Wireless networking startup Meraki plans to deliver free wireless Internet access, supported by advertising, across San Francisco by the end of the year, it announced Friday.
An earlier attempt by Google and EarthLink to offer free city-wide Wi-Fi access in San Francisco foundered in August when EarthLink pulled out. They had planned a two-tier service, with faster, paid access provided by EarthLink and a more limited, advertising-funded service to be offered by Google. The search engine giant is also an investor in Meraki.
Meraki will base the service on an existing project covering parts of the city, Free the Net, which has signed up 40,000 users over an area of 5 square kilometers since it began last March.
To avoid the need for extensive cabling, Meraki will build the backbone of the network using a mesh network of solar-powered wireless repeaters installed on rooftops. The nodes will use some of their wireless capacity to offer Internet access to those nearby, and the rest to haul traffic back, via adjacent nodes, to the network's core.
The company is looking for city residents willing to put a repeater on their roof. Those hosting a repeater will get free access to the service -- but so will their neighbors -- although for them, the signal may not be as strong. Although devices are shared, Meraki aims to deliver data rates of around 1M bps (bits per second) to each user.
Meraki will pay the cost of rolling out the service, and no public funds are involved, it said. Investors have offered the company an additional US$20 million in venture capital to fund the move, it announced Friday.
Ozone in Paris offers a similar wireless Internet service based on a network of wireless repeaters. Its service is only free for those who host repeaters, though: others must pay €18 (US$26) a month.
Friday, January 4, 2008
U.S. indicts 11 over pump-and-dump stock spam
Eleven people, including one of the top spammers in the world, were indicted on Thursday for allegedly sending millions of unsolicited e-mails intended to inflate the price of Chinese penny stocks.
The U.S. Department of Justice (DOJ) called the scheme one of the largest spamming and fraud operations in the U.S. The 41-count indictment charges the defendants with conspiracy, several types of fraud, and money laundering.
The indictment alleges the group sent spam via botnets, or networks of hacked computers. A three-year investigation revealed the e-mails, which implored investors to buy cheap stocks, contained fake headers and other misleading information, the DOJ said.
After the price of a stock increased, the defendants sold at the artificially inflated price, a practice known as a pump-and-dump scam, according to the indictment. In mid-2005, the stock spam netted the defendants around US$3 million, the DOJ said.
Those charged include Alan M. Ralsky, 52, of West Bloomfield, Michigan. Spamhaus, a London-based organization that tracks spamming operations, listed Ralsky as one of the top professional spammers in the world. Also indicted was Ralsky's son-in-law, Scott K. Bradley, 46.
Ralsky settled with Verizon after being sued in 2002 over spam. Ralsky and his company, Additional Benefits LLC, agreed to pay Verizon and to stop sending spam on Verizon's network.
Three of the 11 accused have been detained, and the rest -- including Ralsky -- are being sought, the DOJ said.
The U.S. Department of Justice (DOJ) called the scheme one of the largest spamming and fraud operations in the U.S. The 41-count indictment charges the defendants with conspiracy, several types of fraud, and money laundering.
The indictment alleges the group sent spam via botnets, or networks of hacked computers. A three-year investigation revealed the e-mails, which implored investors to buy cheap stocks, contained fake headers and other misleading information, the DOJ said.
After the price of a stock increased, the defendants sold at the artificially inflated price, a practice known as a pump-and-dump scam, according to the indictment. In mid-2005, the stock spam netted the defendants around US$3 million, the DOJ said.
Those charged include Alan M. Ralsky, 52, of West Bloomfield, Michigan. Spamhaus, a London-based organization that tracks spamming operations, listed Ralsky as one of the top professional spammers in the world. Also indicted was Ralsky's son-in-law, Scott K. Bradley, 46.
Ralsky settled with Verizon after being sued in 2002 over spam. Ralsky and his company, Additional Benefits LLC, agreed to pay Verizon and to stop sending spam on Verizon's network.
Three of the 11 accused have been detained, and the rest -- including Ralsky -- are being sought, the DOJ said.
OLPC: Won't miss Intel's 'half-hearted' laptop effort
Intel's resignation from the One Laptop Per Child Project's board of directors will have "no impact" on the group's operations, since the chip maker contributed little to the project since joining last year, OLPC President Walter Bender said in an interview.
"We never really got much going with Intel to have an impact," Bender said.
Intel joined OLPC's board of directors in July as part of an agreement that seemed to bury the hatchet between OLPC and Intel's competing Classmate PC project. In addition to ending a war of words between Intel and OLPC, the two sides agreed to cooperate on technology development. Work also began on the development of a version of OLPC's XO laptop using an Intel processor instead of the AMD chip found in the current version.
But the partnership agreement ultimately yielded little, and Intel made a "seemingly half-hearted effort" to build a version of the XO based on one of its microprocessors, Bender said.
The development of an XO laptop based on an Intel processor was widely believed to rely on a version of Intel's upcoming Silverthorne processor, due out early this year. But the use of Silverthorne, billed by Intel as an inexpensive and power-efficient processor, was never confirmed by either Intel or OLPC, although Intel employees privately hinted at its use.
Regardless of which chip was actually used in Intel's development efforts, the prototype laptop didn't live up to OLPC's expectations. "They developed something that, as far as I know, is more expensive and more power-hungry than our current offering, so I'm not quite sure what the point is," Bender said.
Bender's comments underscore the mutual nature of Intel's decision to quit OLPC, but he also hinted at missed opportunities.
"My expectation was that there's lots of room for cooperation, particularly on software ... [but] I couldn't get Intel interested in helping me with any of those problems," Bender said, adding Intel executives seemed most interested in using the agreement with OLPC for marketing purposes and public relations.
"The only thing they were interested in was ... helping them make marketing statements about how Intel's approach to learning was different from OLPC's approach to learning," Bender said. "They weren't interested in how we can learn together and make something better for kids."
For Intel's part, a source familiar with the company's decision to resign from the OLPC board said repeated requests to abandon the Classmate PC in favor of support for the OLPC's XO played a major role. Intel has invested heavily in Classmate PC, which is currently being tested in several countries, and the company did not want to walk away from those efforts, the source said.
During the six months that Intel belonged to OLPC, the chip maker contributed around US$6 million to the project, the source said, estimating that Intel spent around $100 million on education-related projects last year.
Bender declined to comment on Intel's financial contributions to the project.
"We never really got much going with Intel to have an impact," Bender said.
Intel joined OLPC's board of directors in July as part of an agreement that seemed to bury the hatchet between OLPC and Intel's competing Classmate PC project. In addition to ending a war of words between Intel and OLPC, the two sides agreed to cooperate on technology development. Work also began on the development of a version of OLPC's XO laptop using an Intel processor instead of the AMD chip found in the current version.
But the partnership agreement ultimately yielded little, and Intel made a "seemingly half-hearted effort" to build a version of the XO based on one of its microprocessors, Bender said.
The development of an XO laptop based on an Intel processor was widely believed to rely on a version of Intel's upcoming Silverthorne processor, due out early this year. But the use of Silverthorne, billed by Intel as an inexpensive and power-efficient processor, was never confirmed by either Intel or OLPC, although Intel employees privately hinted at its use.
Regardless of which chip was actually used in Intel's development efforts, the prototype laptop didn't live up to OLPC's expectations. "They developed something that, as far as I know, is more expensive and more power-hungry than our current offering, so I'm not quite sure what the point is," Bender said.
Bender's comments underscore the mutual nature of Intel's decision to quit OLPC, but he also hinted at missed opportunities.
"My expectation was that there's lots of room for cooperation, particularly on software ... [but] I couldn't get Intel interested in helping me with any of those problems," Bender said, adding Intel executives seemed most interested in using the agreement with OLPC for marketing purposes and public relations.
"The only thing they were interested in was ... helping them make marketing statements about how Intel's approach to learning was different from OLPC's approach to learning," Bender said. "They weren't interested in how we can learn together and make something better for kids."
For Intel's part, a source familiar with the company's decision to resign from the OLPC board said repeated requests to abandon the Classmate PC in favor of support for the OLPC's XO played a major role. Intel has invested heavily in Classmate PC, which is currently being tested in several countries, and the company did not want to walk away from those efforts, the source said.
During the six months that Intel belonged to OLPC, the chip maker contributed around US$6 million to the project, the source said, estimating that Intel spent around $100 million on education-related projects last year.
Bender declined to comment on Intel's financial contributions to the project.
CES: HP goes high-definition with new multimedia notebook
Hewlett-Packard, the top global PC vendor, Thursday introduced a multimedia notebook packed with high-definition features, including a screen that allows users to watch full HDTV movies.
