US lawmakers investigate telecom 'traffic pumping'

Three high-profile U.S. lawmakers have begun an informal investigation into high access charges that some rural telephone carriers charge to competitors, on the heels of complaints about the practice from Google and some large carriers. In some cases, the rural carriers partner with adult sex chat lines and conference calling services that take advantage of the high access fees to drive traffic to the small carriers, critics say. The letter, from Representative Henry Waxman, chairman of the House Energy and Commerce Committee, and two other leaders on the committee, comes after the U.S. Federal Communications Commission announced last Friday that it was investigating Google for refusing to connect some calls through its Web-based Google Voice service to rural carriers with high access charges. The practice is sometimes called access stimulation or traffic pumping.

An investigation into Google's decision to block calls to carriers with high access charges "must also examine the existing access charge regime and purported abuses of that system," said the letter, also signed by subcommittee chairmen Rick Boucher, a Virginia Democrat, and Bart Stupak, a Michigan Democrat. "Just last month, the Iowa Utilities Board found that eight local exchange companies had engaged in a traffic pumping scheme in which they were providing free calling services for indecent or pornographic content. The lawmaker letters, sent to Qwest Communications International, AT&T, Sprint Nextel, and Verizon Communications, ask the large carriers about the access fees charged by rural carriers and the ways the large carriers are trying to resolve traffic pumping disputes. These companies were attempting to increase access charge revenues by 10,000 percent." Some large carriers have been complaining about traffic pumping for years. AT&T is happy to see Congress interested in the issue, said Michael Balmoris, a spokesman. "We are happy to assist them in their investigation," he said. "We are especially eager to provide Members of Congress with information related to VoIP providers who are still blocking calls with impunity, which is crucial to understanding the scope of the harm to consumers and businesses in rural America." Qwest also said it would be glad to cooperate with the Commerce Committee's investigation. "Traffic pumping is an unlawful practice that has harmed and misled consumers, regulators, and long distance providers like Qwest," Steve Davis, Qwest's senior vice president of public policy and government relations, said in a statement. "Traffic pumping costs American consumers millions of dollars and denies parents the ability to safeguard their children from obscene and inappropriate material." Google, in a statement, said Congress should encourage the FCC to fix access charges rules. "We agree that the current carrier compensation rules are broken," a spokeswoman said. In April 2007, AT&T sent a letter to the FCC, asking the agency to investigate high access fees.

Google has defended its practice of blocking calls to some rural exchanges by saying it's offering a free online service that's not intended to compete with traditional voice service. AT&T has complained that Google is violating net neutrality rules it supports by refusing to connect the calls. Also, Google Voice is only available to a limited number of people invited to preview the service, the company said.

Sneaky Microsoft plug-in puts Firefox users at risk

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week. Numerous users and experts complained when Microsoft pushed the .NET Framework 3.5 Service Pack 1 (SP1) update to users last February, including Susan Bradley, a contributor to the popular Windows Secrets newsletter. "The .NET Framework Assistant [the name of the add-on slipped into Firefox] that results can be installed inside Firefox without your approval," Bradley noted in a Feb. 12 story. "Although it was first installed with Microsoft's Visual Studio development program, I've seen this .NET component added to Firefox as part of the .NET Family patch." What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update. "While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox." The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site.

The usual "Disable" and "Uninstall" buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org . Annoyances also said the threat to Firefox users is serious. "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste." Specifically, the. Microsoft reacted to criticism about the method it used to install the Firefox add-on by issuing another update in early May that made it possible to uninstall or disable the .NET Framework Assistant. NET plug-in switched on a Microsoft technology dubbed ClickOnce, which lets .NET apps automatically download and run inside other browsers. It did not, however, apologize to Firefox users for slipping the add-on into their browsers without their explicit permission - as is the case for other Firefox add-ons, or extensions. According to Microsoft, the vulnerability is "critical," and also can be exploited against users running any version of IE, including IE8. This week, Microsoft did not revisit the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren't able to deploy the patches provided in the MS09-054 update.

How registrars tackle domain name abuse

Cybercriminals worldwide are amassing domain names to keep their botnet and phishing operations a step ahead of authorities America's 10 most-wanted botnets To obscure their tracks, the criminals register the domain names using phony information, pay with stolen credit cards and hack into legitimate domain-name accounts. The target is usually "a consumer in America." Accredited by ICANN for the .info generic top-level domain (gTLD), Afilias helped organize the Registry Internet Safety Group to find ways to improve security. Adding to the problem of domain-name abuse, some rogue registrars often look the other way as the money rolls in. (See related story, "Domain-name abuse proliferates; rogue registrars turn a blind eye")  Today's cosmopolitan criminals might use "a registrar in China and a Web-hosting company in Russia and a registry in Ireland," says Ram Mohan, CTO at Dublin-based registry services provider Afilias. Mohan says Afilias has seen about 250,000 domain names taken down in the past 2.5 years because they were deemed to be maliciously used.

In the past, standard contracts between ICANN and registrars didn't address domain-name abuse head-on. (Mohan estimates there about 2,000 registrars and retail channels for domain names globally today.) But Afilias successfully lobbied to have the standard contracts amended so that stringent actions against domain-name abuse could be taken, he says. At first the registrars Afilias works with were not too happy to see domain names suspended, but many have come around to see the wisdom in taking action to stop perceived criminal activity, he says. Registry services provider Neustar (accredited by ICANN for the .biz gTLD) is also a big believer in tackling domain-name abuse, which after all, hurts the bottom line. Under its contracts with registrars and ICANN, Neustar can proactively say to a registrar, with a full report, "you have 12 hours to take down that domain name or we will do it," he says. Three years ago, Neustar hired a legal team to handle domain abuse questions and set up an internal, isolated networking lab to make determinations to a "near certainty" about a domain name being used for objectionable purposes, says Jeff Neuman, vice president of law and policy at Neustar.

ICANN has a more informal process for trying to curb domain-name abuse, but that may eventually change, Neuman believes. For instance, .cn, the country-code domain for the People's Republic of China, has emerged as a popular choice for domain-name abuse. Many security researchers today are inclined to blame a lot of domain-name abuse on "rogue registrars" around the world that are said to look the other way when dealing with criminals. For country-code top-level domains, each country through a designated organization directly accredits registrars for the ccTLD, though those registrars may also be accredited by ICANN for gTLDs like .com and .info. ICANN says complaints it received related to inaccurate or missing Whois database information and Beijing Innovative - which initially failed to respond to ICANN inquiries in a timely manner - led ICANN to issue the Chinese registrar a "notice of breach" decision last September, and a remediation plan.

Two ICANN-accredited registrars, Beijing-based Xin Net Technology Corp. and Beijing Innovative Linkage, among other registrars based in China, have gained reputations in some circles as rogue registrars because of the large amount of malicious domains being traced to them over the past year. Mohan says it's important do the analysis to understand the source of domain-name abuse, but critics should also consider evidence that Chinese registrars are being targeted because there's a lot of growth in China and "criminals are hiding in that growth." Mohan was in Beijing just a month ago discussing cybercrime for three hours with Mao Wei, the director of China Internet Network Information Center, the state-run registry for .cn, which is under the control of the Ministry of Information Industry. Just this week, McAfee touched on the China question in a report about e-mail spam that found high-volume, Chinese URL-based "Canadian Pharmacy" spam has started getting blocked amazingly fast, something McAfee never saw happen before. Mohan also spent time with Chinese registrars. "The Chinese government is very strongly aware of this problem," Mohan says. This newsletter-looking spam has used about 1,235 domains on .cn each day in fast-flux mode, but it's "getting black-holed as soon as they come in," says Adam Wosotowsky, principal engineer in messaging tactical response at McAfee. Nonetheless, some say it's hard to escape the impression that around the world, there are places where registrars and others providing domain names look the other way.

This countermeasure makes the spam dead-on-arrival with no Web URL to use. "We're guessing it's Chinese government influence," Wosotowsky says, adding he thinks the pharmacy spam is being used to sell pharmaceutical knock-offs out of Hong Kong. Even governments may be ignoring it, as money changes hands in the lucrative domain-name business. "The moment the bad guys find out something is going on, they move from Estonia to Ukraine,'" says Mohan by way of example. "The kingpins aren't identified. There must be advance notice going to these criminals, or compromised law enforcement." It's big money, big business.

