Yahoo has not reached a decision about Microsoft's acquisition offer and is considering "a wide range of potential strategic alternatives," Yahoo CEO Jerry Yang said in an e-mail to employees on Wednesday.
In the e-mail, which was addressed to "yahoos" and filed with the U.S. Securities and Exchange Commission, Yang said the Yahoo board is still reviewing the deal and will "take the time it needs to do it right."
"Our board is thoughtfully evaluating a wide range of potential strategic alternatives in what is a complex and evolving landscape," he wrote in the e-mail, typed in all lowercase letters.
Microsoft announced its unsolicited bid for Yahoo last Friday, offering to pay US$44.6 billion for the company, or 62 percent over Yahoo's closing share price Thursday. The deal would greatly expand Microsoft's search and advertising business and could help it to compete better with Google online.
Yahoo is understood to be lukewarm on the offer. The company hopes a rival suitor will emerge with a counteroffer, or that it can forge a deal with Google that will allow it to remain independent, according to Wednesday's Wall Street Journal newspaper, which cited unnamed sources.
However, analysts have said it is unlikely another company could match Microsoft's sizeable offer, and a business deal between Yahoo and Google could raise antitrust concerns because of Google's already dominant market position.
In the e-mail, Yang thanked the Yahoo staff for staying focused on their work amid the turmoil. The company has hired "top advisors" to assist it through the process and is focused on maximizing value for its shareholders, he said.
Thursday, February 7, 2008
Microsoft responds to Save XP petition
Microsoft's decision to discontinue OEM and packaged sales of Windows XP at the end of June - leaving businesses and consumers with the less-than-celebrated Vista as their only choice of Windows operating system on new PCs - has drawn considerable criticism and led to an outpouring of support for the continuation of XP sales.
Over 75,000 people have signed Infoworld's 'Save XP' petition; a Web site complete with an XP countdown timer, video tributes, and a series of articles detailing why a large number of businesses, organizations and consumers are unhappy with Microsoft's decision to force them into adopting the yet-to-be widely accepted Vista operating system.
In late November, a survey of 961 IT professionals conducted by King Research found 90 percent of respondents had concerns about migrating to Vista. Apprehension stemmed primarily from stability issues, but also due to compatibility problems and the cost in both hardware and software terms of migrating. 44 percent said they would consider non-Windows operating systems to avoid these migration issues, with many stating that virtualization had made it easier to implement alternative operating systems.
In response to Infoworld's petition and other pro-XP outpourings of support, a Microsoft spokesperson in the US told Computerworld: "We're aware of it, but are listening first and foremost to feedback we hear from partners and customers about what makes sense based on their needs. That's what informed our decision to extend the availability of XP initially, and what will continue to guide us."
The spokesperson said Windows will not disappear completely from the worldwide market place after the June cutoff, stating the software giant understood that some market segments such as small businesses and emerging market customers require "a little more time" before they upgrade to Vista.
"Therefore OEMs will continue to sell XP through June 30th 2008 and system builders will be able to sell XP through January 2009 as they cater to the small business markets. In emerging markets where XP Starter Edition is sold, it will still be available through June 30th, 2010."
According to Infoworld's Save-XP site, many businesses and consumers aren't excited about dispensing their time and money upgrading to a new OS that they believe does not offer enough considerable advantages over XP, and are not keen on dealing with the incompatibility issues upgrading invariably causes. Their argument is simple - 'if it ain't broke, don't fix it'.
Among those who signed Infoworld's petition was Al, who posted the following message on January 14:
"We have got to save Windows XP. As of now, it is one of the most stable Windows systems...Windows Vista has still not been debugged enough and a good deal of (rather important) software is still glitchy under Vista. So until the situation is improved on both Microsoft and Third Party Vendors sides, we need to preserve Windows XP some more time."
Or this, from Kurt Morin, posted January 30:
"I have been working with windows ever since Windows 3.1. I support the desktop environment in a public school system and at this time because of hardware limitations [we] are running a mix of Windows 2000 and XP. There is no way this hardware (too old to upgrade) will run Vista and because of budget constraints will not be able to purchase new hardware. I have nothing against Windows but I do have a problem with Mr. Gates forcing us to eventually have to upgrade by dropping support of the other OS's." ---PB---
But some are supportive of Vista. This from Zygote, posted January 21:
"Have any of you nay-sayers actually used Vista for any length of time? Remember the learning curve when we went from 98/2000 to XP; Same thing, put some effort in and you might not be so negative about it. I've had Vista on my laptop virtually since launch and I haven't had any major issues with it."
Indeed there may be a sharp increase in Vista adoption at the end of this month when Microsoft releases Service Pack 1, which many businesses and organizations traditionally wait for before upgrading.
But in a Computerworld Australia poll asking when respondent's companies will upgrade to Windows Vista and Office 2007, 70 per cent said they will look at alternatives before making a decision.
In response to the question of whether discontinuing XP could throw more people over to Apple or Linux operating systems, or whether XP would quietly go back on sale like Windows 98 did after the less than successful Windows ME release, Microsoft's spokesperson declined to comment.
The company did however, insist that the adoption of Vista was well on track and in line with it's projections.
"Globally we can confirm there have been over 100 million licenses sold and more than 42 million PCs now licensed under volume licensing agreements."
"Overall the business adoption of Windows Vista in Australia is on a normal trajectory at this point in its lifecycle, at a rate that is similar to past releases. We are pleased to see positive market indicators that point towards adoption and deployment continuing to grow.
"We're seeing positive indicators that we're already starting to move from the early adoption phase into the mainstream and that more and more businesses are beginning their planning and deployment of Windows Vista."
Still, vendors such as Dell, Hewlett-Packard, Lenovo, Fujitsu, and more recently, NEC, all offer the opportunity to downgrade to XP pro.
NEC stated that customer demand for the XP downgrade varied, with large corporates generally slower to adopt Vista than the SMB market.
Over 75,000 people have signed Infoworld's 'Save XP' petition; a Web site complete with an XP countdown timer, video tributes, and a series of articles detailing why a large number of businesses, organizations and consumers are unhappy with Microsoft's decision to force them into adopting the yet-to-be widely accepted Vista operating system.
In late November, a survey of 961 IT professionals conducted by King Research found 90 percent of respondents had concerns about migrating to Vista. Apprehension stemmed primarily from stability issues, but also due to compatibility problems and the cost in both hardware and software terms of migrating. 44 percent said they would consider non-Windows operating systems to avoid these migration issues, with many stating that virtualization had made it easier to implement alternative operating systems.
In response to Infoworld's petition and other pro-XP outpourings of support, a Microsoft spokesperson in the US told Computerworld: "We're aware of it, but are listening first and foremost to feedback we hear from partners and customers about what makes sense based on their needs. That's what informed our decision to extend the availability of XP initially, and what will continue to guide us."
The spokesperson said Windows will not disappear completely from the worldwide market place after the June cutoff, stating the software giant understood that some market segments such as small businesses and emerging market customers require "a little more time" before they upgrade to Vista.
"Therefore OEMs will continue to sell XP through June 30th 2008 and system builders will be able to sell XP through January 2009 as they cater to the small business markets. In emerging markets where XP Starter Edition is sold, it will still be available through June 30th, 2010."
According to Infoworld's Save-XP site, many businesses and consumers aren't excited about dispensing their time and money upgrading to a new OS that they believe does not offer enough considerable advantages over XP, and are not keen on dealing with the incompatibility issues upgrading invariably causes. Their argument is simple - 'if it ain't broke, don't fix it'.
Among those who signed Infoworld's petition was Al, who posted the following message on January 14:
"We have got to save Windows XP. As of now, it is one of the most stable Windows systems...Windows Vista has still not been debugged enough and a good deal of (rather important) software is still glitchy under Vista. So until the situation is improved on both Microsoft and Third Party Vendors sides, we need to preserve Windows XP some more time."
Or this, from Kurt Morin, posted January 30:
"I have been working with windows ever since Windows 3.1. I support the desktop environment in a public school system and at this time because of hardware limitations [we] are running a mix of Windows 2000 and XP. There is no way this hardware (too old to upgrade) will run Vista and because of budget constraints will not be able to purchase new hardware. I have nothing against Windows but I do have a problem with Mr. Gates forcing us to eventually have to upgrade by dropping support of the other OS's." ---PB---
But some are supportive of Vista. This from Zygote, posted January 21:
"Have any of you nay-sayers actually used Vista for any length of time? Remember the learning curve when we went from 98/2000 to XP; Same thing, put some effort in and you might not be so negative about it. I've had Vista on my laptop virtually since launch and I haven't had any major issues with it."
Indeed there may be a sharp increase in Vista adoption at the end of this month when Microsoft releases Service Pack 1, which many businesses and organizations traditionally wait for before upgrading.
But in a Computerworld Australia poll asking when respondent's companies will upgrade to Windows Vista and Office 2007, 70 per cent said they will look at alternatives before making a decision.
In response to the question of whether discontinuing XP could throw more people over to Apple or Linux operating systems, or whether XP would quietly go back on sale like Windows 98 did after the less than successful Windows ME release, Microsoft's spokesperson declined to comment.
The company did however, insist that the adoption of Vista was well on track and in line with it's projections.
"Globally we can confirm there have been over 100 million licenses sold and more than 42 million PCs now licensed under volume licensing agreements."
"Overall the business adoption of Windows Vista in Australia is on a normal trajectory at this point in its lifecycle, at a rate that is similar to past releases. We are pleased to see positive market indicators that point towards adoption and deployment continuing to grow.
"We're seeing positive indicators that we're already starting to move from the early adoption phase into the mainstream and that more and more businesses are beginning their planning and deployment of Windows Vista."
Still, vendors such as Dell, Hewlett-Packard, Lenovo, Fujitsu, and more recently, NEC, all offer the opportunity to downgrade to XP pro.
NEC stated that customer demand for the XP downgrade varied, with large corporates generally slower to adopt Vista than the SMB market.
Windows Vista driver malfunctions not just Microsoft's fault
Microsoft Corp.'s debacle with Windows Vista device drivers malfunctioning after an upgrade to Service Pack 1 is an expected, almost inevitable result of the strategic path it took with Windows' initial release more than two decades ago.
While Microsoft has always developed its own software as well as some hardware (think keyboards and mice), it has long relied on partners to create an unparalleled selection of applications and hardware devices that has become one of Windows' chief attractions.
But in trying to preside over this huge ecosystem of partners, Microsoft often more resembles a beleaguered parent than an iron-fisted ruler.
Nowhere is this more evident than in the area of device drivers. To make Vista attractive to customers, Microsoft wants as many devices as possible to run on the OS. At Vista's launch last January, Microsoft claimed that 1.6 million devices supported Vista. That number was quickly forgotten amidst widespread reports of nonworking devices.
The problem is that hardware vendors hate writing drivers because of the difficulty and lack of reward, according to Ian Lao, an analyst at In-Stat Inc. After all, any large vendor (think Logitech or HP) has hundreds of discontinued products that are still new enough that there will be customers wanting to run them on Windows Vista.
As a result, vendors cut corners by patching existing drivers to make them run on a new OS or update, even it that makes the code more fragile. Or they simply ignore Microsoft's nagging.
This makes getting a comprehensive set of drivers ready for a new release "an incredibly difficult task," said Lee Nicholls, a global solutions director for Getronics NV, a systems integrator and close Microsoft partner. Microsoft "has to cover a huge amount of hardware and software driver libraries provided by partners and OEMs."
Nicholls agrees that the responsibility of having drivers available is shared equally by device makers and Microsoft.
"But that's still a big burden. Older devices and sometimes even new ones can slip through the cracks," he said. "Microsoft have a much tougher job cut out for them than, for example, Apple, who only support a limited hardware platform with their operating system."
Microsoft has some carrots to dangle in front of hardware makers. The chief incentive is its Windows Logo program. Devices whose drivers pass a Vista validation test can place a sticker on its packaging with the sales-enhancing proclamation that they are either "Certified for Windows Vista" or their product "Works With Windows Vista." Microsoft will also distribute those drivers for them via Windows Update.
But Microsoft has not updated its Windows Logo program to require drivers to be tested specifically against SP1. It hasn't even offered revamped driver validation tests that specifically certify compatibility with SP1, according to several sources, including peripheral maker Intel Corp., and Macrovision Inc., which sells the Installshield software for creating driver installation packages.
As a result, "it's possible that a Vista driver is incompatible with Vista SP1," said Jeff Greenwald, director of installation product management at Macrovision.
