Friday, February 15, 2008

Google finds evil all over the Web

The Web is scarier than most people realize, according to research published recently by Google.
The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 Web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.

These Web-based attacks, called "drive-by downloads" by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers.

In the past year the Web sites of Al Gore's "An Inconvenient Truth" movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors.

Criminals are getting better at this kind of work. They have built very successful automated tools that poke and prod Web sites, looking for programming errors and then exploit these flaws to install the drive-by download software. Often this code opens an invisible iFrame page on the victim's browser that redirects it to a malicious Web server. That server then tries to install code on the victim's PC. "The bad guys are getting exceptionally good at automating those attacks," said Roger Thompson, chief research officer with security vendor Grisoft.

In response, Google has stepped up its game. One of the reasons it has been scouring the Web for malicious pages is so that it can identify drive-by-download sites and warn Google searchers before they visit them. Nowadays about 1.3 percent of all Google search queries list malicious results somewhere on the first few pages.

Some of the data surprised Provos.

"When we started going into this I had the firm intuition that if you go to the sleazier parts of the Web, you are in more danger," he said.

It turns out the Web's nice neighborhoods aren't necessarily safer than its red-light districts.

"We looked into this and indeed we found that if you ended up going to adult-oriented pages, your risk of being exposed [to malicious software] was slightly higher," he said. But "there really wasn't a huge difference."

"Staying away from the disreputable part of the Internet really isn't good enough," he noted.

Another interesting finding: China was far and away the greatest source of malicious Web sites. According to Google's research, 67 percent of all malware distribution sites are hosted in China. The second-worst offender? The U.S., at 15 percent, followed by Russia, (4 percent) Malaysia (2.2 percent) and Korea (2 percent).

It costs next-to-nothing to register a Web domain in China and service providers are often slow to shut down malicious pages, said Thompson. "They're the Kleenex Web sites," he said. Criminals "know they're going to be shut down, and they don't care."

Malicious site operators in China fall into two broad categories, Thompson said: fraudsters looking to steal your banking password, and teenagers who want to steal your World of Warcraft character.

So how to stop this growing pestilence?

Google's Provos has this advice for Web surfers: Turn automatic updates on. "You should always run your software as updated as possible and install some kind of antivirus technology," he said.

But he also thinks that Webmasters will have to get smarter about building secure Web sites. "I think it will take concentrated efforts on all parts," for the problem to go away, he said.

GPS helps you find your friends

Location-based services appeared here, there and everywhere at the Mobile World Congress in Barcelona this week, as service providers maneuvered to take advantage of the increasing number of mobile phones shipping with integrated GPS (Global Positioning System) modules. Many of the services put the emphasis on finding your friends, not finding your way, as GPS evolves into more of a social tool.
Yahoo announced a service called oneConnect that will to alert you when contacts arrive in town, warn you what mood they are in and show you a list of their recent e-mail messages that you have left unanswered. Yahoo intends to collect this information by combining status updates from sites like MySpace with GPS data from mobile phones and other information from Web mail and instant messaging services, a kind of aggregation for social networks. The service will go live by June, and will work with services including Google's Gmail and GoogleTalk, AOL Instant Messenger and Microsoft's Outlook Web mail, said Marco Boerries, executive vice president of Yahoo's Connected Life division.

Communology, of Cologne, Germany, promoted a similar notion of social-network aggregation. Its Mobile Mash-Up can help sites like Facebook or Xing offer mobile users the ability to locate friends or tag photos with information about where they were taken. Communology sells "white label" services, using its Live Media software platform to build social-networking services for other brands.

Linking up with Facebook is a strategy that also occurred to Wayfinder: it now offers a GPS widget for Facebook users called LocateMate. The company also introduced a forum for users of its software to share favorite routes and locations at MyWayfinder.com, with links to digital mapping tools such as Google Earth and Microsoft Virtual Earth.

GyPSii showed a BlackBerry client for its mobile social-networking service. It already offers versions for handsets running Symbian OS and Windows Mobile. The service allows users to share photos, videos and other information, tagging it with location data. Last year, GyPSii, based in Amsterdam, acquired Finnish mobile phone manufacturer Benefon, one of the first to build GPS modules into mobile phones.

One of the strangest location-based mobile social networks revealed at the show allows users to share information about ... public toilets. MizPee.eu offers reviews of toilets in Barcelona, London, Paris and Rome posted by community members, with ratings for cleanliness and cost. Showgoers hoping to use the site to beat the long lines for toilets on site were disappointed, though: the nearest one listed is 1.45 kilometers from the showground.

