- MS: Patching obsolete OSes gives 'false sense of security'
- HP banks on Voodoo magic
- Days of Awe 2.0
- ZERT patches unsupported Windows
- MS offers Orcas CTP
- GE brings data leak trend to light
- MS antisphishing tool wins MS bakeoff
- Day-trade grid-style with Gstock
- W3C boosts Web access for disabled
- Litigants to AOL: Thanks for nothing
September 29, 2006 | Comments: (0)
MS: Patching obsolete OSes gives 'false sense of security'
Microsoft is responding to the latest effort by a group of security researchers to patch a hole it its products. As TechWatch reported earlier today, ZERT, the Zeroday Emergency Response Team, has released a patch for a Virtual Markup Language (VML) hole in unsupported versions of Windows, including Windows '98 and some versions of Windows 2000.
In an e-mail response to TechWatch, Microsoft said, through its PR agency, Microsoft said that the company "is aware of third party mitigations that attempt to block exploitation of vulnerabilities in Microsoft software." The company "appreciate(s) the steps these vendors and independent security researchers are taking to provide our customers with mitigations," but doesn't vouche for ZERT's patch. Duh.
On the issue of patching unsupported OS's, though, Microsoft is a bit more stern. "These products have reached the point of architectural obsolescence. It would be irresponsible to convey a false sense of security by extending public support for these older products," the company said in an e-mail.
Maybe so, but I'm guessing enterprise networks with vulnerable '98 and W2K boxes will choose false security over no security at all.
Posted by Paul Roberts on September 29, 2006 02:36 PM
September 29, 2006 | Comments: (0)
Already cursed by allegations of naughty behavior, HP is now about to dabble in Voodoo.
Specifically, the company has announced plans to acquire Calgary, Alberta, Canada-based VoodooPC, a maker of high-end PCs for gamers.
"HP is already a market leader in two of the three major segments in the gaming market by providing industry-leading workstation solutions for game development and powering the largest online game services," said Todd Bradley, executive vice president, Personal Systems Group at HP, in a written statement. "Together with VoodooPC's leadership and influence, HP will have the expertise to become the leader in the gaming customer segment."
The company appears to be following the lead of Dell, which last March beamed up Alienware, another gamer-oriented-PC boutique.
Once the transaction closes in November, HP will form a separate business unit within its Personal Systems Group focused on the gaming industry. VoodooPC co-owner Rahul Sood will become chief technologist for the unit and co-owner Ravi Sood will become the unit's director of strategy, according to a statement from HP.
In his blog, Sood goes into great detail about the decision leading up to selling the company to HP:
"HP's management team is comprised of a totally focused, forward thinking group of people. With a little bit of oil and elbow grease they are getting rid of the excess inefficiencies that the company has gained over the years. Under Mark Hurd and Todd Bradley HP is transforming into the most deadly PC company in the world. They also share a common goal with us at Voodoo.""HP is hungry for new innovations, and if you can imagine what plugging our corporate DNA into their labs would do - well, you get the picture. We are now in the position to create absolutely fantastic products in all categories. Voodoo and HP are complementary opposites. This deadly combination of Voodoo's gaming/luxury PC expertise and our brand DNA and influence, with HP's innovations, scale, and leverage is going to lead to some of the most compelling machines money can buy."
(Sood also links to an interesting blog entry about his discussions with Michael Dell prior to the company's purchase of Alienware.)
Will this be a good move to HP? Time will tell. The company's stock has slowly increased over the past few days.
Terms of the deal weren't disclosed, and InfoWorlders were reluctant to probe too deep for fear of pretexting.
Posted by Ted Samson on September 29, 2006 01:58 PM
September 29, 2006 | Comments: (0)
These are weighty days for those of us who are Jews. In fact, the 10 days between Rosh Hashanah, the Jewish New Year, and Yom Kippur, the Day of Atonement, are Yamim Noraim -- the Days of Awe, a time when Jews the world over reflect on their lives and their actions, fast, ask forgiveness of those we've sinned against and pray like crazy that G-d inscribes our names in the book of life.
But, let's face it, all that fasting and reflecting can be pretty isolating, so what better time to launch a social networking site just for Jews? That's the idea behind Koolanoo.com
Basically, this is another take on sites like Myspace, LinkedIn or Facebook. You can set up a profile with pictures, likes, dislikes, link to friends, etc. - but all with a distinctly jewish flair. The discussion groups sport thread like: "Skype in Hebrew," "The Top 10 Most Influential Jews are," "Would you marry for money?" and how to become a "Koolanoo Celebrity."
But, as this viral video ad for the new service suggests, the main draw for Koolanoo may be a bit more *ahem* earthly in nature, and lurk somewhere behind the "dating" and "hookups" tabs.
Still, dates and hookups are easier said than done. This is a pretty international crowd. With members scattered across from the globe from Israel, the U.S., and Hong Kong to the EU, "hooking up" Koolanoo style may involve a 6 to 15 hour flight. But, heck, with around 160 nobel prize winners and actors including Sarah Michelle Gellar, Alicia Silverstone, Natalie Portman, Kate Hudson, Scarlett Johansson, Zac Efron, Evan Rachel Wood and Sara Paxton in "the tribe," it's probably worth it! ;-)
Posted by Paul Roberts on September 29, 2006 01:22 PM
September 29, 2006 | Comments: (0)
ZERT patches unsupported Windows
The Zero Day Emergency Response Team (ZERT) has issued a patch for the Vector Markup Language (VML) vulnerability that works for unsupported versions of Microsoft Windows, from Windows 98 right up through Windows 2000, SP3.
The group of volunteer security experts, which came out with an unofficial patch for the VML hole on September 22, four days before Microsoft broke from its monthly patching schedule to fix the hole, believes that VML is still a serious problem and that a fix for non-supported OS's is necessary, Gadi Evron, a ZERT member, told TechWatch. However, the group recommends patching supported Windows versions, such as Windows XP, with the official patch: MS06-055, which was released on September 26. That patch, which was rated critical, is only available for Windows versions starting with Windows 2000, Service Pack 4.
Posted by Paul Roberts on September 29, 2006 12:07 PM
September 29, 2006 | Comments: (0)
Microsoft is offering a Community Technology Preview (CTP) of the planned "Orcas" release of the Visual Studio tools platform, which features a virtualization format for distribution.
Orcas delivers on Microsoft's smart client applications vision by enabling developers to quickly build connected applications providing high-quality rich user experiences, the company said. More secure, manageable and reliable applications leveraging Windows Vista and the 2007 Office System are pledged.
"As interesting as this release is for its 'new bits' value alone, what's equally interesting to me is the means by which we're distributing it - as a virtual machine that you can use with Virtual PC or Virtual Server (both of which are now freely available - Virtual PC is now free)," said Rob Caron, Microsoft lead product manager for Developer Tools Content Strategy, in his blog. "By using Microsoft virtualization technology, you'll automatically have a sandboxed environment for trying pre-release software. At the same time, you won't have to suffer through the challenge of an evolving setup experience."
The general release of Orcas is expected to happen after the Windows Vista OS ships; Vista is due to businesses later this year.
The CTP is available here.
Posted by Paul Krill on September 29, 2006 09:29 AM
September 28, 2006 | Comments: (0)
GE brings data leak trend to light
Personal data continues to spill out of high-profiles. When will anybody give a dam? (Lousy pun intended.)
The most recently reported spill comes from GE. According to reports, one of the company's employee's laptop was swiped from his hotel room early this month. The system contained personal data of 50,000 GE employees, including their names and Social Security numbers.
GE's response has been pretty typical: Employees have been notified. They don't think their data's been misused. A year of free credit-monitoring has been offered. (2006 has no doubt become a boon year for the credit-monitoring industry. For those of you who haven't noticed, a year of free monitoring has become the de facto consolation prize from companies who have let their customers' or employees' personal data become compromised.)
So it looks like data leaks really are becoming business as usual. Is that a surprise? The fact remains that companies currently have no incentive to take strides in better protecting that kind of data. There've been no reprecussions to speak of, save for a bit if bad press, perhaps. (Well, the Dept. of Veteran Affairs, which suffered some leaks a while back, is taking action by implementing encryption, but that's more for political reasons, one would think.)