Microsoft did not respond to specific questions about when it planned to update its Windows Logo program or its driver validation tests for SP1.
"We're still in the process of reaching out to the specific hardware partners that are affected and are providing them with the necessary guidance to ensure a smooth installation," it said in an e-mailed statement.
A weight problem and a wait problem
Of course, vendors could have tried to run their drivers on Release Candidate (RC) versions of Vista SP1, which have been available since the fall.
But Paul Morris, a project manager at QualityLogic Inc., a Moorpark, Calif. driver testing firm, points out that with Vista itself, Microsoft made changes right up to its second RC in October 2006, mere weeks before it was released to manufacturing (RTMed).
Such changes could break compatibility for drivers previously validated on Vista.
And make no mistake: SP1 is chockful of changes -- 55 pages worth -- as Microsoft was unable to resist the temptation to cram as many features and improvements as possible into SP1.
Though users will be able to download a compressed 50 MB version of SP1, the service pack actually tips the digital scale at nearly 700 MB.
By comparison, Windows XP SP2 was only about 266 MB, or two-fifths the size of Vista SP1, when it came out in 2004, and still many called SP2 an operating system disguised as an upgrade. There were so many new security features and other changes that corporations cried foul at all of the broken applications.
Ironically, Microsoft has been trying to become more 'agile' and lightweight in its development. For most of its products, including Windows and Office, it has re-committed itself to a 2-3 year lifecycle. And Microsoft vowed three months ago, when it released its first beta, that SP1 would focus on background improvements and bug fixes and not have many new features.
While Microsoft has always developed its own software as well as some hardware (think keyboards and mice), it has long relied on partners to create an unparalleled selection of applications and hardware devices that has become one of Windows' chief attractions.
But in trying to preside over this huge ecosystem of partners, Microsoft often more resembles a beleaguered parent than an iron-fisted ruler.
Nowhere is this more evident than in the area of device drivers. To make Vista attractive to customers, Microsoft wants as many devices as possible to run on the OS. At Vista's launch last January, Microsoft claimed that 1.6 million devices supported Vista. That number was quickly forgotten amidst widespread reports of nonworking devices.
The problem is that hardware vendors hate writing drivers because of the difficulty and lack of reward, according to Ian Lao, an analyst at In-Stat Inc. After all, any large vendor (think Logitech or HP) has hundreds of discontinued products that are still new enough that there will be customers wanting to run them on Windows Vista.
As a result, vendors cut corners by patching existing drivers to make them run on a new OS or update, even it that makes the code more fragile. Or they simply ignore Microsoft's nagging.
This makes getting a comprehensive set of drivers ready for a new release "an incredibly difficult task," said Lee Nicholls, a global solutions director for Getronics NV, a systems integrator and close Microsoft partner. Microsoft "has to cover a huge amount of hardware and software driver libraries provided by partners and OEMs."
Nicholls agrees that the responsibility of having drivers available is shared equally by device makers and Microsoft.
"But that's still a big burden. Older devices and sometimes even new ones can slip through the cracks," he said. "Microsoft have a much tougher job cut out for them than, for example, Apple, who only support a limited hardware platform with their operating system."
Microsoft has some carrots to dangle in front of hardware makers. The chief incentive is its Windows Logo program. Devices whose drivers pass a Vista validation test can place a sticker on its packaging with the sales-enhancing proclamation that they are either "Certified for Windows Vista" or their product "Works With Windows Vista." Microsoft will also distribute those drivers for them via Windows Update.
But Microsoft has not updated its Windows Logo program to require drivers to be tested specifically against SP1. It hasn't even offered revamped driver validation tests that specifically certify compatibility with SP1, according to several sources, including peripheral maker Intel Corp., and Macrovision Inc., which sells the Installshield software for creating driver installation packages.
As a result, "it's possible that a Vista driver is incompatible with Vista SP1," said Jeff Greenwald, director of installation product management at Macrovision.
Microsoft did not respond to specific questions about when it planned to update its Windows Logo program or its driver validation tests for SP1.
"We're still in the process of reaching out to the specific hardware partners that are affected and are providing them with the necessary guidance to ensure a smooth installation," it said in an e-mailed statement.
A weight problem and a wait problem
Of course, vendors could have tried to run their drivers on Release Candidate (RC) versions of Vista SP1, which have been available since the fall.
But Paul Morris, a project manager at QualityLogic Inc., a Moorpark, Calif. driver testing firm, points out that with Vista itself, Microsoft made changes right up to its second RC in October 2006, mere weeks before it was released to manufacturing (RTMed).
Such changes could break compatibility for drivers previously validated on Vista.
And make no mistake: SP1 is chockful of changes -- 55 pages worth -- as Microsoft was unable to resist the temptation to cram as many features and improvements as possible into SP1.
Though users will be able to download a compressed 50 MB version of SP1, the service pack actually tips the digital scale at nearly 700 MB.
By comparison, Windows XP SP2 was only about 266 MB, or two-fifths the size of Vista SP1, when it came out in 2004, and still many called SP2 an operating system disguised as an upgrade. There were so many new security features and other changes that corporations cried foul at all of the broken applications.
Ironically, Microsoft has been trying to become more 'agile' and lightweight in its development. For most of its products, including Windows and Office, it has re-committed itself to a 2-3 year lifecycle. And Microsoft vowed three months ago, when it released its first beta, that SP1 would focus on background improvements and bug fixes and not have many new features.
Microsoft preps 7 critical security updates
After kicking off 2008 with just two security updates in January, Microsoft plans to release one of its largest bundles of patches ever next Tuesday.
Twelve security updates are set to be released next week, the software vendor said Thursday in a note on its Web site. Seven of these have been given Microsoft's most serious rating of "critical." The remaining five are rated "important."
The critical updates are for Microsoft's Windows operating system, Internet Explorer and the company's Office software, all of which are frequent targets of hackers. Here's how they break down: Two of the critical updates are for Windows, and there is one update each for Internet Explorer, Office, Office Publisher and Microsoft Word. A critical update is also being readied for the VBScript and JScript scripting languages used by Internet Explorer.
By exploiting vulnerabilities in these applications, attackers could, in theory, run unauthorized software on a victim's PC, Microsoft warns.
The less-severe updates will be for Windows Vista, Active Directory and Microsoft Works. Two important updates are also planned for the Internet Information Services Web server software.
Microsoft releases its security updates on the second Tuesday of each month, a date known as "Patch Tuesday" in IT circles. Last year it released a total of 69 updates, an average of just under six per month, so next week's 12 releases are sure to keep IT administrators busy.
Twelve security updates are set to be released next week, the software vendor said Thursday in a note on its Web site. Seven of these have been given Microsoft's most serious rating of "critical." The remaining five are rated "important."
The critical updates are for Microsoft's Windows operating system, Internet Explorer and the company's Office software, all of which are frequent targets of hackers. Here's how they break down: Two of the critical updates are for Windows, and there is one update each for Internet Explorer, Office, Office Publisher and Microsoft Word. A critical update is also being readied for the VBScript and JScript scripting languages used by Internet Explorer.
By exploiting vulnerabilities in these applications, attackers could, in theory, run unauthorized software on a victim's PC, Microsoft warns.
The less-severe updates will be for Windows Vista, Active Directory and Microsoft Works. Two important updates are also planned for the Internet Information Services Web server software.
Microsoft releases its security updates on the second Tuesday of each month, a date known as "Patch Tuesday" in IT circles. Last year it released a total of 69 updates, an average of just under six per month, so next week's 12 releases are sure to keep IT administrators busy.
Patent reform debate heats back up
Some tech groups are beginning to worry that major IT industry priorities, including patent reform, may lose out to other priorities in the U.S. Congress this year.
In the last couple of weeks, large tech companies have renewed their push for patent reform legislation in the U.S. Congress, despite opposition from U.S. President George Bush's administration and some labor unions.
The Computing Technology Industry Association (CompTIA) is concerned that a congressional debate over an economic stimulus package, plus typical election-year gridlock, could hurt the prospects for patent reform and other tech priorities, said Michael Wendy, a spokesman for the trade group.
The House of Representatives' economic stimulus package includes tax write-offs for small business purchase of equipment, which could include computers, Wendy said. That's a good move, but patent reform, a research and development tax credit, H-1B visa reform and other issues remain undone, he said.
"We hope that Congress -- assuming they pass an [economic stimulus] package -- doesn't just say, 'Well, we gave you some favorable tax provisions that will help boost industry activity and have a long-tail effect on the economy, so that should be enough for you guys this session,'" Wendy said last week. "One thing we're concerned about is that the economic stimulus bill may be seen by Congress as a 'get out of jail free' card when it comes to other of our tech policy agenda."
The House in September passed a patent reform bill -- supported by many large tech vendors, but opposed by several small tech companies -- but similar legislation has been stalled in the Senate. Large tech vendors, including Microsoft, IBM and Symantec, have called for patent reform, saying it's too easy for companies with no intention of creating products to buy up patents and file multimillion-dollar infringement lawsuits against other companies.
On Jan. 22, Senate Majority Leader Harry Reid, a Nevada Democrat, said patent reform was a priority, but it was in a line behind several other bills, including an economic stimulus package and a government surveillance authorization bill. The Senate would turn to patent reform, "time permitting," he said then.
"On patent reform, we must carefully strike the right balance with a bill that promotes rather than blocks innovation from enterprising entrepreneurs," Reid added.
The Senate Judiciary Committee approved its version of the Patent Reform Act on Jan. 24, and the bill is awaiting action in the full Senate.
But earlier this week, the U.S. Department of Commerce sent a letter to the Senate Judiciary Committee raising concerns about the bill. The letter, outlining the Bush administration's views, focused on a section of the bill that would apportion infringement damages in a new way. Currently, courts generally consider the value of the entire product when a small piece of the product infringes a patent; the bill would allow courts to base damages only on the value of the infringing piece.
The wide-ranging bill would also allow a new way to challenge patents after they are issued.
That provision would "create more problems than it solves," said the Commerce Department letter, signed by Nathaniel Wienecke, the agency's assistant secretary for legislative and intergovernmental affairs. "The administration believes that such a dramatic change from current jurisprudence may have the unintended consequence of reducing the rewards of innovation and encouraging patent infringement," Wienecke wrote.
Both sides can still work out their differences, Wienecke added.
In addition, 14 labor unions, including the United Steelworkers, the Patent Office Professional Association and the Communications Workers of America, sent a letter to Senators Wednesday, saying they were concerned about the patent bill. "Key parts of the proposed legislation may have the effect of increasing the likelihood of American inventions being stolen by our international competitors and, consequently, inhibiting sorely needed new investment in domestic manufacturing," the letter said.
Still, some representatives of the tech industry say they're hopeful that patent reform can move forward.
Senators, representatives of the Bush administration and other interested parties have been meeting regularly "to find balanced solutions on all the issues," said Mark Isakowitz, spokesman for the Coalition for Patent Fairness, a group representing several large tech companies. "We respectfully disagree [with the Bush administration] on damages, but we are confident ... we can work through concerns and achieve broad consensus on the bill, which would be a victory for the administration, the Congress and our economy," he added.
In the last couple of weeks, large tech companies have renewed their push for patent reform legislation in the U.S. Congress, despite opposition from U.S. President George Bush's administration and some labor unions.
The Computing Technology Industry Association (CompTIA) is concerned that a congressional debate over an economic stimulus package, plus typical election-year gridlock, could hurt the prospects for patent reform and other tech priorities, said Michael Wendy, a spokesman for the trade group.
The House of Representatives' economic stimulus package includes tax write-offs for small business purchase of equipment, which could include computers, Wendy said. That's a good move, but patent reform, a research and development tax credit, H-1B visa reform and other issues remain undone, he said.
"We hope that Congress -- assuming they pass an [economic stimulus] package -- doesn't just say, 'Well, we gave you some favorable tax provisions that will help boost industry activity and have a long-tail effect on the economy, so that should be enough for you guys this session,'" Wendy said last week. "One thing we're concerned about is that the economic stimulus bill may be seen by Congress as a 'get out of jail free' card when it comes to other of our tech policy agenda."
The House in September passed a patent reform bill -- supported by many large tech vendors, but opposed by several small tech companies -- but similar legislation has been stalled in the Senate. Large tech vendors, including Microsoft, IBM and Symantec, have called for patent reform, saying it's too easy for companies with no intention of creating products to buy up patents and file multimillion-dollar infringement lawsuits against other companies.
