Google Books is About Readers, Sergey Brin Says

Google cofounder Sergey Brin has some choice words for Microsoft, Amazon, Yahoo, and anyone else who opposes the into e-books: Back off, we're trying to help the readers. Notably, Brin says this is not an issue of consumer choice, because without releasing the scanned e-books, there's no choice at all, save for traveling to obscure libraries around the world. "The agreement limits consumer choice in out-of-print books about as much as it limits consumer choice in unicorns," Brin wrote. In an op-ed for the New York Times, Brin challenges some of the arguments critics have raised against the project and resulting settlement with authors and publishers. The opposition includes Amazon, whose Kindle e-reader has its own bookstore; and Microsoft, which was scanning books itself but shut down the project amid the Google controversy.

Barnes & Noble, which also runs an e-book store, has been fairly quiet on the matter, while Sony, a maker of e-readers, has supported the settlement. It's not fair, they argue, that Google was able to scan first and settle with authors and publishers later, because any new attempt to compete would require author and publisher agreements from scratch. Brin's argument is not flawless. Nor does he get into the legal issues of holding royalty payments for missing rights holders - a concern raised by several state attorneys general. He doesn't really address concerns from Germany, which said the settlement would harm copyright law, privacy and its authors.

But I think Brin avoided the fine details on purpose and focused instead on the main point: Without the Google Books settlement, out-of-print books will be out of reach, and maybe even gone forever. The settlement has already been delayed indefinitely while ch anges are made, and I think Brin's thoughts would've had the most weight in September, when this issue was on fire. Why make this argument now? Perhaps the answer is in Brin's allusion to the electric car, citing a scanned book from 1916 that says the idea didn't catch on due to the "failure of the manufacturers to properly educate the general public regarding the wonderful utility of the electric." If public opinion is falling out of Google's favor, there's never a bad time to remind readers what the Google Books settlement is good for. This op-ed was for them.

US relationship with ICANN may not end

A longtime agreement in which the U.S. Department of Commerce has oversight of the Internet Corporation for Assigned Names and Numbers (ICANN) is due to expire Wednesday, but that may not be the end of the relationship. This new type of agreement would allow ICANN to become more independent, while addressing concerns from several other countries that the U.S. has too much control over ICANN, said Michael Palage, a former ICANN board member. While ICANN isn't talking, some observers expect a new type of agreement to be announced as soon as Wednesday, with the U.S. government sharing oversight of the nonprofit organization that controls the Internet's domain name system with other countries. The new agreement would create several oversight boards, with international representation, Palage said.

What it's also doing is ... it's putting in some accountability mechanisms." Palage hasn't heard all the details about the new agreement, including how people will be appointed to the new oversight panels. The Economist reported last week that a new agreement, called an affirmation of commitments, will replace the existing pact between the U.S. government and ICANN. The Department of Commerce and ICANN have operated under a series of agreements laying out expectations for the nonprofit since November 1998. The new agreement "will tell them what it should do, but it can't legally bind them," much like past agreements, said Palage, now a senior fellow at the Progress and Freedom Foundation, a conservative think tank. "It gives the appearance in the global community that the U.S. government has recognized that ICANN has done what is was supposed to do. He's also concerned about whether private entities will have the same representation as governments. Many critics of ICANN have complained in recent years that the organization has moved forward with plans to expand services without widespread agreement. While not perfect, the new agreement being talked about would be an improvement over the existing agreement, he said. "Now while the devil will be in the detail, the only concern I have is that the private sector be on equal footing with the public sector in being able to hold ICANN accountable," he said. "If ICANN is to remain a public-private partnership that is founded on the principles of openness, transparency, inclusiveness, accountability and bottom-up coordination, then both the private and public sectors should have equal confidence in the accountability mechanism available to them." Under the latest agreement between the Department of Commerce and ICANN, the nonprofit reaffirmed its commitment to maintaining the security and stability of the domain name system, or DNS. ICANN also promised to stick to the principles of competition, bottom-up coordination and representation. In particular, ICANN's board in June 2008 voted to allow an unlimited number of new generic top-level domains, such as .food or .basketball, but trademark owners have complained that new gTLDs would force them to register many new Web sites to protect their brands.

Asked this week about what happens after the current agreement expires, an ICANN spokeswoman said the Department of Commerce has asked ICANN officials not to comment until Wednesday. Last week, several members of a U.S. Congress subcommittee urged ICANN to back off the gTLD plan until concerns could be resolved. A representative of Viviane Reding, the European commissioner in charge of the information society and the telecom industry, also declined to comment until "the situation in the U.S. has been officially confirmed." Reding has called for more international oversight of ICANN. But Steve DelBianco, executive director of NetChoice, an e-commerce trade group, said he expects a "new formal review process looking at security, consumer trust, and the interests of global Internet users." DelBianco expects that government and private stakeholders will be represented in the new review process, he said. "Prodded by public comments and encouragement from Congress, I'd expect to see a new arrangement that delivers what the global Internet community has wanted: an independent ICANN that preserves private-sector leadership with increased accountability to its core mission," he said. "The tricky part is how to give governments a well-defined role while preserving ICANN's private-sector orientation." An important part of the oversight going forward will likely be on cybersecurity, added DelBianco, a critic of ICANN's gTLD plan. "I'd expect to see explicit accountability for ICANN to make sure the DNS stays up 24-7 and around the world, even as we see increased cyber attacks and a significant expansion of top-level domains," he said. Heather Greenfield, a spokeswoman for the Computer and Communications Industry Association (CCIA), said the trade group expects the U.S. government to stay involved in ICANN. CCIA has also heard that oversight panels, involving the international community, will provide ICANN oversight going forward, she said. "We expect ICANN will retain some type of long-term relationship with the United States, while expanding the involvement of other countries," she added. "Ahead of this agreement ending, ICANN has been making a real effort to respond to past criticism about not being transparent enough."

3 Basic Steps to Avoid Joining a Botnet

Banging the drum for security awareness never gets old. Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use - unbeknownst to the machine's owner - for online crimes including sending out spam or launching a denial of service attack. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding.

Unfortunately, the black-hat techniques employed to snare users into a botnet web have evolved to a level that makes them often undetectable by even the most sophisticated security products. Santorelli, director of global outreach with the non-profit security investigations firm Team Cymru, spends his days monitoring malicious online activity, particularly botnets. Combine that with a lack of user knowledge, and the threat of infection becomes very high. (See: Botnets: Why it's Getting Harder to Find and Fight Them). "The frustrating thing is they can make their chances of getting infected much, much smaller," said Steve Santorelli, who sees how users fall prey to easily avoidable traps every day. Santorelli notes that while just one strategy probably won't cover you, with several tools in the tool box, the rate of infection within an organization significantly drops. They might not realize the importance of working with IT to ensure they are up to date with patching and software upgrades. Tip 1: Have work AND home machines regularly updated with patches and antivirus software The average user doesn't necessarily have a lot of technological knowledge, said Santorelli.

