Loraine Raney

Remaking the data center

2010-02-21T20:00:00.001-08:00

A major transformation is sweeping over data center switching. Ethernet switch vendors propose data center collapse Three factors are driving the transformation: server virtualization, direct connection of Fibre Channel storage to the IP switching and enterprise cloud computing. Over the next few years the old switching equipment needs to be replaced with faster and more flexible switches.

They all need speed and higher throughput to succeed but unlike the past it will take more than just a faster interface. Without these changes, the dream of a more flexible and lower cost data center will remain just a dream. This time speed needs to be coupled with lower latency, abandoning spanning tree and supporting new storage protocols. Networking in the data center must evolve to a unified switching fabric. The answer is yes. Times are hard, money is tight; can a new unified-fabric really be justified?

The cost savings from supporting server virtualization along with merging the separate IP and storage networks is just too great. The good news is that the switching transformation will take years, not months, so there is still time to plan for the change. Supporting these changes is impossible without the next evolution in switching. The Drivers The story of how server virtualization can save money is well known. Virtualization allows multiple applications to run on the server within their own image, allowing utilization to climb into the 70% to 90% range.

Running a single application on a server commonly results in utilization in the 10% to 30% range. This cuts the number of physical servers required; saves on power and cooling and increases operational flexibility. Storage has been moving to IP for years, with a significant amount of storage already attached via NAS or iSCSI devices. The storage story is not as well known, but the savings are as compelling as the virtualization story. The cost saving and flexibility gain is well known.

Moving Fibre Channel to the IP infrastructure is a cost saver. The move now is to directly connect Fibre Channel storage to the IP switches, eliminating the separate Fibre Channel storage-area network. The primary way is by reducing the number of adapters on a server. Guaranteeing high availability means that each adapters needs to be duplicated resulting in four adapters per server. Currently servers need an Ethernet adapter for IP traffic and a separate storage adapter for the Fibre Channel traffic. A unified fabric reduces the number to two since the IP and Fibre Channel or iSCSI traffic share the same adapter.

It also reduces operational costs since there is only one network to maintain. The savings grow since halving the number of adapters reduces the number of switch ports and the amount of cabling. The third reason is internal or enterprise cloud computing. Over the years, this way of design and implementing applications has changed. In the past when a request reached an application, the work stayed within the server/application.

Increasingly when a request arrives at the server, the application may only do a small part of the work; it distributes the work to other applications in the data center, making the data center one big internal cloud. It becomes critical that the cloud provide very low latency with no dropped packets. Attaching storage directly to this IP cloud only increases the number of critical flows that pass over the switching cloud. A simple example shows why low latency is a must. With most of the switches installed in enterprises the get can take 50 to 100 microseconds to cross the cloud, which depending on the number of calls adds significant delays to processing.

If the action took place within the server, then each storage get would only take a few microseconds to a nanosecond to perform. If a switch discards the packet, the response can be even longer. What is the problem for the network? The only way internal cloud computing works is with a very low latency and non-discarding cloud. Why change the switches? Compared with the rest of the network the current data center switches provide very low latency, discard very few packets and support 10 Gigabit Ethernet interconnects.

Why can't the current switching infrastructure handle virtualization, storage and cloud computing? The problem is that these new challenges need even lower latency, better reliability, higher throughput and support for Fibre Channel over Ethernet (FCoE) protocol. The problem with the current switches is that they are based on a store-and-forward architecture. The first challenge is latency. Store-and-forward is generally associated with applications such as e-mail where the mail server receives the mail, stores it on a disk and then later forwards it to where it needs to go. How are layer 2 switches, which are very fast, store-and-forward devices?

Store-and-forward is considered very slow. Switches have large queues. Putting the packet in a queue is a form of store-and-forward. When a switch receives a packet, it puts it in a queue, and when the message reaches the front of the queue, it is sent. A large queue has been sold as an advantage since it means the switch can handle large bursts of data without discards. The math works as follows.

The result of all the queues is that it can take 80 microseconds or more for a large packet to cross a three-tier data center. It can take 10 microseconds to go from the server to the switch. For example, assume two servers are at the "far" end of the data center. Each switch to switch hop adds 15 microseconds and can add as much as 40 microseconds. A packet leaving the requesting server travels to the top of rack switch, then the end-of-row switch and onward to the core switch.

That is four switch-to-switch hops for a minimum of 60 microseconds. The hops are then repeated to the destination server. Add in the 10 microseconds to reach each server and the total is 80 microseconds. Latency of 80 microseconds each way was acceptable in the past when response time was measured in seconds, but with the goal to provide sub-second response time, the microseconds add up. The delay can increase to well over 100 microseconds and becomes a disaster if a switch has to discard the packet, requiring the TCP stack on the sending server to time out and retransmit the packet.

An application that requires a large chunk of data can take a long time to get it when each get can only retrieve 1,564 byes at a time. The impact is not only on response time. A few hundred round trips add up. The application has to wait for the data resulting in an increase in the elapsed time it takes to process the transaction. The new generation of switches overcomes the large latency of the past by eliminating or significantly reducing queues and speeding up their own processing.

That means that while a server is doing the same amount of work, there is an increase in the number of concurrent tasks, lowering the server overall throughput. The words used to describe it are: lossless transport; non-blocking; low latency; guaranteed delivery; multipath and congestion management. Non-blocking means they either don't queue the packet or have a queue length of one or two. Lossless transport and guaranteed delivery mean they don't discard packets. The first big change in the switches is the design of the way the switch forwards packets.

A cut-through design can reduce switch time from 15 to 50 microseconds to 2 to 4 microseconds. Instead of a store-and-forward design, a cut-through design is generally used, which significantly reduces or eliminates queuing inside the switch. Cut-through is not new, but it has always been more complex and expensive to implement. The second big change is abandoning spanning tree within the data center switching fabric. It is only now with the very low latency requirement that switch manufacturers can justify spending the money to implement it. The new generation of switches use multiple paths through the switching fabric to the destination.

Currently all layer 2 switches determine the "best" path from one end-point to another one using the spanning tree algorithm. They are constantly monitoring potential congestion points, or queuing points, and pick the fastest and best path at the time the packet is being sent. Only one path is active, the other paths through the fabric to the destination are only used if the "best" path fails. A current problem with the multi-path approach is that there is no standard on how they do it. Spanning tree has worked well since the beginning of layer 2 networking but the "only one path" is not good enough in a non-queuing and non-discarding world.

Work is underway within standard groups to correct this problem but for the early versions each vendor has their own solution. Even when DCB and other standards are finished there will be many interoperability problems to work out, thus a single vendor solution may be the best strategy. A significant amount of the work falls under a standard referred to as Data Center Bridging (DCB). The reality is that for the immediate future mixing and matching different vendor's switches within the data center is not possible. Speed is still part of the solution. The result of all these changes reduces the trip time mentioned from 80 microseconds to less than 10 microseconds, providing the needed latency and throughput to make fiber channel and cloud computing practical.

The new switches are built for very dense deployment of 10 Gigabit and prepared for 40/100 Gigabit. Virtualization curve ball Server virtualization creates additional problems for the current data center switching environment. This causes operational complications and is a real problem if two virtual servers communicate with each other. The first problem is each physical server has multiple virtual images, each with their own media access control (MAC) address. The easiest answer is to put a soft-switch in the VM, which all the VM vendors provide.

There are several problems with this approach. This allows the server to present a single MAC address to the network switch and perform the functions of a switch for the VMs in the server. The soft switch needs to enforce policy and access control list (ACL); make sure VLANs are followed and implement security. If they were on different physical servers the network would make sure policy and security procedures were followed. For example, if one image is compromised, it should not be able to freely communicate with the other images on the server, if policy says they should not be talking to each other.

The simple answer is that the group that maintains the server and the soft switch needs to make sure all the network controls are followed and in place. Having the network group maintain the soft switch in the server creates the same set of problems. The practical problem with this approach is the coordination required between the two groups and the level of knowledge of the networking required by the server group. Today, the answer is to learn to deal with confusion and develop procedures to make the best of the situation and hope for the best. The idea is that coordination will be easier since the switch vendor built it and has hopefully made the coordination easier. A variation on this is to use a soft switch from the same vendor as the switches in the network.

Cisco is offering this approach with VMware. This would simplify the switch in the VM since it would not have to enforce policy, tag packets or worry about security. The third solution is to have all the communications from the virtual server sent to the network switch. The network switch would perform all these functions as if the virtual servers were directly connected to the servers and this was the first hop into the network. The problem is spanning tree does not allow a port to receive a packet and send it back on the same port.

This approach has appeal since it keeps all the well developed processes in place and restores clear accountability on who does what. The answer is to eliminate the spanning tree restriction of not allowing a message to be sent back over the port it came from. As the number of processors on the physical server keep increasing, the number of images increase, with the result that increasingly large amounts of data need to be moved in and out of the server. Spanning Tree and virtualization The second curve ball from virtualization is ensuring that there is enough throughput to and from the server and that the packet takes the best path through the data center. The first answer is to use 10 Gigabit and eventually 40 or 100 Gigabit. Using both adapters attached to different switches allows multiple paths along the entire route, helping to ensure low latency.

This is a good answer but may not be enough since the data center needs to create a very low latency, non-blocking fabric with multiple paths. Once again spanning tree is the problem. The reality is the new generation layer 2 switches in the data center will act more like routers, implementing their own version of OSPF at layer 2. Storage The last reason new switches are needed is Fibre Channel storage. The solution is to eliminate spanning tree, allowing both adapters to be used. Switches need to support the ability to run storage traffic over Ethernet/IP such as NAS, ISCSI or FCoE. Besides adding support for the FCoE protocol they will also be required to abandon spanning tree and enable greater cross sectional bandwidth. Currently the FCoE protocol is not finished and vendors are implementing a draft version.

For example Fibre Channel requires that both adapters to the server are active and carrying traffic, something the switch's spanning tree algorithm doesn't support. The good news is that it is getting close to finalization. The first step is to determine how much of your traffic needs very low latency right now. Current state of the market How should the coming changes in the data center affect your plan? If cloud computing, migrating critical storage or a new low latency application such as algorithmic stock trading is on the drawing broad, then it is best to start the move now to the new architecture.

The transformation can also be taken in steps. Most enterprises don't fall in that group yet but they will in 2010 or 2011 and thus have time to plan an orderly transformation. For example, one first step would be to migrate Fibre Channel storage onto the IP fabric and immediately reduce the number of adapters on each server. The storage traffic flows over the server's IP adapters and to the top of the rack switch which send the Fibre Channel traffic directly to the SAN. The core and end of rack switch do not have to be replaced. This can be accomplished by replacing just the top of the rack switch.

The top of the rack switch supports having both IP adapters active for storage traffic only with spanning tree's requirement of only one active adapter applying to just the data traffic. If low latency is needed, then all the data center switches need to be replaced. Brocade and Cisco currently offer this option. Most vendors have not yet implemented the full range features needed to support the switching environment described here. The first part is whether the switch can provide very low latency.

To understand where a vendor is; it is best to break it down into two parts. Many vendors such as Arista Networks, Brocade, Cisco, Extreme, Force 10 and Voltaire have switches that can. As is normally the case vendors are split on whether to wait until standards are finished before providing a solution or provide an implementation based on their best guess of what the standards will look like. The second part is whether the vendor can overcome the spanning tree problem along with support for dual adapters and multiple pathing with congestion monitoring. Cisco and Arista Networks have jumped in early and provide the most complete solutions. Other vendors are waiting for the standards to be completed in the next year before releasing products.

Undercover 1.5 ousts iPhone thieves with push notifications

2010-02-16T10:03:00.001-08:00

It's 2 AM. Do you know where your iPhone is? What if you want an app devoted to recovering a stolen iPhone or iPod Touch-one that has a few more tricks up its sleeve? Well, maybe you do, thanks to MobileMe's "Find my iPhone," but what if you're not a MobileMe subscriber?

That's exactly what Orbicule's Undercover for iPhone is. Our iPhones are now smarter, faster, stronger, better, and able to let third-party apps do more than ever. We've already covered this app and its Mac OS X cousin, back when push notifications were little more than a bullet point on a wish list, but times have changed. Back in the 1.0 days, when Undercover was just a wee lad, you had to fool your iPhone's captor into launching the app before it was able to transmit its location. You can make the messages as enticing as you want-say, by having them pretend to be a notification from your bank account.