On Jan. 22, Senate Majority Leader Harry Reid, a Nevada Democrat, said patent reform was a priority, but it was in a line behind several other bills, including an economic stimulus package and a government surveillance authorization bill. The Senate would turn to patent reform, "time permitting," he said then.
"On patent reform, we must carefully strike the right balance with a bill that promotes rather than blocks innovation from enterprising entrepreneurs," Reid added.
The Senate Judiciary Committee approved its version of the Patent Reform Act on Jan. 24, and the bill is awaiting action in the full Senate.
But earlier this week, the U.S. Department of Commerce sent a letter to the Senate Judiciary Committee raising concerns about the bill. The letter, outlining the Bush administration's views, focused on a section of the bill that would apportion infringement damages in a new way. Currently, courts generally consider the value of the entire product when a small piece of the product infringes a patent; the bill would allow courts to base damages only on the value of the infringing piece.
The wide-ranging bill would also allow a new way to challenge patents after they are issued.
That provision would "create more problems than it solves," said the Commerce Department letter, signed by Nathaniel Wienecke, the agency's assistant secretary for legislative and intergovernmental affairs. "The administration believes that such a dramatic change from current jurisprudence may have the unintended consequence of reducing the rewards of innovation and encouraging patent infringement," Wienecke wrote.
Both sides can still work out their differences, Wienecke added.
In addition, 14 labor unions, including the United Steelworkers, the Patent Office Professional Association and the Communications Workers of America, sent a letter to Senators Wednesday, saying they were concerned about the patent bill. "Key parts of the proposed legislation may have the effect of increasing the likelihood of American inventions being stolen by our international competitors and, consequently, inhibiting sorely needed new investment in domestic manufacturing," the letter said.
Still, some representatives of the tech industry say they're hopeful that patent reform can move forward.
Senators, representatives of the Bush administration and other interested parties have been meeting regularly "to find balanced solutions on all the issues," said Mark Isakowitz, spokesman for the Coalition for Patent Fairness, a group representing several large tech companies. "We respectfully disagree [with the Bush administration] on damages, but we are confident ... we can work through concerns and achieve broad consensus on the bill, which would be a victory for the administration, the Congress and our economy," he added.
Major vendors join OpenID board
IBM, Google, Microsoft, Verisign and Yahoo have joined the corporate board of the OpenID Foundation, giving a boost to the group's efforts to simplify the process of signing into Web sites.
The OpenID framework allows people to use a single user name and password to sign into sites that support it.
More than 10,000 Web sites now support OpenID log-ins, according to the foundation. Last month, Yahoo announced its 248 million active registered users could begin using their handle and password to login to non-Yahoo Web sites that support the OpenID 2.0 framework.
The closer links between OpenID and these major vendors is sure to help the foundation's effort, according to its executive director, Bill Washburn. "The community has clearly expanded since the inception of the Foundation and these companies will help bring OpenID into the mainstream markets," he said in a statement.
Another statement on the foundation's Web site went into further detail on what the new alliances could mean.
"In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a World-wide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe," it read.
"We think this is one of the largest efforts put into identity management as far as the Internet is concerned," said Anthony Nadalin, an IBM distinguished engineer and chief security architect for Tivoli software, in an interview Thursday.
Nadalin couldn't pinpoint when the vendors' new level of involvement with OpenID will produce tangible results. "This takes a little bit of time, understanding and agreeing on the issues and where we need to drive this set of technology," he said.
"IBM is well-known for its ability to produce secure protocols," he added. "We have quite a bit of talent to bring to this foundation."
He noted that Version 2.0 of the OpenID framework is still fairly new.
"You can't confuse the industry by coming in and throwing out a brand-new framework," Nadalin said, "I think it's coming down to that on the 2.0 level, we get the kind of interoperability we need."
Beyond sign-on, various efforts are underway to standardize how personal data can be moved around the Web. The Dataportability Workgroup wants to broaden the scope of portable data to things like user-created photos and videos.
The OpenID framework allows people to use a single user name and password to sign into sites that support it.
More than 10,000 Web sites now support OpenID log-ins, according to the foundation. Last month, Yahoo announced its 248 million active registered users could begin using their handle and password to login to non-Yahoo Web sites that support the OpenID 2.0 framework.
The closer links between OpenID and these major vendors is sure to help the foundation's effort, according to its executive director, Bill Washburn. "The community has clearly expanded since the inception of the Foundation and these companies will help bring OpenID into the mainstream markets," he said in a statement.
Another statement on the foundation's Web site went into further detail on what the new alliances could mean.
"In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a World-wide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe," it read.
"We think this is one of the largest efforts put into identity management as far as the Internet is concerned," said Anthony Nadalin, an IBM distinguished engineer and chief security architect for Tivoli software, in an interview Thursday.
Nadalin couldn't pinpoint when the vendors' new level of involvement with OpenID will produce tangible results. "This takes a little bit of time, understanding and agreeing on the issues and where we need to drive this set of technology," he said.
"IBM is well-known for its ability to produce secure protocols," he added. "We have quite a bit of talent to bring to this foundation."
He noted that Version 2.0 of the OpenID framework is still fairly new.
"You can't confuse the industry by coming in and throwing out a brand-new framework," Nadalin said, "I think it's coming down to that on the 2.0 level, we get the kind of interoperability we need."
Beyond sign-on, various efforts are underway to standardize how personal data can be moved around the Web. The Dataportability Workgroup wants to broaden the scope of portable data to things like user-created photos and videos.
Flag Telecom: Middle East cables will be repaired by Sunday
Flag Telecom expects that its two cables that were damaged in the Middle East last week will be repaired by Sunday, the company said in a bulletin on Thursday.
Breaks last week in the Flag Telecom Europe-Asia cable, owned by India’s Reliance Communications, and on the South East Asia-Middle East-West Europe 4 (SEA-ME-WE 4) cable, owned by a consortium, disrupted Internet and other communications to the Middle East and India.
Indian service providers were able to avoid a major crisis by diverting traffic from the Mediterranean routes to links in the Asia-Pacific region. Increased latency of traffic on account of the new routing however resulted in slower Internet access and poor quality of voice communications, according to the Internet Service Providers' Association of India (ISPAI).
Large Indian outsourcers, who depend on communications and the Internet for their business, said the impact on their business was marginal, as they already have enough of redundancy in their communications infrastructure. Smaller operations were however hit. Some call centers in India have privately reported frequent drops in calls from customers.
Flag Telecom also reported last week that another submarine Internet cable owned by the company, called Falcon, had been cut Friday at a location 56 kilometers from Dubai, on a segment between the United Arab Emirates (UAE) and Oman. This cable is also expected to be repaired Sunday, the company said.
The damage to three cables in the area has sparked off speculation in blogs that there was sabotage. Flag Telecom said on Thursday that the break in the Falcon cable from UAE to Oman was because of an abandoned ship anchor, though it did not give a reason for the break in its Europe-Asia cable.
The breaks in the Middle East have helped to emphasize the need for adequate backups to the existing links, particularly as premium traffic from India’s outsourcing industry travel through the Middle East cables, said Rajesh Chharia, president of the ISPAI.
Breaks last week in the Flag Telecom Europe-Asia cable, owned by India’s Reliance Communications, and on the South East Asia-Middle East-West Europe 4 (SEA-ME-WE 4) cable, owned by a consortium, disrupted Internet and other communications to the Middle East and India.
Indian service providers were able to avoid a major crisis by diverting traffic from the Mediterranean routes to links in the Asia-Pacific region. Increased latency of traffic on account of the new routing however resulted in slower Internet access and poor quality of voice communications, according to the Internet Service Providers' Association of India (ISPAI).
Large Indian outsourcers, who depend on communications and the Internet for their business, said the impact on their business was marginal, as they already have enough of redundancy in their communications infrastructure. Smaller operations were however hit. Some call centers in India have privately reported frequent drops in calls from customers.
Flag Telecom also reported last week that another submarine Internet cable owned by the company, called Falcon, had been cut Friday at a location 56 kilometers from Dubai, on a segment between the United Arab Emirates (UAE) and Oman. This cable is also expected to be repaired Sunday, the company said.
The damage to three cables in the area has sparked off speculation in blogs that there was sabotage. Flag Telecom said on Thursday that the break in the Falcon cable from UAE to Oman was because of an abandoned ship anchor, though it did not give a reason for the break in its Europe-Asia cable.
The breaks in the Middle East have helped to emphasize the need for adequate backups to the existing links, particularly as premium traffic from India’s outsourcing industry travel through the Middle East cables, said Rajesh Chharia, president of the ISPAI.
Apple fixes critical QuickTime bug
Apple has released a security fix for its QuickTime media player software, fixing a critical bug that had been worrying security experts for nearly a month.
The update, released Wednesday, fixes a vulnerability in the Real Time Streaming Protocol (RTSP) used by QuickTime to handle streaming media. It also fixes a previously reported incompatibility between QuickTime 7.4 and Adobe Premiere and After Effects, according to an Apple spokesman.
On Jan. 10, researcher Luigi Auriemma disclosed the flaw by posting proof-of-concept attack code that could be used to run unauthorized software on a victim's computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday's QuickTime 7.4.1 update is for both the Mac OS X and Windows operating systems.
It is Apple's fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.
"In the past few months, QuickTime has been a prevalent target for security researchers," said Andrew Storms, director of security operations with nCircle Network Security, via instant message. "Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren't yet accustomed to attacks arriving in the form of a viral video."
(Peter Cohen of Macworld contributed to this story.)
The update, released Wednesday, fixes a vulnerability in the Real Time Streaming Protocol (RTSP) used by QuickTime to handle streaming media. It also fixes a previously reported incompatibility between QuickTime 7.4 and Adobe Premiere and After Effects, according to an Apple spokesman.
On Jan. 10, researcher Luigi Auriemma disclosed the flaw by posting proof-of-concept attack code that could be used to run unauthorized software on a victim's computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday's QuickTime 7.4.1 update is for both the Mac OS X and Windows operating systems.
It is Apple's fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.
"In the past few months, QuickTime has been a prevalent target for security researchers," said Andrew Storms, director of security operations with nCircle Network Security, via instant message. "Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren't yet accustomed to attacks arriving in the form of a viral video."
(Peter Cohen of Macworld contributed to this story.)
Facebook links up with Vodafone on mobile platform
Facebook took a new step into the mobile realm on Thursday, launching a platform for operators designed to make its social networking application work better on portable devices.
Vodafone is the first operator to use the Facebook for Mobile Operators platform and has started services in the U.K. and Germany, said Jed Stremel, Facebook's director of mobile division. Vodafone will soon expand the program to Greece, Italy, Spain, Ireland and Portugal.
The platform involves giving operators a set of technical specifications intended to resolve some of frustrating hang-ups when using Facebook on a mobile phone rather than a PC, such as smoothing out login problems and opening up other features, Stremel said.
The move by Facebook, which ranks next to MySpace as one of the most popular social networking sites, is intended to grow its user base, which the company estimates at 64 million users. So far, the company says it has 6 million users of Facebook Mobile, an unsupported mobile version of the Web site that will now get full support, Stremel said.
At the moment the mobile site does not have any advertising. Stremel would not reveal the financial details of Facebook's deal with Vodafone, although he said operators will be able to generate revenue from data services as their subscribers access Facebook.
The long-term hope for social networking sites is rich online advertising revenue. Facebook, which has an exclusive deal with Microsoft to place ads on the site, also did not say when it would put advertising on the mobile site.
The company is hoping to lure more operators by the simplicity with which they can enable Facebook, Stremel said.
Facebook has created special Web pages with instructions on how operators can set up their systems, he said. The instructions, for example, let operators add system settings that will let their subscribers send MMS (Multimedia Messaging Service) with photos or video to their Facebook profiles, Stremel said.
The platform also includes other specifications designed to stop abuse of Facebook, such as spamming, Stremel said. When someone sends their first MMS with a photo to their profile, the user is sent back a confirmation message with a code or a link. That confirmation then links that person's phone with their Facebook account, Stremel said.
Vodafone is the first operator to use the Facebook for Mobile Operators platform and has started services in the U.K. and Germany, said Jed Stremel, Facebook's director of mobile division. Vodafone will soon expand the program to Greece, Italy, Spain, Ireland and Portugal.
The platform involves giving operators a set of technical specifications intended to resolve some of frustrating hang-ups when using Facebook on a mobile phone rather than a PC, such as smoothing out login problems and opening up other features, Stremel said.
