Posts by happygeek

For the longest time, the Children’s Online Protection Act, signed off by President Clinton way back in 1998, has been a contentious issue in the US. It was originally kicked out of town, well Philadelphia anyway, after a federal district court banned the enforcement of the law, and a federal appeals court agreed, as did the Supreme Court in June 2005 when the ban was upheld. However, the Supreme Court did send it back to district court as part of a fact finding mission concentrating on the effectiveness of Internet filtering.

Which is where my attention gets grabbed, as someone who not only has a book published about sex on the Internet over a decade ago now, but regularly writes about the subject for various adult publications. You see, I had always been under the impression that online sex was one of the main drivers of not only Internet popularity, but technological advance itself. The latter conviction has not been diminished by the evidence given to the federal court hearing in Philadelphia, but I must admit that my belief in just how prevalent sexually explicit material within web pages was, has been.

As part of a confidential analysis of search queries, together with a random sample of pages taken from both Google and Microsoft indices, it would seem that the number of web pages that contain sexually explicit material is, in fact, err, well 1 percent of the total actually. This analysis was meant to help build the …

Huzzah. :)

I agree, the fines are pointless if they don't get paid and the perps skip the country.

But, to be honest, it is rare enough to get a prosecution anyway so jail time is just as meaningless.

What is needed is some real global determination, and that is always going to be missing.

Cool huh, really makes those view-counts whizz past when you hit the Dugg front page. :)

I hate it, you hate it, everyone hates spam.

Perhaps just as annoying as the fact that most of us have no interest in improving our sexual performance, enlarging our sexual organs or accepting a refinancing deal from a complete stranger, is the fact that we just do not know who the spineless dirt-bags are behind the spam. Until now, thanks to those wonderful chaps at The Spamhaus Project

Spamhaus is an international non-profit organization founded in 1998, based in the UK, which provides real-time anti-spam protection for Internet networks via its spam-blocking databases, including the Spamhaus Block List (SBL) and the Exploits Block List (XBL). Broadcast from a network of 32 servers in 12 countries, the Spamhaus block-lists are used by many of the Internet's major Internet Service Providers, Corporations, Universities, Government and Military networks, and currently protect the mailboxes of over 630 Million Internet users.

But Spamhaus does much more than this, using the data it collects for its block lists, it is able to analyze and maintain evidence on the most prolific spam gangs around the planet, which it publishes as the Register Of Known Spam Operations (ROKSO), used by ISPs to avoid signing up known spammers and by law enforcement agencies to help with investigations and prosecutions.

What this reveals, rather alarmingly, is that around 80% of spam that targets Internet users in North America and Europe is actually generated by a small hardcore group of no more …

But you would be hard pressed to bump up the price of that Dell or Alienware machine to anything approaching the $20,000 cost of the base TyanPSC 600 let alone the 40 core monster.

As with all these things, it sounds great but if you do a proper value assessment then for 99.9% of folk it is going to offer a very poor return on investment when compared to a machine costing a tenth of the money.

All that power, none of it ever really utilised :)

Although it sounds like some kind of fantasy computing game, and in a way that sums it up pretty nicely, a 40 core supercomputer for your desktop will be a reality from January 2007 thanks to TyanPSC.

The next generation personal supercomputer from Tyan Computer Corporation was launched today, with general availability expected by January. The Typhoon 600 series uses Intel Xeon 5300 Clovertown processors (up to 40 CPU cores in total) to provide a 256 gigaflops performance on a turnkey system for your office or home, and it can be powered up from a standard electricity socket as well.

"We're leaving the performance compromise of personal supercomputing behind us by delivering a system into office environments that pumps out one quarter of a Teraflop without the mess and difficulty of the back room data centre model." Mark Burnett, European product manager of TyanPSC told me this afternoon.

The hidden beauty, when you get past the incredible performance, is the fact that this is a supercomputer that has been purpose-built to be deployed and used just like an ordinary PC by removing the complexity and management issues that are usually associated with the breed. OK, maybe not any ordinary PC as I am hard pressed to think of another than costs in the region of $20,000 as a starting price!

You can take a look for yourself if you happen to be in the Tampa, Florida area this week as Tyan is demonstrating it …

If you think of a virus as being something that replicates itself, spreading from computer to computer, until seemingly everyone has it installed, then maybe you could classify Google’s Gmail service as being one.

If you happened to be using Microsoft Windows Live OneCare security over the weekend then it would have done the classification for you. Yep, OneCare users who visited their Gmail account were being warned that their computers had been infected with the BAT/BWG.A virus. How do I know this? Well although as a UK based user I should not be able to install OneCare courtesy of some strange tribal culture thing going on at Microsoft US, by changing the language defaults on one machine I was able to fool the installer into thinking I was an American citizen and therefore trustworthy enough to be blessed with the security system. I have also been a fan of Gmail ever since the very first stages of the Beta, and have numerous Gmail accounts as a result. Note, I said Gmail because these accounts were established before the lawsuit that resulted in Google being unable to use that name in the UK and so switching to Googlemail instead.

Anyway, the point is that I have seen the false positives, for that is what they were. Indeed, it appears that the Gmail system upgrades were possibly the trigger here, because on the test machine I let OneCare do its stuff and clean the infection, after …

According to a report posted at Ars Technica Vista has been cracked. Jeremy Reimer reports that Torrents are now being circulated of the cracked version, known as Vista BillGates.