Of course, some people might point to a recent survey from Pleasanton, Calif.-based analyst firm Javelin Strategy & Research: "Javelin's research showed that despite recent hype, data breaches were responsible for just 6 percent of all known cases of identity theft, compared to 30 percent from incidents like losing one's wallet," Computerworld reported.
That's all well and good, but it's certainly no reason for companies to rest on their laurels, nor for consumers to breath an easy sigh of relief. Just give cybercriminals more time, and we'll start to see an increase of clever scams using stolen data, like how we saw AT&T leaked data used recently for an intricate phishing ploy.
No, I am not trying to be an alarmist here, but I am advocating that companies start working now on strategies to plug up data leaks. I predict that eventually, a company will be held accountable when its customers and employees fall victim to identity theft, and it will have to pay through the nose.
What do you think? Should companies be doing more to protect user data? Or is it really just an overblown threat?
Posted by Ted Samson on September 28, 2006 11:46 AM
September 28, 2006 | Comments: (0)
MS antisphishing tool wins MS bakeoff
Microsoft sponsored a study comparing the effectiveness of antiphishing technologies and, surprise surprise, the company's IE 7 anti-phishing technology came out on top, according to a post on the IE Blog.
The study, which was conducted by 3Sharp, compared antiphishing toolbars from Microsoft, NetCraft, Google/Firefox, AOL, EarthLink, eBay, Geotrust, Netscape and McAfee. The study used a "standardized set of 100 known phishing Web site URLs and 500 known good URLs to see how well each anti-phishing technology flagged both phish and legitimate URLs."
Antiphishing toolbars were evaluated by "how well it did two things: warn or block the user from actual live phishing Web sites, and refrain from incorrect warnings or blocking on legitimate Web pages."
Toolbars were rated on a scale from 0 to 200, where "0" is the equivalent of having a browser with no antiphishing technology and 200 is a perfect antiphishing product that "caught all the known phish without making any mistakes by falsely warning or blocking any good URLs as phish."
Microsoft's Phishing Filter (MPF) in IE 7 Beta 3 received the highest "composite score" at 172, followed closely by NetCraft's toolbar with a composite score of 168.
But when you dig into the numbers, another story emerges. First of all, IE's MPF antiphishing toolbar doesn't top out any of the individual tests that make up the composite score. It finished second to GeoTrust's toolbar in spotting known phishing URLs (%89 percent catch rate, compared to %99 percent for GeoTrust). True, it didn't misidentify any known-good Web sites, but neither did five of the other toolbars tested.
So how did MPF end up on top? It boils down to how 3Sharp calculates that "composite score." As the group says, it intends the composite score to represent how good the phishing toolbar was compared with no protection at all. So the survey assigned greater points for blocking malicious sites than just warning about them, and more for warning about them than for doing nothing. On the flip side, blocking or warning on a good site cost more than doing nothing about a known good site.
So in the end, Microsoft didn't do the best job of spotting phish sites, but it did do the best job of blocking the ones it did spot, and blocking was what garnered the most points. In contrast, GeoTrust found almost all the phishing sites that were thrown at it, but doesn't have a blocking capability, and only warns users. GeoTrust also stepped in it, big time, when it came to false positives: a whopping %32, compared with just %1.6 for the next highest contender, EarthLink, and %0 for everyone else. That's outrageous!!
Moving on...NetCraft blocked all %84 percent of the sites it correctly identified, and that was better than Microsoft's %83 block rate, but Microsoft warned on another %6 percent that NetCraft didn't so...Microsoft WINS!!!!
Unfair? Possibly. Blocking a phishing Web site earned you twice as many points as just warning about it in this test, but is blocking really twice as effective as just warning users? That's reasearch that needs to be done. It certainly seems like 3Sharp's study may have been an outcome in search of a method -- but that wouldn't be anything new for vendor sponsored studies. After all, we can assume that if the numbers hadn't come out favoring IE7, we probably would never have seen this study. But hey, it's Microsoft's money.
But while we're at it, why not talk about the stinkiest antiphishing technology. According to 3Sharp, that honor belongs to McAfee's SiteAdvisor, which recorded a composite score of...hold your breath: "3." That's right: 3.
Shane Keats, of SiteAdvisor cries foul on that. "It's silly and wrong. We don't claim, anywhere, to offer phishing protection. In fact, we're pretty explicit that we don't."
True enough. SiteAdvisor is more of a malicious Web site detection service that can spot "fishy" rather than "phishing" Web sites -- developing a kind of reputation service for Web sites of all sorts -- will they misuse your personal inofrmation, have they distributed spyware or other malicious code, etc. Phishing and ID theft are part of that...kind of...but its just a piece.
Posted by Paul Roberts on September 28, 2006 09:55 AM
September 27, 2006 | Comments: (0)
Day-trade grid-style with Gstock
GStock.com launched Wednesday what it said was the first-ever virtual supercomputer dedicated to stock picking.
The company said its new site harnessed the computing power of Internet-linked volunteer computers around the world, calculating and scanning stocks 24 hours a day, with over one billion strategies tested per stock, for "profitable trades with a high degree of certainty", said Oren Rossen co-founder of GStock.com.
So, just how certain is it? The company said it tested over a two and a half year period and it yielded an average 5.1% return per trade over a 53-day period, with 21,000 of the 30,000 trades -- or 70 percent -- yielding profits.
Tal Schwartz, Ph.D in Finance and Economics Instructor, California Institute of Technology, said in Gstock.com's press release: "Building a virtual supercomputer to test billions of algorithms in search of profitable investment strategies is certainly a tremendous leap forward in personal finance and portfolio management."
I'm looking for some analysts to comment and will post their response if I get one.
Hey day-traders: Would you trust your investing to a grid-style supercomputer? Talk back to us.
Posted by Mike Barton on September 27, 2006 09:18 AM
September 26, 2006 | Comments: (0)
W3C boosts Web access for disabled
The World Wide Web Consortium (W3C) on Tuesday published documents providing developers with assistance on making dynamic Web content usable to persons with disabilites, as part of the organization's Web Accessibility Initiative (WAI).
Documents published include the first working public drafts of the Accessible Rich Internet Application (ARIA) suite, including the WAI-ARIA Roadmap, WAI-ARIA Roles and WAI-ARIA States and Properties.
"As people are demanding more from the Web - more information, more responsive applications and richer experiences - an explosion in technologies that exclude access to many people is growing. This new suite of documents being rolled out is significant because they will help developers gain access to the tools needed to support persons with disabilities on the Web," said Rich Schwerdtfeger, IBM Distinguished Engineer and author of the WAI- ARIA Roadmap, in a prepared statement released by W3C. "ARIA is our first step to bring the richer, dynamic Web content experience to all users of the Web, by providing technology enhancements and examples for better, more accessible implementations."
The roadmap document describes an approach for ensuring interoperability between rich Internet applications and assistive technologies used by people with disabilities. The approach relies on technologies developed or under development by W3C, such as the XHTML Role Attribute Module. Also, the roadmap presents a gap analysis identifying technologies that may still be needed to ensure accessible rich Internet applications. Companion documents explain how to bridge those gaps.
Posted by Paul Krill on September 26, 2006 05:33 PM
September 26, 2006 | Comments: (0)
Litigants to AOL: Thanks for nothing
Some former users of AOL have filed a lawsuit against the one-time ISP king in reponse to it sharing users' personal search data with, well, the world.
Perusing their lawsuit filing may better illustrate just why they're resorting to litigation. Seems some AOLers did complain to the company. And according to the filing, all that AOL offered to appease them was a month of free service.
Free service, huh? Is it anything like the free service AOL is already providing? And a whole month's worth, no less!
Nice, guys. If that's true, it's like a restraunteur offering a food-poisoned patron complementary bread and tap water with his next meal. Your offer is pathetic to the point of being insulting, and odds are, he's not coming back to take you up on it.
I suspect even the paid subscribers -- those doling out as much as $25.95 a month for "premium" dial-up service or $14.95 for DSL -- weren't particularly dazzled by the offer.