Critical Zero-Day Flaw Opens Holes in IE 6 and 7

A newly discovered threat that doesn't yet have any patch can allow for a Web-based attack against up-to-date Internet Explorer 6 and 7 browsers, according to security companies. The site could be a specifically created malicious site, or one that was hijacked and had the attack code inserted. Both Symantec and Vupen Security have posted alerts about the bug, which involves the way IE handles cascading style sheets, or CSS. According to the posts, browsing a Web site with embedded attack code would trigger the assault.

According to Vupen's post, the flaw affects both IE 6 and 7 on a fully patched XP SP3 computer and could allow for running any command on a vulnerable system, such as installing malware. Symantec's post says its tests confirm the published exploit works, but that it "exhibits signs of poor reliability," ie. it doesn't always work. There aren't yet any reports of active attacks, but exploit code is publicly available. An additional e-mail from Symantec says that Vista is affected as well, but Microsoft has not yet confirmed the vulnerability. According to Vupen, disabling Active Scripting in the Internet and Local intranet security zones will block attacks against this flaw, but doing so would likely block Web site functionality as well. Zero-days that affect IE are typically major threats, so attackers will likely begin hiding attacks that target this flaw on compromised Web sites, and spewing out e-mails and online comments with links to sites that contain attacks.

Current reports do not list IE 8 as vulnerable, but Symantec warns that "there are possibilities that other versions of IE and Windows may also be affected." Your best bet may be to use an alternate browser such as Firefox until a patch is available.

AMD settlement won't blunt Intel R&D, exec says

Today's settlement of all antitrust litigation between Intel Corp. and Advanced Micro Devices Inc. should benefit both firms - and shouldn't hurt Intel's R&D operation, Intel CTO and senior fellow Justin Rattner told Computerworld today. "As a legal matter, it only concerned a very small part of the company," Rattner said. "From an R&D perspective, there aren't really any changes as a result of the agreement. For its part, AMD agreed to drop all pending litigation against Intel, including an upcoming case in U.S. District Court in Delaware and two cases pending in Japan. For the legal people at Intel, it's a big change but I don't think the rest of us will be terribly affected." The deal, which settles both antitrust litigation and patent cross license disputes, specifies that Intel will pay rival AMD $1.25 billion . Intel also agreed to abide by a set of business practice provisions. AMD also will withdraw all of its regulatory complaints filed against Intel with government agencies around the world. "It's good for everyone that it's over," said Martin Reynolds, an analyst at Gartner Inc. "These long-term court battles are no good for anybody.

The latest antitrust suit against Intel was filed in federal court last week by the state of New York, which alleges that Intel threatened computer makers, made payoffs and engaged in a "worldwide, systematic campaign of illegal conduct." An Intel spokesman downplayed that lawsuit, contending at the time it was a repackaging of the AMD case. This will make AMD a more attractive target for investors and it's certainly good news for Intel." Reynolds said the settlement could portend that Intel will reach similar deals with other court foes. Therefore, Reynolds suggested, it's likely the AMD settlement will lead to the dropping of the New York lawsuit. "With AMD withdrawing all complaints, it's likely all these suits will dry up," he added. "It will be hard to go forward." The settlement should provide significant benefits to Intel over the long term, Reynolds said. "The $1.25 billion is a downside [for Intel], but that's about it. They won't be in as many courtrooms. Intel can stand down in gathering all this evidence.

They can let go of some of their attorneys." The settlement could also blunt any plans by the U.S. Federal Trade Commission to jump into the antitrust fray against Intel, said Rob Enderle, an analyst with the Enderle Group. And Intel will be able to focus on business and not do brand damage control, discovery, [and the like]," Enderle said. "Like Microsoft discovered, this doesn't necessarily stop New York or the FTC but it removes a lot of the momentum behind those efforts and effectively lowers their priority." Enderle also noted that while $1.25 billion is a lot for Intel to pay out, the settlement is likely less than a court would have forced the company to pay had it lost an antitrust trial. "I was estimating a judgment between $2 billion and $5 billion with penalties so this was a good deal from Intel and AMD needs the money," said Enderle. "[Intel] already looked guilty. The FTC had launched an antitrust investigation into Intel more than a year ago and had been expected to take some kind of antitrust action against the firm soon. "This means AMD will stop pushing on the FTC and states to pound on Intel. This reduces the long-term impact from their actions substantially."

India to set up automatic monitoring of communications

India plans to set up a centralized system to monitor communications on mobile phones, landlines and the Internet in the country, a minister told the Rajya Sabha, the upper house of Parliament, on Thursday. A pilot of the new Centralized Monitoring System (CMS) is to be started by June next year, subject to clearances by other government agencies, Gurudas Kamat, Minister of State for Communications and Information Technology told the Rajya Sabha, according to an announcement by the government's Press Information Bureau. Indian laws allow the interception and monitoring of communications under certain conditions, including to counter terrorism. The CMS will have central and regional databases to help central and state-level enforcement agencies intercept and monitor communications, the government said.

It will also feature analysis of call data records and data mining of these records to identify call details, location details, and other information of the target numbers. It will also have direct electronic provisioning of target numbers by government agencies without any intervention from telecom service providers, it added. The current system used by the government for call monitoring can be easily compromised because of the requirement of manual intervention at many stages, the minister said. The statement by Kamat comes on the anniversary of a terrorist attack on a number of sites in Mumbai, including two premium hotels, a railway station, and a Jewish community center. Interception using the new system will also be instant, he added.

The terrorists are believed to have used mobile communications and the Internet extensively to plan and execute their attacks. Some experts have argued that the government should set up an organization like an ombudsman to ensure that information collected during surveillance is not misused. The government brought into force earlier this year the Information Technology (Amendment) Act 2008, an amendment to an earlier law, which broadened the government's powers to intercept and monitor communications.

Do you know where your employees are working?

It's time for ad hoc telework programs to be brought up to snuff. In some cases, disaster recovery plans have spawned well-structured and documented telework programs. Technology has enabled telework programs to evolve beyond images of people dialing up in pajamas to remote workers tapping advanced collaboration tools that increase productivity and ensure business continuity. But at the majority of companies, there are no formal telework policies in place, even as more and more workers go mobile.

Almost everyone today teleworks in one way or another," says Chuck Wilsker, president and CEO of The Telework Coalition. "Half of the workers know they do it, close to another half don't realize they do it when they check e-mail from a hotel room or a BlackBerry, for instance, and a small percentage of certain types of employees might not do it at all. How to deck out your home office "Telework is not just working from home; it is working from a location that is not the corporate office. But easily 75% of companies don't have official telework policies, despite employees working remotely often, which could be a problem." Here are 10 simple steps that can help organizations advance their telework programs from ad hoc to admirable. 1. Survey employeesThe best place to start when establishing policies for remote work is with employees. Also consider the environment to determine if the type of positions could be supported remotely. "It is critical for an organization to ask employees if they are interested in telework and what they would like to see in such a program," says Cindy Auten, general manager for Telework Exchange. "Such surveys also help to lay a foundation for what degree of telework a company can support. Companies should survey staff to understand who would want to work remotely and why. The responses will help organizations establish a program suited to their employees and work environment." 2. Perform cost analysisThe benefits of telework can range from lessened real estate and power costs for employers to fewer dollars spent commuting for employees.