This problem may be especially prevalent among workers who are exclusively remote. Sophos scanned 583 computers for 40 days and found that 81 percent of the machines failed one or more basic security checks. In fact, a study conducted by security firm Sophos last year found most computer users ignore security updates and turn off their firewalls. Most machines, 63 percent, were lacking security patches for the operating system, office application and programs like Windows Media Player and Adobe Flash. Those are exactly the folks that criminals love. "These people are going to go for the low-hanging fruit and unfortunately there is a lot of it out there," said Santorelli. "There are so many machines without updated AV on it." If your patching system isn't automated, your users need to be made aware of the risks they are taking by working with unpatched and out-dated security technologies. More than half, 51 percent, had disabled their firewall and another 15 percent had outdated or disabled antivirus and anti-spam software.

And while security updates are not the cure-all for malware infection, Santorelli said they certainly serve as a strong deterrent. "If you are walking down the street as a burglar and you see a house with a Rottweiler, and a visible sign from a security company, you probably won't attack that house," he noted. Unfortunately, that's less and less foolproof. "It used to be that if you surfed to places like CNN, or the Weather Channel, you weren't going to come across great deal of malware," said Santorelli. "That isn't the case anymore. Tip 2: Use the latest browser versions Staying away from dubious sites and sticking to known brands used to offer reasonable online safety. We've seen a number of cases recently where people have gone to a legitimate web site and there is an advertisement up there hosting some kind of malicious code." That is where the latest safe browsing technologies can help, said Santorelli. There is also a great deal of anti-phishing and anti malware that goes into them now. The latest versions of today's browsers will often flag potentially dangerous content. "Browsers are so much more secure now that so many of the holes that existed in these browsers have been patched.

So if you try and go to a link that contains malware, your AV might not pick it up. You can download the latest version of Internet Explorer or Firefox fairly easily and quickly, too (See: IE or Firefox: Which is More Secure?). "It will only take you five minutes to have the latest browser technology," said Santorelli. "It is just another string to your bow, so to speak." Tip 3: Be a little more careful when you get a link or an attachment. "Don't just blindly click on things and rely on other people to protect your computer," noted Santorelli. "You've got to take some responsibility for your own security." Team Cymru research reveals that the most common attack vectors for installing malware continue to be links in emails, or drive-by downloads. "We know from our recent investigations that there is a great deal of success to be had [for hackers] by just sending links out," he said. But your browser will say: "Are you sure?" The good news is most browsers are free. Just because you receive the email from someone you know and trust, it doesn't mean it is safe. See Five More Facebook, Twitter Scams to Avoid for examples of current attempts to exploit social media sites. This includes friends and family, whose systems or accounts may have been compromised, and also well-known web sites you use, like social networking sites or banks.

And large banks, such as Bank of America, often find their name is used in email phishing scams where thieves send out messages warning that customers their account has been compromised with a link that leads to a fake, but very legitimate-looking login screen. Of course, whether or not you should click any link or attachment also depends on if you have complied with steps 1 and 2 above. "You're going to have to take it on a case-by-case basis," said Santorelli "And my concern would be significantly raised if I didn't have my computer up to date with antivirus and browsing technologies."

Broadband will connect 20% of households worldwide this year, Gartner projects

Research firm Gartner is projecting that 20% of households worldwide will be connected to the Internet through a broadband connection by year-end. Following behind South Korea in broadband penetration rate are the Netherlands (80%), Denmark (75%), Hong Kong (72%), Canada (69%) and Switzerland (69%). Gartner says that the United States lags behind many developed countries with a 60% broadband penetration rate, although this still ranks the United States ahead of countries such as Japan (58%), Germany (55%), Australia (55%) and Sweden (54%). Over the next four years, however, Gartner expects broadband penetration in the United States to rise rapidly, as it is projected to add 27 million new connections and hit a penetration rate 78% by 2013. If the United States is successful in adding these new connections, Gartner projects that it will leapfrog several countries that it now trails in terms of broadband penetration rate, including New Zealand, the United Kingdom and Norway. WiMAX changes lives in rural Thailand In all, Gartner projects that 422 million households worldwide will have a fixed broadband connection by the end of this year, an increase of 10.5% from the 382 million households that had a fixed broadband connection at the end of 2008. Looking further down the road, Gartner projects that 580 million households worldwide will have a fixed broadband connection, an increase of 37% over the number projected to have broadband by the end of 2009. South Korea is currently the leader in household broadband penetration, Gartner reports, as 86% of South Korean households have broadband connections.

South Korea is still projected to be the king of broadband penetration, however, as Gartner predicts that 93% of South Korean households will be connected to the Web via broadband in 2013. Gartner also predicts that developing countries will add 135 million new broadband connections over the next four years, with Brazil, Russia, India and China accounting for more than two-thirds of new connections in the developing world and nearly half of all new connections worldwide.

EMC executive takes over at storage vendor Xiotech

EMC executive Alan Atkinson is taking over as CEO of Xiotech, a storage company that just secured $10 million in new financing. Glassmeyer is also general partner of Oak Investment Partners, which owns a majority stake in Xiotech. Nine data storage companies to watch Atkinson was co-founder and CEO of WysDM, a data protection vendor sold to EMC in April 2008. Atkinson remained at EMC as vice president of the company's Storage Software Group, but on Thursday was announced as Xiotech's new CEO. Xiotech said its previous CEO, Casey Powell, will remain on the board of directors and will be a "strategic advisor to Atkinson." "With his extensive knowledge of and experience with data storage, Alan Atkinson is the right leader to take Xiotech to the next level," Ed Glassmeyer of Xiotech's board of directors said in an announcement. Atkinson's 21-year career includes positions at StorageNetworks, Goldman Sachs and AT&T Bell Laboratories.

Xiotech, based in Eden Prairie, Minn., plans to use the cash to expand its Intelligent Storage Element technology with new products to be released early next year. He takes over at Xiotech just after the company announced a $10 million funding round from private investors. Xiotech says its ISE architecture is designed to provide 100% usable storage capacity, to improve efficiency but without a performance hit. Atkinson marked his first day on the job at Xiotech with a blog post. "I can honestly say, after 20+ years in the storage industry (I'm really not THAT old), I've never seen a company this size with so many talented storage folks," he wrote. "We have more patents than most companies five times our size." Follow Jon Brodkin on Twitter

Acresso who? Macrovision spinoff changes name, again

Under a legal threat from another software firm with a similar name, Acresso Software Inc. is changing its name to Flexera Software after just 19 months. Acresso sells software such as software its installation utility, InstallShield, and software license manager, FLEXnet, to software vendors and enterprises. The company will officially announce the change next Tuesday, but had already notified partners and customers on Thursday.