Report: Yahoo board reported split over Microsoft bid

Yahoo Inc.'s Chairman Roy Bostock is leading a group of the company's board members in favor of accepting Microsoft Corp.'s unsolicited US$44.6 billion takeover bid, according to a new report.
The informal group headed by Bostock also includes other board members and billionaire investor Ron Burkle, according to the report in the New York Post, which quoted unnamed sources close to the situation. Board members Eric Hippeau, a managing partner at Softbank Capital, and Robert Kotick, CEO of Activision Publishing Inc., are standing behind Yahoo CEO Jerry Yang, who does not want to accept Microsoft's offer.

On Monday, Yahoo's board rejected Microsoft's offer, saying it undervalued the company.

According to the Post, the discord revolves around Yang and his followers who are so opposed to selling the company to Microsoft that Bostock and his group fear they will act out of emotions rather than their fiduciary duty to Yahoo shareholders. Such an action could expose the board to lawsuits by shareholders.

Yang sent a letter to shareholders Wednesday night, saying that Microsoft's bid substantially undervalues the company and that Yahoo is positioned to take advantage of growth in the online advertising market.

Yahoo could not be reached for comment.

Successful SOA implementations are on the increase

Most SOA implementations are now successful, with nearly four out of ten enterprises meeting all their goals and 60 percent meeting most of them.
That's according to a survey carried out by SOA governance company Amberpoint, which found that 38 percent of SOA installations met their targets. The company also found that just 1.5 percent of SOA projects ended in failure -- a figure well below the industry average for all software projects.

Ed Horst, Amberpoint's VP of marketing was surprised by this particular result and could offer no explanation for it. He did point out that a number of respondents say that they had decided not to proceed with an SOA project, but even if these were taken into account, the number of failures still wouldn't reach five percent.

He could not explain why the failure rates were so low and couldn't say whether the respondents were implementing trial SOA projects for the more simplistic implementations. "Unfortunately, we didn't ask the supplementary question as to what type of projects they were doing. However, only 20 percent of the respondents were installing SOA in a single department implementation, so it seems that most of the enterprises were not taking the simple approach," Horst said.

One of the main themes to come from the survey was that SOA was no longer seen as being synonymous with web services. 58 percent of enterprises now include "non-SOAP" messaging (such as MQ or RMI) in their SOA systems, while packaged applications such as SAP are included in 68 percent of SOA systems.

Horst said the results showed that there was a new maturity in the market. What had changed was that people were no longer frightened of SOA and no longer believed that everything had to be designed up-front, he said. "The biggest problem that users faced was trying to design everything at once and trying to anticipate every single problem. While it is a good idea to do some design up-front, it's far better to implement something and learn from your mistakes."

He added that company was now thinking of making the SOA survey a regular event but said that he didn't expect to see a massive change in the figures for successful and unsuccessful implementations. "I'm not sure we can improve on that," he said. "In fact, I would expect to see a minor dip in the number of successful deployments."

Four newspaper companies form online ad partnership

Four major U.S. newspaper chains launched an online advertising network on Friday that will let advertisers book national campaigns through a single point of contact, reaching 50 million people a month across the U.S.
Investors include the Tribune, Gannett, Hearst and New York Times companies, which publish flagship newspapers such as the Chicago Tribune, USA Today, the San Francisco Chronicle and the New York Times, respectively.

The network, QuadrantOne, will let an advertiser place ads on hundreds of Web sites focused on 27 major markets, targeting users by what they are viewing, their online behavior and demographic information.

QuadrantOne is most notable for the online players that aren't participants, such as Google, Yahoo or Microsoft. This latest move by the newspaper companies may be designed to assert greater control over their print and Web properties.

Yahoo reached a landmark revenue-sharing deal in November 2006 with seven U.S. publishers. Yahoo provides search services, places job ads on its own HotJobs site and sells Web advertising. The deal was expanded in April 2007, with some 264 newspapers distributing their content on Yahoo's portal.

One of the QuadrantOne's investors, the Hearst company, is participating in the Yahoo deal.

Google's PrintAds program lets its customers who are already buying contextual Web-based ads to also place ads in 600 daily and weekly U.S. newspapers. Google also offers easy tools for customers to design their own ad that can be uploaded to particular newspaper.

The Chicago Tribune, the New York Times and the San Francisco Chronicle participate in PrintAds.

If newspapers develop better ways to sell their own online ads, they may not have to share revenue with their Web counterparts such as Yahoo and Google.

Online advertising accounted for about US$16.9 billion in revenue in 2006 and is expected to rise to $50.3 billion by 2011, according to a December 2007 report from the Yankee Group.

The U.S. newspaper industry is in dire straits, in part because of a bumpy U.S. economy, declining print readers and falling print advertising revenue.

Critics argue that newspaper companies waited far too long to revamp their businesses with the surge in online publishing and advertising over the last 15 years.

Companies such as Google, which has made a fortune in Web-based advertising, have reaped some gains at the expense of newspapers, as advertisers look for cheaper and more targeted ways to reach buyers.

Classified advertising, once a bread-and-butter source of revenue for newspaper, has also declined over the years due to advertising boards such as Craig's List.