The move by Facebook, which ranks next to MySpace as one of the most popular social networking sites, is intended to grow its user base, which the company estimates at 64 million users. So far, the company says it has 6 million users of Facebook Mobile, an unsupported mobile version of the Web site that will now get full support, Stremel said.
At the moment the mobile site does not have any advertising. Stremel would not reveal the financial details of Facebook's deal with Vodafone, although he said operators will be able to generate revenue from data services as their subscribers access Facebook.
The long-term hope for social networking sites is rich online advertising revenue. Facebook, which has an exclusive deal with Microsoft to place ads on the site, also did not say when it would put advertising on the mobile site.
The company is hoping to lure more operators by the simplicity with which they can enable Facebook, Stremel said.
Facebook has created special Web pages with instructions on how operators can set up their systems, he said. The instructions, for example, let operators add system settings that will let their subscribers send MMS (Multimedia Messaging Service) with photos or video to their Facebook profiles, Stremel said.
The platform also includes other specifications designed to stop abuse of Facebook, such as spamming, Stremel said. When someone sends their first MMS with a photo to their profile, the user is sent back a confirmation message with a code or a link. That confirmation then links that person's phone with their Facebook account, Stremel said.
India targets $15 billion from infrastructure management
Indian outsourcers already have a large share of outsourced application development and maintenance and are dominant in business process outsourcing. The country is now targeting a larger share of the market for remote infrastructure management services (IMS), and is planning to more than double revenue from these services to US$15 billion by 2013.
IMS involves managing an enterprise’s core IT systems, including hardware, software, connectivity and people. The IMS industry is moving towards a remote delivery model where services are increasing delivered from low-cost locations by service providers and wholly-owned services subsidiaries of user companies, according to a report released Thursday by India’s National Association of Software and Service Companies (Nasscom).
Customers in the US and Europe are increasingly willing to outsource IMS to offshore locations, because the data does not move out of the home countries, and is only managed remotely, said Siddharth Pai, a partner at sourcing consultancy firm Technology Partners International (TPI) in Houston, Texas.
In India, IMS business is going both to Indian outsourcers, and the Indian operations of large IT services companies, Pai said. Because of the large staff component involved in IMS, there are cost benefits in outsourcing IMS to low-cost, offshore locations like India, he added.
Research done by management consultancy firm McKinsey for Nasscom, suggests that the IMS business could generate between 325,000 to 375,000 jobs in India by 2013, as 70 to 75 percent of the roles in IMS can be moved offshore.
Low-cost locations, including India, have so far captured a mere $6 billion to $7 billion of the IMS opportunity.
Indian outsourcers have so far learned to price their services on the basis of staff time utilized. They now have to learn more sophisticated pricing that takes into account other parameters like amount of computing power being managed, if they are not to risk losing money in the business, Pai said.
IMS involves managing an enterprise’s core IT systems, including hardware, software, connectivity and people. The IMS industry is moving towards a remote delivery model where services are increasing delivered from low-cost locations by service providers and wholly-owned services subsidiaries of user companies, according to a report released Thursday by India’s National Association of Software and Service Companies (Nasscom).
Customers in the US and Europe are increasingly willing to outsource IMS to offshore locations, because the data does not move out of the home countries, and is only managed remotely, said Siddharth Pai, a partner at sourcing consultancy firm Technology Partners International (TPI) in Houston, Texas.
In India, IMS business is going both to Indian outsourcers, and the Indian operations of large IT services companies, Pai said. Because of the large staff component involved in IMS, there are cost benefits in outsourcing IMS to low-cost, offshore locations like India, he added.
Research done by management consultancy firm McKinsey for Nasscom, suggests that the IMS business could generate between 325,000 to 375,000 jobs in India by 2013, as 70 to 75 percent of the roles in IMS can be moved offshore.
Low-cost locations, including India, have so far captured a mere $6 billion to $7 billion of the IMS opportunity.
Indian outsourcers have so far learned to price their services on the basis of staff time utilized. They now have to learn more sophisticated pricing that takes into account other parameters like amount of computing power being managed, if they are not to risk losing money in the business, Pai said.
Woman charged after killer Craigslist ad
A Michigan woman has been charged with using the Craigslist classified-advertisement Web site to find a killer for a romantic rival.
The job title? Freelance. The price? US$5,000.
According to authorities, Ann Marie Linscott posted two ads in November and received at least three responses, apparently from people who thought the ad was for a freelance writing gig.
In e-mail exchanges, however, Linscott, 48, told the job seekers that she was looking for "silent assassins" to "eradicate" a 56-year-old Oroville, California, woman named "Carol," according to an affidavit from the FBI agent investigating the case. Carol's husband had been having an affair with Linscott after the two met several years earlier during an online college course, the affidavit states.
Linscott used the alias bourne2run as part of her e-mail address.
On Wednesday a California grand jury brought murder-for-hire charges against Linscott, who is now facing up to 30 years in jail and a $750,000 fine for her ad. She was arrested on Jan. 24 in Grand Rapids, Michigan.
The job title? Freelance. The price? US$5,000.
According to authorities, Ann Marie Linscott posted two ads in November and received at least three responses, apparently from people who thought the ad was for a freelance writing gig.
In e-mail exchanges, however, Linscott, 48, told the job seekers that she was looking for "silent assassins" to "eradicate" a 56-year-old Oroville, California, woman named "Carol," according to an affidavit from the FBI agent investigating the case. Carol's husband had been having an affair with Linscott after the two met several years earlier during an online college course, the affidavit states.
Linscott used the alias bourne2run as part of her e-mail address.
On Wednesday a California grand jury brought murder-for-hire charges against Linscott, who is now facing up to 30 years in jail and a $750,000 fine for her ad. She was arrested on Jan. 24 in Grand Rapids, Michigan.
Access shows browser widgets for cell phones
Widgets, or small Web applications that supply useful information direct to the desktop, could soon be appearing on your cell phone screen.
Japan's Access, the company behind the NetFront browser that is used in hundreds of phones on sale worldwide, has developed a widget system for the latest version of the browser and will demonstrate it next week at the Mobile World Congress in Barcelona.
Much like those on Apple's Mac OSX or Windows Vista, the NetFront widgets can do things like provide updated weather information, news headlines, favorites from YouTube, local maps and photo feeds from Web sites.
The intention is that users will be able to download widgets for sites like Google Maps, YouTube and Wikipedia so those sites become services available directly from the desktop. In the case of some sites, say an auction site where prices change all the time, the widget will be able to provide constantly updated information to the desktop so the user doesn't have to go through a browser to the Web site.
The widgets can be kept minimized at the bottom of the screen or placed on the desktop, where they appear as small boxes showing just a few highlights of the information they contain. Click on the boxes and they expand to full screen and their entire contents can be accessed.
In a demonstration the minimized weather widget showed a symbol for the sun -- the current weather conditions at the time. When placed on the desktop it added the current conditions, "clear," and the temperature and when fully expanded a three-day forecast was provided.
The news widget displayed just five headlines on the desktop but expanded to show more news and the full text of each story while the video widget on the desktop had a screenshot from a single video and expanded to show details of the video and related content.
In addition to linking up with data stored on the network the widgets framework also supports communication with parts of the phone hardware, like the camera, GPS chip or e-mail client.
Access has developed the widget framework for NetFront 3.5, the latest version of its browser. The software isn't in any products available to consumers but is on its way. Access said it has already released NetFront 3.5 to partners and products are coming. It has also had interest on the widgets from partners but wouldn't identify them.
On Monday Access will begin offering a preview of NetFront 3.5 intended for software developers. The software runs on Windows Mobile.
The NetFront browser has been fitted in 1,349 different products to date including cell phones, televisions, set-top boxes and PDAs. On Thursday Access said more than 544 million copies of the browser have been installed on such products.
Japan's Access, the company behind the NetFront browser that is used in hundreds of phones on sale worldwide, has developed a widget system for the latest version of the browser and will demonstrate it next week at the Mobile World Congress in Barcelona.
Much like those on Apple's Mac OSX or Windows Vista, the NetFront widgets can do things like provide updated weather information, news headlines, favorites from YouTube, local maps and photo feeds from Web sites.
The intention is that users will be able to download widgets for sites like Google Maps, YouTube and Wikipedia so those sites become services available directly from the desktop. In the case of some sites, say an auction site where prices change all the time, the widget will be able to provide constantly updated information to the desktop so the user doesn't have to go through a browser to the Web site.
The widgets can be kept minimized at the bottom of the screen or placed on the desktop, where they appear as small boxes showing just a few highlights of the information they contain. Click on the boxes and they expand to full screen and their entire contents can be accessed.
In a demonstration the minimized weather widget showed a symbol for the sun -- the current weather conditions at the time. When placed on the desktop it added the current conditions, "clear," and the temperature and when fully expanded a three-day forecast was provided.
The news widget displayed just five headlines on the desktop but expanded to show more news and the full text of each story while the video widget on the desktop had a screenshot from a single video and expanded to show details of the video and related content.
In addition to linking up with data stored on the network the widgets framework also supports communication with parts of the phone hardware, like the camera, GPS chip or e-mail client.
Access has developed the widget framework for NetFront 3.5, the latest version of its browser. The software isn't in any products available to consumers but is on its way. Access said it has already released NetFront 3.5 to partners and products are coming. It has also had interest on the widgets from partners but wouldn't identify them.
On Monday Access will begin offering a preview of NetFront 3.5 intended for software developers. The software runs on Windows Mobile.
The NetFront browser has been fitted in 1,349 different products to date including cell phones, televisions, set-top boxes and PDAs. On Thursday Access said more than 544 million copies of the browser have been installed on such products.
Google intros Apps edition to bypass the IT department
Google is releasing a new edition of its hosted applications suite that end-users can bring into the workplace without the involvement of their IT department.
It means that IT managers who fret about employees using unauthorized software at work will have another tool to worry about, especially in industries where information management is heavily regulated, like health care and finance.
The new release, called Google Apps Team Edition, is due to be available Thursday for free. It is aimed at employees who are interested in using Google Apps but whose employers haven't signed up for it, said Rajen Sheth, Google Apps senior product manager.
Team Edition contains the core communication and collaboration services and applications from other editions, like the word processor, spreadsheet, Start page, Talk instant messaging and calendar, but not Gmail, which requires IT participation to re-route the company's e-mail flow.
So far, more than 500,000 mostly small organizations have signed up for Google Apps, but the other versions -- Standard, Education, Partner and Premier -- require IT to implement the suite because its services are linked to an organization's Internet domain.
That changes with the Team Edition, which will let employees set up Google Apps workgroups as long as they have valid e-mail addresses with their organizations' domains, Sheth said.
"Google Apps has been, by definition, an IT project, and now we want to let people use it without IT involvement," Sheth said.
Once signed up with Team Edition, people can see who else in their organization's Internet domain is also a user, and invite those who aren't, Sheth said.
"It provides a quick way for workgroups to start collaborating," he said.
IT departments shouldn't get angry about Team Edition, according to Sheth, because, unlike other software that employees use without IT approval, it provides an upgrade path to IT-manageable versions.
"The IT department always has the option to sign up for the Standard Edition for free if they want to provide control over this," Sheth said. "This is a solid, happy medium."
Team Edition can also be upgraded to the other editions, like Education, which is free, and Premier, which costs US$50 per user per year. Although Gmail isn't part of Team Edition, Google is exploring ways to make it a part, Sheth said.
By its very nature as a Web-hosted software suite, an unmanaged Google Apps deployment can represent a concern for IT departments, since the applications and the data generated are stored outside organizations' firewalls in Google data centers.
However, Team Edition will be far from alone among the hosted software that employees use in their organizations without getting approval from the IT department, said Erica Driver, a Forrester Research analyst.
The IT department reactions to Team Edition will depend on the organization's culture, which range from those in "lockdown mode" to those more tolerant and aware that Web 2.0 technologies are seeping in from the consumer world to the workplace, Driver said.
Team Edition, with its bottom-up, end-user-driven focus, fits in with Google's traditional strategy of appealing to individuals, grown out of its consumer services, and will likely boost the adoption of Google Apps in companies, government agencies, educational institutions and other organizations that don't currently use the suite, said Matt Cain, a Gartner analyst.
"The Google model is to prime the well at the end-user level and assist IT somewhere along the way, but the demand generation for the suite will definitely be at the rank-and-file level, not at the IT level," Cain said.
Google needs to make sure it strikes a balance between rallying end-users and giving IT managers a way to enter the picture and exert control, he said. "Google will encourage end-user adoption but it can't disintermediate the IT staff, which will have to ultimately clean up any mess that's created," Cain said.