Notably, AOL does offer a "Privacy Wall with as much as $10,000 ID Theft Insurance coverage" with its premium services. Is there "We Won't Share Your Personal Search Data With the World Again Insurance" coverage?
Posted by Ted Samson on September 26, 2006 12:44 PM
September 26, 2006 | Comments: (0)
Yahoo imposes unpaid winter break
Yahoo employees looking for a good excuse not to visit the in-laws in Bumpass, VA this holiday season won't be able to claim they'll be stuck at the office.
First revealed on Valleywag, Yahoo has told its 10,000-plus employees that it's closing down its U.S. offices for the week between Christmas and New Year's and that workers are required to burn unused vacation time for the duration.
According to the internal memo sent around to Yahoos, those who have the vacation time accrued will automatically have it docked from Dec. 26 through Dec. 29. Those who don't are permitted to borrow future vacation days.
Following are excerpts from the memo:
"This makes good business sense and is common practice for many media and technology companies during what is traditionally a quiet work week. ... This will allow many US Yahoos to enjoy guilt-free time-off while helping Yahoo! reduce unused vacation time. ...""Taking a little time-off during a work week when so many of our partners and advertisers are also closed is the prudent thing for Yahoo! to do. Please contact your manager or human resources business partner for additional information and please enjoy the time off!"
Yahoo has since confirmed the accuracy of the memo, according to AP: "Yahoo spokeswoman Joanna Stevens confirmed the e-mail's authenticity, as well as the company's closure plans. 'This will make sure everyone has time to recharge their batteries,' Stevens said."
The move is likely indicative of the stiff competition that Yahoo faces in the race among search engines for online ad revenue. Stevens described the savings of the forced break as "minimal."
So here's my two cents on the subject: If the savings are minimal, why bother? Yahoo is undoubtedly frustrating a lot of employees by imposing this vacation on them -- particularly those who don't really want or need time off between Christmas and New Year's.
Maybe Yahoo should have made it optional, encouraging employees to take time off for the good of the team. Or perhaps the company could have offered a little incentive. But dictating to employees how they're going to use their hard-earned vacation time, then trying to frame it as some great benefit, doesn't strike me as an optimal HR or managerial manuever.
Plus when companies start making sudden and rather unorthodox budget cuts like this, you know that at least a few employees are going to start updating their resumes, and some stockholders might be a little less enthusiastic about your company's future.
What do you think? Was this a prudent move on Yahoo's part? How would you feel about getting unpaid vacation time during the last week of December?
Posted by Ted Samson on September 26, 2006 10:43 AM
September 26, 2006 | Comments: (0)
WebEx to launch AppExchange rival
WebEx, a forerunner of on-demand Web conferencing and interactive online products, launched its WebEx Connect Platform in an event Monday night, following SaaScon -- a software as a service conference. It allows existing software to be integrated with a variety of on-demand collaboration and business applications.
The platform combines instant messaging, shared documents, and discussion threads, in addition to robust Web conferencing.
Because of its SOA underpinnings (a result of the company's partnership with Cordys), it will facilitate an array of business process mash-up capabilities to knowledge workers across a wide spectrum.
"Software developers will be able to easily extend the reach of their applications by creating on-demand access," said Subrah Iyar, CEO of WebEx.
Several major companies including BMC Software, Mindjet, Genius.com, and OpsSource have signed on to the WebEx Connect Platform -- allowing their developers to create and deliver composite applications to the large community of WebEx users (25,000 companies with nearly 2 million registered users, according to company officials.)
The platform could eventually rival Salesforce.com's AppExchange as a leading on-demand collaborative forum, provided it maintains momentum in the way of developer and user loyalty. It's scheduled to be available as a production service early in 2007.
Posted by Richard Gincel on September 26, 2006 10:27 AM
September 26, 2006 | Comments: (0)
Google to call for energy efficiency
Google will present a white paper at the Intel Developer Forum that calls for the computer industry to move from multi-voltage power supplies to a single 12-volt standard.
According to a report in The New York Times, Google will argue that the simpler design of the alternative power supply would make it easier to achieve overall efficiencies in PCs.
Google, according to the Times report, contends a design flaw dating to the introduction of the first IBM PC has led to "overprovisioning" in today's PC power supplies that is akin to "putting a 400-horsepower engine in every car."
Google, in its white paper, maintains that using the new power supplies in 100 million PCs running eight hours a day would save 40 billion kilowatt-hours over three years -- more than $5 billion at California's energy rates.
Posted by Caroline Craig on September 26, 2006 06:36 AM
September 25, 2006 | Comments: (0)
Big-name sites outted for XSS holes
What do adobe.com, yahoo.com, cbs.com, bbc.co.uk, microsoft.com, and vh1.com have in common?
Well, aside from the obvious (they're all domain names ending with "dot-something"), they've all earned the dubious distinction of being publicly exposed on ha.ckers.org's forum, sla.ckers.org, for suffering XSS vulnerabilities.
XSS, which stands for cross-site scripting, enables an attacker to inject hostile HTML and script code into the Web application user's browser session. According to Symantec's recently released Internet Security Threat Report: "Cross-site scripting attacks take place when Web applications gather data from a user or other source and then create an output of that data on a user's Web browser. Not only could this allow an attacker to steal confidential information, it could also allow an attacker to insert malicious code onto the host through malicious scripts."
Since August, contributors to the sla.ckers forum have been posting specific exploitable URLs on various Web sites that are ripe to be used for XSS attacks. According to research organization Mitre, XSS vulnerabilities have become tastier targets than attacks such as buffer overflows.
In addition to posting the XSS security flaws, posters on sla.ckers discuss the potential damage that malicious hackers could wreak with them. One individual, who goes by the screen name maluc, posted the following:
"Nonpersistent XSS are a dime a dozen, [I] can post them all day long.and while it's correct to say they're not as volatile as persistent ones, they're still equally useful for phishing and cookie/form theft.
still though, i find that the persistent ones tend to have many more possibilities, and on juicier sites to boot.
for example: [a URL on myspace.com] allows persistent XSS from quicktime javascript injection, thanks to pdp for pointing that out on gnucitizen.org ... ."
The companies whose security holes have been outted may count themselves fortunate in that the contributors to sla.ckers.org purport not to be acting maliciously nor exploiting the vulnerabilities they find. Rather, they claim to be performing a public service by exposing the real dangers that XSS vulnerabilities pose.
Originators (i.e. the individuals who discover and report the security flaw) are supposed to contact organizations about their Web site's security vulnerability and attempt to work together to fix it, according to sla.ckers's full-disclosure policy. Failing that, the originator is free to post the security hole. "You basically have 5 days to return contact to the [originator], and must keep in contact with them *at least* every 5 days. Failure to do so will discourage them from working with you and encourage them to publicly disclose the security problem."
Originators do want credit for their work, though, according to the FDP. "Academia has historically and religiously provided credit when referencing all types of works and research; the issue provided by the originator should also be thought of as research, and the originator should be credited accordingly."
It continues: "Now, beyond that, it may be in the vendor's best interest to promote good relations with the researcher, and one suggested way is to provide updates and product licenses."
Sla.ckers members' XSS work has gotten some exposure of late on sites such as darkreading.com, prompting comments on the message board such as "Keep up the good work. Sooner or later companies will start taking this seriously" and "... Perhaps this will not just speed up the process but force companies to do something about it."
What do you think? Is sla.ckers performing a valuable public service with its controversial actions?
Posted by Ted Samson on September 25, 2006 05:25 PM
September 25, 2006 | Comments: (0)
SaaScon trumpets next-gen computing
One expects a high level of optimism at industry conferences, but the keynote speaker and opening panel discussion at SaaScon in San Francisco went all out.
The business-oriented event for software as a service was layered with references to "tectonic shifts," "new breeds," and "an enterprise that lives within the browser." Tod Loofbourrow, CEO of Authoria even predicted that "everyone will be converted over time."
He might be on to something, with the emphasis on "over time." Citing an Aberdeen Group study released weeks ago, Ann Winblad, a partner with the investment firm of Hummer Winblad, noted that just over 50 percent of companies surveyed were considering outsourcing at least one core business function to an on-demand model within the next year.