That's why companies should invest some time upfront understanding how they can save money and increase productivity, experts say. "The main driver for a successful, policy-based telework program is often the cost savings a company can realize," says Lawrence Imeish, principal consultant for Dimension Data. "But companies need to understand how they can save costs, for instance in real estate, and implement the needed steps to achieve those savings." For example, if 10% of the workforce will be working remotely, companies could invest up to 10% less in corporate real estate or cut back on LAN expenditures, and instead invest that capital in technology to support remote work. "Telework can become valuable and strategic if companies follow through with a program from start to finish," Imeish says. "Understanding there could be savings but not changing investment plans could lessen the cost-savings benefit of telework." 3. Get management supportOne would think that positive employee feedback and potential cost-savings would guarantee management support for a remote work program, but telework advocates must secure executive buy-in before moving the policies to the next level. (See related story, "Five signs your telework program is a bust.")  "There are some in management that simply don't buy into telework and can't easily be swayed," Wilsker says. "I have seen successful telework programs come to a screeching halt when new management takes over. But depending on the business, the benefits of implementing a telework program might not immediately outweigh the costs. Take, for instance, AT&T." Program advocates must also provide ongoing updates showing the success or challenges of the telework program, helping to maintain management support. "Businesses change, conditions change. Either can work, but documented policies will help organizations avoid confusion or problems when something goes awry. "Telework is a program, and like all programs, the better it is developed and documented, the better it will work," says Ben Rothke, a New York-city based senior security consultant with BT Professional Services. "Successful teleworking programs don't just happen. Ongoing assessments will help management understand how telework continues to support current business operations," Wilsker adds. 4. Document policiesFor many, telework programs can be as simple as working from home during a snowstorm or as involved as sharing shifts with others and rotating remote work days based on multiple schedules.

They are the results of significant planning, testing and training." Documentation also can help avoid upset when employees and cultures clash over remote workers. Companies must pick and choose which workers are eligible, communicate it clearly and keep it documented to avoid future upset over restrictions," Dimension Data's Imeish says. 5. Acquire technologyGranting permission to work remotely isn't going to guarantee a successful telework program. Not all jobs are suited for remote access, and companies need to establish clear guidelines regarding which positions can support telework and how often. "A prison guard obviously cannot be a teleworker. Remote workers will also need the tools and technology to enable them to work productively in other environments and collaborate with co-workers as though they were sitting in the next cube. (See related story, "Secure telework without a VPN.")  Instant messaging, e-mail, Web cameras, video conferencing and Web conferences are a few collaboration tools that could enable remote workers to operate as though they were in the office. For instance, instead of having employees use whatever they find, companies should select a few options for home workers and mobile workers.

And technologies such as routers that enable home workers to segregate corporate and personal traffic can help reduce security risks and speed helpdesk calls. "Home users with their kids on the same link could actually become quite the nightmare for support," Imeish says. "You can't just send people home to work without providing them the right tools to be productive and to mitigate risk to the company." It can also help to standardize on technology. Employees can choose from the options, which will enable the company to better secure its environment and helps support teams to more easily address remote worker issues. "You don't want users tapping any technology they have. Also be sure to establish early who pays for the home office equipment or the local broadband connection, Wilsker adds. To make telework successful, companies should standardize on VPNs and encrypted tunnels, for instance." Imeish says. Companies could offset costs with telework, but employees should not be incurring additional costs because they agree to work remotely. "It's not a case in which the employee pays to work from home. In the same vein as segregating traffic and determining eligible positions, companies must understand what information employees have access to and ensure if working remotely the data is always secure. "Are the files secure in the remote location or are they lying around someone's house?

Organizations need to establish the rules for who pays for what and how much is in the budget for telework technology," he says. 6. Secure dataCorporate intellectual property and client data, for instance, also need to be considered when moving work outside of the office. Is the employee logging out of secure systems or leaving applications open?" Telework Exchange's Auten asks. "There are too many stories of laptops gone missing with critical data already. Learning remote access technologies and understanding security policies are just two reasons organizations should require employees who wish to work remotely to complete telework training programs. "Employee screening and training – including managers that may not know how to manage remote workers – should be mandatory for those involved in the telework program" Wilsker says. "Understanding how to communicate and keep the lines open is essential for telework to succeed. Companies must set strong security policies and ensure they can be enforced." 7. Require trainingJust as employees often must be trained on a new phone system or e-mail application, experts advise companies to mandate telework training. Training on collaboration tools and the policies around staying in touch with the office is critical." Companies can even offer a resource guide of sorts for those employees who telework.

Some kinks might need to be worked out and employees re-trained over time," she says. 8. Measure employee performanceTo ensure employees remain productive when they're remote, companies can baseline worker output prior to telework and measure performance following the transition. Create a checklist for employees to follow daily, weekly and monthly to keep the program on track, Auten adds. "When organizations are supporting telework, they should review the program on a regular recurring basis. While some managers might measure work by attendance, experts say there are better metrics to understanding how much gets done outside of the office. "If a company is focused on output rather than process, they are going to care about presence," Imeish says. "But it can be a difficult premise to overcome." For instance, instant messaging programs can be configured to show when users are idle, but if that feels too Big Brother for some organizations, policies can be used to prove presence – remotely. "Managers can require workers check in at certain times, provide work progress updates and show results," Imeish says. "It's best to define success criteria upfront and measure results as you go. While many in management might worry about under-achieving workers, experts says often the opposite happens. Companies should get a little bit more productivity out of telework." The productivity responsibility doesn't just fall to employees either.

Auten says managers must be in tune with employee performance and try to help them sustain a work-life balance, despite being able to work 24-7. "Managers have to be very accountable for their employees' work output. Because many remote workers also take advantage of flexible schedules, support might not be readily available at all hours. "IT needs to know what people are working remotely and where. Telework requires a work-life balance, and a program can go south if employees aren't stepping away from their desk to take lunch or logging off at a reasonable hour," she says. "Telework can quickly lead to employee burnout if a balance is not established." 9. Provide supportNot only does the remote work require technology to succeed, but helpdesk teams need to understand who works off-site and how to best support their needs. There will be different time zones and different work habits they will need to deal with, which could be seen as more work for support, but shouldn't," Wilsker says. "Insufficient tech support could hamper telework. Telework programs can leave employees feeling left out of the team, which is why program advocates must be sure to incorporate cultural needs into their plans. "Technology can bridge the intimacy gap employees experience with telework to a certain degree. Be transparent with IT so they can understand how to meet the needs of remote workers." 10. Cultivate work cultureRemotes workers want to feel connected to their companies, despite being located elsewhere.

It won't feel like they are in the office, but use video conferencing or inexpensive Web cameras to keep employees from feeling isolated," Imeish says. "If you can't help employees feel like part of a team, telework could result in turnover." Do you Tweet? Follow Denise Dubie on Twitter

Microsoft greasing Windows 7 skids with early release of desktop tools

With the hope of sparking Windows 7 upgrades, Microsoft is planning an early release of its suite of desktop deployment tools.  The tools were originally slated to ship in early 2010, but Microsoft hopes to give customers the software in late October for use in rollouts of Windows 7 across corporate desktops. The news of the early release was announced by Ran Oelgiesser, senior product manager for MED-V, on the MDOP blog. The catch is that the Microsoft Desktop Optimization Pack (MDOP) R2 2009 is only available to volume licensing customers with Software Assurance contracts.

Slideshow: Snow Leopard vs. All the tools in MDOP R2 2009 will include support for Windows 7 except MED-V. Support for the new OS in MED-V 1.0 SP1 will come early in 2010, wrote Oelgiesser. Windows 7 Windows 7 is slated to ship to commercial customers on Oct. 22, but corporate users with volume licensing contracts have had access to Windows 7 since last month. MED-V runs multiple versions of Windows or applications concurrently without having to open multiple virtual machine sessions. The suite is a major part of Microsoft 's Optimized Desktop strategy, which addresses centralized management and deployment of physical and virtual resources.

The software complements another MDOP tool called App-V, which is used for managing and deploying virtual PCs. The MDOP lineup also includes Asset Inventory Service; System Center Desktop Error Monitoring; Advanced Group Policy Management (AGPM) for change management via group policy objects; and the Diagnostics and Recovery Toolset, which helps in recovering a crashed PC. MDOP is composed of software from Microsoft's purchases of Softricity, Kidaro, AssetMetrix, Winternals Software and DesktopStandard. According to Oelgiesser, App-V 4.5 SP1 will have various integration points with 32-bit versions of Windows 7, including with the AppLocker, Branch Cache and BitLocker ToGo features. The 64-bit version, App-V 4.6 will be available in the first half of 2010. Advanced Group Policy Management 4.0 features two new capabilities targeted at Windows 7. One allows users to manage group policies across different domains, and the other provides new search and filtering to ease tracking of group policy objects. In addition, the software will support 32-bit version of XP, Vista and Windows Server. Follow John Fontana on Twitter 

Dell-Perot Deal Spells Trouble for Tier-Two Outsourcers

The consolidating IT services market contracted a bit further on Monday with Dell's announcement that it will acquire Perot Systems for $3.9 billion. The fact that Dell paid nearly a 70 percent premium on Perot's stock price to seal the deal confirms "the value of integrating hardware and services for infrastructure management is clearly gaining momentum," says Peter Bendor-Samuel, CEO of outsourcing consultancy Everest Group, which counts both Perot and Dell among its clients. The Texas twosome can hardly match the scale of HP or IBM on the outsourcing front-Perot brings just $2.7 billion in services revenue to the table-but the matchup is clearly made in their image.