Microsoft is keeping remarkably quiet on the subject, and my emails requesting official comment have gone unanswered. Perhaps because the pirated version is not all it is cracked up to be (excuse the pun) as in order to circumvent the correct product key requirement, the BillGates edition would appear to have replaced certain Vista release code components with earlier Beta code ones. While this means that it can be activated online without the need for a paid for license, it also means that it should be relatively simple for Microsoft to simply deactivate by way of an automatic update. Not to mention usage of Windows Genuine Advantage to restrict access of essential system updates, which would make opting for the cracked edition an even more stupid thing to do.

I understand that there is also a fully cracked version of Office 2007 floating around now, which being the Enterprise edition doesn’t require online activation at all courtesy of the volume licensing key. It is this license that will be (look out another pun is coming) key to those who would distribute cracked versions of Vista as well. But I see no reason why the measures outlined above will not work to negate such a tactic.

Of course, I am not saying that there will …

OK, I know that Sun Microsystems has already open-sourced the Java EE5 application server code under the auspices of its GlassFish project, but the breaking news is that the full Java source code is to follow next. Sun has announced that the Java code will be covered by the General Public License 2 (GPLv2) which is great news for all you Linux developers out there who have been less than inspired by the Sun ‘Community Development and Distribution License.’

Even more so, I suspect, because I am led to believe that Sun is to use the classpath exception license addition to allow programmers using open source Java to use a different license for their applications, preventing everything from having to be covered by the GPL. This is obviously going to be an important factor for those of you working with Java libraries and virtual machine on top of shipping applications, because it means that your current licensing will not be affected. And if you really don’t want to get into the whole open source thing, then Sun have even thought of that by running a dual licensing structure that sees the commercial license continue to be available.

One thing is for sure, this whole process of open sourcing Java which starts as form today, will help to establish the technology in the hearts and minds of web developers, like it needed any help in that direction. It will also help to increase support revenues for Sun, …

It is one heck of a big if though...

It looks like NVIDIA really means business, announcing it intends to attack the Intel integrated graphics processor market with an ICP of its own. Now that is some target, given that Intel is pretty much the heavyweight champ when it comes graphic chip manufacturing and sales by the numbers. No matter what hardcore gamers and system tweakers may think of integrated graphics processors, with their inability to be upgraded and generally underperforming specification, the market truth is that for the vast majority of users an IGP does everything they need just fine. The market for third party GPUs, which is the territory NVIDIA hunts in, is much, much smaller by comparison. No wonder then, that Intel has decided to broaden its base and get a share of the big boys action.

Not that this is altogether new territory for NVIDIA as it has already made inroads into the AMD IGP market, but Intel has always been seen as off-limits. ATI have tried attacking Intel on home turf and failed, it has to be said. So why is the time right for NVIDIA now?

Ironically, the ATI failure could be the catalyst as this clears the way for NVIDIA to go straight for Intel without having smaller skirmishes to worry about on the battlefield. How successful this is likely to be is, frankly, rather in doubt. The only way to carve any kind of market share away from Intel will be to offer something totally different, and totally compelling.

It is the sort of no-brainer question that ordinarily you wouldn’t waste any time on: does a Windows OS need additional antivirus protection to be considered a safe platform? Obviously, the answer is yes, unless you are the Co-President, Platform and Services Division of Microsoft Corp, it would appear.

Jim Allchin was answering questions during a telephone conference with journalists this last week and seemed to imply that antivirus was not necessary. In response to questioning about just how confident he was that Vista would be a more secure platform than Windows XP SP2, Allchin surprised the press pack by stating "I'll give you an example: My son, seven years old, runs Windows Vista, and, honestly, he doesn't have an antivirus system on his machine. His machine is locked down with parental controls, he cannot download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that. That is quite a statement. I couldn't say that in Windows XP SP2."

Of course, what he was really saying was that the combination of the new parental control system in Vista and its Address Space Layout Randomization (ASLR) that frustrates malicious code by rendering the object code of the system kernel in memory differently every time, meant his son was relatively safe even without antivirus protection.

The bit of the response that got ignored, by and large, was perhaps the most vital: ‘his machine is locked down with parental controls’ …

You know when you are invited to the St John’s Innovation Centre, part of the Cambridge Enterprise Hub in the UK that supports early-stage knowledge-based businesses and research institutes, that you are going to be in for an interesting day. When it is a press day with a focus on ‘Smart Technology’ and the keynote is being given by none other than Dr Hermann Hauser, the man behind Acorn Computers and ARM all those years ago and now, as co-founder of Amadeus Capital Partners, involved with numerous world beating emerging technologies such as plastic electronics, the level of ‘interesting’ is guaranteed to be top notch.

And so it was, with a hugely interesting presentation on the nature and progress of innovation, and the part that Cambridge University and the technology enterprise sector that has built up around it, has played. Full of insightful anecdotes: I didn’t know that apparently Bell Labs invented the first mobile phone but after market research decided there was no market for it managed to completely miss that particular gravy train. Packed with amazing statistics: 60% of all Bluetooth chips originate from Cambridge courtesy of Amadeus funded CSR who invented the first single chip Bluetooth solution and now dominate the mobile market for such items, and 80% of the world’s mobile phones (not forgetting the GameBoy and the iPod) use an ARM processor also invented at Cambridge.

Cambridge …

So Intel has announced, at the Web 2.0 Conference, that it is launching into the Web 2.0 space with SuiteTwo. This integrated suite, courtesy of a collaboration with numerous partner companies, sees Intel positioning itself in the same way as Google does with its services. That is a collection of interconnected services sharing a common UI.

Certainly, when it comes to Web 2.0, Intel appears to have done its homework before jumping into bed with partner companies, choosing some very well respected and high profile names to sleep with: Six Apart, Socialtext and NewsGator for example. Not forgetting SpikeSource which is responsible for all the integration, maintenance and support across the suite.