Loofbourrow asserted that the "game question" now is integration, and that "questions about security and data security are still there, but the answer has become pretty standard." When asked to elaborate on what he meant by standard, he back-pedaled a bit and cited a 150-page white paper available on the topic. So, security may still qualify as a game question among executives with lingering concerns over loss of control.
Philippe Courtot, CEO of Qualys, later addressed the topic during his presentation on "Security Through SaaS," when he explained: "SaaS applications are inherently more secure because there are less attack vectors and because it's easier to encrypt the data."
Much of the day's discussion focused on the economic benefit of automation and the relative ease with which businesses can now connect employees, services, and customers by renting applications over the Internet.
Greg Gianforte, CEO of RightNow Technologies, was upbeat about the subscription model's future: "SaaS 2.0 will be less about simplification and more about gaining better insight into customers and partners while improving service delivery levels."
Posted by Richard Gincel on September 25, 2006 03:00 PM
September 25, 2006 | Comments: (0)
Helmi open-sourcing AJAX platform
Finland-based Helmi Technologies plans to open-source its AJAX-based (Asynchronous JavaScript and XML) development platform for rich Internet applications (RIA) next month.
The company's Open Source RIA Platform goes into a beta release in October and ships in December. The platform represents an upgrade to the previously released Helmi RIA Platform. Featuring the company's Virtual Browser technology to accommodates multiple browsers, Open Source RIA will be offered via a free, open source model, or through a fee-based model including customer support, Helmi officials said.
"What Virtual Browser does is it makes sure that in every single browser, all commands are rendered to the browser in a standardized way," said Juho Risku, CEO of Helmi.
"We're going open source with [the platform] because we want developers to be able to get access to it as quickly as possible," said Jorden Woods, CEO of US operations for Helmi.
Other components of Helmi's platform include an IDE that leverages the Eclipse open source tools platform; a client framework that utilizes MVC (Model View Controller) technology and object orientation, and J2EE AJAX Server Connect, to assist Java developers with programming in AJAX.
Java developers using the platform can become AJAX "experts" without needing to learn JavaScript, DHTML or exotic variants of XML, Helmi said.
Posted by Paul Krill on September 25, 2006 02:33 PM
September 25, 2006 | Comments: (0)
Will Tiger help you birdie SOA?
Accenture, one of the largest management consulting firms in the world with over $15 billion in revenues, announced today it resigned Tiger Woods as its spokesman.
No mention was made of how many millions of shareholder money went into enticing the golf superstar into another multi-year contract.
But with the cost of a consulting contract with Accenture also going into seven digits I wonder how many companies will actually make a decision based on what famous personality pitches for it?
Or is there more to it?
Does Accenture promise to offer up Tiger for free golf lessons to the board of directors when the company signs on the dotted line?
What does it say about corporate due diligence if a company selects a supplier based on the fact that they might meet a huge sports superstar?
Is it something like when one of our past presidents allowed major donors to sleep in the White House?
At least when you got to sleep in the Lincoln bedroom there was also the hint that you would get the ear of the president and perhaps influence him on a pending piece of legislation.
Will Tiger be any help if you need to rip and replace your current network and create an SOA?
Are there any advertising gurus out there who can tell me that having Tiger Woods as a spokesman will actually increase the bottom line? If there are, I'd like to hear from you.
Posted by Ephraim Schwartz on September 25, 2006 01:38 PM
September 25, 2006 | Comments: (0)
Virgin eases laptop restriction
Dell and Apple laptop users are now a little freer to mouse around the cabin of Virgin airplanes.
Earlier this month, Virgin decreed that passengers could not use certain Dell and Apple laptops running on batteries while in flight.
The problem leading up to the restriction: Some Sony-spawned lithium-ion batteries found in certain Apple and Dell machines were overheating and causing systems to burst into flames. Both Dell and Apple have both since announced battery recalls.
Since then, the airline has revised the rule: Flight crew will check the serial number of the battery in your laptop. If it's not on the recall list (here's Apple's and Dell's), you're free to work and play your flight away.
Otherwise, you have to stow the battery and go computer-less -- unless you're sitting in one of the cushier parts of the plane and have a power source in your seat in which to plug in your portable.
I'm just waiting for the airline to announce that it will sell batteries on-board -- at a 200% markup, of course.
Posted by Ted Samson on September 25, 2006 01:35 PM
September 25, 2006 | Comments: (0)
As the Internet has evolved into a vast digital information and commerce hub, so too have the crimes perpetrated therein. Petty Web site vandalism and shotgun-style DoS (denial-of-service) attacks have paved the way for sophisticated data thefts and targeted phishing scams.
As reported by IDGNS, Symantec has released its most recent Internet Security Threat Report, which provides a grim reminder of just how dangerous the untamed Internet can be. The research covers the first half of 2006.
For now, Symantec reports that home users suffer the worst of cyberthieves' plots, accounting for 86 all targeted attacks. Financial services businesses follow, according to the report.
Net crooks' techniques have come a long way, making them all the more difficult to spot and track. "Symantec has identified increased attacks aimed at client-side applications, increased use of evasive tactics to avoid detection, and ... smaller, more targeted attacks focusing on fraud, data theft, and criminal activity."
Following are some of the numerical highlights from Symantec's Internet Security Threat Report, which can be downloaded from here [PDF]:
U.S. gives as good as it gets
- 6,110 - Average number of DoS attacks Symantec observed per day during the first half of 2006
- 54% - Percentage of worldwide DoS attacks targeting the U.S.
- 42% - Percentage of bot command-and-control servers in the U.S., the highest percentage of any country
- 37% - Percentage of worldwide attacks originating from the U.S., the highest of any country
Holes ...
- 2,249 - Number of new vulnerabilities documented by Symantec in the first half of 2006
- 18% - Increase in number of new vulnerabilities over the second half of 2005
- 47 - Number of vulnerabilities found in Mozilla browsers
- 38 - Number of vulnerabilities found in Internet Explorer
- 47% - Percentage of Web browser attacks targeting Internet Explorer, the more frequently attacked browser
- 80% - Percentage of vulnerabilities Symantec deemed "easily exploitable (up from 79%)
- 78% - Percentage of easily exploitable vulnerabilities that affected Web applications.
- 28 - Average window of exposure, in days, for enterprise vulnerabilities
- 9 - Average window of exposure, in days, for IE -- the highest of any browser
- 2 - Average window of exposure, in days, for Opera
- 1 - Average window of exposure, in days, for Mozilla
.. and patches
- 89 - Average number of days for Sun to develop patches for its OSes
- 53 - Average number of days for HP to develop patches for its OSes
- 37 - Average number of days for Apple to develop patches for its OSes
- 13 - Average number of days for Microsoft to develop patches for its OSes
- 13 - Average number of days for Red Hat to develop patches for its OSes
Trojans and viruses and worms, oh my
- 18% - Percentage of new distinct malicious code samples detected by Symantec honeypots in the first half of 2006
- 5 - Number of the top ten new reported malicious code families that were Trojans. The most prevalent for the period was the Polip virus.
- 38 - Number of the top 50 malicious code samples that were worms
- 75% - Percentage of the worms making up the volume of top 50 malicious code reports
- 6,784 - Number of new Win32 viruses and worms documented by Symantec
- 22% - Percentage of bots accounting for the top 50 malicious code reports, up from 20%
- 30 - Number of the top 50 malicious code samples that expose confidential information
Return to sender
- 157,477 - Number of unique phishing messages detected by the Symantec Probe Network in the first half of 2006
- 81% - Increase in the number of unique phishing messages since the second half of 2005
- 54% - Percentage of monitored e-mail traffic that was spam in the first half of 2006, up from 50%
- 58% - Amount of detected worldwide spam originating in the U.S.