It also suggests, he adds, that the size of outsourcing/hardware companies will continue to increase in importance. But Dell, struggling as a hardware manufacturer at a time when infrastructure sales are slow, wants in on the outsourcing business, even if it takes several acquisitions to do it. "Perot's capabilities are focused on a few geographies and industries, which Dell will need to grow or complement with other acquisitions to attain greater scale to compete head-on with the likes of HP and IBM," says Bendor-Samuel. [ Related: Dell Perot Deal: Big Price Tag, Small Industry Impact and FAQ: What the Dell-Perot Merger Means for the IT Industry. ] Neither company is likely to be too worried about the competition at this point. While Perot operates in some high-interest industries-most notably healthcare and government services-its footprint remains relatively small. It's more likely that Dell-Perot will make inroads on smaller deals. "Dell and Perot Systems can exert pressure in this sector, and if played right, could see their market share increase in the midmarket in both products and services," says Stan Lepeak, managing director at outsourcing consultancy EquaTerra. India-based providers who've been attempting to ramp up their infrastructure offerings "must continue to find ways to grow and reach meaningful scale," says Bendor-Samuel. As such, it's the tier-two players that will be watching the Dell-Perot deal closely.

Meanwhile, traditional IT services players who've yet to walk down the aisle with a hardware vendor-such as ACS, CSC and Unisys-may be wondering how wise it was to stay single. "They will be asking themselves how they can grow in the infrastructure space to meet the increased threat posed by the integrated hardware and services offerings of IBM, HP, and now Dell," Bendor-Samuel says. While Dell may be eager to keep Perot clients-and their relatively healthy profit margins-existing customers should proceed with caution (See Five Steps to Take if Your Outsourcer is Sold.) Specifically, clients should assess any impact the deal has on non-Dell hardware options, Lepeak advises. As for integration issues, Dell and Perot may have an easier go of it than most. "Good cultural alignment, close physical proximity for key leaders, and the absence of an entrenched services business at Dell-together with the obvious convergence around the value of Perot as a hardware channel for Dell and Dell as a lead generator for Perot-should make integration much faster and less painful than is the norm for deals of this scale," says Mark Robinson, EquaTerra's chief operating officer. Those most worried about the Perot deal are Dell customers working with other outsourcers. "While growing the legacy Perot Systems' client base, Dell must use caution not to alienate hardware clients who are using other service providers for outsourcing services," says Lepeak.

Apple to launch tablet in February 2010, asserts new report

Apple will launch a tablet-style device sporting a 9.6-inch display in February 2010, according to sources cited by a Taiwanese Web publication today. The tablet will feature the 9.6-inch screen, the multi-touch user interface made famous by the iPhone and iPod Touch, and a processor created by P.A. Semi, the Santa Clara, Calif. microprocessor design company that Apple purchased over a year ago . Apple's device will also reportedly include a HSPDA (High Speed Download Packet Access) module. The Taiwan Economic News said industry sources have claimed several component suppliers are building parts for an upcoming Apple tablet computer, which will launch in about five months. HSPDA is the 3G cellular data protocol used by AT&T in the U.S.; AT&T is currently Apple's exclusive carrier partner in the United States.

Verizon uses the EVDO Rev. T-Mobile, which is an Apple partner in Germany and Austria, also uses HSPDA in the U.S. If true, it would put the brakes on rumors that Verizon , which has supposedly been in talks with Apple, will replace AT&T on the computer maker's A-list. A (Evolution-Data Optimized) data protocol instead. Talk of such a device, which some analysts have dubbed an "iPod Touch on steroids," has been both brisk and long-running. The selling price for Apple's tablet, said the Taiwan Economic News 's sources, will be between $800 and $1,000. This is far from the first time that tales of an Apple tablet have been told.

In May, for example, Wall Street analyst Gene Munster, of Piper Jaffray, used circumstantial evidence and checks with Asian component suppliers to bet that Apple would release a $500-$700 tablet next year. By now, although the continuing chatter makes some sense, it's getting harder to swallow the gossip, said Ezra Gottheil, an analyst with Technology Business Research who covers Apple. "It makes sense, it hangs together, sure," said Gottheil today. "But I'm starting to think that this is just a bunch of people believing each other, or maybe even an Apple disinformation campaign." What struck Gottheil today was the specificity of the report out of Taiwan. "The sources named the companies and they named the components," he said. "That's not how Apple does business." Rather, Apple goes to great lengths to make sure its suppliers keep mum about the work they're doing for the company, Gottheil maintained. "The signs are there that it makes sense for Apple to be doing something in the 'bigger than an iPod Touch' space, but I'm not sure this report adds any evidence to those signs," Gottheil said. "It's almost starting to look like people [are] just playing with the idea or even having fun with it." Tablet rumors picked up significantly just prior to Apple's annual developers conference in early June, but analysts then predicted - correctly, as it turned out - that the company would not unveil such a device at the time.

ITU Telecom World expo shifts in response to economic crisis

The ITU Telecom World exhibition has returned to Geneva after a visit to Hong Kong in 2006 - and has brought many Asian exhibitors back with it. The booths of China Mobile, ZTE and Datang Telecom Group loom over the entrance to the main hall, alongside those of NTT DoCoMo and Fujitsu, while upstairs Huawei Technologies and Samsung Electronics booths dwarf that of Cisco Systems, which has more meeting rooms than products on display. "Ten months ago, people were urging us to cancel the event," said Hamadoun Touré, secretary-general of the International Telecommunication Union, which organizes the exhibition and the policy forum that runs alongside it. There are also signs that the way some companies are using the show is shifting. The pessimists feared that the show would attract neither exhibitors nor visitors, as companies slashed marketing budgets and cut back on business travel in the midst of the economic downturn.

The ITU still expects 40,000 visitors at this year's show; 82,000 turned up at the last Geneva event, in 2003. This year, around half the show is occupied by national pavilions: Saudi Arabia has the biggest, followed by those of Spain and Russia. While the show is noticeably smaller than previous editions - it only occupies Halls 2, 4 and 5 of the sprawling seven-hall Palexpo exhibition center, with some yawning gaps between stands, Touré is satisfied. "It's a good show, despite the crisis," he said. Other European nations, including Belgium, France and the U.K., also have pavilions, but by far the most numerous are those of the African nations: Burundi, Egypt, Ghana, Kenya, Malawi, Nigeria, Rwanda, Tanzania and Uganda. The biggest company stands are those of the Asian network operators and equipment manufacturers, with the U.S. and Western European countries keeping a low profile. Microsoft and IBM have booths, but you'd barely notice.

This domination of the show floor is not down to size alone: It's also about tactics. There were actually only three of them, but their effect was magnified by loud music and the multiple video walls on the booth. Russia deployed what looked like an army of violinists dressed mostly in sequins on its stand on Monday. China Mobile has taken a similar route, with the logo of its 3G mobile brand, Wo, swirling and pulsing hypnotically across the walls and even the ceiling of its booth. Similar exhibits fill the stands at NTT DoCoMo and Samsung.

ZTE has taken a more traditional route, with glass cases full of mobile phones, modems and cellular base stations. On the Cisco booth, there are almost no products to be seen - unless you count the looming bulk of one of its TelePresence systems, linking the booth in high resolution to similar systems around the world. This shows images of the products that can be rotated on screen to examine them from different angles - and even measured or dismantled so that prospective buyers can figure out whether they would fit in their data center. Other elements of the Cisco product range are present virtually thanks to another screen, supplied by Massachusetts-based Kaon Interactive. Like Secretary-General Touré, Cisco faced a crucial decision last year about whether to maintain a show presence in Geneva. "One year ago, it wasn't clear how many customers were going to make this trip," said Suraj Shetty, the company's vice president of worldwide service provider marketing.