Not an easy task: Thanks to App Store policy, apps cannot change their names or icons, and I'm guessing that all but the thickest criminals knew better than to launch an application called "Undercover." Now you have the ability to send push notifications with any message of your choosing directly to the iPhone-yes, just like MobileMe. But the comparisons end there. If the crook chooses to view the push notification, Undercover will launch, disguised either as a game that's taking its sweet time to load or loading any Website of your choosing, such as the aforementioned bank's. While the thief is distracted, Undercover will be happy to save the device's GPS coordinates and IP address to Orbicule's Website. They'll also be sent directly to any police officer you've contacted to work on the case and registered in Orbicule's Undercover Center. Each time that Undercover launches, it will save a new set of coordinates that you can view in Google Maps. Orbicule has made a video to demonstrate this killer feature.

You could use Find My iPhone to collect live GPS information from MobileMe and log a record of GPS coordinates via Orbicule, submitting it all to the police. It looks as though this app could be used not only as an alternative to Find My iPhone, but a nice companion app as well. It's still far from perfect, at least until (or unless) Apple can be made to change their iPhone app policies to let third-party apps like Undercover do a little more. It requires iPhone OS 3.0 or later. Undercover for the iPhone costs $5 and works on all iPhones and iPod touches.

PCalc for iPhone now sports profanity filter

2010-02-11T01:00:00.001-08:00

TLA Systems has an important new feature on its popular PCalc and PCalc Lite calculator apps for iPhone. Censorship. That feature? And, frankly, it's about gosh-darned time.

Those of us more experienced with the 8008's and heartbreaks know all too well why a calculator profanity filter is long overdue. Nothing has haunted the American people like the knowledge that parents may be sending their children to schools in which, with a press of few buttons and some crafty calculator flipping, youngsters could be exposed to numbers that vaguely resemble the word "BOOBIES." If you've never been exposed to the 5318008 flip trick, than count yourself as lucky. The new feature is simple: If an unsuspecting mathematician types in a number that might look like a tasteless word when the calculator is flipped upside-down, PCalc will "discreetly" censor that word, saving you from the horror of inflicting yourself-or others-with inadvertent smut. Discreet. See? In a press release, TLA Systems's James Thompson emphasized the company's commitment to family-friendly calculators, stating, "We take our responsibility to protect innocent minds very seriously." Many "calculator words" have already been defined and the good people at TLA plan on increasing this ban-list over time through software updates.

It has yet to be seen if TLA will eventually implement it on OS X, though flipping your iMac over might present a challenge. The profanity filter is available now on both PCalc and PCalc Lite for the iPhone. If you or someone you know is thinking about switching over to these extra-safe calculators, TLA Systems is currently offering a coupon code that's worth $9 off the price of PCalc for OS X. More information can be found on the company's website. Now if only they'd do something about that whole wretched hive of scum and villainy called "the Internet." This new feature, if implemented into all calculators, could likely save billions of dollars in office-space productivity.

Mac News Briefs: BBEdit 9.3.1 released

2010-02-05T15:04:00.001-08:00

Bare Bones Software released an update to BBEdit Tuesday, giving a maintenance boost to the popular and heavy-duty text editor. Among the changes detailed by Bare Bones, the latest version adds #! based language guessing to the Lua language module. BBEdit 9.3.1 fixes a number of small bugs, but offers no major enhancements.

Also, BBEdit will no longer display an encoding mismatch alert if a document's on-disk encoding is set to use UTF-8 with a BOM and the document contains an explicit character set declaration of "utf-8." BBEdit 9.3.1 requires Mac OS X 10.4 or later. Version 4 offers support for Snow Leopard and sports an improved user interface. The update is available for free to BBEdit 9 users; upgrades from earlier versions are $30. New users can purchase the software for $125. Snow Leopard support comes to Keyboard Maestro Keyboard Maestro, a macro creator, has been thoroughly updated. The new version also provides an enhanced clipboard switcher for accessing past clipboards. Developer Stairways Software bills Keyboard Maestro as a "productivity enhancer," allowing users to record macros using a sequence of keys or clicks, and then letting them define a hotkey for that custom action. A single hotkey can now execute multiple macros, too.

These shortcuts then improve interactions with a wide range of applications, windows, and menus. Earlier users can upgrade for $18 if they bought the license before January 31; after that, the price is $25. New users can download Keyboard Maestro 4.0 for $36. Yep 2.0 boasts interface improvements Ironic Software has announced the availability of Yep 2.0, an update to the file management program dedicated to PDFs and documents of various kinds. Users of Keyboard Maestro who purchased the software after April 2009 can receive a free license to the update. The update introduces an improved scanning interface and auto filing feature. Yep attempts to help people who have no method to their document organizing madness. Documents can also be created from snippets of text dragged from Web pages or images.

Yep employs an iTunes-like interface to list all documents on your computer; documents can be tagged, searched, and managed in various ways. Yep requires Mac OS X 10.5.7 or later. A Quick Look feature allows details in a document to be viewed with magnification. The new version takes advantage of some Snow Leopard-only features. SpectorSoft unveils eBlaster mac 2010 surveillance tool The newest version of eBlaster, a surveillance and monitoring tool, has arrived.

New licenses for Yep 2 cost $39. Users of Yep 1 can contact Ironic Software for upgrade pricing. The 2010 update offers more tools to monitor computer use by children or employees. Parents and bosses can use eBlaster to run activity reports about what Web sites have been visited and which applications have been used on a machine. Web mail and chats can now be recorded, and there are new keyword alerts. The software can be configured to send out email notifications if the monitored user does something taboo.

You'll need Mac OS X 10.4 or later. Unruly kids be forewarned. eBlaster is available from SpectorSoft for $100.

Intel says shape-shifting robots closer to reality

2010-01-31T01:00:00.001-08:00

Imagine a day when you can make your cell phone smaller to fit more comfortably in your pocket, then make it bigger so you can text more easily. Those scenarios could be real in the not-so-distant future, according to researchers at both Intel and Carnegie Mellon University . Scientists are using distributed computing and robotics to make shape shifting a reality. Now, imagine that you could make your cell phone take the shape of a headset when you want to talk on it or re-shape it like a bracelet so you can wear it while jogging. In essence, they're working to take millions of millimeter-sized robots and enable them, through software and electromagnetic forces, to take on various shapes and sizes.

It will take us longer.... Nearly two years ago, Seth Goldstein , an associate professor at Carnegie Mellon University, told Computerworld that he was working with a team of scientists at Intel and the U.S. Air Force Research Lab to create programmable matter . This week, Goldstein and Jason Campbell , a senior staff research scientist at Intel's research lab in Pittsburgh, say they now are able to demonstrate that the physics they've been talking about are real. "It's been pretty hard but we've made a lot of progress," said Campbell. "Optimistically, we could see this in three to five years. We're not there yet, but we see a path." The programmable matter is called claytronics and the tiny robots are called catoms. Think of each catom as a tiny robot or computer that has computational power, memory and the ability to store and share power. Each catom will have its own processor.

And using the idea of distributed computing, researchers are working to program millions of catoms to work together, much like a swarm of bees or a flock of birds. Developers are focused on creating software that will focus on a pattern or overall movement of the system of tiny robots. Goldstein explained that researchers hope to write one program that will engage the entire system of catoms, instead of trying to write code for each one. Then each robot will be smart enough to detect its own place in the pattern and respond accordingly. And the shape-shifting efforts go beyond being able to change the size or shape of your cell phone. If, for instance, a catom, or robot, detects that it has only one other catom beside it, it will know that it's on an end and can act according to what the end piece should be doing. "Generally, people learn how to program a single machine," said Goldstein. "Think of the ensemble as the system." Part of the scientists' research is creating new programming languages, algorithms and debugging tools to get these massive systems to work together.

Goldstein had explained previously that it could mean being able to better use the space in a small apartment by being able to change a dinner table into a poker table for a party and then into a bed at the end of the day. And instead of calling your co-worker to discuss something, a 3D facsimile of him or her could sit in your office and discuss a new project or the next year's budget. It also could mean that instead of looking at images on a screen, gamers could have animated figures running around their houses.

Intel releases Windows 7 SSD optimization toolbox

2010-01-25T15:04:00.001-08:00

Intel Corp. announced the availability today of a tool kit to optimize the performance of its X25-M consumer-class solid state disk (SSD) drive with Windows 7 operating system. The Intel SSD Toolbox allows users to more effectively monitor and manage the SSD's health. The Intel SSD Toolbox with Intel SSD Optimizer and firmware update was created for the company's latest 34nm Intel X25-M Mainstream SATA SSDs, which were released in July . The tools are designed to help better manage and retain the out-of-box performance of Intel SSDs, Intel said in a statement.

The firmware upgrade and Intel SSD Optimizer use the Windows 7 ATA Data Set Management Command (known as Trim) to help keep the Intel SSD running at continued high performance. The Trim attribute of Windows 7 synchs the operating system's view of deleted files with those that are deleted, but not erased on the drive. In addition, the SSD Toolbox and Optimizer also allow the respective enhancements to work with Windows XP and Vista. "Not only will Windows 7 users receive the performance enhancements of the Trim command, but so will our Windows XP and Vista users," said Pete Hazen, director of marketing, Intel NAND Solutions Group. Trim tells the SSD which data blocks are no longer in use. For X25-M owners with 160GB of capacity on the dive, the firmware update also offers a performance boost to sequential write speeds by delivering up to 100MB per second, a 40% performance improvement over the existing firmware version.

Intel said this helps stabilize the performance and health of the SSD over time. The Intel SSD Toolbox provides SSD management tools and information about the drive, including comparing Self-Monitoring and Reporting Technology (S.M.A.R.T.) drive attributes to manufacturer threshold. The Toolbox also features a graphical user interface that will allow end users to schedule and run the Trim command independent of the operating system. It provides basic and full diagnostics, along with recommended actions. Intel recommends users install the firmware update and toolbox, and run the Trim function daily to ensure best performance.

Unpatched SMB bug crashes Windows 7, researcher says

2010-01-20T06:00:00.001-08:00

A day after Microsoft plugged more than a dozen holes in its software, a security researcher unveiled a new unpatched bug in Windows 7 and Server 2008 R2 that, when exploited, locks up the system, requiring a total shutdown to regain control. Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Microsoft acknowledged that it's investigating the flaw.

The attack code, said Gaffie, crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. "No BSOD [Blue Screen of Death], you gotta pull the plug," Gaffie said in notes inserted into the exploit code . Gaffie claimed that the exploit, powered by a vulnerability in the new operating systems' implementation of SMB (Server Message Block), could be successfully launched from within a network from an already compromised computer, or used to attack Windows 7 machines via Internet Explorer (IE) by transmitting a rogue SMB packet to the PC. Unlike more serious flaws, the Windows 7 SMB bug cannot be used by attackers to hijack a PC, Gaffie confirmed. "No code execution, but a remote kernel crash," he said in an e-mail today. None of the 15 affected the final version of Windows 7, which was released to retail Oct. 22, or affected Windows Server 2008 R2. Gaffie also said that Microsoft's security team has acknowledged the vulnerability, which he first reported to them last weekend, but was told by the company that it wasn't planning to fix the flaw with a security update, instead perhaps correcting it in the first service packs for Windows 7 and Server 2008 R2. A Microsoft spokesman confirmed that the company is looking into Gaffie's claims. "Microsoft is investigating new public claims of a possible denial-of-service vulnerability in Windows Server Message Block," said the spokesman in an e-mail reply to questions. "Once we re done investigating, we will take appropriate action & [which] may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves." Gaffie's disclosure came just a day after Microsoft issued November's security updates , which patched 15 vulnerabilities in Windows, Windows Server and Office.