It means that IT managers who fret about employees using unauthorized software at work will have another tool to worry about, especially in industries where information management is heavily regulated, like health care and finance.
The new release, called Google Apps Team Edition, is due to be available Thursday for free. It is aimed at employees who are interested in using Google Apps but whose employers haven't signed up for it, said Rajen Sheth, Google Apps senior product manager.
Team Edition contains the core communication and collaboration services and applications from other editions, like the word processor, spreadsheet, Start page, Talk instant messaging and calendar, but not Gmail, which requires IT participation to re-route the company's e-mail flow.
So far, more than 500,000 mostly small organizations have signed up for Google Apps, but the other versions -- Standard, Education, Partner and Premier -- require IT to implement the suite because its services are linked to an organization's Internet domain.
That changes with the Team Edition, which will let employees set up Google Apps workgroups as long as they have valid e-mail addresses with their organizations' domains, Sheth said.
"Google Apps has been, by definition, an IT project, and now we want to let people use it without IT involvement," Sheth said.
Once signed up with Team Edition, people can see who else in their organization's Internet domain is also a user, and invite those who aren't, Sheth said.
"It provides a quick way for workgroups to start collaborating," he said.
IT departments shouldn't get angry about Team Edition, according to Sheth, because, unlike other software that employees use without IT approval, it provides an upgrade path to IT-manageable versions.
"The IT department always has the option to sign up for the Standard Edition for free if they want to provide control over this," Sheth said. "This is a solid, happy medium."
Team Edition can also be upgraded to the other editions, like Education, which is free, and Premier, which costs US$50 per user per year. Although Gmail isn't part of Team Edition, Google is exploring ways to make it a part, Sheth said.
By its very nature as a Web-hosted software suite, an unmanaged Google Apps deployment can represent a concern for IT departments, since the applications and the data generated are stored outside organizations' firewalls in Google data centers.
However, Team Edition will be far from alone among the hosted software that employees use in their organizations without getting approval from the IT department, said Erica Driver, a Forrester Research analyst.
The IT department reactions to Team Edition will depend on the organization's culture, which range from those in "lockdown mode" to those more tolerant and aware that Web 2.0 technologies are seeping in from the consumer world to the workplace, Driver said.
Team Edition, with its bottom-up, end-user-driven focus, fits in with Google's traditional strategy of appealing to individuals, grown out of its consumer services, and will likely boost the adoption of Google Apps in companies, government agencies, educational institutions and other organizations that don't currently use the suite, said Matt Cain, a Gartner analyst.
"The Google model is to prime the well at the end-user level and assist IT somewhere along the way, but the demand generation for the suite will definitely be at the rank-and-file level, not at the IT level," Cain said.
Google needs to make sure it strikes a balance between rallying end-users and giving IT managers a way to enter the picture and exert control, he said. "Google will encourage end-user adoption but it can't disintermediate the IT staff, which will have to ultimately clean up any mess that's created," Cain said.
Danish ISP may fight order to fence in The Pirate Bay
One of Denmark's largest ISPs is considering fighting a court order to shut off its subscribers' access to The Pirate Bay, the embattled file-sharing search engine.
Tele2 was ordered to shut off access last week after the court concluded The Pirate Bay facilitates the trading of copyright material without the permission of rights holders, according to a translation by the Danish Pirate Party, a digital rights activist group.
Tele2 complied, but plans to meet on Monday with other telecommunications companies on whether it should challenge the ruling, said Nicholai Pfeiffer, chief of regulations for Tele2, on Wednesday. So far, other Danish ISPs (Internet service providers) have not shut off access.
"In this case, we think it is needed to have a clarification of the legal grounds, and that is why we are discussing this with the other companies," Pfeiffer said.
The court's ruling was hailed by the International Federation of the Phonographic Industry (IFPI), which along with other industry groups, are lobbying governments to force ISPs to undertake stronger measures against piracy, such as content filtering.
This latest legal move in Denmark has a precedent. Last year, a Danish court order ISPs within the country to block AllofMP3.com, the Russia-based Web site that sold albums for download well below market prices. The ISPs complied. Record industry groups charged the site was a fraud and was not paying royalties for the music it sold.
But concerns abound over whether ISPs should be forced to take responsibility for content that goes across their networks. In a statement released Wednesday, Tele2 said that discussions over copyright issues should take place between those who have the rights to the content and those who are hosting it, not network operators.
The situation in Denmark is just the latest fracas involving The Pirate Bay, which is based in Sweden. Last week, Swedish authorities charged four people affiliated with the BitTorrent search engine for facilitating copyright violations.
The Pirate Bay's owners say they do not host illegal content on their servers but merely allow people to find torrents, or small information files that coordinate the download of content from computers around the world via P-to-P (peer-to-peer) sharing. After a police raid, the site's servers are now located outside of Sweden.
The Pirate Bay quickly moved this week to restore service to Tele2 subscribers by setting up a new Web site. Tele2 subscribers who trying to visit The Pirate Bay can go to The Jesper Bay, according to the TorrentFreak blog. The site gives instructions on how to get access to The Pirate Bay.
Tele2 was ordered to shut off access last week after the court concluded The Pirate Bay facilitates the trading of copyright material without the permission of rights holders, according to a translation by the Danish Pirate Party, a digital rights activist group.
Tele2 complied, but plans to meet on Monday with other telecommunications companies on whether it should challenge the ruling, said Nicholai Pfeiffer, chief of regulations for Tele2, on Wednesday. So far, other Danish ISPs (Internet service providers) have not shut off access.
"In this case, we think it is needed to have a clarification of the legal grounds, and that is why we are discussing this with the other companies," Pfeiffer said.
The court's ruling was hailed by the International Federation of the Phonographic Industry (IFPI), which along with other industry groups, are lobbying governments to force ISPs to undertake stronger measures against piracy, such as content filtering.
This latest legal move in Denmark has a precedent. Last year, a Danish court order ISPs within the country to block AllofMP3.com, the Russia-based Web site that sold albums for download well below market prices. The ISPs complied. Record industry groups charged the site was a fraud and was not paying royalties for the music it sold.
But concerns abound over whether ISPs should be forced to take responsibility for content that goes across their networks. In a statement released Wednesday, Tele2 said that discussions over copyright issues should take place between those who have the rights to the content and those who are hosting it, not network operators.
The situation in Denmark is just the latest fracas involving The Pirate Bay, which is based in Sweden. Last week, Swedish authorities charged four people affiliated with the BitTorrent search engine for facilitating copyright violations.
The Pirate Bay's owners say they do not host illegal content on their servers but merely allow people to find torrents, or small information files that coordinate the download of content from computers around the world via P-to-P (peer-to-peer) sharing. After a police raid, the site's servers are now located outside of Sweden.
The Pirate Bay quickly moved this week to restore service to Tele2 subscribers by setting up a new Web site. Tele2 subscribers who trying to visit The Pirate Bay can go to The Jesper Bay, according to the TorrentFreak blog. The site gives instructions on how to get access to The Pirate Bay.
Tech CEOs push for green computing
IT vendors can play a major role in reducing the world's energy consumption, but information about the benefits of technology has been lacking in an ongoing environmental debate in Washington, D.C., three tech CEOs said Wednesday.
While IT consumption of energy in the U.S. has grown in the last decade, technology also displaces more than its share of energy-consuming activities in other sectors, members of the Technology CEO Council said. The advocacy group highlighted a report, released Wednesday, saying that every kilowatt hour of energy used by IT replaces 10 kilowatt hours of energy that would have been used elsewhere.
IT currently uses about 6 percent of U.S. electricity, up from 2 percent to 3 percent in 2000, said John "Skip" Laitner, co-author of the report and director of economic policy analysis at the American Council for an Energy-Efficient Economy (ACEEE). But through a wide variety of IT products, including tech that enables video conferencing, telecommuting and e-mail, technology results in a net decrease in energy consumption, he said.
Instead of flying to a conference in Sweden recently, Laitner attended by video conference, he said. And in preparing the ACEEE's report, Laitner received thousands of pages of documents by e-mail or downloads, instead of having them delivered.
Few studies have explored the energy efficiencies created by IT, he added. "We have to look at what that's displacing," he said.
Users of computers and other tech products should expect more energy savings in the future, said Dell CEO Michael Dell. He joined Mike Splinter, president and CEO of Applied Materials, and Joe Tucci, chairman, president and CEO of EMC, at a press briefing focused on green technologies.
"As an industry, we have begun to take up the [environmental] issue in a serious way," Dell said. "It's an issue that customers care about."
The IT industry has come under some criticism for its energy use, particularly at large data centers. In January 2007, U.S. Senator Wayne Allard, a Colorado Republican, introduced a bill that would require the U.S. Environmental Protection Agency to analyze and report to Congress about the growth and energy consumption of computer data centers by the federal government and private companies.
Congress needs to "more fully understand the impact that the growing number of computers in use throughout the country has on energy consumption," Allard said then.
The Technology CEO Council isn't concerned about congressional mandates, because the IT industry is already taking steps to reduce its energy consumption, said Bruce Mehlman, the group's executive director.
But the U.S. government has a huge impact on energy consumption by adopting more green technologies, said Applied Materials' Splinter. "The government is the largest user of energy in our country," he said.
In addition to the ACEEE report, the Technology CEO Council released its own report, called A Smarter Shade of Green. The report lays out the group's environmental policy principles, including:
-- The president should select a federal agency as a center for energy efficiency excellence, a model for other agencies going green.
-- The government should invest more in green research.
-- Governments across the world should reduce tariffs on green technologies.
-- The U.S. government should explore tax incentives for deploying energy-saving technologies.
-- Companies shouldn't wait for government mandates or incentives, but should adopt energy-efficient strategies on their own.
While IT consumption of energy in the U.S. has grown in the last decade, technology also displaces more than its share of energy-consuming activities in other sectors, members of the Technology CEO Council said. The advocacy group highlighted a report, released Wednesday, saying that every kilowatt hour of energy used by IT replaces 10 kilowatt hours of energy that would have been used elsewhere.
IT currently uses about 6 percent of U.S. electricity, up from 2 percent to 3 percent in 2000, said John "Skip" Laitner, co-author of the report and director of economic policy analysis at the American Council for an Energy-Efficient Economy (ACEEE). But through a wide variety of IT products, including tech that enables video conferencing, telecommuting and e-mail, technology results in a net decrease in energy consumption, he said.
Instead of flying to a conference in Sweden recently, Laitner attended by video conference, he said. And in preparing the ACEEE's report, Laitner received thousands of pages of documents by e-mail or downloads, instead of having them delivered.
Few studies have explored the energy efficiencies created by IT, he added. "We have to look at what that's displacing," he said.
Users of computers and other tech products should expect more energy savings in the future, said Dell CEO Michael Dell. He joined Mike Splinter, president and CEO of Applied Materials, and Joe Tucci, chairman, president and CEO of EMC, at a press briefing focused on green technologies.
"As an industry, we have begun to take up the [environmental] issue in a serious way," Dell said. "It's an issue that customers care about."
The IT industry has come under some criticism for its energy use, particularly at large data centers. In January 2007, U.S. Senator Wayne Allard, a Colorado Republican, introduced a bill that would require the U.S. Environmental Protection Agency to analyze and report to Congress about the growth and energy consumption of computer data centers by the federal government and private companies.
Congress needs to "more fully understand the impact that the growing number of computers in use throughout the country has on energy consumption," Allard said then.
The Technology CEO Council isn't concerned about congressional mandates, because the IT industry is already taking steps to reduce its energy consumption, said Bruce Mehlman, the group's executive director.
But the U.S. government has a huge impact on energy consumption by adopting more green technologies, said Applied Materials' Splinter. "The government is the largest user of energy in our country," he said.
In addition to the ACEEE report, the Technology CEO Council released its own report, called A Smarter Shade of Green. The report lays out the group's environmental policy principles, including:
-- The president should select a federal agency as a center for energy efficiency excellence, a model for other agencies going green.
-- The government should invest more in green research.
-- Governments across the world should reduce tariffs on green technologies.
-- The U.S. government should explore tax incentives for deploying energy-saving technologies.
-- Companies shouldn't wait for government mandates or incentives, but should adopt energy-efficient strategies on their own.
Time Warner to split AOL Internet business
Time Warner plans to split up the Internet access and audience businesses of its AOL segment to run them each independently, Time Warner CEO and President Jeff Bewkes revealed Wednesday.
The move comes as little surprise, as former CEO Dick Parsons acknowledged in September that Time Warner would at some point divest itself from the AOL access business, though he made no commitment to do so at the time.