That's why the rest of the stand is given over to meeting rooms. "Our focus is on customer intimacy," Shetty said. However, the company realized that "this could be used as an opportunity to shift how we get contact with customers," he said. Carrier Ethernet specialist Ciena has taken a similar approach. Like Cisco, it prefers to show products virtually, rather than physically. "Computer graphics and touch screens are more effective in these cases. Its stand, close to Cisco's and even more discreet, consists entirely of meeting rooms. That's the trend," said Ciena CTO Stephen Alexander.

If you're buying bulky network or data center infrastructure, then don't expect to kick the tires at a trade show next year - although you might be able to click on them, on the booth's screen or your own.

Russian WiMax operator eyes GSM handover, WiMax 2 tests

Russian WiMax operator Yota will soon begin offering its customers a WiMax terminal that can make VOIP calls - and hand them over to a GSM network when the caller wanders out of the WiMax coverage area. However, that device cannot be used to make VOIP (voice over Internet Protocol) calls. Last November, the company introduced a terminal from High Tech Computer (HTC) that can make calls over GSM (Global System for Mobile Communications) networks and connect to WiMax data networks.

Yota President and CEO Dennis Sverdlov showed a prototype of the new GSM phone with VOIP-over-WiMax at a news conference on the sidelines of the ITU Telecom World exhibition in Geneva on Tuesday. It was in 2006 that Samsung first announced plans to release a dual-mode GSM-WiMax phone. Sverdlov refused to name the manufacturer of the prototype, but it was engraved with the words "not for sale" and a MAC address beginning with the code 00:1B:98, which identifies devices manufactured by Samsung Electronics. Samsung supplies Yota's network infrastructure, and on Tuesday the companies also announced they have begun testing WiMax 2.0 network equipment, based on the IEEE's 802.16m standard. Yota plans to put the first WiMax 2.0 units into service by the end of next year, a rapid rate of development for a company that only began offering service last year. The companies expect it to operate up to four times faster than the current generation of WiMax products, which are based on the IEEE 802.16e standard.

Initially the service was free, with the company finally winning a license to operate commercially in June. Three of those, like Ufa, have a population of around 1 million, while the fourth is Sochi, the host city for the 2014 Winter Olympics, said Yegor Ivanov, Yota's director of business development. It operates in three Russian cities, Moscow, St. Petersburg and Ufa, and is deploying its network in four more cities. The company hopes to offer service in 180 Russian cities with a population of over 100,000 by the end of 2012, he said. The company is also expanding abroad, having just won licenses to operate WiMax networks in Belarus, Nicaragua and Peru.

Yota will install around 20 base stations in each city, depending on the terrain, and aims to sign up around 5 percent of the population within its coverage area. Yota expects to have a trial network in the Nicaraguan capital of Managua in operation by December. Although Nicaragua is poorer than Russia, Yota's existing subscription rate of US$28 a month for unlimited data with no speed cap will seem good value to Nicaraguans, he said. That will consist of just 10 base stations because the city is very flat, said Ivanov. That's because today they pay around $60 a month for a 3G (third generation) mobile data subscription at 1M bps (bits per second) with a limit of 2GB of data.

Still no Internet or SMS allowed in China's Muslim region

Nearly four months after deadly ethnic riots in China's Muslim region led authorities to shut off the Internet there, local residents are still barred from sending text messages and getting online. The rioting between Uighurs, a mostly Muslim minority group native to Xinjiang, and Chinese Han, the country's ethnic majority, also led China to block various social networking Web sites nationwide. The clampdown on telecommunication in China's western Xinjiang province, where rioting claimed nearly 200 lives in early July, has hurt local businesses and cut residents off from many nongovernment sources of news and other information.

Twitter, similar Chinese services and Facebook all remain inaccessible in the country. Observers have cited a series of sensitive anniversaries this year as a reason for the blockages, but those dates, including China's 60th anniversary of communist rule on Oct. 1, have passed. "The unfortunate truth is that the Chinese government can impose and sustain this kind of Internet service disruption ... for as long as it feels it's necessary," said Phelim Kine, a researcher in Hong Kong for New York-based Human Rights Watch. "The government is impervious to concerns from the business sector and certainly those of ordinary citizens." Some companies have been allowed to communicate via a regional network in Xinjiang, said the marketing manager for one local company when reached by phone. China has blamed communication on such Web sites for helping lead to the riots, which were sparked by an ethnic brawl in far-away southern China. The manager predicted that regular Internet access could return in around one month. "It's relatively calm on the streets of Xinjiang now," he said. The owner of another online store, which sells dried fruits, nuts and other snacks, said she did not know of any regional network in Xinjiang. The manager's company, which sells make-up and other cosmetic products online, is one of many that have had to relocate staff outside of Xinjiang to continue operations, he said.

Most of the store owner's staff remain in neighboring Gansu province, she said. China has given little sign of when it will lift the Internet restrictions but said it will gradually do so as Xinjiang stabilizes.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers. Aardvark Mobile actually arrived in the App Store nearly a week ago.

Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered. The iPhone version of Aardvark works much the same way.

The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said. In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app.

Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

Defunct airport fast-pass program may be revived

Tens of thousands of subscribers to a registered air traveler program, who were left feeling scammed when the company offering the service abruptly went out of business, may soon get a break. Subscribers to the Clear service, some of whom had signed up for two years or more of service just before VIP went out of business, will be offered a chance to continue their subscriptions after the deal goes through. A new investment group based in California has signed a letter of intent with Morgan Stanley, the defunct company's largest debt holder, according to the New York Times . Under a proposed plan, the investment firm will be allowed to buy the assets of Verified Identity Pass Inc. (VIP) and restart the Clear fast-lane security service, the Times reported, quoting the owner of the Emeryville, Calif.-based investment banking firm, Henry Inc. If an individual chooses not to, any personal data on that individual that had been collected by VIP for Clear, will be permanently destroyed, the Times said quoting the investment banker.

VIP was one of seven companies approved by the Transportation Security Administration (TSA) to operate a registered traveler program, which lets air travelers get through airport security checks faster. The news is likely to provide some comfort to thousands of customers of VIP who were left in the lurch when the company in June abruptly announced it could no longer offer the Clear service because it had run out of cash. It offered the service at 21 major airports, including New York's John F. Kennedy International Airport, La Guardia, Boston's Logan International and Atlanta's Hartsfield-Jackson airports. To sign up for VIP's Clear service, customers had to submit to background checks and provide identifying information, including Social Security and credit card numbers, home address, date and place of birth, phone numbers and driver's license number. More than 200,000 customers had signed up for the service when the company went out of business.

They also had to provide fingerprints, iris scans and digital images of their faces. The company made matters worse by hinting that it would sell the data it had collected to fulfill its debt obligations. VIP's decsion to shut the service raised concerns about the fate of the data that had been collected by the company. Many participants were left feeling scammed when VIP announced that it couldn't refund their subscriptions because it had run out of money. The motion was in response to a lawsuit brought by concerned customers.

Days after the company's closure, the chairman of the House Committee on Homeland Security asked the TSA to ensure that all information collected by VIP was properly protected and destroyed . In August, a federal judge in New York issued an injunction prohibiting VIP from selling, transferring or disclosing to any third-party the data it collected while operating the Clear service. The injunction, however, was later lifted on a technicality. For the moment, the purchase does little to alleviate the major complaint in the lawsuit, which is that VIP's customers didn't get a refund from their subscriptions. "That is something that they are entitled to regardless of whether or not other companies" purchase VIP, he said. Todd Schneider, an attorney with Schneider, Wallace, Cottrell, Brayton, Konecky LLP, a San Francisco law firm representing one of the parties in the lawsuit, today said he was unclear on the ramifications of the reported purchase of VIPs assets by the investment banking firm. A hearing in the case has been scheduled for Oct. 16, where Schneider plans to again ask the judge to bar VIP from selling its data assets to any third party.