So what is SuiteTwo, exactly? Well, it’s a collection of advanced web applications that cover pretty much all the business bases from blogging to Wiki, with a little RSS and search functionality thrown in. What is more interesting to me is what it isn’t, or rather what you don’t get as of yet. No business networking nor podcasting are amongst the functions that have been left out. For a big fish looking to make a splash in the Web 2.0 pond, this really is extraordinary in my opinion. Surely it would have been better to delay things until these partnerships could be cemented, so as to have a fully rounded product suite from day one, than to launch a half-hearted suite?

Perhaps that is a bit harsh, after all you do get:

Dell has today announced the addition of its ninth-generation PowerEdge servers, the first to be powered by Quad-Core Intel Xeon processors. Not only is this good from the performance perspective but also when it comes to bang for your buck in the enterprise, with up to 40 percent enhanced performance per watt figures. But perhaps it is the Precision decision, as Dell has added quad-core processors across the entire desktop portfolio as well, that will be of most interest. This means that Dell now has standards-based professional workstations that can perform with the best of them. For example, when configured with quad-core processors a Precision 690 can deliver up to 54 percent better performance when using multi-threaded applications.

Sticking with that Precision 690, the feature set is certainly impressive. Dual CPU socket and dual front-side buses provide as many as eight high-performance processor cores with quad cores. There’s also now double the number of memory channels, four in all, supporting fully buffered DIMMs and a unique to Dell scalable memory design that allows up to 16 DIMMs by way of optional memory risers to provide a potential 64GB. Graphics have not been overlooked, with an optional dual-graphics riser card combining two NVIDIA SLITM cards with support for quad-monitor configurations so as to keep that ‘to the power of four’ concept running through the spec.

"Dell prides itself not only on being first to market with technology, but first to deliver exceptional value to the customer while helping to …

It’s that time of the year again, and the Microsoft Tech.Ed Developers Conference 2006 Europe has hit the beautiful city of Barcelona, capital city of Catalonia in Spain. Hot off the press news for today is the keynote speech by Eric Rudder, senior vice president of technical strategy with Microsoft. In this, Rudder revealed the new technologies for building ‘next generation applications’ to more than 3000 developers attending the conference.

He highlighted the releases of Microsoft .NET Framework 3.0, Microsoft Visual Studio 2005 Tools for Office for the 2007 Microsoft Office system and ASP.NET AJAX, as well as urging the audience to download and take advantage of them as part of their development effort for Microsoft Windows Vista. This collection of new technologies is being pushed forward as manna from heaven for developers looking to build web services and service-oriented applications, delivering levels of security, reliability and differentiation that both businesses and consumers are increasingly not only expecting but demanding.

The full announcements are:

Release to manufacture of the Microsoft .NET Framework 3.0, which promises advances for building rich, interactive client applications (Windows Presentation Foundation), communication and workflow (Windows Communication Foundation and Windows Workflow Foundation) and online identity management (Windows CardSpace).

Availability to MSDN Premium subscribers of Windows Vista and the 2007 Office system upon release to manufacture.

Availability of Visual Studio 2005 extensions for the .NET Framework 3.0, basically a set of plug-ins and templates for building .NET Framework 3.0 …

The bad news for the US is that it is now responsible for more than a fifth of the world’s spam. That is 21.6 percent if you prefer, although whichever way you say it there is no escaping the nasty smell it leaves behind.

The team of experts at IT security vendors Sophos, scanned all the spam messages that were caught by the company’s extensive global network of spam traps and honeypots, and has now published the results for the third quarter of 2006 in terms of relayed spam levels.

What is immediately obvious is that legislative measures such as the CAN SPAM stuff are having precious little real world effect when it comes to significantly reducing the amount of spam that is coming through the US. Although, in mitigation, Sophos has said that one possible reason for the increasing lead that America is building up over other nations such as nearest rival China in this league of shame could be the emergence of more than 300 strains of the Stratio worm.

Stratio, which also goes by the name of Warezov, relies upon the victim being able to speak English so has not caused widespread infection in China, for example. The payload, of course, being that it turns the victims computer into a spam spurting zombie which becomes part of a global botnet.

The US apart, what is interesting to note is that China has managed to decrease the proportion of spam it relays by a …

Oh well, that’s one less thing I can moan about when it comes to Microsoft Vista. The Seattle giant has had a change of heart, it would seem, when it comes to licensing terms for the new Windows Operating System.

Previously, the Windows Vista retail license included the incredibly restrictive, and downright ludicrous, condition that “the first user of the software may reassign the license to another device one time. If you reassign the license, that other device becomes the licensed device.”

Meaning, in effect, that if you upgraded your hardware to a certain degree, or heaven forefend wanted to change your PC more than once, then the Vista license would expire. Obviously, Microsoft cannot be making enough money from Joe Public, hence the need to screw retail customers over in this fashion. Note, I said retail customers, because the corporate licensing did not carry the same restrictions. Equally obviously, this is because Microsoft knows that Billy Business isn’t going to roll over and accept unfair licensing in the same way as the consumer, who kicks up a fuss but buys it anyway. However, for once that consumer fuss was big enough and loud enough, even before Vista has been released, to force Microsoft into a change of heart.

The new license has changed that particular section and now states that "you may install one copy of the software on the licensed device. You may use the software on up to two processors on that device at …

Google has provided WAP access to email for the longest time, an apt description seeing as that’s how long it takes to read your email via a WAP based mobile device. But all that has changed thanks to the availability of a brand new Java based version of Gmail for mobile devices which promises less clicks, less scrolling, less keystrokes and much faster access.