The HP Pavilion HDX laptop, targeted at multimedia enthusiasts, has a 20.1-inch high-definition screen that plays back true 1080p high-definition television, according to HP. Users will have the option of selecting from an HD DVD or Blu-ray Disc drives to play back high-definition movies.
Powered by the Core 2 Extreme or Core 2 Duo processors from Intel, the system includes a hybrid TV tuner that lets users watch high-definition or analog TV broadcasts. The tuner will also provide digital video recorder capabilities, with users able to record and pause live TV.
The system includes an Nvidia GeForce 8800M GTS graphics card with 512M bytes of video memory, HP said. It also includes has four Altec Lansing speakers with a subwoofer built in. The system will support storage of up to 500G bytes and have integrated wired and wireless networking.
The system will run on Windows Vista Home Premium or Windows Vista Ultimate. Starting at $1,999, the system will ship in the U.S. this month, according to HP.
HP on Thursday also introduced the Pavilion tx2000 tablet PC, a portable laptop targeted at students and professionals. Users can rotate the screen 180 degrees and use a stylus to capture handwriting or surf the Internet, according to HP.
Powered by Advanced Micro Devices' Turion 64 X2 dual-core processor, the PC comes with a 12.1-inch screen and Windows Vista OS. It will have a DVD+/- RW drive, up to 250G bytes of storage, integrated wireless and wired networking, a fingerprint reader and a webcam. It weighs 4.29 pounds (1.95 kilograms) with a 4-cell battery, according to HP.
The PC will be available starting at $1,299, depending on configuration. It will ship later this month in the U.S.
The laptops were announced ahead of the Consumer Electronics Show, to be held in Las Vegas between January 7 and 10, where they will be on display.
The HP Pavilion HDX laptop, targeted at multimedia enthusiasts, has a 20.1-inch high-definition screen that plays back true 1080p high-definition television, according to HP. Users will have the option of selecting from an HD DVD or Blu-ray Disc drives to play back high-definition movies.
Powered by the Core 2 Extreme or Core 2 Duo processors from Intel, the system includes a hybrid TV tuner that lets users watch high-definition or analog TV broadcasts. The tuner will also provide digital video recorder capabilities, with users able to record and pause live TV.
The system includes an Nvidia GeForce 8800M GTS graphics card with 512M bytes of video memory, HP said. It also includes has four Altec Lansing speakers with a subwoofer built in. The system will support storage of up to 500G bytes and have integrated wired and wireless networking.
The system will run on Windows Vista Home Premium or Windows Vista Ultimate. Starting at $1,999, the system will ship in the U.S. this month, according to HP.
HP on Thursday also introduced the Pavilion tx2000 tablet PC, a portable laptop targeted at students and professionals. Users can rotate the screen 180 degrees and use a stylus to capture handwriting or surf the Internet, according to HP.
Powered by Advanced Micro Devices' Turion 64 X2 dual-core processor, the PC comes with a 12.1-inch screen and Windows Vista OS. It will have a DVD+/- RW drive, up to 250G bytes of storage, integrated wireless and wired networking, a fingerprint reader and a webcam. It weighs 4.29 pounds (1.95 kilograms) with a 4-cell battery, according to HP.
The PC will be available starting at $1,299, depending on configuration. It will ship later this month in the U.S.
The laptops were announced ahead of the Consumer Electronics Show, to be held in Las Vegas between January 7 and 10, where they will be on display.
Intel quits OLPC board over pressure to kill Classmate PC
Intel resigned from the One Laptop Per Child Project's board of directors after refusing a request to abandon its Classmate PC program, according to a source familiar with the situation.
Intel's departure from OLPC's board means that an effort to build a version of the project's XO laptop based on an Intel processor is over, the source said.
Intel's Classmate PC is a low-cost laptop designed for students in developing countries and competes against OLPC's XO laptop, which is based on a microprocessor from Advanced Micro Devices (AMD). Intel and OLPC agreed in July to work together on the development of technology for low-cost laptops and to stop disparaging each other's laptop offerings.
As part of that agreement, Intel got a seat on OLPC's board of directors and the two sides began to discuss building a version of the XO based on an Intel processor. At the same time, OLPC also explored the possibility of using an Arm processor from Marvell in yet another version of the XO.
But during discussions in the months following the July deal, OLPC founder Nicholas Negroponte insisted that Intel abandon the Classmate PC effort in favor of throwing its support behind OLPC's XO device, the source said. But the Classmate PC is undergoing tests in several countries and Intel was not prepared to walk away from those efforts, according to the source.
Intel spokesman Nick Jacobs confirmed that the company and OLPC had parted ways, but declined to comment further on the matter. Negroponte and other OLPC executives could not immediately be reached for comment.
OLPC has struggled to win orders for the XO laptop. A rising price tag -- now close to US$200, instead of $100 as originally planned -- hasn't helped the group make inroads with cash-strapped governments in developing countries.
Intel's departure from OLPC's board means that an effort to build a version of the project's XO laptop based on an Intel processor is over, the source said.
Intel's Classmate PC is a low-cost laptop designed for students in developing countries and competes against OLPC's XO laptop, which is based on a microprocessor from Advanced Micro Devices (AMD). Intel and OLPC agreed in July to work together on the development of technology for low-cost laptops and to stop disparaging each other's laptop offerings.
As part of that agreement, Intel got a seat on OLPC's board of directors and the two sides began to discuss building a version of the XO based on an Intel processor. At the same time, OLPC also explored the possibility of using an Arm processor from Marvell in yet another version of the XO.
But during discussions in the months following the July deal, OLPC founder Nicholas Negroponte insisted that Intel abandon the Classmate PC effort in favor of throwing its support behind OLPC's XO device, the source said. But the Classmate PC is undergoing tests in several countries and Intel was not prepared to walk away from those efforts, according to the source.
Intel spokesman Nick Jacobs confirmed that the company and OLPC had parted ways, but declined to comment further on the matter. Negroponte and other OLPC executives could not immediately be reached for comment.
OLPC has struggled to win orders for the XO laptop. A rising price tag -- now close to US$200, instead of $100 as originally planned -- hasn't helped the group make inroads with cash-strapped governments in developing countries.
A Wi-Fi virus outbreak? Researchers say it's possible
If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.
The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.
"The issue is that most of these routers are installed out of the box very insecurely," said Steven Myers, an assistant professor at Indiana University, who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy,
The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.
Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.
The team used what is known as the Susceptible Infected Removed (SIR) model to track the growth of this attack. This methodology is typically used to estimate things like influenza outbreaks, but it has also been used to predict things like computer virus infections, Myers said.
Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36 percent of passwords can be guessed using this technique.
Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years now. Routers that were encrypted using the more-secure WPA (Wi-Fi Protected Access) standard were considered impossible to infect, Myers said.
Myers' model is based on data compiled from the Wireless Geographic Logging Engine (WiGLE), a volunteer-run effort to map Wi-Fi networks around the world, which has over 10 million networks in its database.
Using this data, they were able to map out large networks of made out of Wi-Fi routers that were each no more than 45 meters (49 yards) from the network -- in other words, close enough for an infection to spread. The largest such network in New York included 36,807 systems; in Boston it was 15,899; and in Chicago: 50,084.
Because New York is such a dense city with a relatively low percentage (25.8 percent, according to the researchers) of encrypted routers, it was particularly susceptible to this type of attack. San Francisco, on the other hand, where 40.1 percent of routers are encrypted and which had a lower density of routers was less susceptible.
Myers says that because the attack would be technically complex, he doubts that criminals will attempt it any time soon. There are simply too many other, easier ways to take over computers, he said.
Still, he thinks hardware makers should take note. "The bigger point for developers and people making wireless information technology is to realize that there are serious security issues."
The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.
"The issue is that most of these routers are installed out of the box very insecurely," said Steven Myers, an assistant professor at Indiana University, who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy,
The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.
Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.
The team used what is known as the Susceptible Infected Removed (SIR) model to track the growth of this attack. This methodology is typically used to estimate things like influenza outbreaks, but it has also been used to predict things like computer virus infections, Myers said.
Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36 percent of passwords can be guessed using this technique.
Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years now. Routers that were encrypted using the more-secure WPA (Wi-Fi Protected Access) standard were considered impossible to infect, Myers said.
Myers' model is based on data compiled from the Wireless Geographic Logging Engine (WiGLE), a volunteer-run effort to map Wi-Fi networks around the world, which has over 10 million networks in its database.
Using this data, they were able to map out large networks of made out of Wi-Fi routers that were each no more than 45 meters (49 yards) from the network -- in other words, close enough for an infection to spread. The largest such network in New York included 36,807 systems; in Boston it was 15,899; and in Chicago: 50,084.