BT's Web 2.0 security strategy

2010-01-14T20:04:00.001-08:00

In 2006, just as the first tweet was being Twittered, BT Global Services launched an effort to keep its customers and 112,000 employees safe in a new world of Web-based communities and other interactive sites. But while BT stands apart from many companies in that it lets employees visit social media sites within the constructs of its Internet usage policy, it still needed a way to protect the company and its staffers from potential security threats lurking in cyberspace. BT's security initiative started early, paralleling the emergence of collaborative Web 2.0 applications such as Twitter, LinkedIn and Facebook. "We see social networking sites as an enablement tool" to help extend BT Group PLC's reach to prospective customers while helping employees build new business relationships online, says Ray Stanton, global head of BT's business continuity, security and governance practice.

For instance, the vulnerability of mashups to data leakage "has been one of our critical concerns," says Stanton. A criminal could figure out where the employee lives based on the restaurant's location and the mashup of the mapping system, adds Stanton. "And yes, if you book online, then guess what, we know where you live [and] what time you're out," he says. A user might, for example, gain access to a mashup that combines a service for finding local restaurants with information from a social networking or mapping site, says Stanton. "There is the opportunity if the information is not secured across all the boundaries [that] residual information could be left or leaked at any point in the process," he says. In addition to keeping its employees safe, BT also wanted to apply technologies that would enable it to enforce its Internet usage policies. The systems include Blue Coat's ProxySG appliance, which BT uses to categorize URLs as either business productivity sites, such as LinkedIn, or sites that might be deemed improper, such as the Web pages of hate groups, says Steve Schick, a spokesman for the Sunnyvale, Calif.-based vendor.

After holding a series of technical workshops with a number of security software vendors, Stanton and his team decided to use a set of URL filtering and security technologies from Blue Coat Systems Inc. about three years ago. Depending on a customer's usage policies, the rackable ProxySG appliance can be configured to block access to certain sites or issue a warning when an employee is in violation of the company's acceptable-use policies, Schick says. For example, a company that doesn't allow most of its employees to watch YouTube at work can program the ProxySG appliance to permit access only to employees of its marketing department who might use the site while developing marketing campaigns, says Schick. The appliance can also be configured to enforce usage policies for single users or groups of users. BT is also using Blue Coat's ProxyAV, which enables the telecommunications giant to scan its network for viruses, worms, spyware, bots and other forms of malware.

Stanton declined to quantify BT's investment in the security tools. While BT has taken a progressive approach toward employees' Internet use, it's important for it and other companies to also adopt practical usage policies, says IDC analyst Melanie Posey. "You have to know on some level what people are doing on the Internet and what impact it's having on network performance," she says. Schick says pricing for the ProxyAG appliance starts at $2,000, depending on the number of end users being monitored. Revenue for the fiscal year that ended March 31, 2009: $35.3 billion Project champion: Ray Stanton, global head of BT's business continuity, security and governance practice, which has total oversight for BT's commercial security business. At a Glance BT Group PLC Headquarters: London Company charter: One of the world's leading providers of communications services, operating in more than 170 countries. Project payback: A return-on-investment study that's expected to be completed by year's end will examine the operational man-hours saved as well as capitalized IT infrastructure cost savings achieved.

You can contact him at tom.hoffman24@gmail.com. Hoffman is a freelance writer in New York.

Three indicted for Comcast hack last year

2010-01-08T20:00:00.001-08:00

Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008. When Comcast customers visited the Comcast.net site during the attack on May 28, 2008, they were redirected to a Web site that displayed a message attributing the attack to members of the Kryogeniks hacker gang. At that time, about 5 million people connected to the Web site each day, the U.S. Department of Justice said in a statement. Because the site redirected to that page, customers were unable to access their Comcast e-mail accounts through the Comcast.net site.

Instead of the Comcast page, customers saw the message: "KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven." Immediately after Comcast was able to address the hack, the ISP (Internet service provider) and Network Solutions, the registrar, said they didn't know how the hackers managed to get the passwords necessary to switch the DNS servers and redirect the site. The suit said that one of the defendants, Christopher Allen Lewis, made two phone calls through which he got the information that he and his friends used to access Comcast's DNS information. The indictment sheds only a bit of light on how they did it. Another of the defendants, Michael Paul Nebel, allegedly logged onto a specific Comcast e-mail account that allowed him to communicate with Comcast's DNS registrar. During the attack, one of the defendants, Lewis, called a Comcast employee at his home and asked if the company's domains were working properly, the indictment alleges. Lewis was then able to sign onto Comcast's account at the registrar and point the Comcast.net Web site to the page he and the others made, according to the filing.

Comcast claims that it lost US$128,578 due to the attacks. The men are charged with one count each of conspiracy to intentionally damage a protected computer system. James Robert Black Jr. is the third defendant named in the indictment. The charges were filed in the U.S. District Court for the Eastern District of Pennsylvania on Thursday. If convicted they each face a five-year prison sentence and a $250,000 fine.

Ex-Cisco exec's new start-up accelerates data access

2009-12-31T13:05:00.001-08:00

Ex-Cisco storage executive Mark Cree is back with a new vendor called Storspeed, which has built a caching product that accelerates access to frequently needed data. Storspeed's SP5000 is a 2U box containing 80GB of DRAM and up to a terabyte of solid-state disk that sits between networked storage and clients and applications. Nine data storage companies to watch Storspeed, founded in February 2007, has $16 million in venture funding and is emerging from stealth mode Thursday. The fundamental problem targeted by Storspeed is that only a small fraction of data is active at any given time, and enterprises needlessly store too much inactive data on expensive Tier 1 storage systems.

The SP5000 can work with multiple vendors' storage systems simultaneously, and doesn't require any changes to existing infrastructure, Cree says. "We insert invisibly between storage and clients," Cree says. "There are literally no changes to the applications." Each 2U node can perform 350,000 input/output operations per second, and a cluster of six nodes brings that up to 2 million IOPS, Cree says. Storspeed's system inspects every packet to identify the active application data set and accelerates that data. Each box costs $65,000 and up, but Storspeed says it can save customers hundreds of thousands of dollars by preventing the overprovisioning of Fibre Channel drives and taking advantage of low-cost SATA disks. Cree previously founded NuSpeed Internet Systems, an iSCSI storage company purchased by Cisco in 2000 for $450 million. Cree is the CEO of Storspeed and co-founded the company with Greg Dahl, vice president of business development.

Cree stayed on at Cisco to lead the company's entry into the storage networking market as general manager of its storage router business unit, but ultimately left Cisco in January 2003. Cree then joined El Dorado Ventures and Vesbridge Partners to focus on investment in networking, Web services and security companies. The SP5000 is generally available now and has been installed at nine customer sites, mainly Fortune 500 companies, according to Storspeed. El Dorado and Vesbridge are now among four firms bankrolling Storspeed, the others being Hunt Ventures and Palomar Ventures. The product is ideal for virtualized data centers and any type of application that requires fast data access, company officials say.

Obama bars fed workers from texting and driving

2009-12-31T11:05:00.001-08:00

A two-day Distracted Driving Summit in Washington concluded Thursday after experts raised multiple thorny questions on how to reduce cell phone and texting while driving, with a big emphasis placed on driver and employer responsibility. LaHood also announced that his department would ban text messaging altogether and restrict cell phone use by truck and interstate bus drivers, and disqualify school bus drivers from receiving commercial driver's licenses if they have been convicted of texting while driving. After mentioning that President Obama had just signed an executive order that tells all federal employees not to engage in texting while driving government vehicles, Transportation Secretary Ray LaHood urged private sector employers to avoid calling workers on their cell phones as they drive home from work. His department also plans to make permanent some restrictions placed on the use of cell phones in rail operations, he added without offering further details. "Employers need to change their mindset, too, and if you know your staff has left for the day, do not expect them to instantly return a phone call or IM when they'e driving home," LaHood said in a concluding address.

The executive order "shows the federal government is leading by example" and "sends a signal that distracted driving dangerous," he added. Obama's executive order, signed Wednesday night, also bars federal workers from texting with any government-owned electronic equipment while they are driving, and bars any texting while driving their own privately owned vehicles while on official government business, LaHood said. But LaHood was noncommittal about proposed laws, including a U.S. Senate bill that would require states to ban texting while driving or face partial loss of federal highway funding. But LaHood seemed to focus on drivers' personal responsibility as his key message. "Driving while distracted should feel wrong, just like driving without a seat belt or drinking," LaHood said. "We are not going to break all bad habits, but will raise awareness." LaHood said driving while distracted from using a cell phone or texting is "personally irresponsible and socially unacceptable behavior, but in the end we won't make the problem go away by just passing laws ... We cannot legislate behavior to get results to improve road safety." "People need to use common sense and show common decency to other drivers," he said. LaHood showed a willingness to work on legislation, saying, "We will worth with Congress and state and local governments to ensure than the issue of distracted driving is appropriately addressed." He also said "high visibility enforcement" of drunk driving and seat belt laws had been effective and could work with distracted driving and related laws.

He concluded with unprepared remarks, calling distracted driving "an epidemic" and referring to the summit as a "tremendous start ... that will lead all of us to save lives and save injuries." At the start of the conference, LaHood released new information that said nearly 6,000 people died in the U.S. in 2008 in crashes involving a distracted or inattentive driver, about one-sixth of the total number of deaths, or about 37,000. LaHood and several of the panelists who spoke urged parents to restrict their teenage children from using cell phones while driving. Adrian Lund, president of the Insurance Institute for Highway Safety, cast a blunt criticism of such efforts, citing years of research. "It would be wonderful to have training programs for teens to recognize the risks they take [by texting while driving], and change their driving dramatically.," he said. "But our experience with education programs for teens or even ticketed drivers who take remedial training ... is that essentially the programs have no effect," Lund said. "What they learn is to avoid tickets, but not typically to avoid crashes." Lund mimicked calls by several experts at the summit to find new methods that can reduce crashes from distracted driving. "We need to find out what works ... All this education doesn't do much good," he said. But the value of specialized training programs to teach the dangers of distracted driving came under question by some of the assembled experts.

NASA: Shuttle Atlantis loaded and ready for launch today

2009-12-26T01:00:00.001-08:00

NASA's space shuttle Atlantis is loaded and ready for takeoff from the Kennedy Space Center in Florida this afternoon. They're scheduled to deliver equipment, including two gyroscopes, to the International Space Station . NASA is focused on building up a reserve of spare parts on the space station in anticipation of the retirement of the space shuttle fleet. "You'll see this theme in some of the flights that are going to come after ours as well," said Brian Smith, the lead space station flight director for the mission, in a statement. "This flight is all about spares. The six-man crew is set to launch at 2:28 p.m. EST today.

Basically, we're getting them up there while we still can." The equipment is considered highly critical to the operation of the space station, according to NASA. At this point, there are only six flights left for the space shuttles before they're scheduled to be retired. Since this is the first mission to deliver what scientists hope will turn into a trove of spare parts, they're taking up the most important pieces. The equipment that needs to go up is being delivered in order of highest priority. The astronauts are expected to make three space walks during the 11-day mission. The equipment being delivered includes two pump modules, two gyroscopes, two nitrogen tank assemblies, an ammonia tank assembly and a high-pressure gas tank. The astronauts will work with the robotic arms onboard the shuttle and the space station to move two platforms loaded with spare parts out of the shuttle's cargo bay to where they'll be attached on either side of the station's truss or backbone.

Parts going up for the robotic systems onboard the station include a latching end effector for the station's robotic arm and a trailing umbilical system reel assembly for the railroad cart that allows the arm to move along the station's truss system. As of 10:30 a.m., a NASA inspection team was studying the exterior of Atlantis , its solid rocket boosters and the external tank for ice or other debris. NASA reports there are 27,250 pounds worth of parts being delivered in this mission. Space agency crews also have loaded the shuttle's external tank with about 535,000 gallons of liquid hydrogen and liquid oxygen, which will power the shuttle's three main engines during launch. NASA forecasts a 70% chance of weather good enough for a launch this afternoon.

Microsoft, Red Hat seal the deal on interoperability

2009-12-20T15:03:00.001-08:00

Eight months after announcing they would make their virtualization wares interoperable, Microsoft and Red Hat delivered the goods Wednesday on their first major collaboration. Evans emphasized there was no financial arrangement, patent licensing or other deals. "It is straightforward interoperability testing," he said, hinting at other deals Microsoft has cut with Sun and Novell. The two companies announced they have completed testing and validation and that they now fully support virtualization environments that combine Microsoft Windows Server 2008 and Red Hat Enterprise Linux 5.4. "It was a fairly big deal [in February 2009], there had never been an interoperability agreement between Microsoft and Red Hat," said Mike Evans, vice president of corporate development for Red Hat.