OLPC, IDB to launch pilot project in Haiti

The One Laptop Per Child Foundation (OLPC) has teamed up with the Inter-American Development Bank (IDB) to launch a pilot project in Haiti, the first time the group will be able to comprehensively evaluate the idea of giving laptops directly to students as a learning tool.
OLPC, which makes the US$188 XO laptop aimed at kids in developing nations, will contribute $2 million to the project, while IDB will provide a $3 million grant. The project aims to distribute XO laptops to 13,200 students and 500 teachers in 60 Haitian primary schools, the groups said in a statement.

The organizations are financing the project to test whether the use of laptops in schools on a one-to-one basis can improve teaching and learning in Haiti, one of the poorest countries in the world.

"We have studies about the impact of computer labs and shared computers in the classroom, but there's never been a comprehensive evaluation of the learning model based on giving each child a laptop," said Emma Näslund-Hadley, the IDB's project team leader. "This is crucial to determine the effectiveness of this model under conditions of extreme poverty and as a tool for accelerating learning."

One aim of the project is to determine how the laptops can be used to help solve problems such as a shortage of qualified teachers, as well as educating children of different ages and grades in the same classroom. The Haitian government hopes the laptops can help speed up the learning process for students who enter school late or have to repeat grades, according to the release.

Teachers and students will be trained how to use the laptops and carry out basic maintenance and trouble shooting. Some students will receive vocational training to handle more complex laptop repairs.

The project will be evaluated by UNESCO's Regional Office on Education in Latin America and the Caribbean, which will conduct standardized math and language tests before and after the pilot project to determine performance improvements. Observers will also gauge whether the laptops affect attitudes and behaviors regarding school management, the value families place on education, the use of laptops at home, and the perceived educational progress of the students.

The OLPC project started as an attempt to build a US$100 laptop and work with governments to pass them out to kids in poor nations, but the XO, will likely end up costing nearly double that amount at first. The organizers of the effort, led by academics and researchers from the Massachusetts Institute of Technology (MIT), hope high-volume sales of the device will drive down costs.

The goal of OLPC is to make sure nobody misses out on the benefits of computing. The fear is that the price of a PC is keeping too many people in developing countries from learning how software, the Internet and communications via computing can improve their economies, job prospects and lives, or that poor countries will fall further behind the modern world due to their inability to access computers.

Investment firm extends offer to buy Transmeta

An investment firm on Wednesday extended its unsolicited offer to buy the remaining shares in Transmeta, keeping Intel's former chip-making rival on its toes.
Riley Investment Management is offering US$15.50 per share in cash to buy out Transmeta, an offer similar to the one it made on January 30 which expired on Wednesday. The current offer is due to expire on February 28.

Riley Investment is a Transmeta shareholder, holding a 6.6 percent stake in the company.

Transmeta paid little heed and did not respond to the initial offer by the end of the two-week deadline, said Bryant Riley, managing member of Riley Investment Management, in a U.S. Securities and Exchange Commission filing.

"I do not understand how a Board which has overseen such heavy losses and actively participated in the continued decline of shareholder value, while, at the same time, personally benefiting financially, can react in this manner," wrote Riley in the filing. Riley has repeatedly questioned the unnecessary expenditure and strategic direction of the company.

In a January 31 derivative complaint filed in the Superior Court of the State of California, County of Santa Clara, Riley's investment firm accused Transmeta's management officials of mismanagement and asset waste.

In the complaint, Riley Investment accused defendants of paying an "outrageous, illegal and unconscionable bonus" of over $10 million to legal counsel John O'Hara Horsley for "simply settling" an intellectual property lawsuit against Intel, and granting President and CEO Lester Crudele and Chief Financial Officer Sujan Jain $1.2 million in cash bonuses in connection with the Intel settlement "in which they played no material part," according to court documents.

Intel last year settled a LongRun technology patent dispute with Transmeta for US$250 million.

Riley also questioned Transmeta management's commitment to LongRun2 and developing shareholder value from it, Riley wrote in an earlier SEC filing. LongRun2 technology helps processors become more power-efficient.

Transmeta did not return requests for comment.

'Critical' Linux kernel bugs discovered

Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions.
The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.

They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information or gain "root" privileges, according to security experts.

The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected.

The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.

"In the 2.6.23 kernel the system call functionality has been further extended resulting in... critical vulnerabilities," said iSEC Security Research in an advisory.

Secunia disagreed about the bugs' seriousness, giving them a less critical ranking.

Exploit code for the vulnerabilities has been released publicly on the hacker site milw0rm.com, and Core Security Technologies has also developed a commercial exploit for the bugs, researchers said.

Researchers advised system administrators to update their kernels immediately.

Last month, a U.S. Department of Homeland Security (DHS) bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open source software projects.

Secunia also previously discovered that the number of security bugs in open source Red Hat Linux operating system and Firefox browsers, far outstripped comparable products from Microsoft last year.