Because New York is such a dense city with a relatively low percentage (25.8 percent, according to the researchers) of encrypted routers, it was particularly susceptible to this type of attack. San Francisco, on the other hand, where 40.1 percent of routers are encrypted and which had a lower density of routers was less susceptible.
Myers says that because the attack would be technically complex, he doubts that criminals will attempt it any time soon. There are simply too many other, easier ways to take over computers, he said.
Still, he thinks hardware makers should take note. "The bigger point for developers and people making wireless information technology is to realize that there are serious security issues."
Facebook and Plaxo in data portability tussle
Facebook has reacted swiftly and sternly to an attempt to let members of the social networking site transfer their friends' contact information to Plaxo's address-book-management service.
The new Plaxo feature, which is in early-stage testing, is called Facebook Importer, and recently Plaxo reached out to a few hand-picked external users to try it out.
"Facebook has been turning into a new kind of address book, and we wanted to help our users move their data in and out of that service," said John McCrea, Plaxo's marketing vice president.
At least one of those users, well-known technology blogger Robert Scoble, had his account shut down on Thursday as a result of using the Plaxo importer. The incident may surprise some Facebook followers since the company's CEO recently said he wants to let users export their data to other online services.
Scoble reported on his blog on Thursday that he received a notice from Facebook saying he had violated the site's terms of service. He had Facebook's maximum of 5,000 friends on his account. However, Scoble later announced that Facebook had reinstated his account.
Plaxo planned to roll out the feature later this month to users of its Plaxo Pulse service, but those plans are now up in the air because the company doesn't want other Facebook members to get kicked out of the site like Scoble, McCrea said. He acknowledged that Plaxo didn't consult with Facebook while designing and testing this feature.
Plaxo's Facebook Importer can't function properly using just the application programming interfaces (APIs) Facebook has made available to third parties interested in creating applications for its social networking site, said Joseph Smarr, Plaxo's chief platform architect.
"While Facebook has ostensibly created these open APIs to use both off their site and, with their platform, on their site, they've gone to fairly great lengths to make sure you can't get out the data you need to take your friends' list with you," Smarr said.
Specifically, Facebook's APIs don't allow third-party applications to capture members' e-mail addresses, a key data point for address books, so Plaxo worked around this limitation by doing optical character recognition, or "scraping," to capture this information, Smarr said.
"We used their APIs to the extent possible, but if they're not providing the data that our users want, we have to augment that. And it's no different from them scraping Gmail and doing a Gmail import. It's fairly wide industry practice at this point," Smarr said.
Facebook's walled-garden position strikes Plaxo as inconsistent and contradictory, since Facebook allows its members to import address-book data from external e-mail services and applications.
"This is obviously functionality that Facebook is using to be able to pull in data from all these other sources, so it strikes us as a case of what's good for the goose isn't good for the gander," Smarr said.
By contrast, Plaxo has a similar feature that lets members of the LinkedIn social network move their contacts' data out to Plaxo, McCrea said.
The spat between Plaxo and Facebook highlights the thorny issue of data portability in social networking sites. In fact, Facebook CEO Mark Zuckerberg was asked for his position on this matter in October at the Web 2.0 Summit, and he spoke in favor of making data portable for his site's members.
At the time, Zuckerberg said Facebook members should be able to move the data they keep in their profiles to other online services if they want. He even went as far as to admit that it's "a flaw in the system" of Facebook that doesn't let them do this today.
"It's the users' data. We want to [make it portable.] That's the goal," he said, but, when pressed to provide a timetable for when Facebook might do this, he refrained from making a deadline commitment.
Zuckerberg's comments at Web 2.0, along with a series of Facebook moves to open itself up to external developers, prompted Plaxo to develop the importer, so the response to the feature caught the company by surprise, McCrea said.
According to Scoble's blog posts, Facebook told him via e-mail that his account was suspended because the company detected that he was running "automated scripts," which Facebook forbids for security reasons. In the last Facebook e-mail Scoble quotes in his blog, Facebook said it decided to reactivate his account because he told them he wouldn't run the Plaxo script again, nor any like it.
Incidentally, Scoble managed to transfer his Facebook friends' data out to Plaxo Pulse, so the feature apparently works as intended.
Neither Scoble nor Facebook responded to requests for comment.
The new Plaxo feature, which is in early-stage testing, is called Facebook Importer, and recently Plaxo reached out to a few hand-picked external users to try it out.
"Facebook has been turning into a new kind of address book, and we wanted to help our users move their data in and out of that service," said John McCrea, Plaxo's marketing vice president.
At least one of those users, well-known technology blogger Robert Scoble, had his account shut down on Thursday as a result of using the Plaxo importer. The incident may surprise some Facebook followers since the company's CEO recently said he wants to let users export their data to other online services.
Scoble reported on his blog on Thursday that he received a notice from Facebook saying he had violated the site's terms of service. He had Facebook's maximum of 5,000 friends on his account. However, Scoble later announced that Facebook had reinstated his account.
Plaxo planned to roll out the feature later this month to users of its Plaxo Pulse service, but those plans are now up in the air because the company doesn't want other Facebook members to get kicked out of the site like Scoble, McCrea said. He acknowledged that Plaxo didn't consult with Facebook while designing and testing this feature.
Plaxo's Facebook Importer can't function properly using just the application programming interfaces (APIs) Facebook has made available to third parties interested in creating applications for its social networking site, said Joseph Smarr, Plaxo's chief platform architect.
"While Facebook has ostensibly created these open APIs to use both off their site and, with their platform, on their site, they've gone to fairly great lengths to make sure you can't get out the data you need to take your friends' list with you," Smarr said.
Specifically, Facebook's APIs don't allow third-party applications to capture members' e-mail addresses, a key data point for address books, so Plaxo worked around this limitation by doing optical character recognition, or "scraping," to capture this information, Smarr said.
"We used their APIs to the extent possible, but if they're not providing the data that our users want, we have to augment that. And it's no different from them scraping Gmail and doing a Gmail import. It's fairly wide industry practice at this point," Smarr said.
Facebook's walled-garden position strikes Plaxo as inconsistent and contradictory, since Facebook allows its members to import address-book data from external e-mail services and applications.
"This is obviously functionality that Facebook is using to be able to pull in data from all these other sources, so it strikes us as a case of what's good for the goose isn't good for the gander," Smarr said.
By contrast, Plaxo has a similar feature that lets members of the LinkedIn social network move their contacts' data out to Plaxo, McCrea said.
The spat between Plaxo and Facebook highlights the thorny issue of data portability in social networking sites. In fact, Facebook CEO Mark Zuckerberg was asked for his position on this matter in October at the Web 2.0 Summit, and he spoke in favor of making data portable for his site's members.
At the time, Zuckerberg said Facebook members should be able to move the data they keep in their profiles to other online services if they want. He even went as far as to admit that it's "a flaw in the system" of Facebook that doesn't let them do this today.
"It's the users' data. We want to [make it portable.] That's the goal," he said, but, when pressed to provide a timetable for when Facebook might do this, he refrained from making a deadline commitment.
Zuckerberg's comments at Web 2.0, along with a series of Facebook moves to open itself up to external developers, prompted Plaxo to develop the importer, so the response to the feature caught the company by surprise, McCrea said.
According to Scoble's blog posts, Facebook told him via e-mail that his account was suspended because the company detected that he was running "automated scripts," which Facebook forbids for security reasons. In the last Facebook e-mail Scoble quotes in his blog, Facebook said it decided to reactivate his account because he told them he wouldn't run the Plaxo script again, nor any like it.
Incidentally, Scoble managed to transfer his Facebook friends' data out to Plaxo Pulse, so the feature apparently works as intended.
Neither Scoble nor Facebook responded to requests for comment.
IBM restructures systems division
With the aim to improve company performance and better meet customers' needs, IBM on Thursday said it was realigning its Systems and Technology group around types of clients.
Instead of product types, the newly aligned division will focus and develop products based on the needs of customers in different segments, said Tim Breuer, an IBM spokesman.
The restructured division will target four segments: large enterprises; small-and-medium businesses; verticals; and microelectronics, which includes customers buying IBM's chips.
The objective is to help customers and improve sales of IBM's products, Breuer said. The realignment enables the division to better determine and integrate hardware, software and services for customers, like meeting data center and virtualization needs in large enterprises, Breuer said. That should help IBM increase its business across the different segments, he said.
The newly aligned division will work with other divisions to better configure products for customers in different segments, Breuer said.