But cooperation on the virtualization front has become the order of the day as virtualization has established itself as an integral part of data centers. Red Hat already supports VMware, while Microsoft has a support deal with Novell and its Suse Linux platform. The work by the duo helps expand support on both platforms. In July, Microsoft shocked the industry by contributing virtualization device drivers to the Linux kernel. Microsoft's Mike Neil, general manager of Windows Server and server virtualization, said in a blog post that the cooperation goes beyond the operating system and both companies "have select applications that would receive technical support when running on certified server virtualization software." Neil said the Microsoft applications include BizTalk Server, Exchange Server, SharePoint server and others. The completed certifications include: Validation of Red Hat Enterprise Linux 5.4 using the Kernel Virtual Machine (KVM) hypervisor with Windows Server 2003, 2008 and Windows Server 2008 R2 guests; and certification of host platforms running Windows Server 2008 Hyper-V, Microsoft Hyper-V Server 2008, Windows Server 2008 R2 Hyper-V and Microsoft Hyper-V with Red Hat Enterprise Linux 5.2, 5.3 and 5.4 guests.

On the Red Hat side, users can run JBoss Enterprise Middleware within a virtual machine guest on Hyper-V and receive coordinated technical support. Microsoft customers without agreements can purchase support per incident. Evans said the agreement grants support to any customer with a valid Red Hat Enterprise Linux subscription, while Microsoft customers with support agreements for Windows Server 2008 are eligible for support. Evans said Red Hat is not discussing how it will support Windows Server 2008 guests within its management tools. Red Hat also will ship a stand-alone hypervisor called Red Hat Enterprise Virtualization Hypervisor that will also support Windows guests. He said there would be more information on that at year-end when Red Hat ships Red Hat Enterprise Virtualization Manager, a set of management tools for desktops and servers.

Microsoft supports Red Hat Enterprise Linux version 4.x and 5.x on its System Center Operations Manager 2007 R2, but will need to update its Virtual Machine Manager software to manage Red Hat guest operating systems on Hyper-V. Follow John Fontana on Twitter: twitter.com/johnfontana

Happy 40th Birthday, Internet!

2009-12-15T06:00:00.001-08:00

On October 29, 1969, the Internet came in not with a bang, but with a "lo." Letter by letter, UCLA computer science professor Leonard Kleinrock sent a message from his school's host computer to another computer at Stanford Research Institute. The Internet was born with the first data message sent between two networked computers. Kleinrock was trying to write "login," starting up a remote time-sharing system, but the system crashed after two letters, and lo!

To be fair, the creation of the Internet was peppered with other milestones that could be considered more or less historic. But if we can all agree that communication-e-mail, chat, social networking-is what makes the Internet tick, Kleinrock's first message was the most significant early step towards what we have today. After all, at the core of the Internet was packet-switching-the process of breaking down data into blocks and routing them individually-and in 1968 Donald Davies of the UK's National Physical Laboratory gave the first public presentation of the idea. Today, 40 years later, life without the Internet seems unfathomable. Over 1 billion people are online, and last year, Google announced that it had detected over 1 trillion pages.

In those rare occurrences where your Internet service provider has trouble, and you can't connect, it's as if the power is out in your entire house. How did we get from Kleinrock's anti-climactic, yet historic, "lo" to a society that lives and breathes on the ability to transmit data? In the mid-70s, DARPA engineers Vint Cerf and Yogen Delal and Carl Sunshine developed Transmission Control Protocol/Internet Protocol, abbeviated as TCP/IP, a means for networks to "internetwork," hence the name "Internet." You could, of course, call the development of TCP/IP, or its uniform adoption by ARPAnet on January 1, 1983, birthdays of the Internet as well. Over the years, more computer terminals connected to the network, hosted by the U.S. Defense Advanced Research Projects Agency and known as ARPAnet. Over the years, the number of connected terminals bloomed, and new networks outside of ARPAnet popped up. Five years later, we had the first Web browser in Mosaic Netscape 0.9. Then came "Web 2.0," a term for participatory sites like Digg, Facebook and Flickr that becomes more of a cliché as the way we communicate over the Internet advances further.

All of this set the stage for the World Wide Web, proposed by Tim Berners Lee in 1989 as a collection of Internet documents viewable in a browser. And to think it all started with a truncated bit of text. Even then, the Internet was a work in progress.

French National Assembly votes for new 'three strikes' bill

2009-12-09T20:04:00.001-08:00

The French government is still pursuing its plan to cut off Internet users accused of copyright infringement - although a new version of the so-called "three strikes" bill approved by the National Assembly on Tuesday now requires that a court make the decision to suspend a surfer's Internet access. An earlier version of the law handed the power to disconnect surfers to a newly created High Authority for the Distribution of Works and the Protection of Rights on the Internet (Hadopi - another nickname for the law). It was approved by the French Parliament in April but the Constitutional Council struck that measure down as unconstitutional before it was signed into law. The bill takes its "three strikes" nickname from the three accusations of copyright infringement that must be levelled at surfers before their Internet access is suspended.

The government immediately vowed to return to parliament with a new bill, Hadopi 2, that would satisfy the Constitutional Council. That means that the government must now form a committee of deputies and senators to come up with a compromise bill and submit it to both houses for a vote. The Senate approved that text in July, and on Tuesday deputies in the National Assembly adopted it by 285 votes to 225. However, the deputies made a number of amendments to the Senate's text, and in France a bill cannot become law until both houses of Parliament agree to the same text. The compromise process usually goes without a hitch, but in a surprise vote in April the National Assembly rejected the compromise text for the first version of the law, Hadopi, by 21 votes to 15. While the new bill requires that suspension of Internet access be ordered by a judge, rather than decided by an administrative agency in an automated process, it toughens sanctions in other areas. That could be the case if their computer was attacked by malware and fell under someone else's control, or if their wireless Internet access was inadequately secured. Internet subscribers will now be held liable if someone uses their Internet connection to illegally download copyright works - even if they do not explicitly authorize it, but allow it to happen through negligence.

The bill also adds a €5,000 (US$7,300) fine for Internet service providers that fail to suspend the Internet access of a customer when ordered by a judge, and a €3,750 fine for surfers who take out a second Internet subscription to get around a suspension ordered by a judge. But the premise that songwriters and musicians will benefit from the stronger penalties for copyright infringement proposed by the bill is disputed by many - including the artists themselves. The latest bill's progress has been closely followed by other governments under pressure from record labels and film studios to crack down on Internet piracy. Last week a group of predominantly British musicians, the Featured Artists Coalition, criticized U.K. government plans for a similar three-strikes law, saying that "Processes of monitoring, notification and sanction are not conducive to achieving a vibrant, functional, fair and competitive market for music." The group's members, including Billy Bragg, KT Tunstall, Robbie Williams and Radiohead, said that a consultation paper issued by the U.K. government indicates "a mindset so far removed from that of the general public and music consumer that it seems an extraordinarily negative document."

Cisco 'doubles down' on collaboration with 61 new products

2009-12-04T11:00:00.001-08:00

Cisco Systems Inc. massively expanded its collaboration technologies portfolio on Monday with the announcement of 61 new products. The range demonstrates Cisco's interest in integrating and expanding new video-related technologies with more traditional collaboration tools such as instant messaging and presence, Cisco officials said. This wave of new products includes a corporate-grade hosted e-mail system called Cisco WebEx Mail, a social networking application, and a video system to help groups share and search video content.

One new tool, a Cisco Intercompany Media Engine focuses on allowing various companies to share business-to-business communications over any IP network. Allen Cohen, vice president of enterprise solutions, said told Computerworld that today's new products and Cisco's recent agreement to buy videoconferencing vendor Tandberg for $3 billion demonstrate that "Cisco is doubling down [its investment] on collaboration." Cohen said he feels Cisco "intends on doing this," referring to a completion of the Tandberg purchase, despite a blog post by Cisco Chief Strategy Officer Ned Hooper on Nov. 2 that suggested fiscal prudence might prevent the deal from being completed. The products are designed in part to make it easier for companies to incorporate content from video and other media produced on all kinds of devices, from expensive telepresence videoconferencing systems to handheld Flip video cameras, as well as photos and recordings taken from smartphones. One analyst, Zeus Kerravala at Yankee Group Inc., said the Tandberg deal "has to go through just because video is too important to let it fall through." Considering the broad range of products that Cisco announced today, Kerravala called Cisco's investment in collaboration "huge." Of all 61 products, perhaps Cisco's new WebEx Mail product will have the biggest impact, Kerravala said, because of the industry-wide move to cloud computing and Cisco's moves into cloud computing. Also important, Kerravala said, is Cisco's new Unified Communications version 8.0, which adds new support for a wide range of endpoints, including more smartphones, and new video and Wi-Fi-ready Cisco Unified IP phones. WebEx Mail prepares Cisco for when e-mail moves more fully to the cloud architecture in 2012, Kerravala said, giving the company a shot at taking on Microsoft Corp.

That software will help connect the diverse array of devices that produce video. "The value of a network is proportional to the number of nodes, and there are a lot of nodes out there but they are just not connected now," Kerravala said. WebEx Mail will interoperate with Microsoft Outlook and support mobile devices. Cisco didn't provide pricing or shipping information for the new products. Built on technology acquired from PostPath, it will allow each user a 25GB mailbox, Cohen said. Another new product, Cisco Show and Share, allows organizations to create and manage video by allowing recording, editing and sharing with the ability to add tags and comments.

It will also support firewalls and other security measures. Users can also upload speech-to-text transcripts for easy video searches. A search platform called Cisco Pulse will allow dynamic tagging of content as it passes through a network, giving users the ability to locate and rapidly connect with information and experts, which is seen as especially useful within multinational corporations, Cisco said. The company's new enterprise social software application is called Enterprise Collaboration Platform and will accommodate real-time voice, instant messaging and video communications, not just documents, Cohen said. Two video transcoders, the Media Experience Engine 3500 and 5600, are designed to allow any content to be shared across a network to any endpoint.

The 5600 will allow Cisco Telepresence devices to interoperate with videoconferencing devices from other companies.

Husband, wife team arrested for allegedly stealing $23M from Cisco

2009-11-29T01:03:00.001-08:00

Federal authorities arrested a husband and wife team for allegedly stealing $23 million from Cisco in a scheme that had the network giant shipping replacement parts to fake businesses in eight states. The man, 33-year-old, Mario Easevoli and his 28-year-old wife, Jennifer Leigh Harmon Easevoli, were doing business as North Carolina-based Synergy Communications Corp., officials say. The scheme reportedly defrauded Cisco's SMARTnet program. SMARTnet is Cisco's premium technical support program which promises, among other benefits, 2-hour, 4-hour and next-day delivery of replacement parts. He served as president and she served as vice-president.

An investigation by the FBI, the Internal Revenue Service and the U.S. Postal Inspection Service lead to the arrest last month. A third man is also being charged, 33-year-old Jason Allan Conway, but he is still at large. These agencies allegedly found that the trio used dozens of fake names and fictitious companies to obtain replacement parts from Cisco. The indictment said that more than 21 fake company names were used, and 80 fake personal names, to obtain those mailboxes. The parts were shipped to private mailboxes at UPS stores in eight states.

Authorities allege that Jennifer Easevoli submitted fraudulent claims for replacement parts between January 2003 and July 2005 and then sold the parts to others, depositing the proceeds into a Synergy Communications Corp. bank account. Conspiracy to commit mail fraud and aiding and abetting mail fraud carries a maximum penalty of up to 20 years in prison and a fine of up to $250,000. Conspiracy to commit money laundering carries a maximum penalty of up to 20 years in prison and a fine of up to $500,000, or twice the value of the property involved in the transaction, whichever is greater. Easevoli was charged with conspiracy to commit mail fraud, aiding and abetting mail fraud and conspiracy to commit money laundering. Cisco Subnet blogger Brad Reese says that Easevoli bragged about her success on social networking site Classmates.com. I am more successful than I could have dreamed and I have had a great time all the while." He found entries by her that said, "For those of you who knew me and doubted me - I made it, and I made it big ... I am bigger and better than you thought I could be.