SCO to get $100M bailout; McBride out if deal goes through

Five months after filing for Chapter 11 bankruptcy protection as part of a reorganization effort last September, The SCO Group Inc. Thursday unveiled a potential US$100 million cash infusion and a plan to take the embattled company private.
In an announcement, Lindon, Utah-based SCO said that the cash will come from Stephen Norris & Co. Capital Partners L.P. (SNCP) and partners in the Middle East who "have agreed to provide up to $100 million to finance a plan of reorganization for The SCO Group Inc."

Under the deal, which must be approved by the U.S. Bankruptcy Court judge in Delaware who is reviewing the company's bankruptcy filing, SNCP would gain a controlling interest in the company and take it private.

Two notable clauses are present in a 15-page "Memorandum of Understanding" filed with the court by SNCP to outline the proposal: SCO CEO Darl C. McBride, who has led the company since 2002, would be required to "resign immediately" once the deal is completed, and SCO must "continue to pursue aggressively the company's claims in the Novell/IBM litigation and other pending litigation against AutoZone Inc."

SCO has been on the defensive since 2003, when the company filed a $5 billion lawsuit against IBM, alleging that it improperly contributed some of SCO's Unix intellectual property for use in Linux. SCO then also sued Novell, charging that the company had falsely claimed to own the legal rights to Unix. Last August, SCO was handed a big defeat when a U.S. District Court judge in Utah ruled that Novell is, in fact, the owner of the Unix and UnixWare copyrights. The judge also ruled that as a result, Novell could direct SCO to revoke its copyright infringement claims against IBM.

Under the proposed deal, the cash infusion will mean that SCO "is poised to emerge from Chapter 11 of the United States Bankruptcy Code in the coming year," according to the announcement. "The board of directors of SCO has unanimously determined that this financing and plan of reorganization is in the best long-term interest of SCO and its subsidiaries, as well as its customers, shareholders, creditors and employees," the statement continued."

SCO officials declined to answer questions about the arrangement late Thursday.

Jeff Hunsaker, president and chief operating officer of SCO Operations, said in a statement that the deal not only would allow the company to emerge from bankruptcy "but it also marks an exciting future for our business. This significant financial backing is positive news for SCO's customers, partners and resellers who continue to request upgrades and rely upon SCO's UNIX services to drive their business forward."

A new business plan has been established for the company, "that includes unveiling new product lines aimed at global customers. This reorganization plan will also enable the company to see SCO's legal claims through to their full conclusion."

Stephen Norris, managing partner for SNCP, said in a statement that his company sees "tremendous investment opportunity in SCO and its vast range of products and services, including many new innovations ready or soon to be ready to be released into the marketplace. We expect to quickly develop these opportunities, and to stand behind SCO's existing base of customers and partners."

This isn't the first financial proposal made for SCO since it filed for bankruptcy. Last October, the company announced a "potential" $36 million payment for SCO's Unix business from JGD Management Corp., an umbrella business of New York-based investment firm York Capital Management LLC. The deal did not go through.

In recent months, SCO has been focusing on its initiatives for software aimed at mobile devices. In the last two weeks, SCO unveiled layoffs of about 30 workers as part of a reorganization plan. The announcement was made in a Form 8-K filing with the U.S. Securities and Exchange Commission.

Microsoft executive shakeup prepares for Yahoo acquisition

Microsoft confirmed a number of high-level executive changes, moves that could be designed to better position the company to digest an acquisition of Yahoo, an analyst said.
In addition to a number of executive promotions, Microsoft announced that Bill Veghte, senior vice president of the Online Services and Windows Business Group; Satya Nadella, senior vice president, Search, Portals and Advertising Group; and Brian McAndrews, senior vice president of Microsoft's Advertiser and Publisher Solutions Group, are all taking on new responsibilities in running Microsoft's online services, including Windows Live, Search and MSN.

Microsoft may be positioning Nadella to take on the responsibility of the technical integration of Yahoo if the acquisition happens, said Rob Helm, an analyst at Directions on Microsoft. "Microsoft is anticipating a shift in its online strategy around the purchase of Yahoo, which means, among other things, that they're replacing people running the old strategy," he said.

If Nadella is being brought in to integrate Yahoo into Microsoft, he doesn't have the best track record, said Helm. He was the head of the Microsoft Dynamics unit and was charged with integrating a couple of other acquisitions, including Great Plains. "On his watch, relatively little happened in the way of successful integration," said Helm. However, Nadella had the post for just a year, so perhaps he didn't have the opportunity to do more, he said.

Steve Berkowitz, senior vice president of the Online Services Group, is moving out of a role in Microsoft's online group. He'll step down from his position in August, Microsoft said. He plans to stay with the company, but Microsoft did not say in what capacity.