On Bewkes' first quarterly financial conference call Wednesday since taking his position as CEO on Jan. 1, he said Time Warner's plans to split AOL's businesses will help hasten the segment's business-model transition from "a declining ISP subscription business to a growing Internet ad business."
"This should significantly increase AOL's strategic options for each of these main business sectors," Bewkes said on a call to reveal Time Warner's fourth-quarter 2007 earnings. He made a distinction between AOL's for-fee Internet-access service and its ad-supported audience business, which includes AOL's online services and content.
Bewkes did not give a specific timeline or other details for when and how the split will occur. AOL's Internet-access business, which still provides for-fee service, continues to decline in subscribers even as Bewkes noted that Time Warner has reduced operating expenses at AOL by "well over a billion dollars."
Still, even as AOL's goal is to become a viable online advertising competitor against Google, Yahoo and Microsoft -- the latter two of which may soon become a single and more formidable rival -- advertising revenue for AOL has been growing less than the industry average for several quarters.
In the fourth quarter, ad revenue at AOL grew 18 percent, less than the current International Advertising Bureau's industry average of 25 percent. As a point of comparison, Google's ad revenue grew 51 percent in its fiscal fourth quarter.
AOL's ad revenue growth was below industry average for both its 2007 second and third quarters as well. It grew 13 percent in the third quarter, which ended Sept. 30, and 16 percent in the second quarter, which ended June 30. The industry average was around 26 percent for those time periods.
Time Warner's financial results for the quarter overall met Wall Street expectations, but net income was down for the quarter. The company reported $1.03 billion, or $0.28 a share, for the fourth quarter, down from $1.75 billion, or $0.44, last year. However, the results for the fourth quarter of fiscal 2006 were bolstered by an income-tax benefit as well as income from the sale of AOL Internet access businesses in the U.K. and France.
Quarterly revenue rose 2.4 percent, from $12.34 billion in the year-ago quarter to $12.64 billion, reported Wednesday.
Bewkes on Wednesday also outlined other cost-cutting and strategic measures that Time Warner plans to take to make the business run more effectively. The company's AOL business is not the only one that will be affected; the company also is considering reducing its investments in its Time Warner Cable business, he said.
The move comes as little surprise, as former CEO Dick Parsons acknowledged in September that Time Warner would at some point divest itself from the AOL access business, though he made no commitment to do so at the time.
On Bewkes' first quarterly financial conference call Wednesday since taking his position as CEO on Jan. 1, he said Time Warner's plans to split AOL's businesses will help hasten the segment's business-model transition from "a declining ISP subscription business to a growing Internet ad business."
"This should significantly increase AOL's strategic options for each of these main business sectors," Bewkes said on a call to reveal Time Warner's fourth-quarter 2007 earnings. He made a distinction between AOL's for-fee Internet-access service and its ad-supported audience business, which includes AOL's online services and content.
Bewkes did not give a specific timeline or other details for when and how the split will occur. AOL's Internet-access business, which still provides for-fee service, continues to decline in subscribers even as Bewkes noted that Time Warner has reduced operating expenses at AOL by "well over a billion dollars."
Still, even as AOL's goal is to become a viable online advertising competitor against Google, Yahoo and Microsoft -- the latter two of which may soon become a single and more formidable rival -- advertising revenue for AOL has been growing less than the industry average for several quarters.
In the fourth quarter, ad revenue at AOL grew 18 percent, less than the current International Advertising Bureau's industry average of 25 percent. As a point of comparison, Google's ad revenue grew 51 percent in its fiscal fourth quarter.
AOL's ad revenue growth was below industry average for both its 2007 second and third quarters as well. It grew 13 percent in the third quarter, which ended Sept. 30, and 16 percent in the second quarter, which ended June 30. The industry average was around 26 percent for those time periods.
Time Warner's financial results for the quarter overall met Wall Street expectations, but net income was down for the quarter. The company reported $1.03 billion, or $0.28 a share, for the fourth quarter, down from $1.75 billion, or $0.44, last year. However, the results for the fourth quarter of fiscal 2006 were bolstered by an income-tax benefit as well as income from the sale of AOL Internet access businesses in the U.K. and France.
Quarterly revenue rose 2.4 percent, from $12.34 billion in the year-ago quarter to $12.64 billion, reported Wednesday.
Bewkes on Wednesday also outlined other cost-cutting and strategic measures that Time Warner plans to take to make the business run more effectively. The company's AOL business is not the only one that will be affected; the company also is considering reducing its investments in its Time Warner Cable business, he said.
IBM unveils business intelligence services
IBM announced the first results of its recently closed acquisition of business intelligence vendor Cognos, unveiling an array of product offerings and services that tie into its information on demand strategy.
"We are off and running," said Steve Mills, senior vice president and group executive of IBM's software group, during a press conference on Wednesday.
IBM's long-standing partnership with Cognos allowed it to quickly pull together the new products, Mills said. They include a Cognos 8 BI "starter pack" for IBM's InfoSphere Warehouse; integration of Cognos 8 with IBM's Information Server data integration platform; templates for linking Cognos 8 with IBM's BPM (business process management) software, Filenet; and Dashboard Accelerator, for quickly constructing dashboards with Cognos 8, according to a statement.
The company also plans to bundle Cognos 8 with its C-Class Balanced Warehouse products, which are aimed at small to medium-sized firms; and has created Compliance Warehouse for Legal Control, which combines a variety of content management and archiving capabilities with IBM storage hardware, as well as compliance monitoring through Cognos' technology, a statement said.
Along with the product offerings, IBM announced a number of offerings tailored for verticals and a set of new services.
The basic contention of IBM's IOD push is that future market opportunities lie less in packaged applications, than in optimizing those applications' performance through data management, delivery and analysis.
"When we ask customers if they have an information agenda, we get inconsistent answers," said Ambuj Goyal, general manager of information management. "That's where the real growth is."
Meanwhile, though, rival vendors like SAP and Oracle can align business intelligence with their widely used ERP (enterprise resource planning) offerings. IBM, which doesn't have an equivalent ERP product, is hardly at a disadvantage, Mills argued. "A typical large company is running 2,000 to 4,000 applications. The brand names are a scatter-gram. Even companies who use a lot of SAP," he said.
Though IBM is building out a sprawling stack of information-related technologies, the company will ensure customers who want even a single tool will be satisfied, Goyal asserted: "We are based on a flexible architecture. You'll see from us that we're trying to meet customers in the way they buy."
Enterprise customers suggested Wednesday that their own plans and needs fit into IBM's strategy.
Paul Valle, senior vice president of information technology and CIO at the Papa Gino's/D'Angelo's restaurant chain, said his firm has been using Cognos to improve its delivery business by identifying "hot spots" where performance is lagging.
But the company now wants to take this a step further, he said: "It's more than the negative areas, it's finding the positive areas and pulling it all together. That can only lead to customer satisfaction."
Carl Try, manager of e-commerce and advanced technologies for Fiskars, which makes a range of consumer products, including tools, said the company has been using Cognos to derive meaning from its ERP application data. "Our ERP strategy was really more North America. Now our C-level people want to pull global information," he said.
Fiskars' ultimate goal is not just to collect information from more sources, but to apply even more advanced analytics, he said: "Just imagine, point-of-sale [data] combined with weather information. That's where we want to go."
IBM's research work in applied mathematics will result in industry-leading analytics down the road, according to Mills. "You now have all the visualization capability from Cognos, and we will now start to link these things up. ...We see this as a really unique differentiation that IBM is going to bring to the marketplace that quite frankly, no one else is going to be able to match."
The executives declined to name specific figures when asked about the growth Cognos could spark. "When you spend $5 billion, you have high expectations," Mills said. "With 60 acquisitions under our belt we understand very clearly how to do this. ... we have every confidence we'll continue that with Cognos."
"We are off and running," said Steve Mills, senior vice president and group executive of IBM's software group, during a press conference on Wednesday.
IBM's long-standing partnership with Cognos allowed it to quickly pull together the new products, Mills said. They include a Cognos 8 BI "starter pack" for IBM's InfoSphere Warehouse; integration of Cognos 8 with IBM's Information Server data integration platform; templates for linking Cognos 8 with IBM's BPM (business process management) software, Filenet; and Dashboard Accelerator, for quickly constructing dashboards with Cognos 8, according to a statement.
The company also plans to bundle Cognos 8 with its C-Class Balanced Warehouse products, which are aimed at small to medium-sized firms; and has created Compliance Warehouse for Legal Control, which combines a variety of content management and archiving capabilities with IBM storage hardware, as well as compliance monitoring through Cognos' technology, a statement said.
Along with the product offerings, IBM announced a number of offerings tailored for verticals and a set of new services.
The basic contention of IBM's IOD push is that future market opportunities lie less in packaged applications, than in optimizing those applications' performance through data management, delivery and analysis.
"When we ask customers if they have an information agenda, we get inconsistent answers," said Ambuj Goyal, general manager of information management. "That's where the real growth is."
Meanwhile, though, rival vendors like SAP and Oracle can align business intelligence with their widely used ERP (enterprise resource planning) offerings. IBM, which doesn't have an equivalent ERP product, is hardly at a disadvantage, Mills argued. "A typical large company is running 2,000 to 4,000 applications. The brand names are a scatter-gram. Even companies who use a lot of SAP," he said.
Though IBM is building out a sprawling stack of information-related technologies, the company will ensure customers who want even a single tool will be satisfied, Goyal asserted: "We are based on a flexible architecture. You'll see from us that we're trying to meet customers in the way they buy."
Enterprise customers suggested Wednesday that their own plans and needs fit into IBM's strategy.
Paul Valle, senior vice president of information technology and CIO at the Papa Gino's/D'Angelo's restaurant chain, said his firm has been using Cognos to improve its delivery business by identifying "hot spots" where performance is lagging.
But the company now wants to take this a step further, he said: "It's more than the negative areas, it's finding the positive areas and pulling it all together. That can only lead to customer satisfaction."
Carl Try, manager of e-commerce and advanced technologies for Fiskars, which makes a range of consumer products, including tools, said the company has been using Cognos to derive meaning from its ERP application data. "Our ERP strategy was really more North America. Now our C-level people want to pull global information," he said.
Fiskars' ultimate goal is not just to collect information from more sources, but to apply even more advanced analytics, he said: "Just imagine, point-of-sale [data] combined with weather information. That's where we want to go."
IBM's research work in applied mathematics will result in industry-leading analytics down the road, according to Mills. "You now have all the visualization capability from Cognos, and we will now start to link these things up. ...We see this as a really unique differentiation that IBM is going to bring to the marketplace that quite frankly, no one else is going to be able to match."
The executives declined to name specific figures when asked about the growth Cognos could spark. "When you spend $5 billion, you have high expectations," Mills said. "With 60 acquisitions under our belt we understand very clearly how to do this. ... we have every confidence we'll continue that with Cognos."
IBM and EU launch cloud computing initiative
IBM and the EU have launched a joint research initiative to develop new virtualization and grid technologies for cloud computing, which will enable the sharing of IT services.
Known as RESERVOIR (Resources and Services Virtualization without Barriers), the initiative has been funded to the tune of €17 million (US$25 million) "to explore the deployment and management of IT services across different administrative domains, IT platforms and geographies."
Last year, IBM began a company-wide cloud computing initiative across its server, software, services, and R&D units. Then in November, IBM unveiled plans for "Blue Cloud," a series of cloud computing products that would allow organizations to make wider and more efficient use of the computing resources in their data centers.
For those unfamiliar with the concept, cloud computing is an emerging approach to shared infrastructure in which large pools of systems are linked together to provide IT services. Essentially, it is where computing is moved away from a particular computer or server, to a "cloud" of computers.
The theory is that users of cloud computing only need to worry about the computer service being requested, because the back-end resources are distributed and therefore hidden. This pool of computer resources is managed by software.
The RESERVOIR initiative aims to develop technologies to support a service-based online economy, where resources and services are transparently provisioned and managed. The IBM Haifa Research Lab will lead this computing project, but other members of the initiative include SAP Research, Sun Microsystems, Thales, and the University College of London.
Any resulting technology or services will be built on open standards, and would be used to "serve IBM, partners and customers in the development of modern data centers with quantified and significant improvements in service delivery productivity, quality, availability and cost."
A typical use of RESERVOIR could be to simplify the delivery of online entertainment.