Bad apples
- 8 - Number of adware programs among the top 10 reported security risks
- 3 - Number of "misleading applications" among the top 10 new security risks
Posted by Ted Samson on September 25, 2006 01:00 PM
September 25, 2006 | Comments: (0)
Just blogging from the InfoWorld Virtualization Executive Forum, where Novell CTO Jeff Jaffe said that Novell will support virtualized instances of SUSE Linux Enterprise Server 9 and Red Hat Enterprise Linux 4 (RHEL 4) running on top of SUSE Linux Enterprise Server 10 (SLES 10) on systems that use Xen and Intel's Virtualization Technology.
According to Novell's statement, the company will offer support for virtualized RHEL 4 on SLES 10 "up through and including Level 3 (or core engineering) support. That means Novell will provide technical support for the Xen hypervisor if a customer uncovers an issue running a virtual instance of Red Hat Linux and that issue is not reproducible in a native, or non-virtualized, environment."
In case you missed the underlying competitve play here, Novell makes it clear, noting that the program will "allow Red Hat customers to migrate to Novell service and support while still running Red Hat Enterprise Linux in a virtualized environment."
Integrated XEN 3.0 support was one of the key innovations in SLES 10, allowing companies to host virtual servers via XEN.
And Novell isn't stopping with SLES 10. According to Jaffe, developers are working on a fully virtualized version of Netware for SLES 10, due out next year.
Posted by Paul Roberts on September 25, 2006 12:46 PM
September 25, 2006 | Comments: (0)
MS sticks to WinFX renaming guns
Despite a petition that has gathered 860 signatures since August 9, Microsoft will not reverse its decision to change the name of its former WinFX technologies to Net Framework 3.0.
In an email on Monday, Microsoft's Jason Zander, general manager for the .Net Framework, told petition campaign leader Rei Miyasaka that having separate names for .Net Framework and the WinFX technologies has proven to be confusing. Miyasaka, a freelance developer and consultant, had last Friday followed up the petition with an email to Zander and other top Microsoft executives.
Zander's full email, obtained by InfoWorld, can be found below:
Hello Rei - Thank you for your mail. I appreciate your feedback and passion on this subject. The .Net Framework has always provided rich feature support in several areas such as engine and base class libraries, web, presentation, data, xml, and networking (including web services). In each new release we strive to add additional support to match new standards and incorporate features our developers request to make their jobs easier. The main "pillars" in what we referred to as "WinFX" historically represent advancements in several of these feature areas. For example, Windows Presentation Foundation provides a new presentation technology and Windows Communication Foundation provides advanced web services support. Windows Workflow and CardSpace add business process workflow and a new security identity system to the Framework. As such, we've always thought of these technologies as advances to the core .Net Framework and not simply an adjacent technology. Having two names for the technology has proven to be very confusing and hence we have always been on a path to figure out one name to advance. In the end we decided to continue the .Net brand, in which we have made a significant investment in since its release in 2001.
Given this as context, I do not think having both a .Net Framework and WinFX as separate entities will be clear since each new version of the framework support is advancing key feature areas. For example, as the industry advances the WS* protocols, what software would I install to get that support? Is it only in WinFX? Only in .Net Framework? Both? With our naming clarified, the answer will always be a latest version of the .Net Framework.
In reading through your feedback, I see a few specific concerns that center around the use of the major version number as an indicator for the CLR version. Using 2.1 or 2.5 would clearly indicate that both are based upon CLR 2.0. But let's look at a couple of the related concerns you brought up:
* Why not create a brand new version and call it 2.1? The CLR binding mechanism treats major.minor as distinct values for version binding. That means if we created a 2.x release with one installer, it would have to be installed side by side with 2.0 to work. This solution creates a new set of work for everyone: new tools to target both 2.0 and 2.x, another full framework to deploy to end users and in the enterprise, etc. Our goal with using the base 2.0 engine is to not restart that clock and introduce a new version to have to target. Using 2.5 (your second option) is really the same as this one, but giving an allowance to a bigger version gap to help indicate the scope of the features added.
* Which version of C# do I use? We implemented side by side technology to help with versioning and application compatibility. Because of this, even if we were to name the version of the .Net FX with LINQ support 2.7, there would still be a new C# compiler with this build. You will have the same set of installer issues and multi-targeting of compilers.
* The use of V3 instead of V2 seems to indicate V2 is already obsolete. I understand your concern on this one and the type of confusion it could cause. I do worry about the counter issue: if major versions of the software come out now and in the future but we only change the minor version number, it belies the major investment and advancements we have made in the system and could lead those not as familiar with .Net as yourself to underestimate our commitment to the platform.
I'm sure you have already seen it, but I recorded a Channel 9 video in July to cover a lot of these topics which may be useful for review:
http://channel9.msdn.com/Showpost.aspx?postid=217428
Thanks again for your feedback and passion on this topic, and for using .Net! I hope I have been able to clarify some of our decision making process and rationale for the plan we are executing on.
Sincerely,
Jason Zander
Posted by Paul Krill on September 25, 2006 12:32 PM
September 25, 2006 | Comments: (0)
Roll up laptop displays on the way
As reported in the Sydney Morning Herald and in a very nice blog site--nice if you're interested in all things display--Displayblog, a company called Cambridge Display Technology, is developing a flexible display technology.
The technology, polymer light emitting diode technology, will deposit conductive metal tracks on to plastic and or glass substrates.
The results will be a flexible tube that can be unfurled and locked into place for your viewing pleasure.
Imagine the day that you're delayed at the airport and you want to take part in an important company video conference. With the flexible display you simply unroll your display, use your cell phone for the video camera and you're in.
Posted by Ephraim Schwartz on September 25, 2006 10:45 AM
September 25, 2006 | Comments: (0)
Speaking as someone who travels often and, without exception, has to lug his laptop along for the journey, I've been on the lookout for something lightweight that will replace my ThinkPad (no offense, IBM/Lenovo). It's not that my laptop's all that heavy, but it's cumbersome, especially when you add in the power cord and wireless ethernet card and the other peripherals. That's why startup Ringcube Technology's product Mojopac gets my nod for the "cool technology I really want to use" award. (OK, I just made that category up.) The company, which just landed $4 million in VC and will be pulling the covers off at Demofall. Mojopac is a patent-pending technology for encapsulating Windows XP and -- soon -- Windows Vista desktops on any USB 2.0 storage device -- iPods, USB flash drives, you name it, according to Shan Appajodu, CEO and Co-Founder of RingCube told InfoWorld last week.
Plug your device into a Windows host machine -- desktop, laptop, whatever. With Autorun enabled, you simply click on the Mojopac icon and your Windows desktop appears in a virtualized environment on top of the host system desktop. You can access applications, documents, you name it -- and all with your own settings: wallpaper, preferences, fonts, bookmarks, etc. The entire image is small -- Appajodu says around 13MB to start, and there's no client application that needs to be installed on the host system.
Even more interesting: there's nothing left behind on the host system after you unplug your portable drive -- that's key. As SSL VPN vendors figured out a long time ago: road warriors want to work without leaving sensitive documents, e-mail, and other IP left behind when they leave.
This is cool stuff. I was especially impressed that you can still use your iPod as an iPod, even after Mojopac is installed. Your "desktop" is just another file stored on the hard drive. That means that you can synch iTunes with your iPod on your iPod. The device actually figures out where to drop the iTunes files on its own.
There are limitations here, in particular: synchronization. Ringcube provides a synchronization tool to copy documents and other information over between your PC and your storage device, just as you would with a PDA. However, you can't just mirror your desktop onto your iPod or USB device because THAT WOULD VIOLATE YOUR EULA , as Appajodou must have said five times. This was a phone briefing so there may have been a "wink, wink, nudge, nudge" going on in Mountain View that just didn't translate over the phone.
A better approach, Appajodou said, is just to install all your applications to the Mojopac environment from scratch, he said. Sounds good -- but I'm betting most users aren't going to put all their eggs into the Mojopac until its more proven.
The other limitation, obviously, is that this is Windows only -- in fact, for now its Windows XP only, though Appajodou says the company will support both W2K and Vista eventually. But no Mac or Linux support. The Ringcube folks are in talk with "major players" but won't say who. View the Mojopac demo here.
