes to "build" the code, or assemble it into an executable file, Chelf said.
Chelf said the false-positive rate for the tool is less than 15 percent, but that figure never goes down to zero since it's impossible to know exactly how a batch of code will behave until it actually runs.
Prevent SQS is used for analyzing programs written in C, C++ and Java. Chelf said Coverity has been selling its product to embedded developers creating applications for telecommunication and wireless applications, among others.
Prevent SQS starts at US$6,000; the enterprise-level version starts at $35,000.
Group wants WTO suit filed against China for censorship
The California First Amendment Coalition (CFAC) is pushing the U.S. government to test the argument that international trade laws can be used to end Chinese censorship of the Internet.
The free-speech group petitioned the Office of the U.S. Trade Representative (USTR) to bring a complaint against China to the World Trade Organization (WTO), arguing that Chinese censorship impedes the ability of U.S. Internet companies to do business in China.
"Think of this as the biggest access-to-information and free speech case in history," wrote Peter Scheer, executive director of CFAC, on the group's Web site last week.
Yahoo and Google, which have both been heavily criticized for bowing to Chinese censorship demands, both have employees on CFAC's board of directors.
CFAC's petition rests heavily on arguments first put forth in a 2006 paper by Tim Wu [CQ], a professor at Columbia Law School. In that paper, Wu argued that international trade laws offered companies some protection against government censorship, particularly in cases where this tactic was used to shield domestic companies from international competition.
"Such measures seem destined for increased scrutiny over the coming decade," wrote Wu, who serves as a consultant to CFAC.
Whether USTR takes up the case put forward by CFAC remains to be seen. However, in the event such a case does make it to the WTO, China is likely to argue in its defense that Internet censorship is a political issue and not a trade issue, and therefore beyond the WTO's jurisdiction -- a view that is commonly held by many nations.
Wu addressed that point in his 2006 paper, noting that WTO members have generally agreed that censorship is not an issue that concerns the trading body.
"Yet the WTO’s Appellate Body has already displayed a taste for taking treaty interpretation beyond a strict examination of what the major drafting powers might have intended; in truth the textual support for the blanket claim that censorship is exempt from WTO scrutiny is not very strong," Wu wrote.
Wu argued WTO could move to limit Internet censorship rests, depending on how the body interprets terms such as "online information retrieval" and "data processing services" used in trade agreements drafted during the early 1990s and whether these terms include search engines like Google and Yahoo.
"If so, some countries may have opened broader access to their markets by foreign web sites than anyone has realized," he wrote.
The free-speech group petitioned the Office of the U.S. Trade Representative (USTR) to bring a complaint against China to the World Trade Organization (WTO), arguing that Chinese censorship impedes the ability of U.S. Internet companies to do business in China.
"Think of this as the biggest access-to-information and free speech case in history," wrote Peter Scheer, executive director of CFAC, on the group's Web site last week.
Yahoo and Google, which have both been heavily criticized for bowing to Chinese censorship demands, both have employees on CFAC's board of directors.
CFAC's petition rests heavily on arguments first put forth in a 2006 paper by Tim Wu [CQ], a professor at Columbia Law School. In that paper, Wu argued that international trade laws offered companies some protection against government censorship, particularly in cases where this tactic was used to shield domestic companies from international competition.
"Such measures seem destined for increased scrutiny over the coming decade," wrote Wu, who serves as a consultant to CFAC.
Whether USTR takes up the case put forward by CFAC remains to be seen. However, in the event such a case does make it to the WTO, China is likely to argue in its defense that Internet censorship is a political issue and not a trade issue, and therefore beyond the WTO's jurisdiction -- a view that is commonly held by many nations.
Wu addressed that point in his 2006 paper, noting that WTO members have generally agreed that censorship is not an issue that concerns the trading body.
"Yet the WTO’s Appellate Body has already displayed a taste for taking treaty interpretation beyond a strict examination of what the major drafting powers might have intended; in truth the textual support for the blanket claim that censorship is exempt from WTO scrutiny is not very strong," Wu wrote.
Wu argued WTO could move to limit Internet censorship rests, depending on how the body interprets terms such as "online information retrieval" and "data processing services" used in trade agreements drafted during the early 1990s and whether these terms include search engines like Google and Yahoo.
"If so, some countries may have opened broader access to their markets by foreign web sites than anyone has realized," he wrote.
Hurd: Cost-cutting remains crucial for HP's growth
Cutting costs will continue to be a top priority at Hewlett-Packard for the foreseeable future, as the company aims to offer infrastructure and services to capitalize on what it sees as a US$1.2 trillion market in digital content, HP CEO and President Mark Hurd said Tuesday.
At a meeting of financial analysts in New York, Hurd said that despite efforts to reduce the amount of money HP spends on operations, products and services, the company still spends millions of dollars per hour. The good news for the company is that it has identified three major areas of cost -- business processes, products and shared services -- and "we're beginning to get under each of these cost areas," Hurd said.