The restructuring comes at a time when the Systems and Technology division is struggling. In the third quarter of 2007, revenues for the division decreased 10 percent year-over-year to US$4.9 billion, including the divestiture of the Printing System Division in June 2007.
IBM is delivering on its promise to focus on customer-oriented solutions that it announced last year, said Joe Clabby, president of Clabby Analytics.
The SMB market is especially booming, and the restructuring should help IBM cope with heavy product demand, Clabby said. IBM has struggled a bit chasing the SMB market, but the restructuring coupled with some other recent improvements such as better marketing should help, he said.
With the restructuring, IBM is finally putting bat to ball, though it remains to be seen how it will play out in the long run, Clabby said.
Instead of product types, the newly aligned division will focus and develop products based on the needs of customers in different segments, said Tim Breuer, an IBM spokesman.
The restructured division will target four segments: large enterprises; small-and-medium businesses; verticals; and microelectronics, which includes customers buying IBM's chips.
The objective is to help customers and improve sales of IBM's products, Breuer said. The realignment enables the division to better determine and integrate hardware, software and services for customers, like meeting data center and virtualization needs in large enterprises, Breuer said. That should help IBM increase its business across the different segments, he said.
The newly aligned division will work with other divisions to better configure products for customers in different segments, Breuer said.
The restructuring comes at a time when the Systems and Technology division is struggling. In the third quarter of 2007, revenues for the division decreased 10 percent year-over-year to US$4.9 billion, including the divestiture of the Printing System Division in June 2007.
IBM is delivering on its promise to focus on customer-oriented solutions that it announced last year, said Joe Clabby, president of Clabby Analytics.
The SMB market is especially booming, and the restructuring should help IBM cope with heavy product demand, Clabby said. IBM has struggled a bit chasing the SMB market, but the restructuring coupled with some other recent improvements such as better marketing should help, he said.
With the restructuring, IBM is finally putting bat to ball, though it remains to be seen how it will play out in the long run, Clabby said.
CES: Take DVR content with you on Motorola device
Motorola introduced a portable broadcast TV player that will also let users take recorded programs with them on the go.
The DH01 receives DVB-H (Digital Video Broadcasting-Handheld) mobile TV programming, so it won't be useful to U.S. consumers any time soon. DVB-H is a mobile TV standard being used in Europe and other parts of the world.
While watching live broadcasts, users will be able to pause for five minutes. The DH01's high-resolution screen measures 4.3 inches and supports 16 million colors. It displays 25 frames per second and provides about four hours of playback time on a battery charge.
In addition to watching live broadcasts, users will be able to upload programs that they've recorded on their home DVRs (digital video recorders). A 256M byte Secure Digital/MultiMediaCard, which users can insert into the device, will save about 90 minutes of TV, Motorola said.
The DH01 is expected to be available this month. Motorola expects broadcasters and DVB-H service providers to sell it, and the device may become available in retail stores too. Motorola did not reveal an expected retail price.
Motorola will display the device next week at the International Consumer Electronics Show in Las Vegas.
Unless the DH01 becomes available with support for Qualcomm's MediaFlo technology, it won't be useful in the U.S., where it is unclear if any company will build a DVB-H network. In late 2007, AT&T announced plans to buy the spectrum that was to be used by Hiwire, the last remaining company that planned to build such a network. AT&T, which has already committed to using Qualcomm's MediaFlo for a mobile TV offering, has not said if it plans to continue Hiwire's DVB-H plans.
The DH01 receives DVB-H (Digital Video Broadcasting-Handheld) mobile TV programming, so it won't be useful to U.S. consumers any time soon. DVB-H is a mobile TV standard being used in Europe and other parts of the world.
While watching live broadcasts, users will be able to pause for five minutes. The DH01's high-resolution screen measures 4.3 inches and supports 16 million colors. It displays 25 frames per second and provides about four hours of playback time on a battery charge.
In addition to watching live broadcasts, users will be able to upload programs that they've recorded on their home DVRs (digital video recorders). A 256M byte Secure Digital/MultiMediaCard, which users can insert into the device, will save about 90 minutes of TV, Motorola said.
The DH01 is expected to be available this month. Motorola expects broadcasters and DVB-H service providers to sell it, and the device may become available in retail stores too. Motorola did not reveal an expected retail price.
Motorola will display the device next week at the International Consumer Electronics Show in Las Vegas.
Unless the DH01 becomes available with support for Qualcomm's MediaFlo technology, it won't be useful in the U.S., where it is unclear if any company will build a DVB-H network. In late 2007, AT&T announced plans to buy the spectrum that was to be used by Hiwire, the last remaining company that planned to build such a network. AT&T, which has already committed to using Qualcomm's MediaFlo for a mobile TV offering, has not said if it plans to continue Hiwire's DVB-H plans.
Microsoft readies for two Windows security updates
Microsoft plans to issue two security updates for its Windows operating system products next Tuesday as part of its regular software patch cycle.
The updates were pre-announced Thursday morning on Microsoft's Web site in order to give IT staffers a sense of how busy they will be next week installing the patches.
One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer. This update is rated important for Windows Server 2003 users and considered moderate for Windows 2000 users.
The second update, rated important for all Windows users, could allow an attacker to run software with a higher level of privilege on a system than would normally be allowed.
Microsoft did not provide any technical details on the updates.
With just two updates scheduled, January will be a light month by Microsoft's standards. In 2007 the company shipped 69 software updates, an average of just under six per month.
The updates were pre-announced Thursday morning on Microsoft's Web site in order to give IT staffers a sense of how busy they will be next week installing the patches.
One of the updates is considered critical for Windows Vista and XP users because the flaw it fixes could be used by attackers to install unauthorized software on a victim's computer. This update is rated important for Windows Server 2003 users and considered moderate for Windows 2000 users.
The second update, rated important for all Windows users, could allow an attacker to run software with a higher level of privilege on a system than would normally be allowed.
Microsoft did not provide any technical details on the updates.
With just two updates scheduled, January will be a light month by Microsoft's standards. In 2007 the company shipped 69 software updates, an average of just under six per month.
NetApp to buy Onaro to boost storage management
Storage vendor Network Appliance said Thursday it plans to buy Onaro, a Boston company that develops storage management software.
Onaro's main product family is SANScreen. The suite's components include an engine that models the relationships between components in a distributed system; a repository that monitors the storage services that applications need; and a change repository for tracking device and service changes, according to a company white paper. The point is to help administrators improve performance and resolve problems within their storage area networks.
Onaro's technology is deployed in 32 percent of the Fortune 50 companies, according to a statement. NetApp said Onaro's products are complementary to its existing offerings, which include its V-Series virtualization systems; ReplicatorX data recovery and replication software; and its Decru DataFort storage encryption appliances.
NetApp said the deal will close in the first quarter of this year. Financial terms were not disclosed. Shares of NetApp stock were trading at roughly $25 Thursday morning, a rise of approximately $0.25.
Onaro's main product family is SANScreen. The suite's components include an engine that models the relationships between components in a distributed system; a repository that monitors the storage services that applications need; and a change repository for tracking device and service changes, according to a company white paper. The point is to help administrators improve performance and resolve problems within their storage area networks.
Onaro's technology is deployed in 32 percent of the Fortune 50 companies, according to a statement. NetApp said Onaro's products are complementary to its existing offerings, which include its V-Series virtualization systems; ReplicatorX data recovery and replication software; and its Decru DataFort storage encryption appliances.
NetApp said the deal will close in the first quarter of this year. Financial terms were not disclosed. Shares of NetApp stock were trading at roughly $25 Thursday morning, a rise of approximately $0.25.
Facebook tightens app development platform to curb abuses
Facebook kicked off the new year with additional tweaks to its development platform as it continues to grapple with external programmers who spur adoption of their applications among Facebook members through deceitful and abusive practices.
Facebook has been battling this problem since May, when it opened its social-networking site to third-party developers interested in building applications for it.
Chief among the annoyances have been self-promotion features in applications such as bulk unsolicited e-mails and intrusive message displays. Although Facebook has made several changes in past months, the problems persist.
On Jan. 1, a Facebook official made an official blog posting titled "New Year. New Rules" in which he states that some developers have been sneakily bypassing the amount of e-mail notifications applications are allowed to send.
"Specifically, these developers have been sending notification e-mails to users for one application with another application, in order to 'pool' the total quota of e-mail notifications together," wrote Dave Morin, Facebook's senior platform manager.
In addition, other applications have been designed to trick Facebook members into inadvertently installing other applications by placing links into e-mail messages, internal notifications and the Mini-Feed feature in member profiles.