Posted by Paul Roberts on September 25, 2006 09:19 AM
September 22, 2006 | Comments: (0)
WinFX name change protest renewed
A campaign to persuade Microsoft to reverse the name change for its former WinFX technologies kicked into high gear again on Friday, with the leader of the effort sending an e-mail to company officials as a follow-up to a recent petition.
WinFX is now known as .Net Framework 3.0.
The email, addressed to the "decision makers of the .Net Platform," rejects the notion that the name change was made by popular demand. The correspondence was sent to executives such as Jason Zander, Microsoft general manager for the .Net Framework, and S. "Soma" Somasegar, corporate vice president of the Developer Division at Microsoft.
"What we have found is that despite the statement that we as customers asked for this change, in reality, such a request does not come close to representing the demand of your customers. In fact, it goes against our wishes as it complicates the way we do business with our customers," said Rei Miyasaka, a freelance developer and consultant who wrote the e-mail on Friday. On August 9, he authored an online petition against the name change, which has gathered 839 signatures as of about 4 p.m. PST on Friday.
In Friday's e-mail, Miyasaka cites comments from persons signing the petition. "WinFX is a Windows SDK component, not a .Net component, and its naming must be corrected to clarify this," one signer wrote.
"WinFX is the successor to Win32, not to .Net 2.0," said another.
The letter suggests several solutions, including packaging .Net 2.0 and WinFX together as .Net 2.1, renaming to Net 2.5 and reverting to WinFX.
"By not incrementing the major version number, you can restore proper order without jamming .Net's semantics for every coming version, and avoid rendering the perception that .Net 2.0 is already obsolete," the letter says in justifying the .Net 2.1 naming suggestion.
Microsoft, looking to clarify its naming convention for its developer framework, renamed WinFX to Net Framework 3.0 this spring. Net Framework 3.0 is slated to be part of the Windows Vista platform. .Net Framework 3.0 includes the Windows Communication Foundation Web services platform, the Windows Presentation Foundation presentation layer, Windows Workflow, and Windows CardSpace for identity management.
Responding to the petition in August, Microsoft said the re-branding was based on feedback from customers. The company offered no additional response on Friday afternoon.
Posted by Paul Krill on September 22, 2006 04:54 PM
September 22, 2006 | Comments: (0)
Spring springs to 1 million downloads
The popular open source Spring Framework for Java has reached the 1 million-downloads mark, Rod Johnson, the founder of the framework, said in a blog on Friday.
"The true total is probably much higher, as this figure does not include nightly builds or the other sites from which Spring can be downloaded," said Johnson, who is a consultant with Interface21.
A final release of Spring 2.0, meanwhile, is due later this month, featuring aspect-oriented programming enhancements and XML extensions. Spring 2.0 serves as the basis of the Pitchfork Project, which is an add-in for the framework performing dependency injection based on Java Specification Request 250 as well as annotation processing and EJB 3.0-style interception.
Also, Acegi Security for Spring, which provides security extensions, will be moved into the heart of the Spring family, Johnson said. It will be called Spring Security.
Spring Web Flow, for Web application page flow, also is to be released soon. The upcoming Spring OSGi integration, meanwhile, "will strengthen Spring's value as a basis for server infrastructure and offer benefits to users in the area of componentization, versioning and dynamic deployment," Johnson said.
Also afoot is the Spring .Net integration project, which is a port and extension of Spring for .NET.
Posted by Paul Krill on September 22, 2006 01:35 PM
September 22, 2006 | Comments: (0)
VB6 to .Net apps migration given jolt
Microsoft this week began offering a toolkit to help move Visual Basic 6 applications to .Net.
The issue of accommodating the earlier Visual Basic 6 technology in the new .Net paradigm has been an ongoing one for Microsoft. The Interop Forms Toolkit moves applications form by form to .Net, said Rob Caron, Microsoft content architect for Visual Studio Team System, in his blog.
"Are you maintaining an application built in Visual Basic 6, but itch to start doing some .Net development? Now you can live in both worlds. Instead of a one-time migration effort or complete rewrite, you can use the Interop Forms Toolkit to move your application form by form to .Net," Caron said.
The toolkit, downloadable here, simplifies the process of displaying .Net WinForms in a Visual Basic 6 application.
The Interop Forms Toolkit provides tools and components to simplify the process of building forms with Visual Basic .Net that can be consumed from Visual Basic 6, according to an MSDN Web page dedicated to the toolkit. Required COM interop components can be created with the click of a button for building applications. The toolkit makes it easy to expose .Net form methods, properties, and events to Visual Basic 6. In addition, functionality is provided to share application state and signal application-level events, the company said.
The toolkit gives developers a migration path enabling developers to focus on writing code for business value instead of infrastructure and interoperability, Microsoft said. Using the toolkit requires the .Net Framework 2.0, Visual Studio 2005 and Visual Basic 6. The 2003, XP and Vista versions of Windows are supported.
Posted by Paul Krill on September 22, 2006 01:01 PM
September 22, 2006 | Comments: (0)
Internet Storm Center at "Code Yellow"
The SANS Internet Storm Center has downgraded its Internet security rating from "Green" to Yellow this afternoon, amid reports of rampant exploitation of the VML (Vector Markup Language). Web-based attacks using the new exploit were first reported by antispyware vendor Sunbelt Software on Monday.
Since then, the attack -- which was at first thought to affect only the Internet Explorer Web browser, has been found to also be able to exploit some versions of Microsoft's Outlook email client, which have been used in phishing email attacks.
SANS writes that attacks using the VML exploit, and raised its threatcon to Yellow today so that readers would "consider fixes."
"The exploit is widely known, easy to recreate, and used in more and more mainstream websites. The risk of getting hit is increasing significantly."
What fixes you say? Funny you should ask. First off, a new and unofficial patch for the VML hole is circulating from a group of respected security researchers that calls itself ZERT, for Zero Day Emergency Response Team.
Microsoft has issued an advisory on the VML issue here.
For those disinclined to apply the unofficial patch, SANS recommends
Outlook (including outlook 2003) is - as expected - also vulnerable and the email vector is being reported as exploited in the wild as well.
-Updating your antivirus software, make sure your vendor has protection for it.
-Unregistering the following vulnerable dll:
regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
or
regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
-Stop using IE.
Good luck!
Posted by Paul Roberts on September 22, 2006 10:13 AM
September 21, 2006 | Comments: (0)
Flaming ThinkPad battery: It's a Sony
Lenovo has confirmed the battery that caught fire in a Thinkpad notebook at Los Angeles International Airport was indeed a Sony, just like the exploding battery that is believed to have caused an evacuation at Yahoo yesterday.
Lenovo uses Sony batteries but was not part of the massive recall and said last week its laptops were safe.
Sorry, Lenovo. And what if a plane had crashed because of it? Maybe you should have played it safe?
CNET Asia reports: "[We] are pretty certain the Korean and Australian national carriers may be considering adding ThinkPads to the list of banned laptops on their flights."
Let's hope other airlines follow until the risk is gone.
Posted by Mike Barton on September 21, 2006 04:19 PM
September 21, 2006 | Comments: (0)
Current, Yahoo go after YouTube
Yahoo has teamed up with Current TV, a television channel founded by former U.S. Vice President Al Gore that is aimed at young adults.
Feature both professionally produced video and material from viewers, Yahoo Current Network puts Gore big vision to work on the viral small-screen (well, usual video size anyway) world of the Web, a la YouTube.
The new network will launch four Internet channels and plans to offer a total of eight channels by the end of 2007, and will be produced by Madeleine Smithberg, a co-creator of Comedy Central's "The Daily Show with Jon Stewart".
Posted by Mike Barton on September 21, 2006 11:21 AM
September 21, 2006 | Comments: (0)
Exploding Dell forces Yahoo evac
Yahoo! Santa Clara HQ smoke alarms were triggered this week by yet another exploding laptop battery, "forcing several hundred employees to evacuate the building".
Flickr exec Stewart Butterfield snapped the laptop and placed the image on the pic stream site.
"We just all had to leave the building for 45 minutes because this thing set off all the fire alarms. It was on the 8th floor and we could smell it on the 3rd," he wrote on Flickr.