Importantly, not only is this a lot faster than the, frankly, pretty ancient WAP service (does anyone actually use WAP anymore unless they are forced to at gunpoint?) but also a lot faster than accessing Gmail via the phone’s web browser. This is courtesy of some clever technology such as the ability to prefetch the first couple of handful of messages so your inbox is pre-populated and ready for instant access. Of course, this does increase the bandwidth you are using, and with most folk paying for their data plans on a per Mb basis rather than all you can eat, there are cost implications. Thankfully, then, you will be pleased to know that you can sacrifice the convenience for cost savings by switching the pre-fetch feature off.

Best of all though, in my opinion, is the striking similarity to the Gmail interface you are used to already. This means there is no great learning curve, the blight of most mobile versions of well known applications it seems to me, and you can literally just pick up your phone, pick up your …

Microsoft has issued an advisory warning about a Visual Studio 2005 vulnerability in the WMI Object Broker ActiveX control, part of WmiScriptUtils.dll which could allow remote arbitrary code execution.

The WMI Object Broker ActiveX control will circumvent the ActiveX security model, because it is marked as being ‘safe for scripting’ which should mean that it will not do anything that could damage the system or weaken security. Which should mean that it is safe from being controlled by a web page script calling its methods. Shoulda, woulda coulda. As US-CERT explain “the WMI Object Broker ActiveX control includes a method that can create an instance of an ActiveX control that exists on the system. The ActiveX objects created in this manner will bypass the ActiveX security model. For example, the "kill bit" and "safe for scripting" options are ignored.”

As usual, for Microsoft this means investigating reports of proof of concept code, although it admits that it is also looking at what it refers to as “the possibility of limited attacks that are attempting to use the reported vulnerability.”

Limited, I would imagine, by the fact that Visual Studio 2005 for Windows has a fairly small user base in the overall scheme of things.

Thankfully, Internet Explorer 7 disables the relevant ActiveX control be default, so as long that default has not been changed (the control can be activated through the ActiveX Opt-in feature in the Internet Zone) the browser is not …

See the last line of the post: "specialist Japan hi-tech toy importers reckon they can get one to the US for a smidgeon over $2000 plus shipping if you are really interested…"

But remember that is but a guess as the final pricing has yet to be set in Yen, as I understand it.

Well, yes, if you believe the Sony hype then the Vaio VGN-G1LAP at just 1.98 pounds is indeed the world’s lightest lappy. The carbon fiber body helps considerably, meaning that despite the low weight you still get the benefit of a 12.1” 1024 x 768 screen rather than the only good for those with good eyesight 10” (or less) usually associated with the super light sub-notebook genre. The Intel ultra-low voltage 1.2GHz Core Solo processor and 1.5Gb RAM is OK, as is the WiFi (covering most 802,11 bases including a, b and g) and the Bluetooth, and even the 80Gb motion-sensor protected hard drive in case you forget you are holding it and drop the thing.

Well, no, not if you want more than a six hour battery life (less in real world conditions of course) and an optical drive. Add those, and not only does the VGN-G1LAP turn into the VGN-G1KAP, but it also fills out to 2.46 pounds which is not quite such a thing to write home about, or write to the press about either for that matter. That said, it is probably the better bet of the two as the extended battery doubles the life expectancy which means you can shave the weight of the AC adaptor off of your total carry-on balance.

Not that it really matters to anyone outside of Japan, where both models go on sale from December 2nd at a price as yet to be confirmed, as there …

At just half a cubic inch in volume, 1.62 inches long, weighing half an ounce and coming complete with a built-in clip and little else to spoil the minimalist aluminum design, the smallest digital music player on the planet goes on sale this coming Friday. The surprising thing about this announcement is that it comes from Apple, which has until now pretty much ignored the clamor to be the smallest in favor of being the most popular.

Yes, this is the all new iPod Shuffle, which as well as laying claim to that smallest ever title is also fighting hard for ‘most wearable’ as well. Certainly it will be the most wearable iPod straight out of the box, with no requirement to purchase a rubber armband and look like some kind of MP3 Nazi. Indeed, the whole thing is actually a digital clip, a really clever design of the type that we have come to expect of Apple over the years. In fact, I really, really love the clip design it is the best thing about the new Shuffle.

Unfortunately, there’s plenty not to like. Such as small on the outside meaning small on the inside as well, as the new iPod Shuffle only comes with a disappointing 1Gb of Flash memory. It would have been nice to see the storage capacity double to go along with the halving in physical size of the Shuffle. Yeah, sure, I know you can get more than 200 songs …

According to Symantec, 64% of small businesses have seen a surge in the volume of spam received during the previous six months. And it isn’t the only one: whether you talk to ISPs or security vendors, gateway mail filtering services or end users, the message is the same. Spam is on the up, and how. The most worrying thing is the how rather than the why, the latter being the good old Yankee Dollar as always. In the past it was bulk-emailers that caused the spam damage, plain and simple, but now the trend is towards a higher level of sophistication. Behind the new wave of spam is the botnet.

Security specialists MessageLabs are warning that things can only get worse in the run up to the big Christmas online shopping spree, with darknet activity by cyber-criminals showing a worrying acceleration. The cause of the worry being botnets once again, or rather a single botnet in this case. MessageLabs has reported activity suggesting the biggest botnet to hit the Internet for more than two years is being pieced together, and currently stands at just under a million compromised and controlled PCs in size. Compare this to the usual sub 10,000 PC botnet (smaller ones are more difficult to track, so easier to exploit) and you can see why the mega-botnet is causing concern.