It was spun out of Macrovision Corp. after the unit was acquired by venture capital firm Thoma Brava Cressley in April 2008. Macrovision retained the digital rights management (DRM) apps for which it is best-known. Acresso, which the company said was derived from the Latin word "Cresco" for "to grow, increase" faced a "challenge" on its name from ERP software maker Agresso Software , said Randy Littleson, senior vice-president of marketing for Acresso. "Our executive team decided that there were better ways to invest our time and money, and that we didn't need this distraction," Littleson said. "The action we're taking will let us avoid a potential lawsuit." Acresso did not immediately return an e-mailed request for comment. It changed its company name in July to Rovi Corporation. Acresso was founded in 1980 and has annual revenue of about $475 million. That dwarfs Acresso, which has 375 employees and annual revenues of $115 million.

It also has 3,500 employees at 16 offices globally. Flexera will be the fourth name in five years facing long-time users of InstallShield, which was bought by Macrovision in 2004. Perhaps predictably, early public reaction to the new name tended towards the sarcastic. "As if the makers of InstallShield hadn't already done enough damage to their brand, let's just go change names yet again!" wrote Christopher Painter, an InstallShield consultant, on his blog yesterday. "Acresso Software is becoming Flexera Software for no apparent reason. Littleson said the company considered changing its name to Installshield, being that it is its best-known product, but ultimately came to the conclusion that it didn't represent the breadth of its application stable. Go ahead. #ScrambleMyBrands," another tweet said. He dismissed the notion, brought up by some bloggers , that the new name will cause legal trouble or just confusion with a solar and wind power company Flexera. "We're quite aware of it.

We think this is very different, compared to when it was two software companies." That's one of the reasons why it's Flexera Software," he said. "How similar are we to an energy company?

Got Extra USB Drives? Updated Pogoplug Puts Them to Use

Have some extra USB hard drives you'd like to put to a good use? Though marketed primarily as a media-sharing device, the forthcoming second-generation Pogoplug is a cool and useful tool for sharing business information as well. How using them to create an Internet storage cloud for your company, yourself, or your family? The device was introduced earlier today.

It provides a hardware device and online service that together provide secure file access and sharing. Here's the pitch: For $129, Pogoplug gives you the ability to connect USB hard drives directly to the Internet. Scheduled to ship next month, Pogoplug 2 (as I am calling it) is optimized for Internet viewing and sharing of multimedia files. Because the Pogoplug service keeps track of stored files-indexing across multiple hard drives-it allows users to share files without having to upload them. It can, for example, stream video to an iPhone, which can also upload and download files from the storage cloud the Pogoplug creates. Optional Windows and Mac desktop apps provide local access to Pogoplug-managed storage.

The new model offers four USB connections, allowing multiple drives to be connected without the need for a USB hub. There is no monthly charge for the online service, included in cost of the device. Other new features include better transcoding and wider support for streaming movies on the Web or to an iPhone app. There is also tighter integration with Facebook, Twitter, and MySpace, as well as automatic organization of your music, photos, and videos. The new software also provides the ability to automatically sync photos, music, videos, and other content from apps such as iTunes and iPhoto. An address book remembers e-mail addresses with which you've shared content for future sharing.

If not, Seagate's DockStar is a somewhat less expensive device, based on Pogoplug technology. The first version, introduced in January at CES, had but a single USB connection and was pretty utilitarian in appearance. (Here is our review). The new Pogoplug is fairly attractive, if you like bright pink. The hitch? Storage is, after all, a terrible thing to waste. After the first year, Pogoplug service will cost Seagate customers $29.95-a-year. (The DockStar is one of our "25 Top Tech Gifts" for 2009). Meanwhile, Pogoplug's maker, a company called Cloud Engines, said it will "soon" enable additional features, such as "backup, file synchronization, photo printing and more." My take: I didn't think the first Pogoplug was useful enough the buy one, but having recenty discovered a half-dozen extra USB drives around my office, the device suddenly seems almost necessary.

I will probably order one online, that is if I can get past the obnoxious self-starting music and videos on the Pogoplug Web site. With the product features now improved, maybe the site can be fixed, too. It keeps repeating over and over. David Coursey tweets as @techinciter and can be contacted via his Web site.

Novation Launchpad debuts

Novation has unveiled Launchpad, an easy-to-use audio controller that works with Ableton Live 8 performance software to let you create musical compositions. You can start a rhythm from a library of provided samples, layer additional sounds, and edit to create a finished song. Launchpad, which is available for $199, consists of a panel of buttons, each of which can be used to launch an audio event-a sound sample, a rhythm, a melody loop, and more.

You can also use your computer's microphone input to add live vocals or other sound sources. Designed for DJs, live performances, or studio work, its price and ease of use are designed to appeal to musical hobbyists, as well. Launchpad is a dedicated controller for Ableton Live, co-developed by Novation and Ableton. Load the Ableton Live 8 program into your computer and plug Launchpad into the USB port. These are lit by LEDs displaying clip status in real time: Yellow means a sound clip is loaded; green shows a sound is playing; red shows a clip is recording.

Launchpad features a multi-color 64-button grid for launching clips and eight dedicated scene-launch buttons. Multiple Launchpads can be connected at the same time, so people can create "Launchpad bands" in which one person launches rhythms, another bass lines, and a third melody samples, the company says. You can mix, record, add new layers, play back, adjust pitch and volume, and explore panning and various production effects. The sound sources are included in the Ableton Live software. Launchpad is USB bus-powered and measures about 9.5 inches square and less than an inch high. Launchpad comes with a custom software package: Ableton Live 8 Launchpad Edition.

The recommended configuration is an Intel Mac running OS X 10.4 or later with 1GB of RAM, though it will work with a Power Mac G4 or later, 512 MB of RAM, and OS X 10.3.9 or later. It features eight audio and eight MIDI tracks plus eight Session View scenes. Launchpad requires Ableton Live 7 or higher. It also includes Live's classic effects and allows custom mapping.

How to prepare for a performance review

Performance reviews can be stressful, but they're also an opportunity to re-examine your current position, your relationship with your employer and your career goals. Here are five points to consider before your review. 1. What did I do this year? By asking yourself some key questions, you'll increase the chances that your performance review will be productive for both you and your employer. Start by reviewing the year (or whatever time period has passed since your last review). Examining old e-mails and files may refresh your memory.