Question for Dell (which Tech Watch will be asking): Is this latest firey battery from the mega-recall replacement batch?
Butterfield says in his photo post that the battery is a Sony, so apparently it was an individual's computer which had not had its battery replaced. We'll still ask Dell :)
So the question we posed, Free battery refresh, or pain in the butt?, appears to be answering itself with an explosive pain in the behind.
But do feel free to comment further.
Posted by Mike Barton on September 21, 2006 10:41 AM
September 20, 2006 | Comments: (0)
NetBeans for beginners arrives
Sun Microsystems, the NetBeans community and the University of Kent have announced a version of the NetBeans IDE for beginning programmers.
The NetBeans IDE/BlueJ Edition combines NetBeans open source applicaton development technology with BlueJ technology. BlueJ features educational tools such as visualization and interaction facilities to aid in learning object-oriented concepts. BlueJ is a programming environment developed at the University of Kent, UK, and Deakin University, Australia.
"This collaboration provides a great advance for the student learning the Java programming language," said Jeff Jackson, Sun vice president of engineering, in a statement released by Sun. "When a student who knows BlueJ opens this version of NetBeans, there is nothing on the screen that is mysterious or incomprehensible. They will be able to get going straight away. And very quickly they will start to discover and use NetBeans' more powerful features."
The free IDE is downloadable here.
Posted by Paul Krill on September 20, 2006 05:07 PM
September 20, 2006 | Comments: (0)
If emerging tech is what you live for, DEMO is the lifeblood. The showcase for next-gen tech is heating up and I thought I'd point out a round-up of what's getting blogged as a precurser to our own coverage of next week's event.
And despite the lackluster IT economy in general, reports say venture capitalists are ready to back the hopefuls. Let's hope some money flows and we start seeing an explosion of dot-com era innovation again.
But the fun part is the zanyness, as InfoWorld's Paul F. Roberts points out, highlights here:
Want a theme for this year's DEMO shows? Search. (Now there's a shocker.) Not surprisingly, many of the companies at Demospring and, we can assume, at Demofall, will be trying to hone in on Google's business.Gravee's AdShare "fundamentally changes the economic model for search -- shifting power from content distributors (such as search engines) to content owners," Kosmix has "developed algorithms and technology that solve a complex engineering problem: categorizing the entire Web into understandable categories, such as women's health and adventure travel." Biggerboat is "the Internet's most comprehensive, entertainment industry specific search engine delivering cross-category, cross-format, and cross-retailer search results to online entertainment consumers." I could go on (and on..and on...)
Still, there's more than just search. Krugle and Jitterbit are two companies presenting cool new technology aimed at the open source community: Jitterbit has an open source integration tool for Windows and LInux for designing, configuring, testing and deploy integration solutions. Krugle's got a search engine for accessing open source code and other supporting information.
Then there's moobella, which is, as far as I can tell, an ice cream vending machine that can "produce a delicious scoop of ice cream within 45 seconds."
Now that's technology I can use!
To get an idea what to expect via video, check out the spring show. And check back at InfoWorld.com here from Friday for our early coverage.
Posted by Mike Barton on September 20, 2006 04:58 PM
September 19, 2006 | Comments: (0)
Some of you may have read about the coup d'etat that's going on in Thailand right now, in which a faction of the Thai military led by army chief Gen. Sonthi Boonyaratkalin and Thailand's opposition Party of Democratic Reform seized control of the country while Prime Minister Thaksin Shinawatra was in New York preparing to address the U.N.
Details are still sketchy about the goings-on inside the country, but this blog has a really good blow by blow account of how the coup is being experienced by ordinary Thai citizens, including a re-post (via YouTube) of an eerie TV broadcast from a spokesman for the PDR translated into English.
From the broadcast: "From Committee of Political Reformation Under Democracy: As it is clearly seen that the current government has caused the society to be fragmented, many people are skeptical of how the government is being run. Corruption has occurred. This is the worst in our history. This has caused many parties to come close to challenging the King's power. There have been attempts to solve this problem but they have been unsuccessful.This situation has made it necessary for the Committee - consisting of the heads of the military branches and the National Police, to take over the power from this point."
Hmm...society is fragmented? people are skeptical of how the government is being run? Corruption has occurred? Attempts to solve the problem that have failed? Sound familiar??
As we all know, democracy is fragile.
Posted by Paul Roberts on September 19, 2006 12:41 PM
September 19, 2006 | Comments: (0)
How do you say "0wned" in Chinese?
No sooner do I finish blogging about one new Microsoft 0day exploit, than there's news of another. Antivirus vendor Symantec is reporting that its researchers have uncovered a new 0day that targets Chinese versions of Microsoft Office.
From the Symantec DeepSight Alert:
"The exploit targets Office 2000 (Chinese) on Windows XP (Chinese). It is not currently known if other languages or versions are affected by the underlying vulnerability. Symantec has released Anti-Virus definitions that detect this threat as Trojan.PPDropper."
Full Disclosure is also mentioning this, though the post says the exploit is specific to Powerpoint.
While exploits for Chinese versions of the products aren't a major threat in the U.S., there's no saying whether the new exploit is specific to those versions of the product, or whether it's just part of a targeted attack against a specific organization or group in China, but equally applicable to English versions of Office and XP as well. Stay tuned.
Posted by Paul Roberts on September 19, 2006 11:09 AM
September 19, 2006 | Comments: (0)
Security experts at Symantec, Sunbelt Software, iDefense the SANS Internet Storm Center, U.S. CERT and others are warning about a nasty and previously undiscovered (0day) vulnerability in the Internet Explorer Web browser.
According to reports, the new exploit targets IE's support of Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. According to U.S. CERT "IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur."
Sunbelt gets the credit for outting this one. The company said it discovered it in the wild, being served from some porn sites yesterday, and that it is "on again off again" at a number of Web sites. Check out the sunbelt blog for some screenshots of the exploit at work.
The exploit allows malicious hackers to break into a fully patched Windows system and run code with the privileges of the local user. Sunbelt said the version it spotted downloaded spyware following the successful exploit.
Microsoft has not issued an official statement on the new hole. But given the IE 0day reported last week in the Microsoft DirectAnimation Path ActiveX control, they're probably pretty busy over there.
With remote exploitation via Web-based drive by download and no patch available, the best recommendation for now is to stop using IE, according to SANS. Symantec advises network administrators to "ensure that outgoing Web access is limited to trusted web sites only, which will limit exposure to attacks."
Posted by Paul Roberts on September 19, 2006 10:37 AM
September 19, 2006 | Comments: (0)
BEA Systems Chairman/CEO Alfred Chuang on Tuesday touted BEA's SOA 360 platform, which takes all of the company's technology and puts it under a single environment for SOA.
While Chuang did not provide many specific details, he attempted to express the essence of the platform, which he said separates applications from the business process.
Featured in the platform is a microservice architecture built with SOA principals in mind, Chuang said. Interfaces are exposed for third parties to take advantage of, he said. The architecture features third party products as well as BEA's Tuxedo and AquaLogic products.
The Workspace 360 component of SOA 360 offers a platform for developing, deploying and maintaining SOA applications and also for future upgrades. It is designed to bring enterprise architects, business analysts and developers to the same table.
"BEA SOA 360 is the company's competitive weapon that will enable the company to deliver innovation that can adapt faster and more flexibly to changing business conditions," according to BEA.
Chuang's presentation has focused pretty much exclusively on SOA. "I'm here to tell you with confidence that SOA is very real," Chuang said.
BEA also touted its Guardian Support Services offering for pre-emptive IT support.
(By Paul Krill, reporting live from the BEAWorld 2006 San Francisco conference.)
Posted by Paul Krill on September 19, 2006 10:22 AM
September 19, 2006 | Comments: (0)
crazyeyesinfoworldshizzle.com?
As we all know, there's a cultural gulf widening between that oh-so-sought after "wired teen" demographic and the rest of us. As we've all read in [name your media source] everyone from newspaper and radio executives to movie moguls and prospective employers need to be boning up on Myspace, Facebook and the latest ringtone and viral video fad so they can appeal to Internet and tech-savvy teens and college grads. But looking at Myspace.com and Web hosting company Dotster's latest effort to appeal to teens makes me ask "Why bother?"