The smaller botnets are usually hired out in a piecemeal fashion, available to anyone with the ready cash no questions asked. Want to send some …

Tim Berners-Lee has a blog that is, more often than not, worth reading. Certainly that has been the case over the weekend as the inventor of the World Wide Web has been talking about reinventing HTML.

Referring to the W3C HTML group Berners-Lee admits that it is important to have real developers on the ground “involved fully with the development of HTML” and just as important to have browser client developers involved and committed. In his all encompassing vision, Berners-Lee goes on to say that users and user companies and makers of related products should also be involved. Which all starts to sound like one of those committees that is so large and diverse that nothing ever gets done.

But the problem that Berners-Lee and the W3C HTML group face, rather than nothing getting done is the majority of folk out in the real world accepting what they have done and adopting it as the norm.

Take XML, for example. Berners-Lee admits that with hindsight “the attempt to get the world to switch to XML, including quotes around attribute values and slashes in empty tags and namespaces all at once didn't work”. This was because the HTML-generating public did not want to move, did not see the value in moving, did not even know a move was available because their browser clients continued to function just nicely thank you very much. Sure, some large communities made the change and Berners-Lee insists they are “enjoying the …

> the rocket he is going up in is a modified R-7 ballistic missile that has only
> been used for space travel 2 times

Yeah, I thought it was a shame Bill Gates wasn't signed up as well :)

I guess when you are a billionaire, finding somewhere new and exciting to go on vacation gets difficult after a while. No such problem for Charles Simonyi, who as part of the original Xerox PARC team helped developed the mouse, the GUI and even laser printing, and went on to Microsoft for 11 years where he oversaw development of both MS Excel and MS Word, and played a major role in the development of Object Oriented Programming for good measure. He has invested around $25 million and booked himself a place on the International Space Station for a week starting on the 9th march, 2007.

His experiences in training for the mission, as well as flying on the Russian built Soyuz TMA-10 spacecraft that will transfer him to the International Space Station will be documented at his Charles in Space website.

“I hope to accomplish three things” says Simonyi “advance civilian space flight, assist research for the International Space Station , and involve young people in the science of space travel.”

Ironically, he could have been rather useful had he been vacationing last month because the International Space Station has been having a few problems with getting email accounts established for its astronauts. Or more precisely for those members of the Soyuz taxi service, known as Space Flight Participants, that require the ultimate in mobile email access. No prizes for guessing what email software has been causing the problems: Microsoft Outlook Express. Still, a man …

Ordinarily this headline would no longer come as any surprise, after all everyone is pretty much used to Microsoft keeping the competition at bay using whatever methods it can. However, this is no ordinary headline because what IO left out is the name of that competitor: Windows XP.

In an interview with the San Jose Mercury News Microsoft CEO Steve Ballmer is quoted as saying that the number one competitor to Vista “is Windows XP Service Pack 2, there are a lot of happy users” and continues by admitting “the fact that people are generally happy is a certainly a barrier to as rapid adoption as we might like to see.” Now forgive me for my journalistic world weary cynicism, but this admission and the fact that Microsoft has delayed the release of Windows XP Service Pack 3 until at least the first half of 2008 might not be unconnected.

Certainly Microsoft isn’t making a fuss about the SP3 delays, the news being sneaked out in an update to the service pack roadmap without any of the usual press release hoo-ha. You might have expected otherwise, seeing as this will represent the first major upgrade since XP SP2 way back in August 2004.

Of course, if punters were aware that the OS they are, by Ballmer’s own admission, already happy with is due for a major overhaul they might think even harder before being persuaded to accept the ‘more secure’ upgrade to Vista …

No. The difference now is that the seizures/examinations are being done at random rather than with probable cause.

The fact that Customs are not going to sell your secrets is irrelevant under Sarbanes Oxley, if the data isn't under your control you are in breach...

The Association of Corporate Travel Executives (ACTE) has warned, during a conference in Barcelona this week, that the visitors to the United States risk having their laptops seized and searched on arrival and departure. The law applies equally to US and non-US passport holders, and following an appeal judgment in a San Francisco court earlier in the year the seizure can be done entirely randomly.

Not so bad, you may think, after all we have learned to expect some disruption to our travel routine in the cause of tighter security since 9/11. But the trouble is, under US law, Customs Agents and Border Patrol officers have the right not only to examine and download the contents of travelers’ laptops (a process which might take hours, days or even weeks) but also to confiscate them. All this without the need to produce a warrant, or even give any probable cause. Just purely, totally, at random.

Although I suspect that ‘looking like a Muslim’ probably ups the odds in favor of them randomly picking you of course.

ACTE gave details of a survey of its international membership at the conference, which revealed that 86 percent of business travel executives are now thinking twice about keeping proprietary information on laptops if traveling to the US. "The information that U.S. government officials have the right to examine, download, or even seize business travelers’ laptops came as a surprise to the majority of our members," said ACTE's Executive Director Susan …

Google has launched a new search engine, or rather has made the old one available with a few user configurable tweaks. The Google Custom Search Engine (CSE) is now open for business and provides a brand new and tailored search experience, or at least that is what Google is saying.

It still uses the Google core search technology so there are no nasty surprises when it comes to results, only good ones. Because by using Google CSE, the user chooses to prioritize or restrict searches based upon the sources, websites and pages, you specify. In other words you get to build your own Google index, and search just that instead of the whole shebang.

You can even share your index and let others contribute to it if you like.

I like the ability to be able to give selected pages and sites a higher priority and ranking within the larger Google index, that’s both neat and useful. I like the bit of code you get given so you can have your own Google CSE search box on your site or blog. I even like the concept of creating a custom search tool that can then earn me money by using the AdSense program alongside it.