News of the proposed purchase comes as the House Committee on Homeland Security is scheduled to hold a hearing today on the future of the registered air traveler program.

Twitter Adds Lists to Help You Get Organized

Twitter is testing a feature that makes it easier for you to organize the people you follow, by grouping them in lists. Get Organized Twitter is a great way to find out what people are talking about by following popular topics, finding people with common interests, or connecting with popular celebrities, athletes, or even your favorite product brands. Twitter has also added a social networking spin on the new feature, called Lists, that makes it easier for other people to see who you're following and subscribe to their feeds as well.

The problem is, once you're following more than a few hundred people, the endless stream of 140-character messages becomes unmanageable and the value of following so many people for news and information becomes lost. You can create a list for tech news, sports-related tweets, co-workers, college friends, and so on. Twitter's Lists feature will help you drill down into the wide range of people you're following and organize your incoming tweets by type. Once your list is created, it will sit on your profile page where other people can take a look and choose to follow all the people on your list or navigate to individual profile pages to check out specific people you're following. Besides, for the more private types there are options for creating lists already.

Lists Alternative If you want to keep your lists private, Twitter will let you do that too, but that sort of defeats the public nature of Twitter. Desktop clients like Tweetdeck and Seesmic Desktop have features (called Groups and Userlists, respectively) that let you organize your followers into separate columns. Lists will also be available in the Twitter API, meaning third-party clients can add the functionality to their applications. These applications also have the added advantage of incorporating other social networks into your feeds including Facebook and MySpace (Tweetdeck only). Twitter is currently testing the Lists feature with a small group of users, and says the new feature will be rolled out soon to all Twitter accounts. Twitter has been on a roll lately with adding new features.

In August, the micro-blogging service announced it plans on rolling out an opt-in geolocation service and an improved method for 're-tweeting' or reposting messages created by other users.

HDTVs, Blu-Ray Players Push Web Connections

Connected TVs, set-top boxes, and Blu-ray Disc players aren't new, but they continue to make new connections with Web sites and services, from YouTube and Netflix to Amazon and Internet radio sites. Some offer a lot more than others, but all are building up their portfolios of Web video and interactive services. The definition of "connected" varies widely between consumer electronics vendors.

Some of the newest entries were on display last week at the CEDIA (Custom Electronic Design and Installation Association) event in Atlanta. Available on networkable Bravia sets, the video service will also appear on a new networkable Sony Blu-ray Disc player, the BDP-N460, which will ship later this fall priced under $250. (Sony Bravia TVs also offer Web content such as stocks, weather, and Twitter, via their Bravia Widgets.) LG Electronics, meanwhile, announced the addition (via a firmware upgrade later this month) of the Vudu on-demand service to the Netcast Entertainment Access service on its $399 BD390 Blu-ray Disc player. Sony, which already offers movies, TV shows, and music from some two dozen partners, including Amazon movies on demand, Slacker radio, and YouTube, announced that it will add Netflix to its Bravia Internet Video lineup later this fall. The service already offers access to CinemaNow, Netflix, and YouTube content. And Samsung's networkable Blu-ray Disc players, including the BD-P1600, BD-P3600, and BD-P4600, will add YouTube access to the existing Pandora and NetFlix services.

Samsung's Internet@TV service, which already had a dozen Yahoo widgets, now offers on-screen access to Rallycast fantasy sports applications, including Facebook messaging and access to team stats. Pioneer, meanwhile, demo'd a new platform for connected electronics. The prototypes at CEDIA featured everything from video-on-demand services to backup. Code-named Project ET, it is designed to allow device designers and/or consumers to choose the content and services they want by clicking on menu buttons in the service's Web portal. Pioneer officials said the platform could exist on a set-top box of its own or on a Blu-ray Disc player or other networkable device (one demo setup featured a Blu-ray player with 1 terabyte of built-in storage. The company hopes to show a product based on the platform within the next few months.

Start-up releases uber-fast, efficient enterprise-class SSDs

Pliant Technology Inc. today released its first series of enterprise-class solid state disk (SSD) drives based on a proprietary ASIC design that the company claims can handle - without using any cache - more than twice the input/output operations per second (IOPS) as the top competitive drives. The 3.5-in. drive can produce up to to 500MB/sec sustained read or 320MB/sec write rates and the 2.5-in. up to 420MB/sec read and 220MB/sec write rates, Pliant said. "Put it on a log application and write to it as hard as you want for five years - it will run 24/7 for at least that long," said Greg Goelz, vice president of marketing at the three-year-old startup. The first two two enterprise flash drive (EFDs), the EFD LS and EFD LB models, are 3.5-in. and 2.5-in. drives that can produce up to 180,000 IOPS and 140,000 IOPS respectively. Pliant also claims there is no limit to the number of writes that can be performed to the drive and that it will work without slowdown for at least five years.

In an enterprise environment, that's one of the major concerns: The wear out of the SSD." Most enterprise-class SSD companies today use Fibre Channel connectivity. The drives are aimed at equipment manufacturers such as EMC Corp., Hewlett-Packard Co., Hitachi Data Systems and Sun Microsystems Inc., the company said. "They're able to claim some pretty solid performance numbers on read and writes and they're also able to claim unlimited program and erase [write/erase] cycles," said Joseph Unsworth, research director for NAND flash semi-conductors at Gartner Inc. "That's big. Pliant's first products use serial-attached SCSI (SAS), which most industry observers believe is the interconnect of the future for servers and storage arrays. "You don't want to saturate your [server] CPU cores and then find out we have this great SSD but the bottleneck is now the interface," Unsworth said. "It's all about speed." SAS currently supports 6Gbit/sec data transfer speeds and its roadmap indicates 12Gbit/sec rate by by 2012. Fibre Channel drives are currently capable of 4Gbit/sec data transfer speeds, and while Fibre Channel switches and interface cards are now emerging with 8Gbit/sec speeds. STEC Inc., the top provider today of enterprise-class SSDs, recently announced its own SAS model. SAS is eclipsing those speeds at the device level. "Six gigabit SAS in terms of data throughput is going to be the performance leader," said Jeff Janukowicz, a flash memory analyst with IDC in Framingham, Mass.

But even that next-generation product produces a maximum of 80,000 IOPS compared with Pliant's 180,000 IOPS. Pliant's SSD controller architecture is not vastly different from those of other high-end SSD manufacturers. The drives are configured as RAID 0 for increased performance and the controller. It has twelve independent I/O channels to interleaved single level cell (SLC) NAND flash chips from Samsung Corp. Most enterprise-class SSDs today also use a general purpose field programmable gate array (FPGA) controllers as opposed to Pliant's custom controller, which is programmed specifically to address SSD issues, such as wear leveling (spreading writes more evenly throughout the memory) and write amplification (reducing the number of operations required for a write), according to analysts. Also, the lack of any DRAM cache, which can store data writes more quickly, laying them down on the NAND flash chips during non-peak performance periods, is also unique to Pliant's enterprise-class product.

Also unique to Pliant's controller is the use of a triple redundancy error correction code algorithm to ensure that meta data - which is used to locate data on the drive - is saved even if two copies of it become corrupted. Some of today's more popular server-class SSDs, like those from Intel, use serial ATA interfaces, which has a half-duplex interface as opposed to SAS, which like Fibre Channel, is full duplex. Single-port half-duplex allows for one or the other. The difference between the two is that full duplex is dual ported, allowing for reads and writes at the same time. Pliant, based in Milpitas, Calif., released its new SSDs for beta testing last year and plans to make them generally available later this month. And, based on Pliant's claims, they see to have addressed many of those important issues." The company refused to release a suggested retail price for the drives.

The company raised $15 million in Series C funding in March, which was used to ramp up production of the SSDs, the company said. "I think with Pliant's announcement we're starting to see some of the true promises of SSD coming to market," Janukowicz said. "A lot of these applications are demanding, mission critical, 24/7 applications and they require high reliability, efficiency and predictable performance. However, it did note that the drives will be more expensive than Intel's X25-E SSD , which sells for $780 for a 64GB SATA model, and less expensive than STECs Zeus SSD , which sells for about $6,000 for a 73GB Fibre Channel model.