Keep an eye out for any cases in which you went beyond the call of duty. Take a month-by-month look at your responsibilities and achievements, both expected and unexpected. For example, did you take on added responsibilities when staff size was reduced? Even an attentive manager isn't likely to remember all of your contributions. Did you find ways to reduce the costs associated with a particular project or process? As you look back, also note any projects that didn't meet expectations, as well as any challenges you've experienced.

Such preparation will ensure you are not blindsided if an issue is brought up during your review and will help lay the groundwork for a substantial discussion with your supervisor. 2. What are my career goals and priorities? What happened, and what was your role in the end result? Chances are you came out of your last performance review with some new goals or areas for improvement. If there are objectives that fell by the wayside, consider whether they remain important, or if new ones are now more appropriate. Take the time to find and review last year's appraisal. During your review, don't hesitate to ask about your employer's current ability to assist you with these goals.

Is there technical or business training you'd like to pursue? Many worthy career advancement intentions were set aside in 2009 as organizations focused on staying afloat. Most managers have a genuine interest in helping employees keep their careers moving forward, but supervisors need honest input. 3. Should I ask for a raise? Also consider alternate ways your employer can express appreciation for your contributions, such as flexible scheduling, work-at-home options or additional benefits. Even if you think a raise is richly deserved, take into account the financial condition of your employer before broaching the subject. If you do ask for a raise, be prepared to back up your request with specific evidence of ways you've saved the company time and money.

Publications such as the Robert Half Technology 2010 Salary Guide can give you an objective range to share with your manager. 4. What if I get a negative review? To home in on a realistic amount, consider past raises, the state of the company and the salary levels of other people in your area who hold your position. First, be sure not to blow criticism out of proportion. Keep in mind that your boss may make a point of identifying areas for improvement even for top performers. A few suggestions for improvement can feel like harsh judgments, especially if you're accustomed to praise. Work with your supervisor to create a plan for addressing issues that arise.

If you find yourself tempted to divert blame onto a colleague (or, worse, your boss), it may be best to hold your tongue and request another meeting to discuss the issue further after you've had time to review it more objectively. Reacting defensively or emotionally to criticism can easily be more damaging than the problematic performance itself. If the criticism came as a surprise, it's a sure sign that you and your manager haven't been communicating optimally. In turbulent times, strong employees are often tempted to present themselves as selfless team players who are willing to take on added responsibilities without complaint. Suggest regularly scheduled meetings to keep each other better informed. 5. What are my concerns? Savvy managers recognize, however, that overloading their top performers is a surefire way to lose them when conditions improve.

Your manager may ask for direct feedback on his or her performance. While you may be genuinely grateful to have a stable position in today's economy, stifling valid concerns serves neither you nor your employer. While providing this input may be uncomfortable, your response needn't be dishonest or ambiguous. A performance review should be a conversation, not a trial. Be respectful, and always balance any concerns with appreciation for areas of strength. While you may make progress toward identifying goals and clearing up uncertainties, keep in mind that thorny issues may not be resolvable in one sitting.

Carrying the lessons of the review into the year ahead will help you keep your day-to-day priorities and your long-term goals in alignment. If that's the case, make sure you've agreed on a follow-up plan before you leave. Dave Willmer is executive director of Robert Half Technology, a leading provider of IT professionals on a project and full-time basis. Robert Half Technology has more than 100 locations worldwide and offers online job search services at www.rht.com.

Sun, Oracle chiefs vow: Sun technologies will live on

Sun Microsystems Chairman Scott McNealy and Oracle CEO Larry Ellison both took the stage at the Oracle OpenWorld 2009 conference Sunday evening to offer reassurances that Sun technologies will not go away should Oracle complete its planned acquisition of Sun. As a matter of fact, combining Sun's research and development budget with Sun's presents  "one of the great R&D opportunities of all time," McNealy said. [ Find out why some user are nervous about Oracle owning MySQL. | Relive Sun's storied history in InfoWorld's slideshow "The rise and fall of Sun Microsystems." ] Oracle, for example, intends to spend more money developing Sparc than Sun does now, he said. "That's a good sign for Sparc innovation," McNealy said. "You look at the core technologies that we're developing: They're going to find a nice home in this next chapter," he said, referring to merger. From Java to the Solaris OS to the Sparc CPU platform and Sun storage technologies, Oracle will be good for all of them, the executives stressed at the San Francisco event. Ellison, for his part, took exception with IBM for suggesting Oracle was not committed to Sun's wares, particularly Sun hardware. "We're looking forward to competing with IBM in the systems [business] and we think the combination of Sun and Oracle [is] well-equipped to compete successfully against the giant," Ellison said.

The challenge would be part of a new ad campaign. Ellison said he would give $10 million to anyone - any major company or enterprise - whose existing database application would not run at least twice as fast on Sun gear. But he acknowledged Oracle recently was fined $10,000 for running a recent ad comparing Sun and Oracle to IBM, in which the benchmark evidence had not yet been documented.  His explanation cited overzealousness on Oracle's part. "If IBM wants to compete, we're happy to compete and we made a series of commitments," Ellison said. And with a little more investment, it could be even better," said Ellison. Solaris, meanwhile, is the leading enterprise OS and the leading OS for running the Oracle database, he said. "We said we're not selling the hardware business and we think Sparc is a fantastic technology.

Oracle also plans to increase its investment in the open source MySQL database, Ellison said. MySQL currently is owned by Sun. He added that Oracle already has continued to invest in the Innobase technology it acquired that serves as the transaction engine in MySQL. There had been speculation that Oracle bought Innobase "to kill it," but that has not happened at all, Ellison stressed. IBM had been a rumored suitor for Sun prior to Oracle forging a deal to buy the company nearly six months ago. McNealy said efforts to close the sale were proceeding with authorities.

The sale remains held up by the European Union, which is concerned over commercial database giant Oracle owning MySQL.  Recently, Ellison said Sun has been losing $100 million a month waiting for the sale to close. To argue on behalf of Oracle's commitment to Java, McNealy brought Sun Vice President James Gosling, considered the father of Java, onstage. The JSR process is used to submit modifications to the platform to the community at large. Oracle's product mix features Java and the company has  participated in numerous Java Specification Requests (JSR), Gosling said. Oracle, though, has been a bit unprepared for the volume of activity in the Java world, Gosling, said. "We do 15 million downloads of the JRE (Java Runtime Edition) a week on average," he said.