"Starting today, we'll begin blocking links in Mini-Feed, Notifications, and Notification E-mails which lead to the installation of another application in the hopes that developers focus on user experience and engagement being paramount, not deceiving users for the sake of growth," Morin wrote.
Facebook has been battling this problem since May, when it opened its social-networking site to third-party developers interested in building applications for it.
Chief among the annoyances have been self-promotion features in applications such as bulk unsolicited e-mails and intrusive message displays. Although Facebook has made several changes in past months, the problems persist.
On Jan. 1, a Facebook official made an official blog posting titled "New Year. New Rules" in which he states that some developers have been sneakily bypassing the amount of e-mail notifications applications are allowed to send.
"Specifically, these developers have been sending notification e-mails to users for one application with another application, in order to 'pool' the total quota of e-mail notifications together," wrote Dave Morin, Facebook's senior platform manager.
In addition, other applications have been designed to trick Facebook members into inadvertently installing other applications by placing links into e-mail messages, internal notifications and the Mini-Feed feature in member profiles.
"Starting today, we'll begin blocking links in Mini-Feed, Notifications, and Notification E-mails which lead to the installation of another application in the hopes that developers focus on user experience and engagement being paramount, not deceiving users for the sake of growth," Morin wrote.
LG.Philips LCD unrolls 14-inch color e-paper display
South Korea's LG.Philips LCD is out to impress at next week's Consumer Electronics Show and will unveil a 14.3-inch color electronic paper display.
The display, which is about the same size as an A4-sheet of paper, has a resolution of 1,280 pixels by 800 pixels and can display 16.7-million colors, LG.Philips LCD said Thursday. That makes it the highest resolution screen of its type yet developed, the company said, and is an advance on a display unveiled in May last year that offered just 4,096 colors.
Electronic paper is being pursued by many companies as a future replacement for paper. The screens are often produced on a flexible substrate so they can bend, unlike conventional LCD (liquid crystal display) panels that are made on glass. But the amount by which they can be bent without causing damage to the screen widely varies between prototypes, and there are still no displays that can be folded like a sheet of paper.
The new LG.Philips LCD panel borrows some of the TFT (thin-film transistor) technology used by the company to make LCD panels and marries it with metal foil and a plastic substrate. The result is a flexible screen that is less than 300 micrometers thick, which is a few times thicker than standard copier paper. In addition to being flexible the screen can be viewed through 180 degrees even when bent, the company said.
At CES the company also plans to show a mono e-paper screen equivalent in size to a B5 sheet of paper (176 mm by 250 mm). While not as impressive as the larger, color display, it is easier to manufacture and LG.Philips LCD said it plans to launch this latter display later in the year.
In addition to the physical specifications of the displays one of the keys to success will be how fast the image can be refreshed on the screen. A conventional LCD is capable of redrawing the image many times per second but e-paper prototypes shown until now typically take a few seconds for the on-screen image to completely change. For example, a Fujitsu prototype unveiled in May last year took 2 seconds to refresh an 8-color image and 10 seconds to refresh a 4,096-color image.
The display, which is about the same size as an A4-sheet of paper, has a resolution of 1,280 pixels by 800 pixels and can display 16.7-million colors, LG.Philips LCD said Thursday. That makes it the highest resolution screen of its type yet developed, the company said, and is an advance on a display unveiled in May last year that offered just 4,096 colors.
Electronic paper is being pursued by many companies as a future replacement for paper. The screens are often produced on a flexible substrate so they can bend, unlike conventional LCD (liquid crystal display) panels that are made on glass. But the amount by which they can be bent without causing damage to the screen widely varies between prototypes, and there are still no displays that can be folded like a sheet of paper.
The new LG.Philips LCD panel borrows some of the TFT (thin-film transistor) technology used by the company to make LCD panels and marries it with metal foil and a plastic substrate. The result is a flexible screen that is less than 300 micrometers thick, which is a few times thicker than standard copier paper. In addition to being flexible the screen can be viewed through 180 degrees even when bent, the company said.
At CES the company also plans to show a mono e-paper screen equivalent in size to a B5 sheet of paper (176 mm by 250 mm). While not as impressive as the larger, color display, it is easier to manufacture and LG.Philips LCD said it plans to launch this latter display later in the year.
In addition to the physical specifications of the displays one of the keys to success will be how fast the image can be refreshed on the screen. A conventional LCD is capable of redrawing the image many times per second but e-paper prototypes shown until now typically take a few seconds for the on-screen image to completely change. For example, a Fujitsu prototype unveiled in May last year took 2 seconds to refresh an 8-color image and 10 seconds to refresh a 4,096-color image.
Eclipse reeling in Swordfish as SOA framework
The Eclipse Foundation with its Swordfish project is developing an open source SOA framework intended for applications ranging from enterprise environments to embedded systems.
Based on technology from German logistics company Deutsche Post, Swordfish features an SOA runtime platform that leverages three popular projects: Service Component Architecture (SCA), Java Business Integration (JBI), and Open Services Gateway initiative (OSGi). SCA provides a common programming model and assembly description format while JBI serves as a common messaging model. OSGi, which is the basis of the Eclipse runtime platform, provides common deployment and runtime component models in Swordfish.
The Swordfish architecture uses OSGi to implement JBI and SCA.
"[Swordfish] is a framework to bring [together] different components, which are needed for an SOA platform," said Ricco Deutscher, CTO at Sopera, which is leading the Swordfish effort and offers an open source SOA suite based on the project.
"[Enterprise IT directors] should be very excited because this is up and running [for] more than six years in the largest logistics company in the world, and it is a very proven, mature technology," said Deutscher.
According to the Eclipse Swordfish blog, Deutsche Post developed the core SOA engine with plans calling for the code to be refactored into an OSGi-based SOA engine. The OSGi engine serves as a milestone to an SOA runtime framework.
The version 1.0 production release of Swordfish is scheduled for the third quarter of this year.
Swordfish offers a way to use JBI, SCA, and OSGi for server-side applications, said analyst Michael Cote of Redmonk. It also demonstrates Eclipse's reach to the server, he said.
"Where I see Swordfish fitting in is [it is] sort of [an] 'enterprise' framework for writing software and applications with OSGi," said Cote. The Swordfish vision also appears to follow the ESB-driven (enterprise service bus) way of doing SOA, he said.
"I think the more interesting thing about Swordfish than just the SOA angle is how it's part of Eclipse's overall idea of doing more runtime -- stuff for the server side rather than desktop stuff," Cote said.
The Sopera open source suite features Swordfish and components for messaging, registry, security, and BPEL (Business Process Execution Language for Web Services). Sopera supports business applications, as well as legacy and SAP NetWeaver integration. It also provides a gateway to third-party ESBs.
Chris Kanaracus, U.S. correspondent with IDG News Service, an InfoWorld affiliate, contributed to this report.
Based on technology from German logistics company Deutsche Post, Swordfish features an SOA runtime platform that leverages three popular projects: Service Component Architecture (SCA), Java Business Integration (JBI), and Open Services Gateway initiative (OSGi). SCA provides a common programming model and assembly description format while JBI serves as a common messaging model. OSGi, which is the basis of the Eclipse runtime platform, provides common deployment and runtime component models in Swordfish.
The Swordfish architecture uses OSGi to implement JBI and SCA.
"[Swordfish] is a framework to bring [together] different components, which are needed for an SOA platform," said Ricco Deutscher, CTO at Sopera, which is leading the Swordfish effort and offers an open source SOA suite based on the project.
"[Enterprise IT directors] should be very excited because this is up and running [for] more than six years in the largest logistics company in the world, and it is a very proven, mature technology," said Deutscher.
According to the Eclipse Swordfish blog, Deutsche Post developed the core SOA engine with plans calling for the code to be refactored into an OSGi-based SOA engine. The OSGi engine serves as a milestone to an SOA runtime framework.
The version 1.0 production release of Swordfish is scheduled for the third quarter of this year.
Swordfish offers a way to use JBI, SCA, and OSGi for server-side applications, said analyst Michael Cote of Redmonk. It also demonstrates Eclipse's reach to the server, he said.
"Where I see Swordfish fitting in is [it is] sort of [an] 'enterprise' framework for writing software and applications with OSGi," said Cote. The Swordfish vision also appears to follow the ESB-driven (enterprise service bus) way of doing SOA, he said.
"I think the more interesting thing about Swordfish than just the SOA angle is how it's part of Eclipse's overall idea of doing more runtime -- stuff for the server side rather than desktop stuff," Cote said.
The Sopera open source suite features Swordfish and components for messaging, registry, security, and BPEL (Business Process Execution Language for Web Services). Sopera supports business applications, as well as legacy and SAP NetWeaver integration. It also provides a gateway to third-party ESBs.