IBM facing double legal trouble

2009-11-23T16:00:00.001-08:00

IBM's lawyers have a busy winter ahead of them as Big Blue attempts to fight off antitrust accusations related to its mainframe business and an IBM employee faces allegations of insider trading. Moffat, the head of IBM's Systems and Technology Group, was placed on a leave of absence. Biggest tech crime stories The U.S. Department of Justice has issued formal requests for information related to a complaint lodged by the Computer and Communications Industry Association (CCIA) about IBM's actions in the mainframe market, as the IDG News Service reported Oct. 8. In a separate incident, the U.S. Securities and Exchange Commission last week charged IBM executive Robert Moffat with insider trading. Big Blue will suffer a blow to its reputation, but ultimately survive these legal problems, says Bob Djurdjevic, a longtime industry analyst who founded Annex Research in 1978, and was an IBM employee for eight years performing technical, sales and management functions. "If there's any company that's always been a model of pristine behavior, being above it all, it was IBM," Djurdjevic says. "I don't think it will have an effect on IBM's business because it has deep talent.

Out of the three, the insider trading allegation "probably hurt the most," he writes. However, it is a black eye to IBM's reputation." Djurdjevic writes that IBM is dealing with "triple trouble," referring to the two legal incidents and a beating taken by IBM stock. According to the IDG News Service, "Moffat allegedly provided insider information when IBM was considering acquiring Sun Microsystems to Danielle Chiesi, a portfolio manager at New York-based New Castle Funds. Oct. 16 may go down as a "Black Friday" in IBM history, he says. "When this writer worked for IBM in the 1970s, we had to be holier than thou," he writes. "No disparaging of competition. Chiesi allegedly made trades on behalf of New Castle Funds based on the tips and generated about $1 million in illegal profits." Djurdjevic notes that "accused doesn't mean convicted," but he writes about what seems to be a negative shift in IBM culture.

No special deals. No longer. Selling only at list prices. … Being lily white and pure as mountain spring water was ingrained as part of the Big Blue culture. Not after what Bob Moffat, senior IBM vice president in charge of all of company's hardware, has been accused of doing - passing proprietary company information to his Wall Street co-conspirators for personal gains." As for IBM's mainframe problem, the company is accused of refusing to issue licenses for its z/OS mainframe operating system to competitors. IT analyst Joe Clabby criticizes the CCIA complaint in an article titled "Mainframe Monopoly?" for a weekly newsletter issued by the Pund-IT research firm.

The CCIA trade group says this alleged tactic is limiting competition and preventing mainframe customers from finding less expensive alternatives. One could argue that IBM does have a monopoly, owning more than 90% market share in the mainframe world, Clabby writes. Even if IBM has a monopoly, that doesn't automatically make the company guilty of anti-competitive behavior, Clabby continues. "Ultimately, the biggest question on the table is whether other vendors should have a right to deploy z/OS on other platforms," Clabby writes. "If allowed to do so, competing vendors could undermine IBM's mainframe pricing structure by delivering lower-cost alternatives to mainframe hardware. But a mainframe is a type of server, and "mainframes represent only .03% of the server market by volume," he notes. And, to us, that would be unfair." The Department of Justice has not commented on the complaint, so it's difficult to tell when it will be resolved.

Moffat was one of six people charged with insider trading, a group that included an Intel executive, and there could be more arrests coming. The Moffat case could be tied up in the court system for months or years, as is typical with large criminal investigations. IBM continued on its usual path this week, announcing software for management of virtual servers and a desktop package to compete against Microsoft's Windows 7. Whether Big Blue's legal troubles bring any long-lasting harm to the company remains to be seen. Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Avaya wins Nortel enterprise business for $900 million

2009-11-18T04:04:00.001-08:00

Avaya has emerged as the winning bidder for Nortel's enterprise business, reportedly beating out Siemens Enterprise Communications over the weekend. Avaya will also contribute an additional pool of $15 million for an employee retention program. The firm will pay $900 million for the unit, Nortel's Government Solutions group and DiamondWare Ltd., a Nortel-owned maker of softphones. That price is nearly twice what Avaya was initially said to be buying the enterprise business for back in July before auction bidding kicked in.

Telecom carrier Verizon, however, is expected to contest the sale on the grounds that Avaya does not plan to retain customer support contracts between Nortel and Verizon. Slideshow: The rise and fall of Nortel Avaya has sought Nortel's enterprise business in hopes of boosting its share of the enterprise telephony and unified communications markets, and getting more customers to migrate to its IP line of communications products. The sale, expected to close later this year, is subject to court approvals in the U.S., Canada, France and Israel as well as regulatory approvals, other customary closing conditions and certain post-closing purchase price adjustments. Nortel is confident the sale will go through without any snags. "We do not expect the Verizon interaction to impact court approval or the close of this deal," said Joel Hackney, president of Nortel Enterprise Solutions. "We will continue to go forward in supporting customers." Hackney would not say whether Nortel is engaged in the negotiations between Avaya and Verizon on the future of certain customer support contracts, mentioning only that Nortel supports Verizon as a customer as well as the carrier's customers. Nortel customers hope the deal works out in their interest. "Nortel earned the trust of our user group members by delivering innovative, reliable communications solutions and ensuring high-levels of service and support, " said Victor Bohnert, Executive Director of the International Nortel Networks Users Association, in a prepared statement. "With the announcement of today's purchase by Avaya, we look forward to extending that relationship forward to serve the business communications needs of our constituency base across the globe." Nortel will seek Canadian and U.S. court approvals of the proposed sale agreement at a joint hearing on September 15, 2009. The sale close is expected late in the fourth quarter. Hackney also said there were two bidders for the enterprise unit but would not identify the second suitor. In some EMEA jurisdictions this transaction is subject to information and consultation with employee representatives.

As previously announced, Nortel does not expect that its common shareholders or the preferred shareholders of Nortel Networks Limited will receive any value from the creditor protection proceedings and expects that the proceedings will result in the cancellation of these equity interests.

MySpace adds music features in bid to reinvent itself

2009-11-12T19:00:00.001-08:00

As part of its attempt to reinvent itself, MySpace unveiled a slew of new music products, including a massive collection of music videos, at the Web 2.0 Summit in San Francisco. But Van Natta strove to keep the packed session on the topic of new music services being dished up on the site. MySpace CEO Owen Van Natta took the main stage Wednesday to talk about the lagging social network's business strategy and its position behind rival Facebook. Separately, reports circulated Wednesday that Google was also planning a music service . The company announced MySpace Music Videos, which is set up to be one of the most biggest collections of online videos.

And to give users better access to the video library, MySpace also unveiled a new Video Search Tab. Van Natta explained that they worked with the company's music label partners to gather fully licensed music videos. The tab is designed to help users search for videos, songs and artist profiles. The dashboard is designed to give bands and singers with MySpace profile analytics on who is listening to their music and how they're interacting with it. "We think MySpace has the opportunity to be the next generation digital distributor of content," said Van Natta, who was an early executive at Facebook before leaving to join MySpace. "MySpace is positioned uniquely to be the place where the socialization of content occurs." MySpace has been slipping in popularity as rival Facebook moved to the top of the social networking pile. MySpace's roster of new music products also includes an Artist Dashboard.

Last December, Facebook drew almost twice as many worldwide visitors as MySpace. At the beginning of Van Natta's presentation, the moderator polled the audience about what social networking site they used. In June, Facebook surpassed MySpace in the U.S. , which had been MySpace's stronghold. A smattering of hands went up to show people who used MySpace. Later in his presentation, the MySpace CEO said he's optimistic about the company's ability to get back on its feet. "We believe that we have all of the building blocks and we need to focus on execution," he said. "If we do a great job at executing and building a great user experience... then we will realize this vision to be the place where you discover a huge amount of content through other people. When asked who used Facebook, a sea of hands shot up, along with a ripple of laughter from the audience. "Thanks for framing that up for me," Van Natta said.

If that is happening in music or other areas, like games, TV and films, it'll be easy to recognize success because you'll just know this is where a huge amount of that socialization is happening."

Survey: Americans don't trust cloud to store personal data

2009-11-07T09:06:00.000-08:00

Americans don't trust cloud storage for their confidential data, with identity theft ranking as their top security concern, according to a twice-yearly survey by network security consulting firm Unisys. FAQ: Cloud computing, demystified Asked what they felt about personal data being stored on third-parties' remote computers, 64% say they don't want their data kept by a third party, according to the latest installment of "Unisys Security Index: United States." Misuse of personal information has 65% of respondents very or extremely concerned, the survey says, followed closely by fear of someone stealing credit card information (cited by 64%). That's on a par with respondents' concerns about national security and fighting terrorism, which also found 64% very or extremely concerned. On a scale of 1 to 300 with 300 being extremely concerned, national security was the biggest worry with a Security Index number of 162, followed by financial security at 156, personal security at 143 and Internet security at 129. Since the study was first done in the fall of 2007, national security has been the top concern for five survey periods, dipping to number 2 just once in the first quarter of this year. With a broader set of questions, the survey measures how Americans feel about four areas of security, and in general Americans aren't in a fever about any of them. Financial security has risen from number 3 to either number 1 or 2 over the past three surveys.

Similarly, 30% of Americans have no worries about the security of online shopping and banking, and they may be the people who don't shop or bank online. A quarter of Americans have no concerns at all about Internet security, which is roughly the same as the percentage of those who don't use the Internet at all, the Unisys survey says. A quarter of Americans have no concerns about computer viruses and spam, but 42% are very or extremely concerned about them, the survey says. But 47% are very or extremely concerned about a widespread health epidemic such as swine flu. Most Americans (67%) have little fear about their personal safety, and 35% have no fear about it, the survey finds.

That's a jump of 6% since the start of this year, a significant leap, the survey says. At least 72% said they were very or extremely concerned about each these areas. In general, black respondents were more worried about all areas measured by the survey - epidemic, meeting financial obligations, misuse of personal information, personal safety and bank card fraud. For whites and Hispanics, the highest such level of concern was 63%. Those who make the most money have the least concern about financial obligations (36%), online transactions (38%) and a health epidemic (37%). College graduates are also less worried. The U.S. Security Index is based on a telephone survey of 1,005 people 18 and older. The percentage of grads who are very or extremely concerned about national security, health epidemic, identity theft, meeting financial obligations and personal safety are lower than those who didn't graduate from college.

ReelDirector beefs up iPhone 3GS's editing capabilities

2009-11-02T00:00:00.001-08:00

The iPhone 3GS allows users to record, trim and share video. Wouldn't it be great if it could do so much more? It's a capable camera, but the iPhone software's video features don't quite pack enough punch to completely cut iMovie or Windows Movie Maker out of your workflow. ReelDirector is an iPhone app by Nexvio that allows for more sophisticated video-editing right on the phone.

However, as an iMovie alternative for the road, it's more than capable of doing simple edits to make your clips look better than the average YouTube video. Much like the plethora of photo-editing and painting apps already available for the iPhone aren't Photoshop replacements, it's not about to render Final Cut Pro useless. With ReelDirector, you can arrange and stitch recorded video clips on a scrollable timeline made to look like a filmstrip. It's perfect to help explain to your family that, no, that's not a bear cub or Cousin Itt-it's your son, and he needs a haircut desperately. There are four different styles of text overlays you can choose from to tell viewers what exactly they're looking at. To help your video blend together smoothly, you can choose between ten different kinds of transitions and several variations thereof for a total of 27 transitions, all chosen through a picker interface with live previews.

When you've finished your minor masterpiece, ReelDirector allows you to share video via e-mail or save your project as a video in the Camera Roll for syncing. Each transition can be added or changed non-destructively, so if you've added a few too many of those really cool cross-dissolves to your video and it's giving your viewers a headache, you can simply go back to that project and export again as necessary. Easy! It's also made a tutorial video to demonstrate how to use ReelDirector but, despite appearances, the app isn't yet capable of mixing music together with video. Nexvio plans to add voiceover support in future releases, and it's eager to hear your feedback for feature requests.