He lauded recent Sun-Oracle performance benchmarks and noted the recently introduced Sun-Oracle Exadata Database Machine Version 2, which combines Sun hardware with Oracle's database and storage management software.  Fowler also announced the Sun Storage F5100 Flash Array, which integrates 1.6TB of Flash storage into a device that looks like a server. Also appearing onstage at OpenWorld was John Fowler, Sun vice president of system. "My team is excited about working closely with Oracle because we have been working with Oracle now [for] what's measured in decades," Fowler said. McNealy cited a long list of Sun accomplishments, including the Network File System, the various editions of Java, Sparc's being the first 64-bit volume RISC architecture, and the company's contributions to open source, including its use of Berkeley Unix. "We were the Red Hat of Berkeley Unix," he said. In a Top 10 list entitled "Top 10 Signs Engineers Have Gone Wild," McNealy  took potshots at Apple for not supporting Java on its iPhone. "Friends don't let friends type on an iPhone especially since it doesn't run Java. In a brief interview after the evening presentation, Tim Bray, Sun's director of Web technologies, would not comment on whether the Sun name would go away as part of the merger with Oracle or whether Sun would become a division of Oracle.

Are you listening, Steve," McNealy said, referring to Apple CEO Steve Jobs.  "[The iPhone is] the only device on the planet that doesn't run Java." He also ridiculed President Barack Obama's winning of the Nobel Peace prize last week, without mentioning the President by name. Follow the latest trends for developers, open source, and database management at InfoWorld.com.   One of the engineering signs on McNealy's list pertained to a Nobel prize for a gas mask bra, leading McNealy to follow the reference with a comment that such an award was "no more ridiculous than some other Nobel prizes that I've heard of." This story, "Sun, Oracle chiefs vow: Sun technologies will live on," was originally published at InfoWorld.com.

Troubleshooting faulty space robot 220 miles above Earth

Computer programmers and engineers are troubleshooting a problem with a 3,400-pound robot that is orbiting about 220 miles above Earth. The $200 million robot, built by the Canadian Space Agency in Saint-Hubert, Quebec, is designed to handle maintenance on the outer walls of the International Space Station. ? The problem started two nights ago, when astronauts went to fire up Dextre as part of a test to see how it fared during Endeavour's liftoff. Earlier this week, the space shuttle Endeavour lifted off carrying nine robotic components - the makings of Dextre ,?a 12-foot tall robot with a wing span of 30 feet. The robot did not respond as required.

Wander said that the astronauts already have the robot covered with thermal blankets but in about a week, those blankets won't be enough to protect Dextre from the brutal cold. "You just can't leave it without power," said Allard Beutel, a spokesman with NASA .?"The system needs to be heated with electricity running through it. Dextre was orbiting the Earth, 220 miles above its home and engineers, and it simply would not respond to commands. "Power was reaching Dextre, but his computer wasn't acknowledging that it had received a command and start up," explained Michel Wander, a systems engineer who worked on Dextre at the Canadian Space Agency ? "It's just not able to switch on the components." The problem with not being able to power up the robot? - other than having an unresponsive 3,400-pound, $2 million robot attached to the space station - is that Dextre eventually will need to receive enough electricity to keeps its joints, cameras and sensors from freezing up in the harsh conditions of space. The longer things are in space without power and heat, you have problems. We don't want to start having parts not working." The engineers at NASA and the Canadian Space Agency first suspected that the problem was a bug in the software. In theory, you'll start having mechanical problems.

Canadian programmers immediately began building a patch that was sent to the space station via radio dishes. At this point, Wander said the engineers suspect that there's a configuration problem with the cable that links Dextre to the pallet that it's attached to. The software patch didn't fix the problem. Electricity and software commands should be going to Dextre through the cable. To find out if the assumption is correct, Wander said around 10 p.m. EDT tonight, they'll grab hold of Dextre with a robotic arm that already is attached to the space station. If that's the case, the problem isn't with the robot itself and it should work as planned once it's off the pallet, fully assembled and permanently attached to the space station, he said.

Using the arm to bypass the potentially flawed cable, Dextre should be able to power up. "It's not nerve wracking. We have an idea of what the problem is," said Wander. "If this doesn't work tonight, then yes, it will be more serious." People can watch the astronauts and engineers trouble shoot Dextre tonight on NASA TV .

Sneaky Microsoft plug-in puts Firefox users at risk

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week. Numerous users and experts complained when Microsoft pushed the .NET Framework 3.5 Service Pack 1 (SP1) update to users last February, including Susan Bradley, a contributor to the popular Windows Secrets newsletter. "The .NET Framework Assistant [the name of the add-on slipped into Firefox] that results can be installed inside Firefox without your approval," Bradley noted in a Feb. 12 story. "Although it was first installed with Microsoft's Visual Studio development program, I've seen this .NET component added to Firefox as part of the .NET Family patch." What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update. "While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox." The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site. The usual "Disable" and "Uninstall" buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org . Annoyances also said the threat to Firefox users is serious. "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste." Specifically, the.

Microsoft reacted to criticism about the method it used to install the Firefox add-on by issuing another update in early May that made it possible to uninstall or disable the .NET Framework Assistant. NET plug-in switched on a Microsoft technology dubbed ClickOnce, which lets .NET apps automatically download and run inside other browsers. It did not, however, apologize to Firefox users for slipping the add-on into their browsers without their explicit permission - as is the case for other Firefox add-ons, or extensions. According to Microsoft, the vulnerability is "critical," and also can be exploited against users running any version of IE, including IE8. This week, Microsoft did not revisit the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren't able to deploy the patches provided in the MS09-054 update.

Native iPhone support ready for Lotus Domino

IBM/Lotus said next week it will ship the long-anticipated real-time access support for the iPhone on its Domino messaging platform. In January, IBM announced that it would add support for ActiveSync to its Lotus Notes Traveler, a server add-on that provides real-time replication between mobile devices and Notes. Lotus Domino support for the iPhone uses the Apple device's mail, calendar and contact application and synchronizes data between the two platforms in real time using Microsoft's ActiveSync protocol. It is the updated Traveler software in Domino 8.5.1, which was released Tuesday, that provides the iPhone support.

Updates to Traveler in Domino 8.1.5 add remote wipe, device lock, password management, and external calendar integration to the Symbian platform. Traveler already works with devices based on Windows Mobile and Symbian. Lotus is playing a bit of catch-up as Microsoft and other vendors such as Kerio who offer push e-mail for the iPhone. Also from Network World: Lotus goes after Microsoft's 'ridiculous and fabricated' figures The only thing iPhone users have to add to their device is a configuration file that tells the iPhone how to find the user's mailbox on the Domino server. Motorola, Nokia, Palm, Sony Ericsson, Symbian also support ActiveSync on their mobile devices.