But you know what, it isn’t exactly a brand new idea and I think I prefer the approach taken by Rollyo with their Roll Your Own search service based on the Yahoo engine. This brings search …

A number of owners of new iPods could be getting more than they bargained for, as Apple has admitted that a ‘small number’ of iPod video products sold after 12th September are infected with the RavMonE.exe virus. Mistakes happen, and while Apple has been forthright about owning up to the problem, I cannot say that I am impressed by the way it has apparently attempted to make this an Apple is cool and Windows sucks issue.

The official statement is quick to state that “we are upset at Windows for not being more hardy against such viruses” and goes on to make the point that “this Windows virus does not affect Mac OS X or the iPod itself, Mac customers can use iTunes 7 to easily restore the software on their newly purchased Video iPod to ensure that it does not carry this Windows virus.”

Apple is less forthcoming about exactly how many iPods are at risk here. Despite mentioning only 25 reports of problems and stating that less than 1% are affected, no mention of what number that represents is made. As over 8 million iPods have shipped in the third quarter, 1% could actually be a fairly large number could it not?

While I know that platform wars are a fact of life amongst the more driven and obsessive of computer users, one does expect corporations the size of Apple to have outgrown the playground and show a little bit of maturity in …

According to a survey by the Ponemon Institute, sponsored by PGP Corporation and Vontu Inc, the true cost of data breaches in 2006 was $182 per compromised record on average, that is a 31% increase over the 2005 figures. Furthermore, the results of the report, published today, reveal that the total cost of each data breach ranged from less than $1 million to more than $22 million.

Cost of a Data Breach: The Financial Impact of Data Loss Incidents 2006 may not sound like ideal bedside reading material, but I would heartily recommend stuffing a copy under the pillow of every CEO, CTO and CFO in order to get them to wake up and smell the security coffee. The study examined all the financial consequences of data breaches involving consumers' personally identifiable information, although the Ponemon Institute only analyzed 31 different incidents from the 330 or so that have occurred since February 2005 according to the Privacy Rights Clearinghouse.

So what did the study actually study in those 31 incidents in order to come up with the bottom line figures? It tracked a wide range of cost factors, including legal, investigative, and administrative expenses, as well as stock performance, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.

The end result illustrating the high costs companies will incur for failing to protecting their customers' data, with 72% of respondents indicating …

The founders of Skype, Janus Friis and Niklas Zennstrom, have already pretty successfully shaken up the telephony marketplace, and their next target could be YouTube. According to their posting the duo are “working on a project that combines the best things about television with the social power of the internet - a project that gives viewers, advertisers and content owners more choice, control and creativity than ever before.”

The Venice Project is still pretty much under wraps right now, with a very limited Beta test underway but one which is set to expand dramatically next month. If you want to participate then you can register your interest on-site and keep your fingers crossed. Although I understand you will not have long to wait even if you do not make the first cut, as the Beta is likely to be open to all comers by the end of the year, start of 2007 anyway. One thing that is for sure, is that it will not be called the Venice Project when it does go live, and I do not intend to guess as to what branding it will carry (although feel free to post your guesses here in comment form.)

Of course, the idea of an interactive medium for the posting video content on the web is hardly new, but the success of YouTube has created a market where there is plenty of gravy for smaller operators to join in and mop up enough to …

At first glance it should be good news, after all it would appear that Microsoft has plugged a hole that left the claims of Vista being highly secure shot to pieces. Nonetheless, the security researcher who demonstrated the original Blue Pill exploit at both SyScan 06 in Singapore and the Black Hat briefings in Las Vegas earlier in the year, Joanna Rutkowska, has hit back with a warning that the methodology used by Microsoft to block her pagefile exploit is itself fundamentally flawed and insecure.

As originally posted here Rutkowska used AMD's SVM/Pacifica virtualization technology to create a Blue Pill rootkit that not only takes complete control of the underlying operating system but also remains 100% undetectable while doing so on the Vista x64 platform. However, Rutkowska also demonstrated a pagefile attack methodology at those security conferences, which allowed unsigned code to be loaded into the kernel and bypass not Patch Guard, but Vista kernel protection that is an altogether different thing.

But not anymore, according to Rutkowska herself Vista 64 RC2 “now blocks write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights."

Rutkowska is not happy however, because she thinks that Microsoft has chosen the least secure route to secure the OS. In her blog she mentions three options that would have been available to Microsoft, namely:

1. Block raw disk access from usermode.
   
2. Encrypt pagefile or use hashing to ensure the …

I'd be surprised if if offers a 100% guarantee, in the world of IT security that is pretty hard to deliver upon.

According to Oxford, UK based database security specialists Secerno databases are open to attack from growing insider threats that give employees carte blanche to access confidential data. Naturally, the company has a product to plug, a database assurance platform called Secerno.SQL, but to be honest I am more interested in the results of an independent survey published as part of the publicity push.

This revealed that over 60 percent of UK employees have access to computer records at their place of work, 56 percent have no restrictions whatsoever placed upon the information they have privileges to access, 41 percent have access to records that are not necessary for their job and 10% have been tempted to abuse this access.

As always, it seems that security is being approached in a half-assed manner. Plenty of time and effort being placed on external attack, precious little on the insider threat. Of course, this is kind of understandable when given the fact that incidents of database attacks originating outside the company are growing rapidly with plenty of high profile examples hitting the media headlines. But that doesn’t make it right, and it certainly doesn’t make your enterprise secure.