As more and more television and movie content goes online, the RESERVOIR project would work, for example, to enable a network of service providers to host different media. Any time additional services or infrastructure are needed, they could be rapidly supplied through the cloud by one of the various RESERVOIR-powered sites. For example, if there is large demand for a show hosted by a particular site, it could dynamically 'hire' additional servers and services from other sites that are not being used.
"You can think of cloud computing as the Internet operating system for business and RESERVOIR as pioneering technologies that will enable people to access the cloud of services in an efficient and cost effective way," said Dr Yaron Wolfsthal, senior manager of System Technologies at the IBM Research Lab in Haifa, Israel, in a statement.
"With demand for IT resources hard to predict, service providers usually over-provision resources in order to support peak demands and ensure continuous service availability and quality, while other systems run at lower capacity," said Dr Wolfsthal. "But with RESERVOIR, our aim is to provide cloud-computing-based technologies that will enable the borderless delivery of IT services based on actual demands to keep costs competitive."
Specifically, it seems that RESERVOIR will investigate new capabilities for the deployment of commercial service scenarios that cannot currently be supported. These capabilities would be made possible by developing new virtualization and grid technologies.
Known as RESERVOIR (Resources and Services Virtualization without Barriers), the initiative has been funded to the tune of €17 million (US$25 million) "to explore the deployment and management of IT services across different administrative domains, IT platforms and geographies."
Last year, IBM began a company-wide cloud computing initiative across its server, software, services, and R&D units. Then in November, IBM unveiled plans for "Blue Cloud," a series of cloud computing products that would allow organizations to make wider and more efficient use of the computing resources in their data centers.
For those unfamiliar with the concept, cloud computing is an emerging approach to shared infrastructure in which large pools of systems are linked together to provide IT services. Essentially, it is where computing is moved away from a particular computer or server, to a "cloud" of computers.
The theory is that users of cloud computing only need to worry about the computer service being requested, because the back-end resources are distributed and therefore hidden. This pool of computer resources is managed by software.
The RESERVOIR initiative aims to develop technologies to support a service-based online economy, where resources and services are transparently provisioned and managed. The IBM Haifa Research Lab will lead this computing project, but other members of the initiative include SAP Research, Sun Microsystems, Thales, and the University College of London.
Any resulting technology or services will be built on open standards, and would be used to "serve IBM, partners and customers in the development of modern data centers with quantified and significant improvements in service delivery productivity, quality, availability and cost."
A typical use of RESERVOIR could be to simplify the delivery of online entertainment.
As more and more television and movie content goes online, the RESERVOIR project would work, for example, to enable a network of service providers to host different media. Any time additional services or infrastructure are needed, they could be rapidly supplied through the cloud by one of the various RESERVOIR-powered sites. For example, if there is large demand for a show hosted by a particular site, it could dynamically 'hire' additional servers and services from other sites that are not being used.
"You can think of cloud computing as the Internet operating system for business and RESERVOIR as pioneering technologies that will enable people to access the cloud of services in an efficient and cost effective way," said Dr Yaron Wolfsthal, senior manager of System Technologies at the IBM Research Lab in Haifa, Israel, in a statement.
"With demand for IT resources hard to predict, service providers usually over-provision resources in order to support peak demands and ensure continuous service availability and quality, while other systems run at lower capacity," said Dr Wolfsthal. "But with RESERVOIR, our aim is to provide cloud-computing-based technologies that will enable the borderless delivery of IT services based on actual demands to keep costs competitive."
Specifically, it seems that RESERVOIR will investigate new capabilities for the deployment of commercial service scenarios that cannot currently be supported. These capabilities would be made possible by developing new virtualization and grid technologies.
Microsoft offers subscription licensing for small businesses
Microsoft is offering a new subscription model to small businesses that will allow them to use the company's software for less cost than the currently available licensing model.
The plan, called Open Value Subscription program, is part of Microsoft's effort to give small businesses more flexible and affordable options for purchasing software, said Cindy Bates, Microsoft's general manager for U.S. small business.
The new plan costs about a third of the license-only expense for the current licensing program open to small business, called the Open Value program, Bates said. The plan is cheaper because Microsoft offers upfront discounts for software purchased through the subscription program, and also allows customers to increase or decrease pricing over the three-year subscription period if their business needs change, she said.
Open Value Subscription includes Microsoft's Software Assurance program, the company's software maintenance and support program for business customers.
Microsoft defines small businesses as those with 50 employees or fewer. Bates called 50 employees the "break point" for when a company hires IT management. Up until that number, "usually it's the business owner or office manager" handling the IT system, she said.
Businesses will be able to sign up for the Open Value Subscription program beginning in March, Bates said. Microsoft products available through the program include Microsoft Office Small Business, Office Professional +, Windows Vista Business Upgrade, Small Business Server Client Access License (CAL), Core CAL, Desktop Professional Suite and Small Business Desktop Suite.
As part of its small-business outreach, Microsoft also this week is unveiling a partner program called "Big Easy," which invests about US$10 million in subsidies to small businesses purchasing products through partners.
Through the program, small businesses purchasing certain products through authorized specialist partners will get a certain percentage of money back that they can use to purchase other services from those partners, Bates said.
For example, a small business would get a maximum of 22 percent of the money it spends if it buys six or more products that are on the approved list. Bates said Microsoft has figured the average return will be about 15 percent to 17 percent on purchases for small businesses.
Products available for subsidies under the Big Easy program include Microsoft Office products, Exchange Server, Forefront Security for Exchange Server, System Center Essentials, Project, Visio, Office SharePoint Server, Forefront Security for SharePoint and Internet Security and Acceleration Server 2006, among others.
More information about Open Value Subscription can be found on Microsoft's Web site. The company also provides more information about the Big Easy on its Microsoft Small Business Community Blog.
The plan, called Open Value Subscription program, is part of Microsoft's effort to give small businesses more flexible and affordable options for purchasing software, said Cindy Bates, Microsoft's general manager for U.S. small business.
The new plan costs about a third of the license-only expense for the current licensing program open to small business, called the Open Value program, Bates said. The plan is cheaper because Microsoft offers upfront discounts for software purchased through the subscription program, and also allows customers to increase or decrease pricing over the three-year subscription period if their business needs change, she said.
Open Value Subscription includes Microsoft's Software Assurance program, the company's software maintenance and support program for business customers.
Microsoft defines small businesses as those with 50 employees or fewer. Bates called 50 employees the "break point" for when a company hires IT management. Up until that number, "usually it's the business owner or office manager" handling the IT system, she said.
Businesses will be able to sign up for the Open Value Subscription program beginning in March, Bates said. Microsoft products available through the program include Microsoft Office Small Business, Office Professional +, Windows Vista Business Upgrade, Small Business Server Client Access License (CAL), Core CAL, Desktop Professional Suite and Small Business Desktop Suite.
As part of its small-business outreach, Microsoft also this week is unveiling a partner program called "Big Easy," which invests about US$10 million in subsidies to small businesses purchasing products through partners.
Through the program, small businesses purchasing certain products through authorized specialist partners will get a certain percentage of money back that they can use to purchase other services from those partners, Bates said.
For example, a small business would get a maximum of 22 percent of the money it spends if it buys six or more products that are on the approved list. Bates said Microsoft has figured the average return will be about 15 percent to 17 percent on purchases for small businesses.
Products available for subsidies under the Big Easy program include Microsoft Office products, Exchange Server, Forefront Security for Exchange Server, System Center Essentials, Project, Visio, Office SharePoint Server, Forefront Security for SharePoint and Internet Security and Acceleration Server 2006, among others.
More information about Open Value Subscription can be found on Microsoft's Web site. The company also provides more information about the Big Easy on its Microsoft Small Business Community Blog.
One year after Mac hack contest, Linux & Vista may be tested
One year after launching a controversial Macintosh hacking contest, the promoters of the CanSecWest security research conference are thinking about giving hackers another shot at cracking the Mac. Only this time, they're looking to broaden the field.
Last year, show organizers invited attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. But this year they're talking about giving attendees three targets to choose from. "We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first," said Dragos Ruiu, the principal organizer of CanSecWest.
Last year, security researcher Dino Dai Zovi spent a sleepless night hacking his Mac in order to take the prize at the show's first PWN to OWN contest. Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page.
Dai Zovi split the contest prize with a friend at the show, Shane Macaulay, who helped him pull off his attack. Macaulay got to keep the Macbook Pro while Dai Zovi pocketed the US$10,000 put up by 3Com's Tipping Point division in exchange for technical details on the bug.
It turned out that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi's hack helped change the way the industry thinks about the Mac OS, which has a reputation for being far more secure than Windows. "We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich."
Ruiu and Dai Zovi say that last year's contest helped kick off a flurry of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry truism: "Given enough time and motivation, everything can be broken," she said. "When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That's how it works."
Shortly after last year's contest, Gartner published a research paper warning that such challenges are "risky endeavors" that could put sensitive vulnerability information out in the public domain.
That hasn't stopped CanSecWest from pressing forward with this year's event.
Ruiu isn't certain that he'll run the three-way hacking contest this year. That's because he also has a grander, top-secret hacking contest idea that may or may not pan out, he said.
Either way, he promised "an interesting spectacle."
Last year, show organizers invited attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. But this year they're talking about giving attendees three targets to choose from. "We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first," said Dragos Ruiu, the principal organizer of CanSecWest.
Last year, security researcher Dino Dai Zovi spent a sleepless night hacking his Mac in order to take the prize at the show's first PWN to OWN contest. Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page.
Dai Zovi split the contest prize with a friend at the show, Shane Macaulay, who helped him pull off his attack. Macaulay got to keep the Macbook Pro while Dai Zovi pocketed the US$10,000 put up by 3Com's Tipping Point division in exchange for technical details on the bug.
It turned out that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi's hack helped change the way the industry thinks about the Mac OS, which has a reputation for being far more secure than Windows. "We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich."
Ruiu and Dai Zovi say that last year's contest helped kick off a flurry of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry truism: "Given enough time and motivation, everything can be broken," she said. "When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That's how it works."
Shortly after last year's contest, Gartner published a research paper warning that such challenges are "risky endeavors" that could put sensitive vulnerability information out in the public domain.
That hasn't stopped CanSecWest from pressing forward with this year's event.
Ruiu isn't certain that he'll run the three-way hacking contest this year. That's because he also has a grander, top-secret hacking contest idea that may or may not pan out, he said.
Either way, he promised "an interesting spectacle."
Adobe fixes undisclosed vulnerabilities in Reader
Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program.
Users are urged to upgrade to version 8.1.2, available for download on Adobe's Web site.
Adobe has not given out details of the vulnerabilities, even though the company has a section on its Web site detailing security advisories for Reader.
That could indicate that the vulnerabilities are fairly serious and could result in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia, a security vendor in Denmark.
Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have been reported. But people should be especially cautious of PDFs (Portable Document Format), the common file type that Reader opens.
"PDFs are generally highly trusted," Kristensen said. "It's a common format for exchanging information."
Secunia estimates that more than 60 percent of home PC users have the Reader program, based on data from one of its software products that checks to see if programs have up-to-date patches. Corporate use of Reader is less, around 30 percent, since many companies use other business applications that can open PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling vulnerability involving Windows. The problem allowed them to create malicious PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.
Users are urged to upgrade to version 8.1.2, available for download on Adobe's Web site.
Adobe has not given out details of the vulnerabilities, even though the company has a section on its Web site detailing security advisories for Reader.
That could indicate that the vulnerabilities are fairly serious and could result in a compromised PC, said Thomas Kristensen, chief technical officer for Secunia, a security vendor in Denmark.
Secunia is performing a binary analysis of the old and new versions of Reader to figure out the vulnerabilities. However, that analysis takes one to three days, Kristensen said.
Kristensen said no proof-of-concept code has been seen yet and no attacks have been reported. But people should be especially cautious of PDFs (Portable Document Format), the common file type that Reader opens.
"PDFs are generally highly trusted," Kristensen said. "It's a common format for exchanging information."
Secunia estimates that more than 60 percent of home PC users have the Reader program, based on data from one of its software products that checks to see if programs have up-to-date patches. Corporate use of Reader is less, around 30 percent, since many companies use other business applications that can open PDFs, Kristensen said.
Hackers seized on PDFs last year after the disclosure of a protocol handling vulnerability involving Windows. The problem allowed them to create malicious PDF documents that would infect a PC with malicious software if opened.
Adobe officials could not be reached.
Sony preps handheld Bravia digital TV
Sony is packing its Bravia technology into a new handheld TV it plans to put on sale in Japan in April.