Chris Kanaracus, U.S. correspondent with IDG News Service, an InfoWorld affiliate, contributed to this report.
Qualcomm maneuvers around court's chipset ban
Qualcomm is shipping four new wireless chipsets that do not infringe on a video encoding patent held by competitor Broadcom. Qualcomm expects the WCDMA (Wideband Code Division Multiple Access) handsets containing the chips to go on sale in the U.S. by April, it said Wednesday.
The announcement comes two days after a U.S. federal judge issued an injunction that stops Qualcomm from selling some wireless chipsets found to infringe on the Broadcom patent.
Under a special provision of the injunction, Qualcomm can continue to use Broadcom's patented technology in some existing QChat push-to-talk and 1xEV-DO (Evolution-Data Only) products through Jan. 31, 2009, as long as it pays royalties to Broadcom. New products, or existing products sold to new customers, are not covered by the automatic license.
Qualcomm is still developing workarounds for infringing technology included in the QChat and 1xEV-DO products, it said.
Broadcom won a patent infringement suit against Qualcomm in May and was awarded US$19.6 million in damages. However, Broadcom said the injunction -- which only applies to chipsets sold in the U.S. -- was far more important than the money.
Monday's injunction, issued in the U.S. District Court for the Southern District of California, also prohibits Qualcomm from some marketing and customer support activities related to WCDMA and EV-DO chips.
Qualcomm said it still wants further clarification on some aspects of the injunction, saying it could affect the company's product development. The company said it is also considering filing an appeal or for a stay of the injunction.
The two companies still have other patent infringement and antitrust claims pending.
The announcement comes two days after a U.S. federal judge issued an injunction that stops Qualcomm from selling some wireless chipsets found to infringe on the Broadcom patent.
Under a special provision of the injunction, Qualcomm can continue to use Broadcom's patented technology in some existing QChat push-to-talk and 1xEV-DO (Evolution-Data Only) products through Jan. 31, 2009, as long as it pays royalties to Broadcom. New products, or existing products sold to new customers, are not covered by the automatic license.
Qualcomm is still developing workarounds for infringing technology included in the QChat and 1xEV-DO products, it said.
Broadcom won a patent infringement suit against Qualcomm in May and was awarded US$19.6 million in damages. However, Broadcom said the injunction -- which only applies to chipsets sold in the U.S. -- was far more important than the money.
Monday's injunction, issued in the U.S. District Court for the Southern District of California, also prohibits Qualcomm from some marketing and customer support activities related to WCDMA and EV-DO chips.
Qualcomm said it still wants further clarification on some aspects of the injunction, saying it could affect the company's product development. The company said it is also considering filing an appeal or for a stay of the injunction.
The two companies still have other patent infringement and antitrust claims pending.
Wi-Spy spies on Wi-Fi
While we continue to investigate our problem with deferred procedure calls (see last week's Gearhead) -- a problem that seems to have mysteriously vanished again -- we wanted to bring to your attention a tool that, if you are doing wireless stuff, you are going to want.
The tool is called Wi-Spy 2.4x and is manufactured and sold by the wonderfully named MetaGeek. The Wi-Spy is a USB (1.1 or 2) spectrum analyzer for the radio frequency range from 2400 MHz to 2483.5 MHz with a resolution of 328 KHz. It can detect signals in the range -110 dBm to -6.5 dBm with an amplitude resolution of 0.5 dBm and has a sweep time of 165 milliseconds.
In other words, this is a pretty snazzy piece of hardware, but two other features make the Wi-Spy outstanding. The first is its software, Chanalyzer, which runs on Windows 2000 or later with .Net 2.0 installed. Linux and Mac support are also available via third-party software.
Chanalyzer's user interface shows three graphs that share a common X-axis of frequency; you can select this axis to be displayed as frequency or as Wi-Fi channels or Zigbee channels (I plan to cover Zigbee in more depth in a future Gearhead column -- for now, see this Network World story).
The top graph is the Spectral View. This is a "waterfall graph" (that is, one that scrolls down over time) that plots the selected time period (you can select from 15 seconds to one hour) against the frequency range, with each point color-coded by the signal's amplitude. This highlights bandwidth use over time.
The graph below that is what MetaGeek calls the Topographic View. This display shows the popularity of the spectrum by plotting the percentage activity for each frequency and amplitude over the selected time period. In other words, it is a spectrum utilization map.
The bottom graph is the Planar View, which plots amplitude against frequency and shows current, average and maximum amplitudes. There are also two markers that you can place on the frequency axis to get data for a specific frequency.
What this deluge of data shows you is, for a given location, how the spectrum is being used and abused. For example, you can see where devices such as microwave ovens, Bluetooth devices and cordless phones might be adding noise and reducing Wi-Fi throughput.
When Wi-Fi or Zigbee channels are selected you can click on one or more of their labels on the frequency axis to overlay a highlighted zone that shows the channel frequency limits. Wi-Fi channels are 5 MHz apart, but to ensure more or less complete isolation they need to be 25 MHz apart. This is particularly important where other people's nearby access points might be a problem -- most people never change their access points' default use of channel 6, so to avoid overlap you should use channel 1 or 11.
Note that the European Union also allows the use of channels 12 and 13, and channel 14 is the only one allowed to be used for Wi-Fi in Japan.
The other outstanding feature is that you can save and replay your Wi-Spy spectrum captures and share them with other users. MetaGeek has a library of user contributions that shows what the graphs generated by devices such as microwave ovens, cellular phones, baby monitors and cordless phones look like -- these are extremely useful when you are trying to track down your own Wi-Fi problems.
MetaGeek also offers a freeware rewrite of that old hacker favorite, NetStumbler (last updated in 2004), called Inssider. Wi-Spy 2.4x is, as I wrote, outstanding, and at $399 an excellent value. Highly recommended.
The tool is called Wi-Spy 2.4x and is manufactured and sold by the wonderfully named MetaGeek. The Wi-Spy is a USB (1.1 or 2) spectrum analyzer for the radio frequency range from 2400 MHz to 2483.5 MHz with a resolution of 328 KHz. It can detect signals in the range -110 dBm to -6.5 dBm with an amplitude resolution of 0.5 dBm and has a sweep time of 165 milliseconds.
In other words, this is a pretty snazzy piece of hardware, but two other features make the Wi-Spy outstanding. The first is its software, Chanalyzer, which runs on Windows 2000 or later with .Net 2.0 installed. Linux and Mac support are also available via third-party software.
Chanalyzer's user interface shows three graphs that share a common X-axis of frequency; you can select this axis to be displayed as frequency or as Wi-Fi channels or Zigbee channels (I plan to cover Zigbee in more depth in a future Gearhead column -- for now, see this Network World story).
The top graph is the Spectral View. This is a "waterfall graph" (that is, one that scrolls down over time) that plots the selected time period (you can select from 15 seconds to one hour) against the frequency range, with each point color-coded by the signal's amplitude. This highlights bandwidth use over time.
The graph below that is what MetaGeek calls the Topographic View. This display shows the popularity of the spectrum by plotting the percentage activity for each frequency and amplitude over the selected time period. In other words, it is a spectrum utilization map.
The bottom graph is the Planar View, which plots amplitude against frequency and shows current, average and maximum amplitudes. There are also two markers that you can place on the frequency axis to get data for a specific frequency.
What this deluge of data shows you is, for a given location, how the spectrum is being used and abused. For example, you can see where devices such as microwave ovens, Bluetooth devices and cordless phones might be adding noise and reducing Wi-Fi throughput.
When Wi-Fi or Zigbee channels are selected you can click on one or more of their labels on the frequency axis to overlay a highlighted zone that shows the channel frequency limits. Wi-Fi channels are 5 MHz apart, but to ensure more or less complete isolation they need to be 25 MHz apart. This is particularly important where other people's nearby access points might be a problem -- most people never change their access points' default use of channel 6, so to avoid overlap you should use channel 1 or 11.
Note that the European Union also allows the use of channels 12 and 13, and channel 14 is the only one allowed to be used for Wi-Fi in Japan.
The other outstanding feature is that you can save and replay your Wi-Spy spectrum captures and share them with other users. MetaGeek has a library of user contributions that shows what the graphs generated by devices such as microwave ovens, cellular phones, baby monitors and cordless phones look like -- these are extremely useful when you are trying to track down your own Wi-Fi problems.
MetaGeek also offers a freeware rewrite of that old hacker favorite, NetStumbler (last updated in 2004), called Inssider. Wi-Spy 2.4x is, as I wrote, outstanding, and at $399 an excellent value. Highly recommended.