"We have costs to work on, costs to get out of the company," he said. "Cost structure, excess cost, kills you in a number of dimensions."
Even as HP works to cut costs, the company also aims to grow, Hurd said. The company has been performing well in the market under the leadership of HP's top executive, who took over the company in April 2005 after the HP board dismissed beleaguered executive Carly Fiorina.
"It's important we grow, but it’s important we grow the right way," he said. Balancing the company's revenue mix between its key products segments -- software, servers, PCs and printers -- as well as its services business, is a key goal for the company, Hurd said.
"Optimizing that portfolio will be just as important to us as the revenue growth number you see from the company," he said.
Hurd said that people's growing desire to have access to as much information as possible via digital content whenever and wherever they are "creates pressure on IT infrastructure, pressure that turns into opportunity." IT trends that are growing out of this pressure, such as virtualization, server consolidation and application modernization, are all areas of disruption HP can use to sell its products and services, he said.
Still, the company faces challenges as it tries to grow. In addition to cost-cutting, another significant problem for HP is its sales coverage, as the company is currently "under-represented" in the market, Hurd said
HP added 2,000 employees to its sales efforts last year, yet the company still needs to do more, which is no easy task. "It sounds simpler than it is to hire up a sales organization," he said. "But it's probably the toughest thing we’re going to get done with our DNA."
Following Hurd's presentation, HP CFO and Executive Vice President Cathie Lesjak revealed for the first time the company's financial outlook for its 2009 fiscal year. The company expects to grow its revenue -- forecast to be in the range of $117.1 billion to $118.2 billion -- 5 percent to 6 percent year over year. Non-GAAP earnings per share for 2009 are expected to be between $3.74 to $3.84. HP is currently in the first quarter of its fiscal year 2008; 2009 begins on Nov. 1, 2008.
For 2008, HP is forecasting revenue of about $111.5 billion and EPS in the range of $3.32 to $3.37. For its fiscal year 2007 ended Oct. 31, HP reported profit of $9.6 billion on $104.3 billion revenue.
At a meeting of financial analysts in New York, Hurd said that despite efforts to reduce the amount of money HP spends on operations, products and services, the company still spends millions of dollars per hour. The good news for the company is that it has identified three major areas of cost -- business processes, products and shared services -- and "we're beginning to get under each of these cost areas," Hurd said.
"We have costs to work on, costs to get out of the company," he said. "Cost structure, excess cost, kills you in a number of dimensions."
Even as HP works to cut costs, the company also aims to grow, Hurd said. The company has been performing well in the market under the leadership of HP's top executive, who took over the company in April 2005 after the HP board dismissed beleaguered executive Carly Fiorina.
"It's important we grow, but it’s important we grow the right way," he said. Balancing the company's revenue mix between its key products segments -- software, servers, PCs and printers -- as well as its services business, is a key goal for the company, Hurd said.
"Optimizing that portfolio will be just as important to us as the revenue growth number you see from the company," he said.
Hurd said that people's growing desire to have access to as much information as possible via digital content whenever and wherever they are "creates pressure on IT infrastructure, pressure that turns into opportunity." IT trends that are growing out of this pressure, such as virtualization, server consolidation and application modernization, are all areas of disruption HP can use to sell its products and services, he said.
Still, the company faces challenges as it tries to grow. In addition to cost-cutting, another significant problem for HP is its sales coverage, as the company is currently "under-represented" in the market, Hurd said
HP added 2,000 employees to its sales efforts last year, yet the company still needs to do more, which is no easy task. "It sounds simpler than it is to hire up a sales organization," he said. "But it's probably the toughest thing we’re going to get done with our DNA."
Following Hurd's presentation, HP CFO and Executive Vice President Cathie Lesjak revealed for the first time the company's financial outlook for its 2009 fiscal year. The company expects to grow its revenue -- forecast to be in the range of $117.1 billion to $118.2 billion -- 5 percent to 6 percent year over year. Non-GAAP earnings per share for 2009 are expected to be between $3.74 to $3.84. HP is currently in the first quarter of its fiscal year 2008; 2009 begins on Nov. 1, 2008.
For 2008, HP is forecasting revenue of about $111.5 billion and EPS in the range of $3.32 to $3.37. For its fiscal year 2007 ended Oct. 31, HP reported profit of $9.6 billion on $104.3 billion revenue.
DNS attack could signal Phishing 2.0
Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.
The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.
The researchers estimate that there are 17 million open-recursive DNS servers on the Internet, the vast majority of which give accurate information. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers.
The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.
"This is a crime with few witnesses," said David Dagon, a researcher at Georgia Tech who co-authored the paper. "These hosts are like carnival barkers. No matter what you ask them, they'll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads."