Despite these positioning moves, the Yahoo deal is still uncertain, Helm said. "It's still up in the air, though it seems unlikely that Microsoft would walk away after a bid like this," he said.

Microsoft also said that Andy Lees, who leads marketing for the Server and Tools Marketing and Solutions group, will take over for Pieter Knook as senior vice president of the Mobile Communications Business. Word of Knook's departure surfaced on Thursday with an announcement from Vodafone that he'd joined the mobile operator.

Lees' appointment, as someone with a marketing background, seems to follow a shift in the mobile group toward a focus on consumers, Helm said. Microsoft recently announced plans to buy Danger, a youth-focused mobile software company, and appointed a new marketing executive to target consumers. Pressure from the iPhone, which has done remarkably well in a very brief time, could be driving the shift in strategy for the mobile group at Microsoft, Helm said.

Other announcements from Microsoft include news that Brad Brooks will take over for Michael Sievert, who is leaving the company, as corporate vice president of Windows Consumer Product Marketing. Steve Guggenheimer will become corporate vice president of the Original Equipment Manufacturer Division, moving on from a marketing position with Microsoft's Application Platform effort.

HP settles pretexting cases

Hewlett-Packard settled cases with The New York Times Company and three BusinessWeek journalists Wednesday after being caught spying on reporters in 2006.
The parties did not disclose the size of the settlements. HP has already paid US$4.5 million in a civil-case settlement with the State of California related to the incident.

The New York Times plans to donate its settlement money to charity, said Terry Gross, the attorney representing the company and the BusinessWeek reporters.

HP said it was pleased to put the matter behind it and happy that the award would go partly to charity.

The case followed revelations in 2006 that HP had hired investigators to try to find the source of internal company leaks to the press. The investigators, however, were found to have used fraudulent methods to obtain the reporters' phone records. State and federal laws have since banned the practice.

"The New York Times and the BusinessWeek reporters brought this action because they believed that this type of illegal activity aimed at silencing the press should not be allowed," Gross said.

The scandal shook up the executive leadership at HP, with the chairman, another board member and the company's general counsel all stepping down.

HP faces other outstanding lawsuits relating to the incident.

Red Hat's JBoss dons Black Tie to target BEA Tuxedo

Red Hat Thursday revealed a JBoss middleware project aimed at displacing BEA's Tuxedo transaction-monitoring engine, which has a significant legacy install base.
At its JBoss World conference in Orlando, Red Hat unveiled JBoss BlackTie, a project for integrating Java and legacy-based distributed transaction-processing environments. The new product will complement and extend the current JBoss transaction-monitor project, JBoss.org Transactions, through the addition of C, C++ and mainframe-compatible transaction capabilities, according to Red Hat.

JBoss, the open-source middleware company purchased by Red Hat in April 2006, already had built its reputation by commoditizing the Java-based application server market once dominated by BEA's WebLogic, which soon will become an Oracle product once the software vendor completes its purchase of BEA.

Now JBoss aims to go after the Tuxedo install base, which Sacha Labourey, vice president of engineering middleware at Red Hat JBoss, said represents "tens of millions" of dollars in revenue opportunity. "BlackTie is about helping companies migrate away from one of the key legacy lock-ins out there, Tuxedo," he said.

The BlackTie project will focus on building technology that can emulate transaction-processing monitor application programming interfaces, such as the ones for Tuxedo, and can provide open-source legacy services such as security, naming, clustering and transactions. According to Red Hat, the project is aimed at giving enterprise users the opportunity to easily integrate their C, C++ and mainframe applications into JBoss Java-based environments.

Code for the BlackTie project will be available in about 60 days. Eventually, Red Hat will offer its own enterprise version of both BlackTie and the JBoss Transactions projects.

Red Hat has been trying to integrate the JBoss Java-based middleware with its Linux business to become a multiproduct company. News this week at its JBoss World conference is aimed at dispelling the notion that Red Hat can't move beyond its Linux roots to offer an entire portfolio of open-source products for application development, integration, management and the like.

JBoss gave its software away and charged for consulting and services. Red Hat has a ".org" community version of its Linux product for anyone to use, as well as a more robust enterprise version for large-scale deployments. The company is taking the same approach with JBoss by having JBoss.org community for open-source and freely available products, and the JBoss enterprise middleware products that have fees attached to them. The BlackTie project falls under the former category.

In addition to BlackTie, Red Hat also Thursday unveiled the global availability of its JBoss Enterprise SOA Platform, which originally was expected to be available by the end of last year.

The JBoss Enterprise SOA Platform includes JBoss ESB (enterprise service bus), which includes integration, transformation and a registry and repository for services. IT also includes service orchestration and workflow with the JBoss jBPM product and business policy and rules management and integration with the JBoss Rules product. The JBoss SOA platform is aimed at competing with proprietary SOA infrastructure from companies such as Microsoft, Oracle and IBM, and is part of JBoss' enterprise middleware offerings.