For now, you can use the e-mail feature to ask your friend to spend a few minutes in iMovie or Windows Movie Maker adding music and kicking your movie up a notch. It's compatible only with the iPhone 3GS and requires iPhone OS 3.0 at a bare minimum; you'll need iPhone OS 3.1 to export projects to the Camera Roll as videos or e-mail them to friends. [via Cult of Mac ReelDirector costs $8 and is in the App Store now.

Free TiVo BlackBerry App Offers Remote DVR Features

2009-10-27T15:04:00.000-07:00

Ever been away from home and remembered at the last minute that you didn't set the TiVo to record the new episode of your favorite TV show? If so, and you own a BlackBerry smartphone, you're in luck. Or been running late and wanted to program the digital video recorder (DVR) from afar so you wouldn't miss the start of your ball game? BlackBerry-maker Research In Motion (RIM) and TiVo just released the brand new TiVo DVR Scheduler BlackBerry smartphone application.

RIM and TiVo announced a partnership a year ago, and the companies said that such an application was in the works, but this is the first I've heard since September 2008. From RIM: "TiVo customers can use their BlackBerry smartphones to browse by category, view the most popular shows or daily picks and see the programming details, such as title, description, runtime, and airdate and time. The free app is available for download now on BlackBerry App World and BlackBerry.com/TiVo. The software gives BlackBerry owners with TiVo DVRs convenient and quick access to TiVo's program guide, and you can remotely schedule recordings on TiVo boxes from BlackBerrys. Additionally, the BlackBerry device can easily be used to set a TiVo to record shows." Of course, you need to be a TiVo customer for the app do more than take up space on your BlackBerry. I don't own a TiVo DVR, so I wasn't able to put TiVo DVR Scheduler for BlackBerry through the paces. (I did download it to confirm availability and grab a screenshot.) But you can pop on over to RIM's official blog, Inside BlackBerry, where I'm told you'll soon be able to find a quick walkthrough of the app. And anyone with an Internet-connected mobile device can log into their TiVo account and perform most of the same features-though the BlackBerry app's presumably faster than surfing the Web with a more functional interface.

Google confirms Gmail phishing attack

2009-10-21T12:00:00.001-07:00

Google confirmed today that passwords for its free Gmail online e-mail service had been harvested by hackers, but downplayed the phishing attack as involving just a "small number" of accounts. We will continue to force password resets on additional accounts if we become aware of them." Like Microsoft on Monday , Google today denied that Gmail had been hacked, and Gmail usernames and passwords stolen because of a lapse on its end. "This was not a Gmail security issue, but rather a phishing scheme," said the Google spokesman. Earlier Tuesday, the BBC reported that both Gmail and Yahoo Mail had been targeted by a large-scale identity theft scam, perhaps the same one that collected between 10,000 and 20,000 passwords from those services as well as from Microsoft's Windows Live Hotmail, Comcast, Earthlink and others. "We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts," a Google spokesman confirmed today in a reply to questions from Computerworld . "As soon as we learned of the attack, we forced password resets on the affected accounts. Google told Gmail users to change their passwords if they suspected that their accounts had been compromised. "If you can no longer sign into your account, you can regain access by answering security questions," the company added, referring to Gmail's single-question automated password reset function . Last year, a Tennessee college student was accused of breaking into former Alaska governor Sarah Palin's Yahoo Mail account by abusing Yahoo's similar reset tool.

Neither Google or Microsoft, however, has directly alerted users to the possible danger by sending messages to Gmail or Hotmail accounts, respectively, or by posting a warning on those services. Shortly after Palin's account was hijacked, Computerworld confirmed that the reset mechanisms used by Hotmail, Yahoo Mail and Google's Gmail could be exploited by anyone who knew an account's username and could answer a single security question . Microsoft, which acknowledged late Monday that passwords for "several thousand" Hotmail accounts had been hijacked by criminals, has blocked access to those accounts, and has made tools available to users who have lost control of their Hotmail inboxes. Phishing attacks are on the rise, according to the Anti-Phishing Working Group (APWG), an industry association dedicated to stamping out online identity theft. The APWG's most recent data ( download PDF ), reported that the number of unique phishing-oriented Web sites had surged to nearly 50,000 in June, the largest number since April 2007 and the second-highest total since it started keeping records.

DHS to review report on vulnerability in West Coast power grid

2009-10-16T02:05:00.001-07:00

The U.S. Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks, according to an article in New Scientist . The aim of the research was to study potential weak spots on the West Coast grid, where an outage on one subnetwork would result in a cascading failure across the entire network. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast power grid and its component subnetworks are connected. A cascading failure occurs when an outage on one network results in an adjacent network becoming overloaded, triggering a similar set of failures across the entire network.

Wang's research was expected to show that an outage in a heavily loaded network would result in smaller surrounding networks becoming overwhelmed and causing cascading blackouts. The massive blackouts in the Northeast in August 2003 , which affected close to 10 million, were the result of such a cascading failure. Instead, what the research showed was that under certain conditions, an attacker targeting a lightly loaded subnetwork would be able to cause far more of the grid to trip and fail, New Scientist reported quoting Wang. Wang did not reply to an e-mailed request for comment seeking details on the report. The article does not describe Wang's research (paid subscription required) or any further details of the attack.

Wang's report, which appears to have been largely overlooked until the publication of the New Scientist article last week, was completed last November and has been available online since March. The so-called "inherently fault current limiting" (IFCL) superconductor technology is part of the DHS' Resilient Electric Grid project. John Verrico, a spokesman for the DHS' science and technology directorate, said the DHS has not reviewed the research but is "very interested in the findings." In an e-mailed comment, Verrico said the DHS is working on a "self-limiting, high-temperature superconductor" technology that is designed to prevent power surges in one network from affecting surrounding networks. According to a DHS description, the technology is capable of carrying 10 times as much power as current copper wires of the same size, while also being able to automatically adapt to massive power surges and outages. The effort, which is funded by the DHS' science and technology directorate, involves teams from American Superconductor Corp., Southwire Co. and Consolidated Edison Co. The technology was successfully tested at the Oak Ridge National Laboratory in Tennessee earlier this year. A single such IFCL cable will be capable of replacing 12 copper cable bundles.

Pilot tests of the IFCL cable in New York are expected to start in 2010, Verrico said. In April, The Wall Street Journal , citing anonymous national security officials, reported that cyberspies from China, Russia and elsewhere had gained access to the U.S. electrical grid and had installed malware tools that could be used to shut down service. News about Wang's research comes at a time when there are considerable concerns about the security of the U.S. power grid. Though the access hasn't been used to disrupt service, the concern is that the malicious hackers could do so with relatively short notice during a time of crisis or war. The letter lamented the apparent lack of awareness within the power sector of the cyber and noted how the horizontal nature of networked technology could allow attackers to take down multiple power sector assets at once, and from a distance.

In a letter sent to industry stakeholders in April, Michael Assante , chief security officer at the North American Electric Reliability Corp., drew attention to the need for operators, suppliers and distributors in the power sector to properly identify and protect critical assets and associated critical cyber assets.

Microsoft ships RC1 of new Forefront Identity Manager

2009-10-10T16:00:00.001-07:00

Microsoft Thursday shipped the second release candidate of Forefront Identity Manger 2010, which is a major piece of its strategy to integrate its security and identity technology. It has four areas of focus: policy, credential, user and group management. Microsoft passes first SAML 2.0 interoperability test Forefront Identity Manager 2010, formerly called Identity Lifecycle Manager 2 (ILM), is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning. The product has been in churn mode as Microsoft has worked out the kinks.

It also added a management pack for System Center Operations Manager and configuration migration tools, updated the UI based on feedback from RC0 (released in May), and enhanced performance and scalability. In March, the company pushed the delivery date out to 2010. The official ship date is now set for some time between January and March 2010. With RC1, Microsoft has added new features such as the ability to show invalid security group members and to disable batch approve/reject of membership requests. Earlier this week, Microsoft laid out the importance of the platform in context of its overarching strategy to merge security and identity technology. Bob Muglia, president of Microsoft's server and tools business, said earlier this week that Identity Manager "ties together the identity management across an organization and enables the foundation for security configurations and security policies that run on top." Identity Manager offers user self-service features, such as password reset. That effort includes the Forefront suite of products that stretch across clients, servers and the network edge. It also includes a new delegation model, a business process framework, "code-less" provisioning, and workflows for managing accounts, passwords, groups and distribution lists.

Follow John on Twitter The software also integrates its group management, workflow, and other features with SharePoint and Outlook, and it provides a set of services that users and partners can tap to extend the server's functionality.

Why Microsoft kept Exchange 2007 SP2 off latest Windows Server

2009-10-05T06:05:00.001-07:00

Microsoft, reacting to a slew of questions from end-users, says timing issues and technical considerations kept it from supporting Exchange 2007 SP2 on the new Windows Server 2008 R2. 5 things we love/hate about Win7/Windows Server 2008 R2Exchange 2010 beta sneak peek test On the Exchange team blog, Nino Bilic, a member of the Exchange product quality team at Microsoft, wrote that there are two primary technical considerations for not supporting the messaging server on the new server OS. Users have been peppering Microsoft with questions over the past few months and the vendor chose Monday to explain its decision as it prepares to put the final touches on Exchange 2010, which aligns with other new infrastructure, namely Windows Server 2008 R2, Windows 7 and Office 2010. "Two primary technical points drove our decision to not support Windows Server 2008 R2," Bilic wrote. "First, Windows Server 2008 R2, while an incremental OS upgrade, creates significant testing requirements for Exchange 2007. Because the Exchange 2007 SP2 engineering preceded the Windows Server 2008 R2 RTM, Exchange 2007 SP2 would have had to be delayed significantly to align testing schedules." Bilic said the second point involves not supporting the upgrade of a server OS underneath an existing Exchange server. "The primary need is to support Windows Server 2008 R2 domain controllers in an existing Exchange 2007 deployment, which we have done." Exchange 2007 SP2 can work against those domain controllers because no part of the Exchange infrastructure is running on the domain controller. Exchange 2010 is expected to ship in November. "We felt that thoroughly validating the combination of Exchange 2010 on Windows Server 2008 R2 allowed us to focus on delivering great solutions which would be fully tested and would support the features of Windows Server 2008 R2," Bilic wrote. "This is a hard trade-off to make, but we believe it is the right one and a good balance between serving existing customers and driving innovation." The new Exchange 2010 server includes a number of new features, including high-availability and cross-domain integration using techniques such as pairing the server with Windows Server 2008 clustering technology and directory federation features. What users are missing is the ability to run any Exchange 2007 R2 components on the new server, including administrative tools on Windows Server 2008 R2. Bilic said the level of testing that would have been required to ensure only a "minimum level" of compatibility would have been significant and still denied users many of the features of the new server OS. In addition, he said the work likely would have altered the delivery schedule for Exchange 2010. Bilic said that fact drove Microsoft to conclude the best decision was to release Exchange 2010 as close as possible to Windows Server 2008 R2, which is now available.

The server also includes new archiving features. "We recognize that there are some downstream impacts to this decision related to administration-only installs," Bilic wrote. "The technical problem for us is that an administration install of Exchange is almost identical to a full Exchange server installation." An administration install is when only the administrative interface, used to manage server properties and other features, is loaded on the server OS. Lee Dumas, the director of architecture at managed Exchange service provider Azaleos and a former Microsoft employee on the Exchange team, noted that Exchange 2007 SP2 contains the schema updates that are part of Exchange 2010. "So deploying SP2 prepares you for Exchange 2010. The earlier they can release SP2 the more customers will be prepared for 2010 so that might have had something to do with this as well," he said. Follow John on Twitter. Dumas noted that releasing planned schema updates with a previous version of Exchange is something new for Microsoft.

Report: FCC will formalize net neutrality rule

2009-09-28T08:00:00.001-07:00

The U.S. Federal Communications Commission is planning to create formal rules against Internet providers selectively blocking or slowing traffic, according to a report in The Wall Street Journal. Net neutrality rules would prohibit Internet providers from blocking or slowing their customers' access to Web sites or Web applications. FCC Chairman Julius Genachowski will announce net neutrality rulemaking during a speech Monday, the Journal reported.