For initial set-up, the iPhone's Safari browser is used to access the Domino server and download the configuration file. Those credentials are stored on the device so the iPhone and Domino can trade data without further user intervention. When the user signs onto Domino to get the configuration file, the user's sign-on credentials are captured by the iPhone. Lotus Notes users have had to suffer with e-mail access via the iPhone's Safari browser and the Notes Web Access client. We want to support all the devices out there and this is the next one we have added." The Domino iPhone support also features limited management capabilities, including the ability to remotely wipe data if the device is lost or stolen.  Follow John on Twitter

With that configuration, users have to manually connect to the Domino server and go through each individual e-mail via the browser. "It has rich email, attachment support and calendaring capability and is the same user experience a user would get using the iPhone against Exchange or Google," said Ed Brill, director of product management for Lotus Software. "Clearly the iPhone is increasingly a component of an enterprise strategy.

To boost security, Mozilla launches plugin checker

Mozilla developers have launched a new online tool that tells Firefox users whether popular add-on components such as Java or QuickTime are up to date. A test version of the site was introduced last week. The new Plugin Check page tests for more than 15 popular plugins right now, and Mozilla plans to add more in the future. "Visitors to the page can see which plugins they have installed and, for any that are outdated, follow an easy link to the update site," wrote Mozilla's "human shield," Johnathan Nightingale in a Tuesday blog posting. The final page tests for plugins such as Silverlight, Picasa, iTunes and Acrobat.

But this can't be done with the plugin software targeted by the new Web page, Nightingale said in an e-mail interview. "Plugins like RealPlayer, Flash or Silverlight are pieces of software installed on your machine outside of Firefox's control," he said. "They interact with Firefox, but they are independent software packages, and make their own choices about when and how to update." Keeping plugins up-to-date is becoming increasingly important. Firefox can already check to make sure that add-ons, installed through the addons.mozilla.org Web site, are up to date. Mozilla says that about 30 percent of browser crashes are caused by obsolete plugins. That's because out-of-date plugins are increasingly exploited by hackers in Web-based attacks that place malicious software on the victim's computer. Besides that annoyance, however, they also pose a security risk. Flaws in Adobe's Flash and pdf formats, Apple's QuickTime, and RealPlayer have all been widely exploited in this way in the past few years.

That should help keep many more Firefox users up-to-date. "We can't control how plugins choose to update themselves," he said. "But we can help our users to know when an update is available." After criminals launched widespread attacks based on a flaw in Adobe's Flash player earlier this year, Mozilla built an automatic Flash checker into its browser. Security conscious Firefox users can use the Plugin Check site for now, but the checks will be built into the upcoming Firefox 3.6 browser, expected by year's end Nightingale said. Within days of its release last month, 10 million Firefox users had clicked through to Adobe's Web site after being alerted that their Flash player needed an upgrade.

World War III could be fought on Internet, says ITU head

Threats of cyberwar and a story of real violence rubbed shoulders at a news conference to mark the opening of the ITU Telecom World exhibition and forum in Geneva on Monday. "The next world war could begin in cyberspace," warned Hamadoun Touré, secretary general of the International Telecommunication Union, the United Nations agency that organized the event. That's why the ITU is pushing an ambitious worldwide program for cybersecurity and peace. "By the end of next year, we will broker a global agreement with every country to protect its citizens online, not to harbor cyberterrorists, and not to start an online attack," he said. The beginnings of such an unconventional war could be out of the control of conventional diplomacy, he said, because in cyberspace "there is no such thing as a superpower: Every citizen is a superpower." With an army of "bots," or compromised computers, at their command, almost anyone could wield great power in a virtual battle, as a number of recent denial-of-service attacks against targets around the world have shown. "We know from conventional wars that the best way to win is not to start," Touré said. U.N. Secretary General Ban Ki-moon began by expressing his sorrow at news of an all-too-real attack, the suicide bombing earlier in the day of the Islamabad, Afghanistan, office of the U.N. Food and Agriculture Organization, which left several people dead.

Encouraging the participation of "our youth, drivers of innovation and change," is vital if those divisions are to be eradicated, he said. Returning to the theme of the conference, he highlighted "a world divided," those with access to information on one side, and those without on the other. Investment in infrastructure and services must be encouraged too in order to eliminate the technology divide - but the motive should be profit, not charity, Touré said. "In our strategy of connecting the world, we have no need for charity: It's pure business. The telecommunications industry will always have investment, because it's a profitable industry, he said. If you have the right business plan, you will have investment," he said. That's turning out to be the case in Rwanda, said President Paul Kagame, where state infrastructure projects have attracted investment from Chinese network equipment manufacturers. "The availability of capital for everything is getting more and more scarce, but in our country there is a strong partnership between public and private sectors," he said.

In the company's home market, revenue from international calls is down 20 percent because of a reduction in tourism and manufacturing exports, he said. China continues to invest internationally, despite the impact of the global economic crisis and the attraction of the untapped potential of its home market, said Wang Jianzhou, chairman and chief executive officer of China Mobile, also present at the news conference. "We have still got challenges from the international financial crisis," he said.

Piracy's global economic impact debated

There's no question that software piracy is a global problem with a heavy financial impact. A May 2009 report by the Business Software Alliance and IDC estimated that 20% of software programs installed in the U.S. last year were unauthorized copies. But just how heavy it is is a matter of debate. Worldwide, the figure is 41%, with an estimated financial impact of $53 billion - a figure based on the retail value of the pirated PC software.

If it were, the BSA's global loss figure of $53 billion would drop sharply, they maintain. "Obviously, not every piece of pirated software will be replaced immediately with legitimate software if underlicensing is addressed or sources of pirated stuff dry up," acknowledges Dale Curtis, the BSA's vice president of communications. But critics of the study say it fails to account for the possibility that pirated software could be replaced with Linux or other open-source options. But he says that over the years, IDC has found "a very strong correlation between piracy rates and software sales. One country that wasn't included is Canada - and that doesn't sit right with Michael Geist, a professor at the University of Ottawa. "What the BSA did not disclose is that the 2009 report on Canada (whose piracy rate declined from 33% to 32% in the study) were guesses since Canadian firms and users were not surveyed. In country after country, as the piracy rate falls, legitimate sales go up." A second criticism of the report is that its country-by-country figures are partly based on the results of an annual survey that in 2009 covered 24 countries. While the study makes seemingly authoritative claims about the state of Canadian piracy, the reality is that IDC . . . did not bother to survey in Canada," Geist wrote in a May 27 blog post.