Eventually, there also will be a business analysis component to JBoss' SOA platform, which will make it more competitive with current SOA infrastructure offerings on the market, said Craig Muzilla, vice president of Red Hat's Middleware Business.

Red Hat also launched two other JBoss.org projects Thursday. One is a management platform jointly developed with Hyperic called RHQ. Eventually, RHQ project will serve as the code base for JBoss Operations Network v2.0 (JON 2.0), due out by midyear.

The RHQ project aims to develop a common services management platform that will be used in future versions of both the JBoss middleware and Hyperic's products, said Katrinka McCallum, vice president of Red Hat's newly established Business Management Unit.

Source code for RHQ is available for licensing now under the GPL open-source license. The code, as well as additional project information and community forums, are accessible online at the project's Web site.

Red Hat also introduced a JBoss SOA governance project aimed at keeping track of how enterprise composite applications and services are developed, deployed and managed throughout their life cycle. The first open-source code for the project, JBoss.org DNA, will be available in 30 days, with more products and source code to come to tackle other areas of governance, according to Red Hat.

SIIA sues eBay-based software sellers

Online auction giant eBay has been slow to respond to concerns about pirated software being sold there, prompting the Software & Information Industry Association to file nine lawsuits against eBay-based software sellers, an SIIA official said.
The SIIA believes it is necessary to file the lawsuits, because eBay has been largely uncooperative in cracking down on software piracy, said Keith Kupferschmid, senior vice president of the trade group's antipiracy division.

"We haven't had very much success in getting [eBay] to work with us," he said.

SIIA has asked eBay to stop "buy it now" and one-day auctions for software, but eBay has not complied, Kupferschmid said. In many cases, sellers offering pirated software are looking to sell it quickly, he said. SIIA also asked eBay if the trade group could buy banner advertisements warning about piracy when a user is looking at software, but the auction site declined, Kupferschmid added. "We shouldn't have to do that," he said. "EBay should do that themselves."

Two eBay spokespeople didn't immediately respond to a request for comments on SIIA's position.

The lawsuits, filed in U.S. District Court for the Northern District of California, are the largest round the SIIA has filed since launching its auction-site antipiracy program two years ago, the trade group said in a news release. Seven of the lawsuits were filed Wednesday, the SIIA said. Two others were filed two weeks ago. Most of the lawsuits target eBay sellers of Abobe PhotoShop CS3; one of the lawsuits targets a seller of several Symantec software packages.

The defendants are from Texas, California, Washington state, Illinois and New Jersey.

"SIIA has declared war against those who continue to sell pirated software on auction sites such as eBay," Kupferschmid said. "Our goal is to give illegal software sellers a rude awakening, so that unsuspecting software buyers and legitimate sellers are protected. For too long, auction sellers have been able to sell pirated software while risking only the removal of their auction."

Since launching its Auction Litigation Program about two years ago, SIIA has filed about 20 lawsuits, not including the nine from the last two weeks, Kupferschmid said. The SIIA has won about six of those lawsuits in court, but in every case, the lawsuits have resulted in the seller stopping unauthorized sales of software, he said.

"Ultimately, they have stopped selling the illegal software, and that's what we're trying to do here," he said.

Most analog cellular to fade away on Monday

You may think of sunsets as something nice to look at, but if you have an older cell phone or a home alarm system, there's one coming up on Monday that may not be so pretty.
That day, the U.S. Federal Communications Commission will let mobile operators shut down their analog networks. It's called the "analog sunset" because those AMPS (Advanced Mobile Phone System) networks, which were first deployed in the 1980s and brought cellular service to millions of Americans, will finally disappear behind the digital networks that serve almost all mobile phones in use today.

The biggest U.S. mobile operators, AT&T Wireless and Verizon Wireless, will close down their analog networks that day. At the same time, AT&T will turn off its first digital network, which uses TDMA (Time-Division Multiple Access) technology. (Sprint Nextel and T-Mobile USA don't have analog networks.) Calls to some small, rural mobile operators indicated that most of them plan to shut down AMPS, too.

There aren't many mobile phones out there that will go dark after the analog sunset, according to the big carriers, which have been warning subscribers about the change for months and offering them incentives to switch over.

"We're talking about a very, very small number of customers here," said AT&T spokesman Mark Siegel. He estimated that 99.9 percent of AT&T's traffic is carried on GSM (Global System for Mobile Communications). Verizon spokeswoman Debra Lewis estimated that less than 1 percent of that carrier's subscribers were on analog even before it started a big effort to reach them last year. Neither gave exact numbers of subscribers. But given that those operators have about 60 million subscribers each, the number might still be in the hundreds of thousands.

However, AMPS isn't only used for cell phones. Many alarm companies use the system to alert police or fire departments to emergencies at homes or businesses. About three years ago, the Alarm Industry Communications Committee (AICC) industry group took a survey which revealed that just under 1 million of the approximately 30 million monitored home and business alarm systems used an analog cellular network, said AICC chairman Louis Fiore. About 850,000 of them used the system only as a backup in case the phone line was cut, he said.