How about the 263,000 customer credit cards stolen and a further 40 million more exposed by a SQL injection based attack on CardSystems, or the Russian hackers who stole a claimed 53,000 credit card numbers from individuals who had done business online with the Rhode Island government? There are plenty …

My point exactly...

Well, not quite. However, Panasonic are claiming to have developed a tellurium suboxide palladium-doped phase-change recording film with a very high transmittance and crystallization rate.

Or put another way, this Te-O-Pd process enables four 25Gb layers to be used without any loss of data quality and Panasonic reckons that will equate to a century of storage for your data on these Blu-ray discs. The original Panasonic paper reporting on the process even mentions a smaller 50Gb disc that will last for a claimed 500 years. If that was not good enough, they have iced this particular technology cake with a footnote that Te-O-Pd id inorganic and not particularly soluble so as to prevent release of toxins into the environment when they are dumped in years to come.

The trouble is, as pretty anyone who has had an interest in IT for longer than a year will appreciate, that the chances of Blu-ray still being a storage medium in 100 years, or 10 years for that matter, is pretty remote. So why bother with this process and why make such a fuss about it. Anyone recall the rapid rise and fall of Zip discs for example? Crikey, anyone even remember Zip discs now, or Jaz or Clik or, well you get the picture. And this before we even start to examine the accuracy of the longevity claims, which is difficult as the discs are not in production yet.

However, I can certainly point to the past and recall …

I think the Sony/BMG rootkit thing was completely different, the problem there being not so much what Sony was doing (although that was bad enough) but the fact that the installed rootkit could easily be exploited by others for overtly criminal activity.

McDonald's would have absolutely nothing to gain from distributing the Trojan concerned, it is a simple password/login collector and as such benefits only the hacker/phishing community. Indeed, as McDonald's has found out, the only payload for it here is bad publicity and lots of well deserved egg on the face.

By the way, and sorry to ask, but if you like the blog posting could you submit it to places like Digg, Slashdot and anywhere else you can think of? We are trying to increase the external traffic we get to Daniweb blogs :)

You cannot fault the Japanese arm of Mc Donald’s for moving with the times and giving away Flash MP3 players as prizes in a competition to customers who bought large Coca-Cola drinks. But, to be honest, I would rather have had the usual tacky plastic movie tie-in toy because at least those guys do not come complete with spyware.

Yep, one can only assume that Ronald McDonald has been promoted to head of IT security for the fast food giants, after all it is the only reasonable explanation of how the QQpass spyware Trojan was allowed to be distributed, unnoticed, on the McDonald’s branded MP3 players.

Sure, the security breach was eventually spotted, but not until 10,000 of the infected prizes had already been sent out. The McDonald’s product recall, apology and telephone helpline offering advice on disinfecting a PC are all welcome but should not have been needed in the first place.

As someone who has been a Contributing Editor of computer magazines for two decades now, I seriously thought that the era of the freebie give-away virus infection was over. After all, this is positively old school when it comes to distribution methodology. I can recall some highly serious slip ups over the years, with magazine publishers who should have known better, even in the early 90’s, managing to infect their customers by issuing cover mounted CDs that were not virus-checked properly.

But everyone knows better these days, security is not a black art, …

There’s a serious amount of money to anyone who can prove that the answer is yes, and rather surprisingly it is online DVD rental service Netflix that is posing the question and providing the cash.

It all revolves around the movie recommendation system that Netflix developed, CinematchSM, that can predict whether a user will like a film based upon how much they have liked or disliked previously rented ones. The concept is nothing new, Amazon have such a personal recommendation system and so do pretty much all the players in the online DVD rental business.

The difference is that nobody else is offering a million bucks, yes you read that right, for the person or persons who can best increase the predication accuracy of the existing system, by a factor of at least 10%. Measuring this accuracy against the same set of training data, a 2Gb dataset containing around 17,000 movie titles and 100,000,000 (personal data cleansed) user ratings, the metric is simply how close predicted ratings of movies match subsequent actual ratings.

The catch, and there has to be one I guess, would appear to be that the prize is only handed out if you share your methodology with (and non-exclusively license it to) Netflix and the world. But hey, for a million dollars I suspect that won’t put too many folk off.

If code optimization is your thing, and you live and breathe algorithms, you may want to give it a shot. …

The 2006 Virus Bulletin Conference is currently taking place in Montreal, and some interesting trends are emerging from the various security vendors speaking at the event. Trends such as the way that the widely distributed attack using worms, viruses and Trojans are increasingly becoming a decreasing concern. At least once you move outside of the strictly consumer realm. For the corporate user it is the highly targeted, tightly focused, small scale Trojan attack that is causing the biggest headache.

Note that what we are talking about here is concern, not risk. The widely distributed, multi-million spam delivered malware threat has not gone away, and it poses as great a risk as ever. But what the likes of Symantec are saying at the conference is that business is recognizing the danger of the targeted Trojan, despite them only being but a blip on the overall threat landscape radar, because they are the attacks most likely to achieve the double damage whammy of slipping under that radar and doing the most corporate damage.

The kind of attacks they are talking about at Virus Bulletin Conference 2006 are the likes of keyloggers and screen-scrapers, using highly focused emails to just one or two well researched addresses at the target business. By concentrating on a single victim or two like this, the normal detection systems sound no bells because no attack pattern is detected: it’s just another email. By concentrating on a single victim or two like this, the message can be …

BT is an unlikely sounding pioneer in the global battle against spam, but that is exactly the role the UK telecoms giant is adopting as it claims to be implementing the world’s first fully-automated spam buster system to track down and tackle professional spammers but also botnet-infected customers on the BT broadband network.