Further, he says Canadian users were surveyed the previous year, and "there is no reason to assume large changes in results from one year to the next." Ivan Png, a professor of information systems and economics at the University of Singapore, says the BSA and IDC should explain how they applied the results from the 24 countries surveyed to all of the other countries not surveyed. "IDC should make the methodology transparent," Png says. Curtis responds that the study "is not a guess, nor is it a scientific measurement, nor is it based primarily on a survey of software users, as Geist suggests." A survey of 6,200 users is only a piece of the model, Curtis says.

DEMOfall ’09 product spotlight: HP Skyroom

SAN DIEGO - One of the most striking enterprise products on display at this year's DEMOfall show has been HP's Skyroom videoconferencing software that combines instant messaging capabilities with high-definition video streaming. Even more interesting was the software's ability to create windows on their desktops where they can drag and drop pictures, audio files and video files that the person on the other end of the videoconference will then see on their own screen. During the product's demonstration at DEMOfall Tuesday, HP workstation global business unit vice president and general manager Jim Zafarana showed how users can simply click on names displayed on their Skyroom buddy lists to start impromptu HD videoconferences. During the demonstration, Zafarana received a streaming trailer for the film "Monsters, Inc." after his friend dropped it into the Skyroom conference window.

So when I purchase HP Skyroom, I'm not paying for any additional equipment? Slideshow: 13 hot products from DEMOfall '09 After his presentation, Zafarana sat down with Network World to discuss Skyroom's system and bandwidth requirements, its security features and its ability to integrate with existing enterprise chat protocols. I'm only paying for software? You have to meet the minimum system requirements of having a 2.3 GHz Intel Core Duo processor, and your machine has to run on Windows XP or Vista. Yes. We're planning on having a version that runs on Windows 7 out in November.

One of my colleagues in Boston, for instance, has fiber-to-the-home and he uses a VPN to hook onto the HP network and conference with us using Skyroom. We're targeting business customers and this software can really be optimized through company networks, whether it's an onsite network or a VPN with a good network connection. How fast of a data connection do you need to make Skyroom effective? If you have a one-on-one conference, then it's a 1Mbps requirement for high-quality video and you can dial down the quality to make it work at around 500Kbps. It depends on what you're doing. If you do things such as video and picture sharing it'll take up more bandwidth.

Is this designed for people who want to talk to people in other companies, or is it just for coworkers who want to collaborate? With the Monsters, Inc. video clip I shared today during the demonstration, for instance, I was probably adding 5Mbps to the requirements. At this point it only allows for intra-company conferencing. The bits traveling over the network are encrypted at 256Kbps and they can only go through a VPN or a secure corporate network, so it's pretty secure. What are its security features?

How much does Skyroom cost? Additionally, every new HP desktop workstation will ship with Skyroom as a complementary part of the entire package. The pricing model we have now is $149 per user for a license to use the software and there's no subscription fee. How do I add "buddies" to my Skyroom videoconferencing list? If you have corporate Microsoft infrastructure with Office Communicator, for instance, it will pull your Office Communicator buddy list into Skyroom and all your colleagues on that list will show up as available for you to connect to as long as they have Skyroom installed. There are multiple ways for you to populate your buddy list.

You can also use other communication software products such as Jabber Server, to leverage you buddy list into HP Skyroom. Any plans on expanding that? And finally, Skyroom currently limits that number of people who can participate in an HD videoconference to four. Obviously we could do that in the future but we're not talking about that at this point.

Microsoft Betrayed i4i, Say Court Documents

Microsoft Corp.marketed i4i Inc.'s XML software to potential customers at the same time it planned to drive the small company out of business by infringing on its patent for the technology, according to court documents filed last week. Federal Judge Leonard Davis issued the injunction in August, barring Microsoft from selling Word 2003 and Word 2007 after Oct. 10. The decision came about three months after a Texas jury found that Microsoft had illegally used patented i4i technology to build XML features into its word processing software. In a brief submitted to the U.S. Court of Appeals for the Federal District in Washington, Toronto-based i4i argued that an injunction blocking Microsoft from selling current versions of Word should stand. The jury had awarded i4i $200 million, but Davis increased the amount to just under $300 million when he issued the injunction.

Earlier this month, the three-judge appeals panel decided to stay the injunction while it weighs Microsoft's appeal . I4i filed the patent infringement lawsuit in 2007. The new i4i brief charges that in 1991, "at the same time Microsoft was praising the improved functionality that i4i's product brought to Word, and touting i4i as a 'Microsoft Partner,' Microsoft was working behind i4i's back to make i4i's product obsolete." According to the brief, just days after a 1991 meeting in which Microsoft had sought to find ways to work with i4i, Microsoft executives discussed XML plans for Word that would eventually "make obsolete any competitive attempts by third parties to conquer that market." Microsoft must file its rebuttal to i4i's brief by Sept. 14; the appeals court is slated to hear oral arguments from the two sides on Sept. 23. Asked to comment on i4i's briefs, a Microsoft spokesman said, "We're looking forward to the hearing on the merits of our appeal." This version of the story originally appeared in Computerworld 's print edition.

Firefox's Flash check drives 10M to Adobe's download

Mozilla said yesterday that Firefox's check for outdated editions of Adobe's Flash Player convinced 10 million users to go to Adobe's Web site and grab the latest software. Adobe on Thursday confirmed a spike in traffic to its Flash Player update page, and applauded Mozilla's move. "For us, anything that others do to help users stay up-to-date is a good thing," said Brad Arkin, Adobe's director for product security and privacy. "We're glad to see Mozilla doing this." After Firefox 3.0 and 3.5 users installed the security update Mozilla issued last Wednesday, they saw a message on the "landing page" - the first page that appeared after the browser restarted - if they had an out-of-date version of Flash Player. "You should update Adobe Flash right now," the message read. "Firefox is up to date, but your current version of Flash can cause security and stability issues. About a third of the Firefox users who were warned last week that they were running an old, and vulnerable, version of Flash followed the link to update the Adobe software, said Mitchell Baker, the former CEO of Mozilla and current chairman of the Mozilla Foundation. "This is a very high response rate," said Baker in a post to her blog . "A typical response rate for this [landing] page is around 5%." "Those results have been nothing short of awesome," echoed Johnathan Nightingale, of Mozilla's security team, in an entry on the company's security blog yesterday. Please install the free update as soon as possible." The message also included a link to Adobe's download site for the latest Flash Player plug-in.