Anti-botnet vendors plug in
A small group of IT security startups are hoping to cash in on the rise of the botnet scourge as businesses -- telecommunications carriers and Internet service providers, in particular -- seek new methods for stopping the attacks.
While larger security software makers, including Symantec, McAfee, and Trend Micro, have built botnet-fighting functions into their existing products, and carrier security specialists such as Arbor Networks have added tools for detecting the threats in their network monitoring systems, a handful of smaller companies are attempting to market themselves as purists in the anti-botnet field.
As carriers, ISPs, and large enterprises investigate techniques to keep computers on their networks, and those of their customers, from being recruited into the zombie armies of botnet-controlled devices, some experts say that there may be a market for stand-alone technologies that address the problem -- at least for the next several years.
"If you look at the change in the characteristics of malware attacks over the last year, and the public outrage over data breaches, private and government organizations have reached a point where the botnet issue is directly accessible," said Nick Selby, analyst at The 451 Group.
"Botnets are very relevant to data loss, and without question, customers are looking for in-the-cloud protection and clean pipes; the problem is too complex for any individual user to deal with alone, even large enterprise users," he said. "Anti-botnet vendors could see compliance and media-fueled growth because everyone understands the issue of data loss."
Just as Webroot was able to build and maintain a business dedicated to fighting spyware -- even in the face of competition from larger rivals who built tools for warding off those attacks into their integrated security suites -- vendors staking a claim to the anti-botnet space contend that there will be plenty of demand for their specialized skills.
Perhaps the two best-known providers making noise in the segment are FireEye, a Silicon Valley startup backed by funding from Sequoia Capital and Norwest Venture Partners, and Damballa, an Atlanta-based company with roots at Georgia Tech backed by Sigma Partners and Noro-Moseley Partners.
Leaders with both companies maintain that their businesses are already taking off as botnets take over.
"These networks of infected PCs have become, in essence, the world's largest computing grids. They dwarf the world's supercomputers in terms of their power, so that tells you something about the severity of the overall threat," said Ashar Aziz, chief executive of FireEye, who maintains there are currently as many as 150 million botnet-infected computers worldwide.
"This is the actual infrastructure that connects all the malware, spam, and denial-of-service attacks," he said. "A feature built into an end-point client is not going to solve the problem on its own; large enterprises and carriers are looking for something today that is going to help them keep their assets from being victimized."
In addition to the carrier crowd, Aziz said that a growing number of large enterprises are seeking to take things into their own hands to ensure that their networks aren't being exploited by botnet commanders.
Not only are large companies fearful of having their assets used as proxies by all sorts of attackers, and any potential fines that such activity or related data loss could lead to, he said, they are also hoping to avoid the embarrassment of having machines inside their walls publicly revealed as spam and malware delivery stations.
Throughout 2007, researchers at network security technology vendor Support Intelligence repeatedly detailed spam runs emanating from well-known businesses, including Bank of America, Intel, and Nationwide Insurance, that were thought to be driven by botnet-infected computers.
At the core of the company's anti-botnet technology, delivered via its appliances, is its FireEye Analysis and Control Technology (FACT) engine, which looks for suspicious traffic, confirms attacks, and blocks access from infected devices to other machines on a network.
Using the information being drawn from its customers, which already include a number of large North American carriers and Fortune 1,000 companies, according to the CEO, FireEye claims that it also has the ability to backtrack its way through the networks of infected machines to scope out the size of botnet operations and work with carriers to snuff out the infrastructure.
Aziz contends that even if anti-botnet technologies become digested in broader suites by most companies or through carrier-provided services, FireEye -- whose virtualization-based technology was originally positioned for use in network access control (NAC) systems when it was founded in 2004 -- will be able to turn a profit by providing the intelligence needed by those systems to identify and track the attacks.
"The capability to build this intelligence about the botnets themselves is a sizable business opportunity. These companies offering services will need to constantly feed new data into their gateways," he said. "We feel this is a viable business model, finding the infrastructure that is out there and helping people understand where it lives and how it works."
Damballa, which takes it name from the realm of voodoo spirits, is already marketing its capabilities to both enterprises and carriers in a number of different models.
For instance, the company already offers three deployment options to enterprise customers: its Global Surveillance Network, a subscription service that alerts users if any of their machines are infected by known botnets; its Enterprise Protection package, which uses sensors placed on clients' networks to look for attacks; and its Extended Enterprise Protection offering, which utilizes sensors outside companies' firewalls to look for attempts by botnets to connect to users' computers.
It markets comparable services for carriers and other security OEMs.
Damballa leaders said that the key to earning a spot inside more companies' operations will be the continued evolution and maturation of the threats themselves, and the company's unique ability to chart botnet behavior.
"We definitely see a best-of-breed opportunity for fighting botnets. It depends on the customer, but most of the success we're finding is with organizations who already have a lot of security technologies in place but still find themselves dealing with this problem," said Tripp Cox, vice president of engineering at Damballa, which was founded in late 2006.
"These companies are getting green lights from other products telling them that everything is OK, but they are still finding out about compromises inside their networks," he said. "A lot of the larger security players will have to have something in their suite to address the problem, and there's definitely potential for consolidation at some point in this space, but if you look at a problem like spam, there's a history there of companies building a stand-alone business to solve problems like this."
The 451 Group's Selby said that there will likely be growth of the anti-botnet segment before any industry consolidation takes place, despite a wide number of companies --ranging from anti-virus vendors to massive carriers with managed security services -- who want to take on a broader piece of the market.
"It would seem to make sense for these [anti-botnet] companies to cut deals with ISPs to have better visibility into their networks and botnet activity in general, as they already have," the analyst said. "This is a market that should see expansion as botnets continue to become a bigger problem for everyone."
While larger security software makers, including Symantec, McAfee, and Trend Micro, have built botnet-fighting functions into their existing products, and carrier security specialists such as Arbor Networks have added tools for detecting the threats in their network monitoring systems, a handful of smaller companies are attempting to market themselves as purists in the anti-botnet field.
As carriers, ISPs, and large enterprises investigate techniques to keep computers on their networks, and those of their customers, from being recruited into the zombie armies of botnet-controlled devices, some experts say that there may be a market for stand-alone technologies that address the problem -- at least for the next several years.
"If you look at the change in the characteristics of malware attacks over the last year, and the public outrage over data breaches, private and government organizations have reached a point where the botnet issue is directly accessible," said Nick Selby, analyst at The 451 Group.
"Botnets are very relevant to data loss, and without question, customers are looking for in-the-cloud protection and clean pipes; the problem is too complex for any individual user to deal with alone, even large enterprise users," he said. "Anti-botnet vendors could see compliance and media-fueled growth because everyone understands the issue of data loss."
Just as Webroot was able to build and maintain a business dedicated to fighting spyware -- even in the face of competition from larger rivals who built tools for warding off those attacks into their integrated security suites -- vendors staking a claim to the anti-botnet space contend that there will be plenty of demand for their specialized skills.
Perhaps the two best-known providers making noise in the segment are FireEye, a Silicon Valley startup backed by funding from Sequoia Capital and Norwest Venture Partners, and Damballa, an Atlanta-based company with roots at Georgia Tech backed by Sigma Partners and Noro-Moseley Partners.
Leaders with both companies maintain that their businesses are already taking off as botnets take over.
"These networks of infected PCs have become, in essence, the world's largest computing grids. They dwarf the world's supercomputers in terms of their power, so that tells you something about the severity of the overall threat," said Ashar Aziz, chief executive of FireEye, who maintains there are currently as many as 150 million botnet-infected computers worldwide.
"This is the actual infrastructure that connects all the malware, spam, and denial-of-service attacks," he said. "A feature built into an end-point client is not going to solve the problem on its own; large enterprises and carriers are looking for something today that is going to help them keep their assets from being victimized."
In addition to the carrier crowd, Aziz said that a growing number of large enterprises are seeking to take things into their own hands to ensure that their networks aren't being exploited by botnet commanders.
Not only are large companies fearful of having their assets used as proxies by all sorts of attackers, and any potential fines that such activity or related data loss could lead to, he said, they are also hoping to avoid the embarrassment of having machines inside their walls publicly revealed as spam and malware delivery stations.
Throughout 2007, researchers at network security technology vendor Support Intelligence repeatedly detailed spam runs emanating from well-known businesses, including Bank of America, Intel, and Nationwide Insurance, that were thought to be driven by botnet-infected computers.
At the core of the company's anti-botnet technology, delivered via its appliances, is its FireEye Analysis and Control Technology (FACT) engine, which looks for suspicious traffic, confirms attacks, and blocks access from infected devices to other machines on a network.