As always, you need to look behind the headlines to get at the real truth, and the pioneers here are really StreamShield Networks, the company whose Content Forensics product has been selected by BT to drive the spam detection system. This will scan millions of messages every day, providing BT with detailed reports on the location and size of spam-related problems originating from the BT network.

But let’s not jump on BT simply for being BT, where’s the pleasure in that? The fact that the spambuster system will enable the BT Customer Security team to take immediate action against professional spam operators, including the termination of rogue accounts and adding offending IP addresses to industry-wide blacklists, is not to be sneezed at in a fit of pique.

“In a world-first, we’re turning the tables on professional spammers and cutting off this scourge of the internet at source”, said Stratis Scleparis, CTO at BT Retail. “We are delighted to work with StreamShield Networks on this innovative approach which both tracks down and reduces spam messages on our network, and at the same time helps our customers overcome the threat of infection by bots.”

“Our …

Have I disputed the market share figure? No.

What I have done is question why Microsoft need IE any more, and if the development resource could be better spent elsewhere.

And this makes me delusional how exactly?

Of course, it all depends who you are listening to when it comes to browser client market share statistics. The Seattle Times was listening to OneStat.com when it reported that Internet Explorer is on the rise for the first time in a couple of years (up 2.8 percent from July to 85.9 percent) and Firefox on the slide (down 1.44 percent to 11.49 percent in the same period.) But even then, look beyond the global figures and you notice that browser client popularity is a very country specific thing: Internet Explorer usage is highest in the Netherlands at 88.47 percent and lowest in Germany at just 60 percent where Firefox is the most popular at 33.42 percent, users in both the Netherlands and UK are least enamored with Firefox which gets a lowly 9.77 percent of market share there. No matter where you look, according to the Amsterdam based OneStat.com figures at least, the order of popularity remains unchanged: Internet Explorer, Firefox, Safari, Opera and Netscape. Although the latter on a global average market share of just 0.12 percent really does appear on its last legs, and Opera on 0.69 percent is not faring much better. You might expect better from Apple Safari, but at 1.61 percent it just cannot compete with Microsoft and Mozilla.

One of the most interesting takes on the whole browser client market is that of why Microsoft is in it any more at all. I can recall being at the …

Search supremo Google has, as widely rumored, acquired YouTube for a none too shabby $1.65 billion. Where the speculation was wrong, it would seem, is that YouTube will not get gobbled up under the Google brand, and will continue to operate independently for all intents and purposes, retaining the YouTube name and not becoming GoogleTube (thank goodness!)

Considering that YouTube has only been in business since February 2005, that deal must go down as one of the most incredible yet in a long line of incredible Internet success stories. Of course, the phenomenal following it has achieved in that time, currently in the region of 100 million video views every single day and growing, cannot be ignored. But then, neither can the copyright implications of the service with many videos being published flouting copyright and licensing laws. And then there is the small problem of unlawful, violent, racist and disturbing content which increasingly exposes YouTube to both media and political scrutiny. Not that this has worried Google, it appears, which has hinted that the acquisition may be just the first in a new strategy to get a grip on the evolving Internet video revolution. The Google CEO has gone on record talking enthusiastically about the ‘new and interesting global media platform’ the acquisition will create, and certainly it makes a lot more sense when you think of Google in terms of global advertising conglomerate rather than simple web search engine. And be in no doubt, that is what Google …

In just a few hours time, Sony Pictures will point to the future by releasing the new Adam Sandler movie, Click, in 50Gb Blu-ray format. To put that in a little context, it means that the one disc will feature the high-definition movie, plus uncompressed Pulse Code Modulation audio, and all the bonus materials in high def as well. Which in this case means audio commentary aplenty, numerous deleted scenes, short features and even a director’s cut. You will have to wait a few weeks for the much vaunted Blu-Wizard playlist feature though, which is a shame as this promises to enable the viewer to organize exactly how they want to watch these special features.

Of course, you will need a Blu-ray player to enjoy all this, and there lies the rub: hardly anyone has the hardware. Indeed, I understand that Warner have seriously cut back on their disc sale projections for both Blu-ray and HD DVD for just this reason. With only a very small handful of HD players in the market, a couple of Toshiba HD DVD products and a couple of Blu-ray machines from Samsung and Panasonic, that market is tiny. Expect that to change in the run up to Christmas, with Sony, Philips and Pioneer all expected to have Blu-ray players on the market in time for the gadget loving seasonal rush. Analysts are predicting that by the start of next year there will be no less than 1.7 million high definition devices in consumer …

I am more used to reviewing routers and network webcams from D-Link than reading about the company launching a cellphone, let alone one which will run on a Linux OS and be populated with open source software. But apparently that is exactly what it is going to do, and do in the early part of 2007 if my sources are correct.

The V-CLICK sounds pretty good from the geek perspective: switchable tri-band (900/1800/1900) GSM, GPRS and WiFi connectivity, 24Mb of memory, a 176x220 pixel full color 2” display, dimensions of 4.17 x 1.73 x 0.75" and weighing in at less than 3.5 ounces.

Although I have not actually held a pre-production model in my own hands, so don’t take this as proper review copy gospel, I am told that battery life is around 5 hours talk time in GSM mode although this reduces to no more than 2 hours when switched to WiFi usage. And it’s that WiFi switch, courtesy of the v-click button, that makes it an attractive option: one flick when near a hotspot and SIP-based VoIP calls become a reality, as does web browsing via the Opera Mobile client that will be supplied.

But this is hardly new territory, my T-Mobile MDA Vario II, which I have in my hands right here right now, has this kind of WiFi support built in as do many other modern handsets.

Even that doesn’t account for why am I not exactly wetting myself over this announcement. …