Alarm manufacturers are now replacing many of those analog systems with digital ones, Fiore said. About six months ago, the manufacturers believed there were about 400,000 AMPS systems still in the field, he said.

"There are some small companies out there that probably have not made the conversion yet," Fiore said.

One problem is that, except for a few high-end CDMA (Code Division Multiple Access) monitoring systems, all digital cellular alarms today rely on GSM, Fiore said. That creates a problem in areas that have good CDMA coverage but poor GSM, and Fiore has heard from at least one alarm company in Colorado that has customers outside of GSM's reach. Until now, they have been relying on analog cellular.

Some users of wireless roadside assistance have also been left behind in the transition. General Motors launched its OnStar system in 1996 on AMPS and later switched to CDMA. The automaker didn't wait for the Feb. 18 deadline but instead shut down its analog service on Jan. 1. In a statement on the transition last year, GM said about 90 percent of its subscribers' cars had CDMA or could be converted to use it. Others would lose their OnStar service. The wholly owned subsidiary of GM said last October it had about 5 million subscribers.

Last March, two OnStar customers in Pennsylvania, Robert and Sarah Gordon, sued GM for leaving analog subscribers behind. They are seeking damages and an injunction to force OnStar and GM to provide repairs or upgrades, and they want to turn the suit into a class action. It has been consolidated with a handful of other actions in the U.S. District Court for the Eastern District of Michigan.

Among cell-phone subscribers, the analog sunset is most likely to hurt so-called "glovebox users," said IDC analyst Scott Ellison. These are users, often elderly, who just keep a cell phone in the glovebox in case their cars break down. They usually don't feel a need to update their handsets.

"If you know that you have some kind of wireless link or wireless communications device and you're unsure whether you are affected, call your service provider," Ellison advised. A tip about phones: "If it has a color screen, you should be fine," he said.

AICC's Fiore gave similar advice. Some consumers have ignored potential problems with alarms because they confused the analog cellular shutdown with the end of analog TV, which won't happen until next January, he said. If you notify your alarm provider and they are prepared to go digital, all a repair person will have to do is come into your home and replace the radio, possibly moving it to another part of the house with better GSM coverage, Fiore said.

The perils of the analog shutdown point to a mismatch between technology lifecycles, IDC's Ellison said. Cars and home appliances often stick around for many years, while wireless technology changes more quickly. In fact, Illinois Valley Cellular, in rural Marseilles, Illinois, serves few analog phone users but plans to keep its analog network running after Feb. 18. That's because wind turbines that generate electricity in its service area still use AMPS radios to exchange operating data, according to Data Routing Manager Pam Craig. Replacing those radios would be difficult and expensive.

But as new technology comes along, such as cellular networks that use scarce radio spectrum more efficiently, the old often has to give way, Ellison said. As technology rapidly advances, will it happen again to wireless networks we take for granted now? "It probably will," he said.

Woman hits Best Buy with $54M suit for losing laptop

A Washington, D.C., woman has filed a lawsuit seeking US$54 million in damages from Best Buy after the electronics retailer lost her laptop computer last year.
The lawsuit was filed in D.C. superior court last November but was publicized in media outlets this week. According to plaintiff Raelyn Campbell, Geek Squad technicians at Best Buy's Tenleytown, D.C., store lost the computer sometime around July 2007, then the company misled her about its whereabouts for a few weeks before finally admitting on Aug. 9 that it had been lost.

Best Buy offered Campbell $1,110 and a $500 gift card in compensation, something she calls a "lowball" offer on a blog she has devoted to the issue.

According to her, the point of the lawsuit is to publicly embarrass Best Buy into changing its privacy policy in such cases.

"To me, the big issue is not the low-balling and bullying tactics, but Best Buy's systematic disregard for its customers' personal information and potential exposure to identity theft," she wrote in her blog. "I am hoping the attention that the lawsuit and this website generate might motivate Best Buy and other consumer electronics stores entrusted with products that contain consumers' personal information to adopt thorough procedures and policies to safeguard customers' property and personal information against theft."

Best Buy can't say much about the issue because it's still before the court, but the company is working to find out what went wrong, according to company spokeswoman Nissa French.

"We're obviously embarrassed and disappointed that we were unable to resolve this customer's issue. We've tried to resolve this dispute and feel badly that it escalated to a lawsuit," she said in an e-mail.

Campbell could not be reached for comment.

On her blog, she admitted that the $54 million in damages she was seeking was an "absurd amount," but said that she chose such a large sum in order to draw attention to the problem.

Laptop thefts are frequently the source of widely publicized data breaches. On Wednesday, Lifeblood, a Memphis, Tennessee, blood collection agency, said it was notifying 320,000 blood donors after two of its laptops went missing. The computers contained personal information including Social Security numbers.