Microsoft offers tools for secure app development

Microsoft is introducing on Wednesday two testing tools to help Windows programmers build better security into their C and C++ applications, but an industry analyst was dismissive of how useful the tools would be for enterprise developers. It also verifies use of strong-named assemblies and up-to-date build tools. "Essentially, what it does is it checks for a variety of SDL requirements like GS flag, which is used to prevent buffer overflows," said David Ladd, principal security program manager for the security development lifecycle team at Microsoft. Offered at no cost, the tools enable implementation of Microsoft's SDL (Security Development Lifecycle) process, for injecting security and privacy provisions into the development lifecycle as opposed to testing during pre- and post-deployment of an application. [ Last week, Microsoft revealed some features planned for its upcoming Silverlight 4 application technology. ] One of the tools, BinScope Binary Analyzer, analyzes binary code to validate adherence to SDL requirements for compilers and linkers. Buffer overflows enable hackers to take control of an application, Ladd said. "To the extent that you can prevent those at compile time, that's a good thing from a security standpoint," he said.

The second tool, Microsoft MiniFuzz File Fuzzer implements the fuzz testing technique. The tool requires symbol files, providing security against hackers potentially using the tool to analyze software on the Web for weaknesses. Testers check application behavior by parsing files that have been deliberately corrupted. An analyst, however, doubted that enterprise developers would have much use for the tools. Security tests are applied to take code through different flow patterns and identify whether resulting crashes should be investigated as potential application security risks. "If you find a file failure and it has security ramifications, you want to go out and fix that problem," Ladd said.

These developers are more likely to be using Java and .Net managed code technologies with Visual Basic. Corporate developers also do not generally develop applications for open files, which is what the fuzz-testing tool is used for, he said. "There isn't much of a story for enterprises for these tools themselves," Gualtieri said. "These tools are more helpful for systems and software vendors than they are for most enterprise IT shops," he said. Net and C# rather than C or C++, said Michael Gualtieri, senior analyst at Forrester Research. By releasing the tools, though, Microsoft continues to demonstrate its commitment to making the SDL process real for developers, said Gualtieri. Microsoft previously has released a threat management tool and process management template based on SDL. Microsoft on Wednesday also is releasing a paper entitled "Manual Integration of the SDL Process Template," to guide Microsoft Visual Studio Team System users through a manual process to incorporate elements of the SDL process template into Team System projects. A Microsoft representative said many of the checks featured in BinScope Binary Analyzer are inherently built into .NET coding.

The tools and paper can be accessed through this Web page.

Intel announces storage- and communications-specific processor

Intel Corp. today announced it will be shipping an enhanced version of its dual-processing Nehalem Xeon chip that is aimed specifically at the data storage and communications market with the ability to natively create RAID and is integrated with PCI Express (PCIe). The processors, due out in December, are aimed at applications such as ultra-dense blades, IPTV, VoIP, network-attached storage (NAS) and storage area networks (SAN). debuted its new Nehalem-based Xeon microprocessor code-named Jasper Forest in April. Intel said the enhanced processor lowers system power consumption by 27 watts when compared to the Intel Xeon 5500 series and it integrates two Jasper Forest processors with 16 PCIe Generation 2.0 lanes each and is paired with the Intel 3420 chipset platform controller hub. The new Jasper Forest processors are capable of configuring storage as a RAID 5 or 6, protecting against single or dual disk failure, respectively. "Nehalem cores are quite powerful, but customers still want to be able to offload storage functions to a core, especially when you get down into two-core and single core versions of processors, really simplifies the architecture," said Seth Bobroff, general manager of Intel s Server Platforms Group. This integration of the I/O hub via PCIe enables significant power and space savings, resulting in one of the highest performance-per-watt Intel Xeon chips ever.

Jasper Forest provides a scalable option to system designers with a single-core, 23-watt processor to a quad-core, 85-watt processor using the same socket. The processors, which come in single or quad-core models, will offer a bridging functionality that allows multiple systems to connect over a PCIe link, removing the need for an external PCIe switch. The chips will also protect against data in case of a power failure with a function called Integrated Asynchronous Dynamic Random Access Memory Self-Refresh memory. Bobroff said that in terms of work load consolidation, the new Jasper Forest chip can natively handle storage management processing functions such as data deduplication, data snap shots, storage virtualization and any basic storage management requirements. "All the control and management aspects of storage management systems and with RAID being integrated into a CPU can simplify hardware and software design," he said. "There s no hardware acceleration for algorithms like we have here." The processor is also suited to support the Storage Bridge Bay specification , which is currently being developed as a way to plug control boards directly into storage arrays, allowing for a denser architecture. The feature automatically detects a power failure as it s happening and enables allows memory controller sequences to finish and forces the system memory to a self refresh before shutting down. Today, storage controllers require a separate blade slot.

The processors will be offered with 7-year lifecycle support.

Microsoft Hotmail users angry over pulled photo feature

Windows Live Hotmail users have been venting their frustration at Microsoft Corp. for the past month since the software maker suddenly removed a popular feature because it created a security hole.

The "Attach Photo" feature allowed users to directly add photos, images or graphics into e-mails. Users are allowed to quickly edit and add captions to the photos, which are automatically compressed by Hotmail, enabling users to attach more images per e-mail. It is distinct from Attach File, which still works and lets users attach photos to e-mails without compressing them or giving users the ability to edit them first.

Users, such as Carl Creed, a retired system administrator in Leiston, England, say they first noticed Attach Photo was missing about three weeks ago.

He and other users have complained on the Windows Live Help support forum about Microsoft's failure to warn them beforehand and the "wasted hours" they spent trying to debug the feature on their own.

"If Microsoft had just told us end users that they were planning to remove this feature before they did remove it, we would not be so upset in the first place," Creed said in an e-mail.

In a posting updated Thursday at the Windows Live Help forum and also posted at the Windows Live blog, Microsoft said it removed the feature after finding an "incompatibility with Internet Explorer that caused a security flaw with photo uploads ... The Hotmail team takes security very seriously and we expect to bring back the photo upload feature by the end of September."

The Attach Photo feature relies on an ActiveX control, a Microsoft spokeswoman confirmed in a follow-up e-mail.

ActiveX is a plug-in technology for building Web components designed by Microsoft. While theoretically a boon for Web programmers, ActiveX has been heavily criticized by security pros, including the U.S. government's Computer Emergency Readiness Team (CERT), for the many threats it enables.

The spokeswoman declined to elaborate on the security flaw because it "might compromise the security of our services."

Ben Greenbaum, a senior research manager for Symantec Corp., declined to criticize the ActiveX technology itself, as the security vendor has done in the past. And he applauded Microsoft's decision to take down the feature until the security hole is fixed.

"Attackers are focusing on vulnerabilities in popular websites in order to reach as wide an audience as possible with their attacks, and leveraging such a popular site as an attack vector would be a huge victory for any online criminal," Greenbaum wrote in an e-mail. "Disabling the vulnerable functionality until a proper solution can be put in place is absolutely the right thing to do."

While popular, the Attach Photo feature has been hit by several problems in the past several years.

In October 2007, users at the Microsoft Developer Network (MSDN) forums complained about being blocked from using Attach Photo due to Internet Explorer 7's security settings.

In May 2008, a poster at Mozilla Firefox's support forum complained about the feature being disabled. This was echoed by a poster at Windows Live Help in March this year.

In reply, a Microsoft representative posted that the Attach Photo feature was incompatible with the 64-bit version of Windows Vista.

BBN grabs cash, turns up heat on language translation technology

When it comes to translating languages in real time, BBN must speak the tongue as it netted a $14 million check from the Defense Advanced Research Projects Agency (DARPA) this week to continue developing its speech and text technology.

BBN has now taken in over $30 million from DARPA over the past few years to fill out the agency's Global Autonomous Language Exploitation (GALE) program. The goal of GALE is to translate and distill foreign language material (television shows and newspapers) in near real-time, highlight salient information, and store the results in a searchable database - all with more than 90% accuracy by the end of the program. Through this process, GALE would help U.S. analysts recognize critical information in foreign languages quickly so they could act on it in a timely fashion.