A FCC spokeswoman did not immediately return a message seeking confirmation of the Journal story. But the FCC has never made formal net neutrality rules. Since mid-2005, the FCC has said it will enforce four broadband policy principles, saying consumers have a right to access the legal Internet content of their choice, and they are entitled to run Web applications and services of their choice. Broadband provider Comcast filed a lawsuit challenging the FCC's authority to enforce the principles after the agency ruled last August that Comcast had to stop slowing peer-to-peer traffic in the name of network management. The rules would apply not only to wireline broadband providers, but also to wireless networks run by companies such as AT&T and Verizon, the newspaper said. Genachowski is planning on launching a formal rulemaking process on net neutrality, the Journal reported.

Rulemaking could give the FCC more authority to enforce net neutrality. Net neutrality advocates welcomed the news. "The Internet was created and grew up under strict nondiscrimination rules," said Gigi Sohn, president of Public Knowledge, a digital rights advocacy group. "Those same ideas are as valuable today as they were 10 years ago. A bill in the U.S. Congress would also spell out that the FCC has that authority. Having rules in place will bring a degree of certainty that will help both carriers and consumers alike. Sohn disagreed. "Rather, as in the past, they will encourage investment in the kinds of innovation and technology that will help move our economy forward," she said.

Carriers will know what is allowed and what is not; consumers will be relieved to know they will be able to have access to any content and service on a nondiscriminatory basis. " Some critics have suggested net neutrality rules would hamper investment in new broadband pipes, because the broadband providers could not control what runs over their networks. Free Press, a media reform group, called the rulemaking a "big win for consumers." A representative of Comcast declined to comment pending Genachowski's speech. But Randolph May, president of conservative think tank the Free State Foundation, said it is "discouraging" that the FCC is considering new broadband regulations. "In light of the way competition is continuing to develop in the broadband marketplace, and with only a few isolated instances of complaints alleging net neutrality-like abuses ever having been filed, it is a mistake for the chairman to propose common carrier-type regulation in the broadband world," he said. Verizon Wireless will wait until Genachowski's speech before making a comment, a spokesman of that company said. The mobile-phone and Internet industry would be concerned "about the unintended consequences that net neutrality regulation would have on investments from the very industry that's helping to drive the U.S. economy," added Chris Guttman-McCabe, vice president of regulatory affairs for CTIA, a mobile trade group. "We believe that this kind of regulation is unnecessary in the competitive wireless space as it would prevent carriers from managing their networks - such as curtailing viruses and other harmful content - to the benefit of their consumers."

HP's DreamScreen aims to cut ties to the PC

2009-09-22T22:05:00.001-07:00

HP is trying to revive the idea of placing smart screens around the home to display content from the Web and PCs, though the number of Web sites available at first will be very limited. It can also be hooked up to a PC to play music or video stored on the computer in a different room, or to display photos like a digital picture frame. "What we're really trying to do is bring a simple, user-intuitive device that's always on, always connected to the Internet, to bring Web applications that don't require PCs," said Ameer Karim, director of worldwide marketing with HP's futures and innovations group. The HP DreamScreen, announced Thursday, can display content from the Web without needing to be hooked up to a PC, using its built-in wireless connection. The screens use a remote control and a touch panel for input, and can also be used as an alarm clock, to check the weather or to play any of about 15,000 global radio stations, HP said.

Instead, HP worked with Internet companies and content providers to develop interfaces to display their content. The DreamScreens don't come with a Web browser, however, which limits the Web content that can be viewed. The initial partners are Facebook, the music site Pandora and the photo site Snapfish. The company stressed that the devices are supposed to complement PCs, not be a substitute for them. More applications may be added in the future, Karim said. Starting a PC just to check something on the Web is time-consuming, Karim noted.

The products come in 10.2- and 13.3-inch sizes, priced at US$249 and $299, respectively. The DreamScreens can be hung on a wall or put on a table in living rooms or kitchens, and look more elegant than most PCs, according to Karim. "Internally, we've been calling it 'bite-sized computing.' It's snippets of the stuff you'd normally get on a computer, but we don't really want to bring productivity here," he said. They will be available starting October in the U.S. through Best Buy, Amazon.com and other retailers. The device may support TV viewing in the future, Karim said. "It is very likely you will see these devices do all sorts of things like access content on a DVR or a set-top box." It may also pull video content from TV stations in the future. HP didn't provide plans to sell the product worldwide. Other companies have tried to market smart screens for the home but without success.

The products failed to gain traction and were eventually cancelled. A few years ago Microsoft was promoting its Windows Powered Smart Displays, which had to be connected to a PC to display Web content but were otherwise similar. HP's smart screen uses the Linux OS and comes with 2GB of internal storage so that photos, music and movies can be stored locally. It supports multiple MPEG video formats; the JPEG, PNG and bitmap (BMP) photo file formats; and MP3, WMA, AAC and WAV audio formats. It will have a USB port and a memory card reader, from which digital content can be played. HP didn't comment about the processor inside the product.

Intel has shown off TV sets and set-top boxes that run small Web applications that it says can complement TV viewing. Other companies are also experimenting with new ways to access the Internet in the home. For example, a group of friends on MySpace could chat with each other about a program they are watching.

Users nervous about Oracle's acquisition of MySQL

2009-09-17T13:00:00.001-07:00

The European Union is not the only one antsy about Oracle taking possession of the open source MySQL database should the commercial database giant's merger with Sun Microsystems get final approval. On its Web site, Oracle merely notes that "MySQL will be an addition to Oracle's existing suite of database products." "I wish that Oracle would broadcast its intentions a little bit more" on the Sun acquisition, says Duane Kimble, a Linux technologist who works in the banking industry. So are MySQL users. (The E.U.'s executive arm has held up approval of the merger, fearing that Oracle's acquisition of MySQL could reduce competition in the database market, as well as harm the open source nature of MySQL. Sun's stockholders and the U.S. Justice Department have approved Oracle's $7.4 billion acquisition of Sun.) "We've got a fair number of databases and Web applications that use those databases in MySQL. If Oracle does something that sort of makes it look like MySQL's days are numbered or something is going to change that we don't like, we'll probably look at alternatives," says Ernest Joynt, a contractor for the National Oceanic and Atmospheric Administration. [ Relive Sun's storied history in InfoWorld's slideshow "The rise and fall of Sun Microsystems." | Learn why attendees at the JavaOne conference were skeptical of Oracle's buyout of Sun. ] Anand Babu Periasamy, CTO of clustered storage technology company Gluster, expresses doubts that Oracle would add enterprise capabilities to MySQL. "I hope that they will retain MySQL. [But] I am doubtful [that] they will ever improve MySQL to take it mid-enterprise level, but at least it will help them compete with Microsoft SQL Server on the low end," he says. (Gluster uses MySQL for its Web site operations.) Thus far, Oracle has said little about its intentions for MySQL and declined to discuss the issue with InfoWorld. For him, Oracle's ownership of MySQL is a specific cause for caution.

His firm has begun looking at other enterprise-scale open source databases such as EnterpriseDB's Postgres database in case it has to replace MySQL. Standing to reap a harvest from unease about the Oracle-MySQL pairing are open source database vendors EnterpriseDB and Ingres. MySQL users start looking at alternatives A key issue is that Oracle is a main competitor to MySQL, notes Timothy Dion, CTO of mobile and Web apps builder Sensei. "I'm very concerned about what that means," he says. EnterpriseDB, which builds its products on the PostgreSQL open source database, has been hearing from concerned MySQL users, says Larry Alston, EnterpriseDB's vice president of product management and marketing. "They're telling us that they're nervous" about the future of MySQL, he says. Doubts remain over the fate of other Sun technologies Users remain concerned over the fate of other Sun technologies such as Java and Solaris, not just of MySQL. "We are rethinking our Solaris deployments," says Linux technologist Kimble. "We are moving swiftly toward more of an AIX and Linux environment, depending on the size or the scale of the project." Although Kimble notes it is "too early to say whether we'll move off [Solaris] or not," he does say his employer is rethinking its Solaris commitment: "Certainly, we're not going full-bore with Solaris as we were before the merger." Kimble does see a positive side to the Sun acquisition: "I think it kind of simplifies the platform offering somewhat. Ingres also sees opportunities. "The phones ring a lot," says Ingres CEO Roger Burkhardt. Oracle is a strong company and if they keep Sun Java, which I'm sure is what they bought [Sun] for, I think it will make Java a better product." But Bryce Pier is not so sure.

Another large company buying another large company reduces competition," he says. The senior systems engineer at Target sees no benefits of the buyout - at least not yet. "I'm not really certain that it's going to be good for anybody. Pier expects the acquisition to cause Target to move away from Solaris to Red Hat's Linux over time. Oracle, said Craig Muzilla, Red Hat's vice president for middleware, was very active in the Java Community Process for updating Java and has strived for openness in Java. "We don't see anything from Oracle that [would indicate that] they would do anything" that would differ with the past, he said. One reason is the uncertainty: "We're just not sure what Oracle's commitment is going to be to the Java stack and to maintaining it as an open source project." Another is Oracle's reputation for extracting revenues from customers: "We certainly fear that all of the subscription fees are going to change for everything from Sun." At its recent conference, Red Hat sought to reassure customers about the continued openness of Java-based JBoss technology, which Red Hat owns, now that Oracle is buying Java founder Sun.

Oracle breaks silence on Sun plans in ad

2009-09-11T15:06:00.001-07:00

Oracle Corp. ended it silence Thursday on its post-merger plans for Sun Microsystems Inc.'s Unix systems in an advertisement aimed at Sun customers to keep them from leaving the Sparc and Solaris platforms. Ever since Oracle announced in April its plans to acquire Sun, its competitors - notably IBM and Hewlett-Packard Co. - have been relentlessly pursuing Sun's core customer base, its Sparc and Solaris users. Oracle's ad to "Sun customers," makes a number of promises that includes spending more "than Sun does now," on developing Sparc and Solaris, as well as boosting service and support by having "more than twice as many hardware specialists than Sun does now." Analysts see Oracle's ad as a defensive move that doesn't answer some of the big questions ahead of the $7.4 billion merger with Sun . In fact, there may be a lot of room for skepticism and parsing of Oracle's claims, despite their apparent black and white assertions.

Among the top hardware makers, Sun registered the biggest decline in server revenue in the second quarter, offering evidence that this protracted merger may be eroding Sun's value. Europe is allowing until mid-January to sort this out, which keeps the merger in limbo for another quarter. Oracle wanted the acquisition completed by now but the European Commission this month said it would delay its antitrust review because of "serious concerns" about its impact on the database market. Analysts point out that Oracle's plans to spend more "than Sun does now," may be a little hallow because Sun's spending on developing Sparc and Solaris is probably at a low. "The ad sounds convincing - but perhaps being a word nitpicker, the Sun does now' might not mean much if Sun has drastically cut back due to plummeting sales," Rich Partridge, an analyst at Ideas International Ltd., said in an e-mail. "I think someone at Oracle suddenly realized that Sun was bleeding so badly that what would be left when Oracle finally got control would be worth a small fraction of what they paid and no one would buy the hardware unit," Rob Enderle, an independent analyst, said in an e-mail. But Enderle said the ad's claims do not preclude Oracle from selling its hardware division, and says the company "will have to support the unit for a short time after taking control; during that short time they can easily outspend Sun's nearly non-existent budgets." Gordon Haff, an analyst at Illuminata Inc., said if it was Oracle's plan to start on day one of the merger to shop the Sparc processor around, "would they have put this ad out? Taken at face value, the ad seems to indicate that Oracle will keep Sun's hardware and microprocessor capability and not spin it off, as some analysts believe possible.

Probably not," he said. "Does it preclude Oracle from changing their mind? Indeed, Oracle's major competitive concern was indicated in the ad in a quote by Oracle CEO Larry Ellison: "IBM, we're looking forward to competing with you in the hardware business." No. Companies change their mind all the time." An erosion of Sun's customer also hurts Oracle, because a lot of Sun customers are also Oracle customers, and Oracle doesn't want its existing customer to go to IBM and move away from Oracle's platform, Haff said.