The XDV-D500 has a 3-inch screen and is compatible with Japan's "OneSeg" mobile digital TV service that provides conventional over-the-air channels at no cost. The set includes Sony's "mobile Bravia engine" digital image processor that seeks to improve the picture's color, contrast and brightness for an overall better image.
Like many other OneSeg devices the new TV features the ability to record programs. Users can program recording from the TV's electronic program guide, and there's enough memory for up to 10 hours of video. There's a cradle for charging, and it also has a socket enabling the TV to be hooked up to an external antenna.
The device also includes an AM and FM radio. Battery life is eight hours when watching TV, 27 hours when listening to the FM radio and 34 hours for the AM radio.
It will hit the market on April 10 and cost ¥38,000 (US$355).
Sony is hoping the device will get a sales kick from the substantial brand it has built up around the Bravia name. Sony has previously used the name on Sony Ericsson cell phones with a TV function as have other TV makers, such as Sharp with its Aquos brand and Panasonic with Viera.
Sony will also sell a second portable TV set on the same day but it doesn't include the Bravia technology. The XDV-G200 has a 2-inch screen and will cost ¥30,000.
The OneSeg TV service is based on the ISDB-T standard that is only used in Japan so the sets won't work overseas.
The XDV-D500 has a 3-inch screen and is compatible with Japan's "OneSeg" mobile digital TV service that provides conventional over-the-air channels at no cost. The set includes Sony's "mobile Bravia engine" digital image processor that seeks to improve the picture's color, contrast and brightness for an overall better image.
Like many other OneSeg devices the new TV features the ability to record programs. Users can program recording from the TV's electronic program guide, and there's enough memory for up to 10 hours of video. There's a cradle for charging, and it also has a socket enabling the TV to be hooked up to an external antenna.
The device also includes an AM and FM radio. Battery life is eight hours when watching TV, 27 hours when listening to the FM radio and 34 hours for the AM radio.
It will hit the market on April 10 and cost ¥38,000 (US$355).
Sony is hoping the device will get a sales kick from the substantial brand it has built up around the Bravia name. Sony has previously used the name on Sony Ericsson cell phones with a TV function as have other TV makers, such as Sharp with its Aquos brand and Panasonic with Viera.
Sony will also sell a second portable TV set on the same day but it doesn't include the Bravia technology. The XDV-G200 has a 2-inch screen and will cost ¥30,000.
The OneSeg TV service is based on the ISDB-T standard that is only used in Japan so the sets won't work overseas.
Fujitsu launches global WiMax business
Fujitsu entered the WiMax market on Wednesday with the global launch of its BroadOne brand and three base stations.
The company, which has a sizable telecommunications infrastructure division, has also tied up with Airspan Networks under a deal that will see both companies resell the other's products.
The first base station to hit the market is the BroadOne WX300. The WX300 is a macrocell base station that can cover a radius of several kilometers and will be available worldwide from April. The unit weighs about 20 kilograms and with a volume of 20 liters is the smallest outdoor macrocell base station available, according to Fujitsu.
The second unit is a microcell base station that will cover several hundred meters and is intended to be used in rural areas or those with a small number of people. Completing the range is a picocell base station that covers an area of tens of meters and can be used in buildings or offices.
All three base stations cover the 2.3GHz and 2.5GHz frequency bands. The base stations will be on show at the Mobile World Congress expo that runs from Feb. 11 to 14 in Barcelona.
The company, which has a sizable telecommunications infrastructure division, has also tied up with Airspan Networks under a deal that will see both companies resell the other's products.
The first base station to hit the market is the BroadOne WX300. The WX300 is a macrocell base station that can cover a radius of several kilometers and will be available worldwide from April. The unit weighs about 20 kilograms and with a volume of 20 liters is the smallest outdoor macrocell base station available, according to Fujitsu.
The second unit is a microcell base station that will cover several hundred meters and is intended to be used in rural areas or those with a small number of people. Completing the range is a picocell base station that covers an area of tens of meters and can be used in buildings or offices.
All three base stations cover the 2.3GHz and 2.5GHz frequency bands. The base stations will be on show at the Mobile World Congress expo that runs from Feb. 11 to 14 in Barcelona.
Apple beats Microsoft, Motorola in mobile phone sales
Even after being on the market for less than half a year, more iPhones sold in the fourth quarter than Windows Mobile phones in the U.S., according to research from Canalys.
Canalys researchers estimate that the iPhone had 28 percent of the U.S. converged-device market in the fourth quarter of 2007. Research In Motion, with 41 percent, had the largest share of the market. Windows Mobile phones had 21 percent share of devices sold in the quarter, falling into third place behind Apple.
Worldwide, the lineup is a bit different. Nokia, which typically dominates around the world but not in the U.S., sold 52.9 percent of smart phones worldwide in the fourth quarter. RIM grew its share of converged-device sales to 11.4 percent, up 121 percent over the same quarter in 2006. Despite its limited availability around the world, Apple took third place with 6.5 percent of the market, just barely squeaking ahead of struggling Motorola.
Apple may have stirred renewed interest in smart phones in the U.S. Converged-device shipments, which include smart phones and wireless handhelds, grew 222 percent in the U.S. during the quarter, according to Canalys.
The iPhone also did well in the Europe, Middle East and Africa region, where it became available in three countries partway into the quarter. In the region, Apple came in fifth place behind Nokia, RIM, HTC and Motorola, but beat out Sony Ericsson, Samsung and Palm, Canalys said.
Apple's success as a new entrant is striking, but it will face challenges to keep its momentum going, said Canalys analyst Pete Cunningham in a statement. Historically, vendors with just one smart phone design, no matter how good, struggle, he said. That means Apple will have to create and refresh a portfolio of devices if it wants to increase its market share, he said.
Beyond hardware, competition is continuing in the mobile operating system market. Worldwide Symbian, which credits most sales to Nokia, had 65 percent of the market, followed by Microsoft at 12 percent and RIM at 11 percent, for the fourth quarter, Canalys said.
Despite all the buzz around mobile Linux, total Linux phone shipments in 2007 were essentially flat compared to 2006, Canalys found. In Asia Pacific, Motorola had a drop of 28 percent in its Linux smart phone shipments compared to 2006.
Phone makers are trying to attract customers to smart phones, which carry a higher price tag than low-end feature phones. However, converged devices made up just 10 percent of the global phone market in 2007, the researchers found.
Canalys researchers estimate that the iPhone had 28 percent of the U.S. converged-device market in the fourth quarter of 2007. Research In Motion, with 41 percent, had the largest share of the market. Windows Mobile phones had 21 percent share of devices sold in the quarter, falling into third place behind Apple.
Worldwide, the lineup is a bit different. Nokia, which typically dominates around the world but not in the U.S., sold 52.9 percent of smart phones worldwide in the fourth quarter. RIM grew its share of converged-device sales to 11.4 percent, up 121 percent over the same quarter in 2006. Despite its limited availability around the world, Apple took third place with 6.5 percent of the market, just barely squeaking ahead of struggling Motorola.
Apple may have stirred renewed interest in smart phones in the U.S. Converged-device shipments, which include smart phones and wireless handhelds, grew 222 percent in the U.S. during the quarter, according to Canalys.
The iPhone also did well in the Europe, Middle East and Africa region, where it became available in three countries partway into the quarter. In the region, Apple came in fifth place behind Nokia, RIM, HTC and Motorola, but beat out Sony Ericsson, Samsung and Palm, Canalys said.
Apple's success as a new entrant is striking, but it will face challenges to keep its momentum going, said Canalys analyst Pete Cunningham in a statement. Historically, vendors with just one smart phone design, no matter how good, struggle, he said. That means Apple will have to create and refresh a portfolio of devices if it wants to increase its market share, he said.
Beyond hardware, competition is continuing in the mobile operating system market. Worldwide Symbian, which credits most sales to Nokia, had 65 percent of the market, followed by Microsoft at 12 percent and RIM at 11 percent, for the fourth quarter, Canalys said.
Despite all the buzz around mobile Linux, total Linux phone shipments in 2007 were essentially flat compared to 2006, Canalys found. In Asia Pacific, Motorola had a drop of 28 percent in its Linux smart phone shipments compared to 2006.
Phone makers are trying to attract customers to smart phones, which carry a higher price tag than low-end feature phones. However, converged devices made up just 10 percent of the global phone market in 2007, the researchers found.
Attackers zero in on Yahoo Jukebox ActiveX flaw
Just one day after hackers showed how to exploit a number of flaws in the ActiveX software used by Internet Explorer, Symantec has spotted online criminals using one of the attacks.
The attack, which was first observed in the last few hours, is not widespread at present. Symantec Security Response Director Oliver Friedrichs said Tuesday that the company had identified just three Web sites that were hosting the attack code, all of which seem to be linked to the same criminals. But he believes that more attacks are inevitable as the bad guys work the code into their malicious toolkits of software. "Given the fact that the proof of concept is available and works, it's not exactly rocket science for someone to plug this into [a toolkit]," he said. "That's likely to happen in short order."
Security researchers Elazar Broad and Krystian Kloskowski have disclosed a slew of ActiveX bugs affecting MySpace and Facebook over the past few days, but the attack reported by Symantec takes advantage of a flaw in an ActiveX control used by Yahoo's Music Jukebox.
After the attackers are able to install software on the victim's machine, they then begin installing a number of malicious files on the victim's computer, Symantec said.
Broad and Kloskowski also discovered a second ActiveX bug in Yahoo Jukebox, but that flaw is not yet being exploited by attackers, according to Symantec. Another major source of problems is the Aurigma ImageUploader ActiveX control, which is used by Web sites such as Facebook and MySpace to upload pictures into Internet Explorer.
Because of all the ActiveX bugs, Security experts are warning users to be cautious while Web browsing. On Tuesday, US-CERT (United States Computer Emergency Readiness Team) published a note encouraging users to disable ActiveX controls, which can be done by setting Internet Explorer's security level to "high" for the Internet zone.
That may not be a realistic option for many consumers, who will find their Internet Explorer browsing experience hobbled without ActiveX, Friedrichs said. But tech-savvy users and corporate IT shops can take steps to disable the untrusted ActiveX controls. In fact, the SANS Internet Storm Center has published free software that disables the controls.
Another option for enterprise users is to create a whitelist of approved ActiveX controls, Friedrichs said.
Security problems with browser add-ons are very common. In the first half of 2007, Symantec identified 237 browser plugin security flaws. About 89 percent of centered on ActiveX.
Yahoo did not immediately respond to an e-mail message requesting comment for this story.
The attack, which was first observed in the last few hours, is not widespread at present. Symantec Security Response Director Oliver Friedrichs said Tuesday that the company had identified just three Web sites that were hosting the attack code, all of which seem to be linked to the same criminals. But he believes that more attacks are inevitable as the bad guys work the code into their malicious toolkits of software. "Given the fact that the proof of concept is available and works, it's not exactly rocket science for someone to plug this into [a toolkit]," he said. "That's likely to happen in short order."
Security researchers Elazar Broad and Krystian Kloskowski have disclosed a slew of ActiveX bugs affecting MySpace and Facebook over the past few days, but the attack reported by Symantec takes advantage of a flaw in an ActiveX control used by Yahoo's Music Jukebox.
After the attackers are able to install software on the victim's machine, they then begin installing a number of malicious files on the victim's computer, Symantec said.
Broad and Kloskowski also discovered a second ActiveX bug in Yahoo Jukebox, but that flaw is not yet being exploited by attackers, according to Symantec. Another major source of problems is the Aurigma ImageUploader ActiveX control, which is used by Web sites such as Facebook and MySpace to upload pictures into Internet Explorer.
Because of all the ActiveX bugs, Security experts are warning users to be cautious while Web browsing. On Tuesday, US-CERT (United States Computer Emergency Readiness Team) published a note encouraging users to disable ActiveX controls, which can be done by setting Internet Explorer's security level to "high" for the Internet zone.
That may not be a realistic option for many consumers, who will find their Internet Explorer browsing experience hobbled without ActiveX, Friedrichs said. But tech-savvy users and corporate IT shops can take steps to disable the untrusted ActiveX controls. In fact, the SANS Internet Storm Center has published free software that disables the controls.
Another option for enterprise users is to create a whitelist of approved ActiveX controls, Friedrichs said.
Security problems with browser add-ons are very common. In the first half of 2007, Symantec identified 237 browser plugin security flaws. About 89 percent of centered on ActiveX.
Yahoo did not immediately respond to an e-mail message requesting comment for this story.
Subscribe to:
Posts (Atom)