Using the information being drawn from its customers, which already include a number of large North American carriers and Fortune 1,000 companies, according to the CEO, FireEye claims that it also has the ability to backtrack its way through the networks of infected machines to scope out the size of botnet operations and work with carriers to snuff out the infrastructure.
Aziz contends that even if anti-botnet technologies become digested in broader suites by most companies or through carrier-provided services, FireEye -- whose virtualization-based technology was originally positioned for use in network access control (NAC) systems when it was founded in 2004 -- will be able to turn a profit by providing the intelligence needed by those systems to identify and track the attacks.
"The capability to build this intelligence about the botnets themselves is a sizable business opportunity. These companies offering services will need to constantly feed new data into their gateways," he said. "We feel this is a viable business model, finding the infrastructure that is out there and helping people understand where it lives and how it works."
Damballa, which takes it name from the realm of voodoo spirits, is already marketing its capabilities to both enterprises and carriers in a number of different models.
For instance, the company already offers three deployment options to enterprise customers: its Global Surveillance Network, a subscription service that alerts users if any of their machines are infected by known botnets; its Enterprise Protection package, which uses sensors placed on clients' networks to look for attacks; and its Extended Enterprise Protection offering, which utilizes sensors outside companies' firewalls to look for attempts by botnets to connect to users' computers.
It markets comparable services for carriers and other security OEMs.
Damballa leaders said that the key to earning a spot inside more companies' operations will be the continued evolution and maturation of the threats themselves, and the company's unique ability to chart botnet behavior.
"We definitely see a best-of-breed opportunity for fighting botnets. It depends on the customer, but most of the success we're finding is with organizations who already have a lot of security technologies in place but still find themselves dealing with this problem," said Tripp Cox, vice president of engineering at Damballa, which was founded in late 2006.
"These companies are getting green lights from other products telling them that everything is OK, but they are still finding out about compromises inside their networks," he said. "A lot of the larger security players will have to have something in their suite to address the problem, and there's definitely potential for consolidation at some point in this space, but if you look at a problem like spam, there's a history there of companies building a stand-alone business to solve problems like this."
The 451 Group's Selby said that there will likely be growth of the anti-botnet segment before any industry consolidation takes place, despite a wide number of companies --ranging from anti-virus vendors to massive carriers with managed security services -- who want to take on a broader piece of the market.
"It would seem to make sense for these [anti-botnet] companies to cut deals with ISPs to have better visibility into their networks and botnet activity in general, as they already have," the analyst said. "This is a market that should see expansion as botnets continue to become a bigger problem for everyone."
Instant messaging, banks top Chinese searches, Google says
Chinese banks and an instant messaging service topped the list of fastest-rising search terms on Google's Chinese Web site during 2007, the company said Wednesday.
The first release of Google China's Zeitgeist (in Chinese), which lists the fastest-rising search terms during 2007, was topped by QQ, an instant-messaging service that is immensely popular among Chinese Internet users. Two banks -- China Merchants Bank and Industrial and Commercial Bank of China -- took the second and third spots, followed by searches for "stocks" and "games."
China Construction Bank was in the sixth spot on the list, followed by Google Earth, the Xunlei file-sharing service, antivirus vendor Kaspersky Lab, and MSN.
Google Zeitgeist doesn't reflect the most-searched for terms on Google's Web site. Instead, the list shows which search terms experienced the greatest jump in popularity during the year. Viewed in that light, the popularity of banking and financial terms on Google China's Zeitgeist list stand out against the list compiled by Google for worldwide searches.
The worldwide Zeitgeist list was topped by Apple's iPhone, and is populated by the names of popular Web sites, like Badoo (No. 2) and Facebook (No. 3). None of the 10 terms on the worldwide Zeitgeit list were related to finance. Conversely, the Chinese Zeitgeit list did not name any video-sharing sites, while the worldwide list had two: Dailymotion (No. 4) and Google's own YouTube (No. 6).
The first release of Google China's Zeitgeist (in Chinese), which lists the fastest-rising search terms during 2007, was topped by QQ, an instant-messaging service that is immensely popular among Chinese Internet users. Two banks -- China Merchants Bank and Industrial and Commercial Bank of China -- took the second and third spots, followed by searches for "stocks" and "games."
China Construction Bank was in the sixth spot on the list, followed by Google Earth, the Xunlei file-sharing service, antivirus vendor Kaspersky Lab, and MSN.
Google Zeitgeist doesn't reflect the most-searched for terms on Google's Web site. Instead, the list shows which search terms experienced the greatest jump in popularity during the year. Viewed in that light, the popularity of banking and financial terms on Google China's Zeitgeist list stand out against the list compiled by Google for worldwide searches.
The worldwide Zeitgeist list was topped by Apple's iPhone, and is populated by the names of popular Web sites, like Badoo (No. 2) and Facebook (No. 3). None of the 10 terms on the worldwide Zeitgeit list were related to finance. Conversely, the Chinese Zeitgeit list did not name any video-sharing sites, while the worldwide list had two: Dailymotion (No. 4) and Google's own YouTube (No. 6).
CES: Asus unveils terabyte laptop
Asus will unveil a laptop that should satisfy the storage needs of all but the biggest of power users: the M70S comes with 1T byte of storage space.
The machine, due for release at next week's Consumer Electronics Show, is targeted at the fast-expanding multimedia sector of the laptop market and packs dual 500G-byte drives from Hitachi, expected to be announced later Thursday. The drives can be organized in a RAID 0 configuration, where data is distributed between the two drives to provide a performance boost on a single drive, or as RAID 1, where data is mirrored on each drive to provide redundancy in case of drive failure. In the latter case the storage space visible to the user drops to 500G bytes.
The Asus M70 comes optionally equipped to make use of the extra storage space with a digital/analog TV tuner and video recording capability. An optional remote control is also available. The explosion in digital video is one of the main reasons why consumers are increasingly demanding as much storage space on their laptops as on desktop computers.
To watch all that video, the laptop comes with a 17-inch widescreen display at either WXGA+ (1,440 by 900 pixels) or WUXGA (1,920 by 1,200 pixels) resolution depending on the model. It should be noted that the former screen won't be able to show a high-definition image, which is 1,920 by 1,080 pixels, at full resolution.
An Intel Core2 Duo processor lies at the heart of the laptop and models will be available with the T7700, 7500, 7300 or 7100 versions of the chip. Other features include an ATI 3650 graphics card, web cam, fingerprint reader and 1G byte of memory.
Asus will also launch the M50S laptop at CES. The computer is targeted at the same multimedia segment of the market, but attempts to satisfy a niche for a high-performance laptop that's slightly smaller than the typical 17-inch models.
The M50S machine comes with the same processor selection but has a 15.4-inch widescreen display at either WXGA (1,366 by 768 pixels), WXGA+ or WSXGA+ (1,680 by 1,050 pixels) resolution.
The machine, due for release at next week's Consumer Electronics Show, is targeted at the fast-expanding multimedia sector of the laptop market and packs dual 500G-byte drives from Hitachi, expected to be announced later Thursday. The drives can be organized in a RAID 0 configuration, where data is distributed between the two drives to provide a performance boost on a single drive, or as RAID 1, where data is mirrored on each drive to provide redundancy in case of drive failure. In the latter case the storage space visible to the user drops to 500G bytes.
The Asus M70 comes optionally equipped to make use of the extra storage space with a digital/analog TV tuner and video recording capability. An optional remote control is also available. The explosion in digital video is one of the main reasons why consumers are increasingly demanding as much storage space on their laptops as on desktop computers.
To watch all that video, the laptop comes with a 17-inch widescreen display at either WXGA+ (1,440 by 900 pixels) or WUXGA (1,920 by 1,200 pixels) resolution depending on the model. It should be noted that the former screen won't be able to show a high-definition image, which is 1,920 by 1,080 pixels, at full resolution.
An Intel Core2 Duo processor lies at the heart of the laptop and models will be available with the T7700, 7500, 7300 or 7100 versions of the chip. Other features include an ATI 3650 graphics card, web cam, fingerprint reader and 1G byte of memory.
Asus will also launch the M50S laptop at CES. The computer is targeted at the same multimedia segment of the market, but attempts to satisfy a niche for a high-performance laptop that's slightly smaller than the typical 17-inch models.
The M50S machine comes with the same processor selection but has a 15.4-inch widescreen display at either WXGA (1,366 by 768 pixels), WXGA+ or WSXGA+ (1,680 by 1,050 pixels) resolution.
Subscribe to:
Posts (Atom)