The issue of computer retailers and repair shops losing consumer laptops has not gained much attention, but Campbell believes these companies have a "legal and moral obligation" to safeguard confidential information on computers that are entrusted to them.

Although Campbell's situation is an unusual one, it makes sense for Best Buy to take extra steps to protect its customers' privacy by offering ID theft protection services, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearinghouse, a privacy advocacy group that tracks data breaches. "We're talking about a loss of something that's been entrusted to them," he said. "As a bare minimum, they should be doing that."

BenQ to start T80 mobile near field communications trial

Next month, residents of a Farglory Land Development housing project in Taiwan will be invited to test a new mobile phone from BenQ, the T80, that uses NFC (near field communications) technology to access home security systems and pay for items including subway rides.
Farglory has teamed up with the island's largest telecommunications provider, Chunghwa Telecom, on the trial, which starts early next month, a BenQ representative said. The T80 is one of BenQ's latest smartphones. It runs on Microsoft's Windows Mobile 6.0 OS and allows NFC from either the SIM card (subscriber identity module) or from a microSD card.

The handset also works with Chunghwa Telecom's Combi SIM card, an e-wallet with enough memory to keep record of transactions as well as other service applications. The Farglory project will allow residents of certain apartment complexes to access home security systems in order to turn alarms on or off and receive status updates.

The telecom provider plans to add functions continuously to the handsets as time goes on. BenQ's T80 handset can also be used as a remote control for home entertainment centers as long as a user's equipment supports DLNA (Digital Living Network Alliance) technology.

The T80 boasts a 2.2-inch screen, a 3.0-megapixel camera and can time automatic wallpaper changes, in addition to smartphone computing functions similar to a PDA (personal digital assistant). The handset's appearance next month in Taiwan will be the first time it has been marketed anywhere in the world, according to BenQ.

BenQ will release another NFC-enabled handset in June in tandem with Taiwan Mobile, another service provider on the island. The T60 is only 8.9-millimeters thick yet carries a 2.2-inch screen and a 2.0-megapixel camera and an audio player.

BenQ declined to discuss further details of the Taiwan Mobile agreement.

Yahoo tightens on staff quality in India

Yahoo has trimmed some staff in India as part of an exercise to improve the quality of its research and development (R&D) team in the country. The company has removed less than 5 percent of staff after they failed in a performance appraisal, according to an informed source. Yahoo employs 1,500 staff in India in R&D and its sales and marketing operations.
However, the company continues to hire more staff in India. While declining to confirm the staff cuts, a spokeswoman at Yahoo said Thursday that the company has doubled staff in India each year, and is likely to do so this year as well. "We continue to build a high performance culture in India," she said.

IBM and Indian outsourcer Tata Consultancy Services have also trimmed under-performing staff in India, although both have said that the staff cuts are routine annual exercises to weed out under-performing staff. As staff costs in India increase because of shortage and competition, companies may be getting a lot tighter on quality, according to some analysts.

Yahoo announced in January plans to let go about 1,000 of its global staff in February.

Yahoo sends letter to shareholders over Microsoft bid

Yahoo CEO Jerry Yang cited the growing online advertising market and his company's position to take advantage of that growth as reasons for shareholders to reject Microsoft's acquisition bid, he said in a letter to shareholders Wednesday.
The letter, the contents of which Yahoo made public Wednesday, stated that Microsoft's February 1, $44.5 billion unsolicited takeover offer was too low. Yang said that Yahoo is the most visited site in the United States, held the top position in online display advertising, and counted almost one out of two of the world's Internet users as its members. He also said Yahoo is the top mobile destination in the U.S.

Yang did not cite sources for most of his claims. However, comScore Networks research from November 2007 confirmed Yahoo's online display advertising leadership, with almost 19 percent of the market.

The online ad market is expected to grow from $45 billion last year to $75 billion in 2010, Yang said, and that Yahoo wanted "to take advantage of what we see as a unique window of time in the growth -- and evolution -- of this market to build market share and to create value for stockholders."

The company plans to grow visits to its properties "by 15 percent per year over the next several years," although did not specify how. He also said that Yahoo's own search marketing system, Panama, along with two 2007 acquisitions -- Right Media and Blue Lithium -- would "complement and enhance Yahoo!'s existing capabilities and will make it easier for advertisers and online publishers to buy and sell advertising online."

Both Yahoo and Microsoft have struggled to compete with Google's success in online advertising, specifically its paid search and Adwords programs. Based on the same comScore data, Microsoft captured only 6.7 percent of online display ads. That poor performance is seen as the main impetus behind its move for Yahoo.

The letter made no mention of talks with News Corp. for some sort of share swap, intended either to offset Microsoft's interest or force the software company to boost its bid for Yahoo, as reported late Wednesday in The Wall Street Journal.