Twitter withstands second DDoS attack in a week

2009-08-13T01:00:00.001-07:00

Less than a week after Twitter was shuttered by a highly publicized distributed denial-of-service attack, the microblogging site was hit by hackers again late yesterday.

This time, however, the Twitter stood up much better to the attack, only going down for about 30 minutes, about 90 minutes less than last week, the company said in a blog post. It added that Twitter personnel are analyzing traffic data to determine the specific nature of the latest attack.

It's so far unclear whether Tuesday's attack is related to last week's hack of the Twitter and Facebook social networks along with other sites. Security experts have said that the earlier trouble was likely politically motivated and targeted a single person, a pro-Georgian blogger identified only as "Cyxymu."

Today, security analysts said they don't yet have enough information to determine whether the two attacks are related.

"We don't know enough about the latest attack to know if it was still targeting the single pro-Georgian blogger, or whether it was another group proving its abilities against Twitter," said Graham Cluley, a senior technology consultant for Sophos. "It wouldn't be eyebrow-raising normally to see a Web site suffer a series of denial-of-service attacks, as quite often they are initiated by cybercriminals in an attempt to procure money out of the victim via blackmail. In other words, they might prove their ability to knock out the site on a number of occasions."

But two take-downs - even if this last one was less dramatic - in one week is not good publicity for Twitter, which has grown rapidly in popularity and has gained a strong foothold among mainstream users along with celebrities like Oprah Winfrey, Lance Armstrong and even two NASA astronauts. And given that companies like Zappos.com and JetBlue have taken to Twittering to boost their business, evidence that the site can't handle such attacks could blunt the interest of other potential corporate users.

Ken van Wyk, principal consultant at KRvW Associates LLC. and a columnist for Computerworld says beefing up Twitter's defenses isn't a job done quickly or easily.

"Is it worrisome? No, it's frustrating and unsurprising, but not really worrisome," he added. "Understand [that the work needed to be done] are infrastructure things that would take a long time to implement. We're talking bigger and faster network pipes, redundant geographic data centers, load balancing, and other massive undertakings. That's not going to happen in a week."

Van Wyk said start-ups too often save time and money by opting not to build their infrastructures to withstand foreseeable problems, including security threats.

"Somewhere along the way, it's likely they decided this type of DDoS attack wasn't a credible threat, or it was not high enough on their priority list to warrant the type of infrastructure investment I'm referring to," he added. "Not many companies need that kind of DDoS protection. It could have been a perfectly reasonable business decision at the time, but has now turned out to be regrettable."

Mozilla patches 11 serious bugs in older Firefox 3

2009-07-23T02:05:00.001-07:00

Mozilla yesterday patched 11 vulnerabilities, 10 of them critical, in Firefox 3.0, the browser that has another few months to live.

The update to Firefox 3.0.12 was the first since Mozilla launched the brand-new Firefox 3.5 at the end of June. As is its practice, Mozilla will discontinue support and stop security updates for the older edition approximately six months after the release of 3.5. It has set Firefox 3.0's "kill date" as sometime in January 2010.

Of the 11 flaws fixed in Firefox 3.0.12 - the same number patched in the previous security update - 10 were rated critical and one as "high" in Mozilla's four-step system. Danish bug tracker Secunia ranked the bunch as "highly critical," it's second-from-the-top tag.

Five of the 11 vulnerabilities are in the browser's rendering engine, a frequent target of Mozilla's patching. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory. It urged users to disable JavaScript if Firefox could not be immediately updated to 3.0.12.

Mozilla also patched critical vulnerabilities in Firefox's use of Adobe Flash, in open-source font-rendering libraries and in several other parts of the browser.

Eight of the 11 vulnerabilities patched Tuesday have already been addressed in the original version of Firefox 3.5, or the update to 3.5.1. that Mozilla rushed out last week to quash a zero-day bug.

It's not unheard of for Mozilla to patch one version of its browser while leaving another temporarily vulnerable. When the company has done that, it has patched the newest edition first, then backtracked to update the older version later, as it did in this case.

Mozilla plans to update Firefox 3.5 again - later this month or early in August - with the patches it had originally scheduled for 3.5.1. "[The] goal of this release should be a quick-turnaround [with] topcrash [and] security/stability patches," Mozilla said in notes published after a weekly status meeting.

Firefox 3.0.12 can be downloaded for Windows, Mac OS X and Linux, but current users can also call up their browser's built-in updater or wait for the automatic update notification, which should pop up in the next 48 hours.

Symantec desktop security software boasts reputation analysis

2009-07-06T16:03:00.001-07:00

Symantec is readying the 2010 editions of Norton Internet Security and Norton AntiVirus, adding to its flagship consumer software a type of malware defense based on what's called reputation analysis.

Traditional signature-based defense "is still there and valid as a last line of defense," says Symantec senior director of product management Dave Cole about the 2010 editions of Windows-based desktop security software out in beta Monday and shipping in the September timeframe for Windows 7, Vista and XP. But signature-based defense, which detects malware through a known match, is a technology under strain due to the enormous explosion in the amount of malware created by cybercriminals. So in the Symantec products, signature-based defense will be working in conjunction with reputation analysis, which decides whether the code is good or bad through statistical sampling and behavioral patterns in order to derive its reputation.

"It's a hybrid," Cole says, comparing the malware-detection methodology in the 2010 security-software products to that of a hybrid car that can use both gasoline or battery power to run.

The reputation analysis capability in the 2010 editions of Norton Internet Security and Norton AntiVirus will rely on information gleaned from a community of tens of millions of Symantec customers. It allows for information about attack data to be submitted anonymously.

"We can use that data to statistically infer what's appropriate," Cole says, pointing to Symantec technology called Sonar II to call out to a cloud-based service to see if there are known signatures related to the code that's been identified as suspicious.Many factors, including who is publishing the code and where the Web site is, come into play to make a decision on what's good and bad. And it's Symantec as the judge in getting ride of bad code.

"If it's bad, it's convicted," Cole says. "We tell the user we made a decision."

If there's reasonable doubt, Cole says, the user will get a "detection alert" as a notification the code appears to be malware so the blocking and eradication process will proceed. The user will have a chance to override in these cases, but it won't be advised.

In addition to this reputation-based feature, Symantec is swapping out its older antispam engine for the BrightMail engine, which is expected to boost spam filtering by about 20%.

In addition to antimalware protection, the Norton Internet Security software includes a firewall, antiphishing and the Identity Safe controls. It will also ship with the client software for Online Family, an interactive cloud-based service that helps parents and children reach agreement on appropriate online activities - and then enforces them through monitoring, blocking and real-time reports, if desired.

That service is free until year-end. Symantec's earlier Parental Controls feature will be retained in the 2010 edition as well.

In addition, the 2010 products for Windows-based machines will include recovery tools that let the user remove any infection by booting outside the operating system that's infected. "It's a scan-and-clean environment," Cole says. "You can scan the system with the latest definitions and remove it."

He added that the 2010 security products will show some of the underpinnings for the reputation data so that the tech-savvy user can learn the nitty-gritty about why an application, uncovered in any particular place, is rated the way it is. That process of displaying reputation-analysis data is expected to increase over time.

VMware: Virtualization frontrunner, part of EMC stable

2009-06-16T03:00:00.001-07:00

Company: VMwareEntry: vSphereMorning Line: 4-1Tip sheet: Virtualization frontrunner, strong storage and management bloodlines as part of EMC stable

If you're visualizing the next-generation data center, 100% virtualized, then VMware more than likely fits into the picture.

The company has taken the idea of a fully virtualized data center to a new level with the latest release of its core virtualization platform, vSphere 4. The company describes vSphere 4, an update from Virtual Infrastructure 3, as a cloud operating system that will let enterprises centrally manage servers, storage and networks as if one big resource.

With this new platform, VMware's core hypervisor should now be able to handle large databases and other more demanding applications. VSphere quadruples the amount of memory available to virtual machines, triples network throughput and doubles the maximum I/O operations to more than 200,000 per second, the company says.

"With Vsphere, customers are realizing they can virtualize every application. And if you can virtualize every application, then you can build a data center model assuming a virtualization layer on top. This doesn't just span one use case, like test and dev, it's something that is a baseline of capabilities that straddle the entire data center," says Chad Sakac, vice president of the VMware Technology Alliance at EMC.

Toward that end, VMware has worked with Cisco and EMC for deep integration of vSphere and the networking and storage infrastructures, respectively. In effect, the result is a network, server and storage infrastructure that is effectively invisible, Sakac says.

From a storage/backup perspective, vSphere includes three new features: VMware Fault Tolerance, which creates a live replica of an application on a different server that can be used in the event of a hardware failure; vStorage Thin Provisioning, which allows less physical storage to be allocated to a virtual machine; and Distributed Power Management, which can consolidate virtual machines onto fewer machines during periods of low usage.

"You wouldn't provision a bunch of terabytes, fill those, and then add more. ... All you do is provision virtual machines, and you say, 'This one is low priority and this one high. This one is going to get this amount of megabytes per second, and this one that amount. This one I want to replicate off site, and this one I don't care.' You create [service-level agreements] at the VMware layer and they'd automatically by applied at the storage layer," Sakac says.

With this type of fluidity in mind, EMC is rethinking its storage strategy top to bottom. For example, it recently redesigned its flagship array, the Symmetrix, Sakac says. The new array, called the Symmetrix V-Max comprises industry standard components assembled into building blocks, each with their own cache memory and I/O. The building blocks perform as a single, virtualized, array.

"We started first with V-Max, but with all of our platforms we'll automatically be able to move where the data lives to be able to deliver more or less performance without the administrator needing to do anything," Sakac says.

Although EMC doesn't often get recognition as a management vendor, the company's management strategy can't be underplayed in the next-generation center, either, Sakac notes. All of its management tools, including ControlCenter for storage and Smarts for networking and application dependency mapping, are integrated not only into the EMC infrastructure but also into VMware's vCenter Server (formerly VirtualCenter) management platform. In addition, Smarts is integrated into the Cisco Unified Computing Platform, Sakac says.

"EMC, VMware and Cisco share a common vision," he adds, noting however that EMC also has partnerships with other next-generation data center players such as Dell and Microsoft.

Fed Up With Twitter Spam? Itâs Going to Get Worse

2009-06-05T05:48:00.001-07:00

As every Twitter user knows, the popular micro-blogging site has become a hot spot for spammers intent on carpet bombing users with the usual pitches for government grants, debt-reduction services, and penile-enhancement pills.

The situation is pretty bad, particularly for naïve users who automatically follow people who follow them. This activity, which many newcomers undoubtedly do just to be polite, opens the door to an onslaught of sales pitches from sleazy marketers.

Here's the bad news: According to a report by Steven Kotler of Fox News, the situation is bound to get worse. Christopher Peri, CEO of Twitfilter, a Web-based app that helps manage income tweets and Twitter followers, says that spammers are getting more sophisticated, and that what we're seeing now is "Twitter spam 2.0."

What exactly does this next-gen Twitter spam look like? Using computers to find keywords and target specific users, spammers are unloading messages into users' timelines. Even worse, these unwanted posts now account for 10 percent of all tweets, Peri claims.

Twitter officials acknowledge they've got a serious spam problem, and they've taken action to fight the plague-albeit with limited success. For months they've been working to reduce the amount of "follow spam," which the official Twitter blog describes as: "...the act of following mass numbers of people, not because you're actually interested in their tweets, but simply to gain attention, get views of your profile (and possibly clicks on URLs therein), or (ideally) to get followed back. Many people who are seeking to get attention in this way have even created programs to do the following on their behalf, which enable them to follow thousands of people at the blink of any eye."

Is It Spam or Not?

The issue of Twitter spam is tricky, particularly since users sign up to receive tweets from marketers. When retailers like Amazon, Dell, and OfficeDepot blast Twitter feeds touting their latest bargains, is that spam? If you've signed up to receive these tweets, probably not. Then again, excessive marketing pitches get annoying fast, and retailers have to be careful not to overdo it.

If you're having problems managing Twitter spam, check out CIO's three simply rules to banish the junk tweets.