Inside the Top 10 hot aerospace technologies

During the first three years of the GALE program, BBN met or exceeded the accuracy goals for automatic translation of Arabic newswire text and broadcast news into English. Under this latest contract award, BBN will continue to work in Arabic from both speech and text sources to meet increasingly steep accuracy goals. BBN continues to work in Chinese under a separate award, the company said.

The BBN system will support multiple printed or handwritten document types including, hard copy, PDF files, photographs, newsprint, and signs. With the system, BBN will integrate optical character recognition and its state-of-the-art translation and distillation techniques to develop novel methods for processing handwritten text, BBN said.

The system will enable English-speaking military personnel and analysts to extract valuable information from a much larger number of foreign language documents than is now possible, facilitate rapid responses to emerging threats.

According to DARPA, GALE is making progress toward achieving this very ambitious goal by 2011. The agency is developing the System for Tactical Use program, a two-way speech translation system to convert spoken foreign language input to English output and vice versa.

BBN is doing lots of work for DARPA in the language and text interpretation field. Earlier this year it got $29.7 million from the Air Force to develop a prototype machine reading system that transforms prose into knowledge that can be interpreted by an artificial intelligence application.

The prototype is part of the DARPA's Machine Reading Program (MRP) that wants to develop systems that can capture knowledge from naturally occurring text and transform it into the formal representations used by AI reasoning systems.

The idea is that such an intelligent learning system could gather and analyze information from the Web such as international technological advances or plans and rhetoric of political organizations and unleash a wide variety of new military and civilian Artificial Intelligence applications from intelligent bots to personal tutors according to DARPA.

As digitized text from library books world wide becomes available, new avenues of cultural awareness and historical research will be enabled. With techniques for effectively handling the incompatibilities between natural language and the language of formal inference, a system could, in principal, be constructed that maps between natural and formal languages in any subject domain, DARPA said.

Crime lab saves energy costs by turning up heat in the data center

There's plenty of evidence that turning up the temperature in data centers is both cost-effective and safe, but many IT shops are still reluctant to take the plunge. CIO Joseph Tait of NMS Labs in Pennsylvania admits "it was an uncomfortable decision" when his IT team raised the thermostat from 68 to 73 degrees Fahrenheit.

But cost and environmental concerns had spurred a company-wide green initiative at NMS, a "CSI"-like crime lab near Philadelphia, and reducing HVAC costs was one of the top priorities. NMS started implementing its green initiative last year, and the project will ultimately include virtualization in the data center and a solar power system to provide 30% of the company's power.  

"Who doesn't want to reduce costs?" Tait says. "[We started] this before the economy even tanked."

Tait is one of many IT executives who will be sharing their stories and best practices at Network World's IT Roadmap Conference & Expo in Philadelphia next week, one of 10 such events being held in various U.S. locations throughout 2009.

NMS Labs handles clinical toxicology and forensic testing, often for criminal cases. It's not as glamorous as "CSI" but "it's interesting, certainly," Tait says. "We get everything from blood work resulting from a run-of-the-mill DUI stop all the way up to DNA evidence under a murder victim's fingernails."

NMS has about 75 scientific instruments, 50 servers and 350 computers overall. Powering down devices that don't need to be on 24 hours a day has helped save energy, as have other initiatives, including upgrades to refrigeration, UPS and generator systems; video teleconferencing; automated power management systems; and using efficient light bulbs.

NMS has cut electricity costs by roughly 15% to 20% and has more cost-saving projects on the way.

The company is planning a solar panel project that could provide 25% to 30% of its power by next year. With tax incentives, the project is a no-brainer, according to Tait.

See if a Network World IT Roadmap is coming soon to your town 

Inside the data center, upgraded cooling equipment and virtualization will play key roles. Tait is building a new data center that will replace four out-of-date air conditioning units with two larger ones. He is also phasing out older servers and planning to virtualize new ones that replace them.

"We've got about 50 servers in our data center and we're thinking virtualization can cut that in half," he says.

Tait is hoping a smaller number of servers, with virtualization, will lower his power needs and simplify management.

"Simplify and standardize is a good strategic plan for any IT department," he says. "What we've got here is a very complicated and customized environment that over the years was built into a messy bird's nest full of stuff."

While NMS is a relatively small company with 225 employees and two facilities within a mile and a half of each other, IT Roadmap attendees will also hear from Terry Harris, former CTO of De Lage Landen (DLL), a global financial services firm. Harris will discuss building resilient, dynamic data centers, and a DLL project that consolidated the company's data centers from five to two, one in the United States and another in Europe.

Key technologies for the consolidation project included VMware virtualization for x86 servers, IBM Power virtualization, and EMC's Symmetrix Remote Data Facility (SRDF) disaster recovery replication software.

DLL wanted two sites separated in distance to avoid the possibility of a regional disaster shutting down both data centers. "We wanted multiple replication and failover scenarios. With SRDF we could replicate over a long distance," Harris says. "In order to accomplish that, we had to install a global high-speed wide-area network connecting the two data centers."

Harris left DLL in January and became an infrastructure architecture consultant with Synthes, a medical device company in West Chester, Penn. Synthes is not consolidating data centers but is designing a similar "twin center" concept in an effort to ensure resiliency and become more responsive to business needs, Harris says.

In the years after Sept. 11, 2001, businesses are paying much greater attention to availability and resiliency in their IT infrastructures, he says.

"You're obligated to improve the resilience of your infrastructure," Harris says. "At the same time you're improving your resilience, you can also make it more dynamic by leveraging real-time infrastructure computing concepts, the ability to provision services and tear down services very quickly in response to business needs. By making your infrastructure more resilient and dynamic, that helps your IT department become a business enabler."

Another speaker at IT Roadmap will be Tom Amrhein, the CIO of Forrester Construction in Maryland, who will discuss managed services, software-as-a-service and cloud computing.

Forrester Construction is using managed services for VoIP and application management, and contracts with Iron Mountain for off-site backup, retention and storage. Amrhein will discuss how various outsourcing models can help offload IT tasks that don't differentiate the business, and let the IT department "shift resources to tasks that make our business more competitive and better serve our customers," he said.

Apple claims 1M iPhone 3G S smartphones sold first weekend

Apple announced today that it sold one million iPhone 3G S phones through Sunday, three days after the device launched, matching last year's sales mark of the iPhone 3G.

"Customers are voting and the iPhone is winning, Apple CEO Steve Jobs said in a statement. "iPhone momentum is stronger than ever.

The iPhone 3G S sales mark claimed by Apple is significantly higher than analysts' estimates before the weekend. Gene Munster of Piper Jaffray, for example, had pegged sales at 500,000, then upped his estimate early Monday - before Apple announced its number - to 750,000.

Ezra Gottheil, an analyst with Technology had also expected slower sales this year, and like Munster, had bet on around a half million. "Clearly, surprise is my first reaction," said Gottheil when asked about Apple's one million figure. "I was off by 100%, wasn't I?"

Gottheil added that Apple's sales were "impressive" in the face of the continued recession, but added that in hindsight they shouldn't have been such a shock. "What we're seeing is the adoption curve for smartphones," he said. "People are seeing that they're useful. Apple didn't start the smartphone business, but they made it fun and classy. Typical Apple."

Although Apple sold the same number of iPhone 3G S handsets this year as iPhone 3Gs last summer, it did so in fewer markets. The iPhone 3G S is currently available in only in seven countries; the iPhone 3G went on sale its first weekend in more than 20.

"Even more impressive than the one million," added Gottheil, "is that they were prepared for that."

Apple also said that approximately six million owners of older iPhones had downloaded the new iPhone 3.0 software since its release June 17.

Jobs' statement is the first in an Apple press release since he took medical leave in January for an undisclosed illness that previously had been described only as a hormonal imbalance. Jobs is slated to return to Apple at the end of this month.

On Friday, the Wall Street Journal said that Jobs had a liver transplant in Tennessee two months ago, but did not name its sources.

"His name in the release is a clue," Gottheil said. "It's a confirmation of what Apple has been saying all along, that he'll be back in some capacity at the end of the month. He's clearly stepping back in to a more active management role."

metatag data