Attacks on the DNS system are not new, and online criminals have been changing DNS settings in victim's computers for at least four years now, Dagon said. But only recently have the bad guys lined up the technology and expertise to reliably launch this particular type of attack in a more widespread way. While the first such attacks used computer viruses to make these changes, lately attackers have been relying on Web-based malware.
Here's how an attack would work. A victim would visit a Web site or open a malicious attachment that would exploit a bug in his computer's software. Attackers would then change just one file in the Windows registry settings, telling the PC to go to the criminal's server for all DNS information. If the initial exploit code was not stopped by antivirus software, the attack would give attackers virtually undetectable control over the computer.
Once they'd changed the Windows settings, the criminals could take victims to the correct Web sites most of the time, but then suddenly redirect them to phishing sites whenever they wanted -- during an online banking session, for example. Because the attack is happening at the DNS level, anti-phishing software would not flag the phoney sites.
Or an attacker could simply take complete control over the victim's Internet experience, Dagon said. "If you look up the address of a Christian Science Reading Room site, they'll point you to skin exotica," he said. "If you ask where Google.com is located, they'll point you to a machine in China selling luggage."
"It's really the ultimate back door," said Chris Rouland, chief technology officer with IBM's Internet Security Systems division. "All the stuff we've deployed in the enterprise, it's not going to look for this."
Rouland expects to see more of these DNS attacks launched from Web 2.0 sites in the coming months, because they make it very easy for people to "mash up" Web pages from many different sources -- some of whom may be untrustworthy "This is truly the next generation of phishing," he said.
Preliminary findings by Dagon's team shows that the Web is an important vector for these attacks. Using Google's network of Web crawlers, researchers uncovered more than 2,100 Web pages that used exploit code to change the Windows registry of visitors.
The team's paper, entitled Corrupted DNS Resolution Paths, is set to be published at the Network and Distributed System Security Symposium (NDSS) in San Diego. It is co-authored by Chris Lee and Wenke Lee, of Georgia Tech and Niels Provos, a senior engineer with Google.
Last year Dagon and Wenke Lee, founded a startup called Damballa Inc., which is developing ways to protect against these types of attacks.
Damballa, which bills itself as an anti-botnet appliance vendor, can identify compromised machines by tracking whether or not they are communicating with DNS servers that are known to be malicious.
The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.
The researchers estimate that there are 17 million open-recursive DNS servers on the Internet, the vast majority of which give accurate information. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers.
The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.
"This is a crime with few witnesses," said David Dagon, a researcher at Georgia Tech who co-authored the paper. "These hosts are like carnival barkers. No matter what you ask them, they'll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads."
Attacks on the DNS system are not new, and online criminals have been changing DNS settings in victim's computers for at least four years now, Dagon said. But only recently have the bad guys lined up the technology and expertise to reliably launch this particular type of attack in a more widespread way. While the first such attacks used computer viruses to make these changes, lately attackers have been relying on Web-based malware.
Here's how an attack would work. A victim would visit a Web site or open a malicious attachment that would exploit a bug in his computer's software. Attackers would then change just one file in the Windows registry settings, telling the PC to go to the criminal's server for all DNS information. If the initial exploit code was not stopped by antivirus software, the attack would give attackers virtually undetectable control over the computer.
Once they'd changed the Windows settings, the criminals could take victims to the correct Web sites most of the time, but then suddenly redirect them to phishing sites whenever they wanted -- during an online banking session, for example. Because the attack is happening at the DNS level, anti-phishing software would not flag the phoney sites.
Or an attacker could simply take complete control over the victim's Internet experience, Dagon said. "If you look up the address of a Christian Science Reading Room site, they'll point you to skin exotica," he said. "If you ask where Google.com is located, they'll point you to a machine in China selling luggage."
"It's really the ultimate back door," said Chris Rouland, chief technology officer with IBM's Internet Security Systems division. "All the stuff we've deployed in the enterprise, it's not going to look for this."
Rouland expects to see more of these DNS attacks launched from Web 2.0 sites in the coming months, because they make it very easy for people to "mash up" Web pages from many different sources -- some of whom may be untrustworthy "This is truly the next generation of phishing," he said.
Preliminary findings by Dagon's team shows that the Web is an important vector for these attacks. Using Google's network of Web crawlers, researchers uncovered more than 2,100 Web pages that used exploit code to change the Windows registry of visitors.
The team's paper, entitled Corrupted DNS Resolution Paths, is set to be published at the Network and Distributed System Security Symposium (NDSS) in San Diego. It is co-authored by Chris Lee and Wenke Lee, of Georgia Tech and Niels Provos, a senior engineer with Google.
Last year Dagon and Wenke Lee, founded a startup called Damballa Inc., which is developing ways to protect against these types of attacks.
Damballa, which bills itself as an anti-botnet appliance vendor, can identify compromised machines by tracking whether or not they are communicating with DNS servers that are known to be malicious.
Subscribe to:
Posts (Atom)