So just what is "Pimpedemail?" Well, basically its a "pimped" up version of the Web domain lookup and registration services that pretty much every other hosting service worth its salt offers.
The difference? Well...there's the "image" thing. You know: souped up vintage 70's sedans, piles of cash and that kinda gothic lettering that's somehow become synonymous with "pimps." I checked carefully, but couldn't see any exploited sex workers on the site though they, of course, are part of the "pimp" mystique. Hell -- they're what being a pimp is all about, right? So I'm not sure exactly what, at the end of the day, Dotster's pimps are pimping ... besides their own sorry service.
Then there's a kinda "teen" friendly domain name generation feature that turns your boring old domain name into a 'hip buzz phrase' (this is their wording, not mine) more likely to appeal to teens and the rest of the MySpace crowd.
Curious, I typed good old "Infoworld.com" in and here's what I got:
crazyeyesinfoworldshizzle.com
ininfoworldwetrust.com
infoworldatthedisco.com
justinfoworld.com
worldofinfoworld.com
Are these really cooler than infoworld1234.com? I don't think so. Dotster and Myspace should tweak their "hip and cynical" algorithm a bit to get it working just right.
Dotster's CEO, Clint Page, is quoted saying that he "hopes PimpedEmail will foster a greater sense of creativity and control for teens who purchase domains....PimpedEmail is a fun service that is accessible to Internet users of all experience levels, but it may also become an on-ramp into a new hobby or even a future career for some of our young customers."
Hmm...an on-ramp to a new hobby or even a future career for some of our young customers. You mean like ... pimping??!
Then there's the small print. Folks who sign up pay $7.95 a month for the e-mail forwarding service, with a "small additional fee" to do domain forwarding. Huh?
First of all, you can buy a whole Web hosting package with storage and e-mail accounts for a lot less than $7.95 a month, and companies don't typically charge you extra just to do domain forwarding, in my experience.
Second, why wrap the new service in a risque and, basically, misogynist image like "pimping." Yeah, I've seen Pimp My Ride, it's a good show, but given a world of possibilities with branding this new service, it's hard to see what Dotster and MySpace were thinking of with "pimpedemail."
Posted by Paul Roberts on September 19, 2006 08:40 AM
September 18, 2006 | Comments: (0)
AccuRev on Tuesday is announcing AccuRev 4.5, an upgraded version of its software configuration management (SCM) package that features enhancements for security and geographically distributed developer teams.
AccuRev 4.5 is designed to be part of a multi-vendor application lifecycle management process through its enhanced AccuBridge SDK, which combines process and issue-based SCM with leading IDEs and third-party lifecycle tools, AccuRev said.
Security is enhanced in version 4.5 via a new log-in model. Cross-stream links and workflow additions to change packages in version 4.5, meanwhile, enable development teams to organize monolithic software architectures into independently versioned components, the company said. Component-based development can be conducted in parallel. AccuReplica, for geographically distributed replication, has been made two to five times faster.
AccuRev also is announcing AccuBridge for Mercury Quality Center, which integrates AccuRev SCM packages with the Mercury Test Director for Quality Center. Integration is provided with the issue and defect management functionality in the Mercury offering.
Posted by Paul Krill on September 18, 2006 04:27 PM
September 18, 2006 | Comments: (0)
Microsoft hails software asset management
Microsoft on Monday touted its efforts in software asset management.
"Software Asset Management is the entire infrastructure and processes necessary for the effective management, control and protection of software assets within an organization, throughout all stages of their lifecycle. As an industry-recognized business process, Software Asset Management is a way to help organizations realize greater value from their IT infrastructure," said Juan Fernando Rivera, director of the Microsoft Worldwide Software Asset Management Program, in an interview published by Microsoft.
Software needs to be recognized as an investment, not an expense, Rivera said. Managing and controlling these assets means having good purchase records and knowing what is being used. A process is needed to cover all stages of the software lifecycle, including knowing when updates are needed, when renewals are up and when it is time to retire software, said Rivera.
Four steps are recommended for software asset management:
* Take inventory.
* Perform a license reconciliation by locating documentation.
* Review policies and procedures.
* Develop an asset management plan moving forward.
Microsoft's own investments in software asset management include educational offerings for partners and customers, tools and content, a partner ecosystem that covers software asset management and customer engagement, including asset reviews.
"Software Asset Management is here to stay. It's about the customer and it's our responsibility to make it easier for them learn about Software Asset Management, realize its importance, and adopt it as a core business practice in their organizations," Rivera said. The full interview can be found here.
Posted by Paul Krill on September 18, 2006 02:53 PM
September 18, 2006 | Comments: (0)
MS's Allchin touts Vista for developers
In an open letter to developers posted on the Windows Vista Developer Center Web site, Jim Allchin, co-president of the platforms and services division at Microsoft, is looking to entice developers to build for the upcoming Windows Vista OS and ensure compatability.
Vista is due to businesses later this year and consumers in January.
"Windows Vista is going to give you, developers, new opportunities on a scale you haven't seen since Windows 95. Industry analysts predict that some 200 million people will be using Windows Vista within the first 24 months of launch. We're rapidly approaching launch, and then millions of people will be looking for applications. People will flock to software that is new, compelling, and 'cool.' You have got to be ready for this opportunity. We have invested heavily in both the .Net Framework 3.0 and traditional Win32 APIs in Windows Vista," Allchin said.
Using Visual Studio, developers can create applications that "visually stunning, connected, workflow-enabled and secure," Allchin said. He also urges developers to make sure their application is compatible. "We have made tremendous investments in Windows Vista to ensure backwards compatibility, but some of the system enhancements, such as User Access Control, changes to the networking stack, and the new graphics model, may require code changes on your part. You should work hard to run as standard user," Allchin said.
Microsoft also is offering tools, such as an Application Compatibility Handbook.
Posted by Paul Krill on September 18, 2006 08:30 AM
September 15, 2006 | Comments: (0)
Linking Cobol to SOA made easier
Leveraging legacy applications in modern environments such as SOA remains an ongoing issue for enterprises. To help with this transition, BluePhoenix Solutions on September 18 is announcing the release of a platform to redevelop legacy Cobol applications for use in environments such as SOA, Java and C#.
Called BluePhoenix Redevelopment, the product set features a toolset, methodology and services. It is to be showcased at the Gartner Application Development Summit in Phoenix beginning September 25. The company cited Temenos, a Swiss-based provider of integrated core banking systems, as a user. Temenos used the platform to move Cobol applications to Java.
"By redeveloping these applications, our customers will have the ability to operate on less costly hardware and software environments, while maintaining platform and vendor independence," said Andreas Andreades, CEO of Temenos, in a statement released by BluePhoenix.
Posted by Paul Krill on September 15, 2006 05:00 PM
September 15, 2006 | Comments: (0)
Virgin puts battery ban on Apples, Dells
Taking strict airline "No Smoking" policies to new heights, Virgin Airlines has joined Qantas and Korean Air in restricting usage of many Apple and Dell laptops on flights.
Specifically, owners of Apple and Dell systems can't run them on battery power while flying, because the airline fears they pose a potential fire hazard.
The move comes in response to the recent recalls of batteries in some of the companies' respective laptops. The lithium-ion batteries, made by Sony, had an unfortunate habit of overheating and bursting into flames, resulting in startling computer pyrotechnics.
Dell announced the recall of 4.1 million batteries last month. A week later, Apple followed suit, recalling 1.8 million batteries.
Passengers can still bring their Dell and Apple laptops on board; they just can't run them with battery power. That means only customers sitting in Premier Economy or Upper Class seats, who have access to in-seat power supplies, will be able to use their systems.
According to Virgin's Web site, customers will be permitted to bring two individually wrapped/protected" batteries in their carry-on baggage.
The restriction is indefinite. "Virgin is in communication with Apple and Dell. As soon as this safety issue is resolved these restrictions will be lifted," according to the site.
Posted by Ted Samson on September 15, 2006 01:43 PM
September 15, 2006 | Comments: (0)