On Sept. 10, the first full day after the update rolled out, about six million users saw the landing page. According to Ken Kovash, Mozilla's chief of metrics, 10 million people clicked on that link in the week after the update and Flash plug-in check were fed to Firefox users. More than three million, said Kovash on his metrics blog, were running an outdated copy of Flash, and of those, over one million clicked on the link to Adobe's download page. "Beyond the total impact of 10 million clicks, the most impressive pattern that stands out is the click-through rate," said Kovash. "While the Firefox 'whatsnew' page generally sees a click-through rate below 5%, the Flash update link alone has generated a click-through rate better than 30%. Phenomenal!" Adobe's Arkin said that Mozilla's tactic isn't the first time a company's urged its users to update Flash. "Other sites, such as Facebook, have been doing this for awhile, and are already encouraging their users to stay up-to-date," Arkin said. "No one has to ask our permission to do it." The request is frequent enough, in fact, that Adobe provides JavaScript code to Web site developers that they can use to detect the current version of Flash on a machine. Even though he welcomed Mozilla's plug-in check, Arkin said it isn't a complete solution to the problem of outdated software. "Firefox's is a good approach for a certain demographic, but not all users have the rights to update on their own," said Arkin. "It's not the complete and final solution." Arkin declined to go into specifics about what plans Adobe has in mind, or in the works, to boost update uptake. Dubbed "SWFObject," the code is part of an open-source project of several Adobe engineers. "Anyone who wants to help update their users, they can get in touch with us and we'll help them," said Arkin. But doing that is imperative, a collection of security experts concluded earlier this week after releasing a report that correlated data on Web attacks with patching practices . "Applications that are widely installed are not being patched at the same speed as the operating system," said Wolfgang Kandek, the chief technology officer of Qualys on Tuesday.

Baker acknowledged that Firefox's check for outdated plug-ins - something the company intends to expand later this year in version 3.6 - won't solve the problem on its own, but was optimistic that the browser maker was on the right track. "The response suggests that people are receptive to clear information about how to keep themselves safer," she said. "That's encouraging. Qualys contributed its patching data to the study. "For Adobe Reader, Adobe Flash, Sun Java, Microsoft Office, Apple QuickTime, the patch cycles are much much slower than for the operating system," he said. It benefits the individual doing the updating, and also provides a system wide 'public health' benefit, as well." To manually download the latest version of Flash Player, users can head to Adobe's Web site.

Fall HDTV Trends: 3D, Fewer Cables, and Skinny LEDs

Move over, LCD - here comes green, lean LED. Make room, too, for sets that dispense with unsightly cables and get ready for a coming wave of 3D sets. CEDIA (Custom Electronic Design and Installation Association) is the trade group for people who install high-end home entertainment and automation systems, and its annual show has become the venue of choice for consumer electronics companies who want to show off their high-end wares. These are the big HDTV tech trends on display at CEDIA Expo in Atlanta this week.

One of the biggest trends is the emergence of LED backlighting as the upscale replacement for conventional, CCFL LCD screens. But they also cost more than traditional LCDs, so most vendors are continuing to offer LCDs for those on a budget. LEDs are more energy-efficient than LCDs (many sets tout local dimming - the capability to turn down brightness in dark spots - and ambient-light-sensitive displays that get darker in darker rooms). LEDs also dispense with environment-damaging mercury, and their superslim screens are capable of richer color. Either way, the sets are now almost all 1080p (as opposed to the 720p resolutions that dominated the market earlier in the decade. The sets come with either a 46-inch or a 52-inch screen. Sony, for example, announced a new pair of super-skinny Bravia sets, the XBR10 series, with edge-lit LED backlighting.

They boast speedy 240Hz screen refresh technology to make action video look smoother. You hook up all your audio and video sources - set-top boxes, game consoles, home theater receivers - to the transmitter box, which beams their uncompressed signals (1080p and 7.1-channel audio) to the set over the unlicensed 60GHz band. Cutting those Cables The XBR10 sets feature another hot technology: WirelessHD. Designed to eliminate ugly cables dangling from wall-hung sets (although they still need a power cord), WirelessHD sets come with transmitter boxes that have the myriad of inputs usually found on the back of the set. WirelessHD offers vastly more throughput than even the fastest Wi-Fi ; backers say the first products, all based on chips by a company called SiBeam, move about 4GB per second (802.11n tops out at a theoretical rate of 600mbps). But WirelessHD lacks Wi-Fi's range - it can cover only up to 33 feet - which is why it's a cable-replacement technology, not a home networking technology. LG Hops on the LED Train LG Electronics' new SL90 LED sets are also extremely thin - less than 1.2 inches thick, with no raised bezel.

All the goodies in the XBR10 series don't come cheap, however; the 46-inch set is expected to run about $4500, while the 52-inch model will go for $500. Sony plans to ship both next month. They're due out later this fall with price tags of $2599 for the 47-inch model and $2099 for the 42-incher. LG is also bringing three WirelessHD sets to market. A trio of new conventional LCDs, the SL80 series, are somewhat thicker - 1.8 inches - but also less expensive, at $1599 for the 42-inch model, $1,899 for the 47-inch set, and $2799 for the 55-inch display. The top-of-the line 55-inch LED-backlit 55LHX is expected to ship shortly at a suggested price of $4799, while a pair of conventional LCD sets, the LH85 series, are due later this fall for $3199 (55 inches) and $2399 (47 inches). Panasonic Shows WirelessHD set, 3D Technology Panasonic recently began shipping a 54-inch plasma TV with WirelessHD, the TC-P54Z1, which It had announced at the Consumer Electronics Show in January. Insisting that its technology is poised to become the industry standard for 3D, Panasonic said it expects to begin shipping 3D-enabled TVs and Blu-ray Disc players next year.

The set/transmitter bundle runs $5500. However, 3D HDTV took center stage at the company's CEDIA booth, in the form of a mobile theater showing dramatic 15-minute reels that included clips from the Pixar film Up! and sports footage. The technology requires wearing special glasses, which Panasonic says are superior to those provided for 3D movies in theaters. Samsung, meanwhile, has for some time been shipping 3D after-market kits. Panasonic isn't the only vendor to set a stake in 3D. Jeff Goldsmith, Sony Electronics television VP, says the company is committed to 1080p content in 3D. "You can bet that we're bullish on the technology as 2010 approaches," he told reporters at the company's CEDIA news conference. Sharp Thinks Big Sharp's new offerings also include a line of four LED-backlit AQUOS sets, the LE700 series, all 1080p sets ranging in price from $2800 for a 52-inch model to $1100 for a 32-inch set. The 65-inch LC-65E77UN will sell for about $4500 when it ships later this month, Sharp says, and the 60-inch LC-60E77UN will run $3500. JVC, meanwhile, announced only one LED HDTV, a petite 32-incher weighing a mere 12.5 pounds.

The company also announced a pair of larger conventional LCD sets at what the company described as attractive price points, given the dimensions involved. As skinny as one-quarter-inch at its leanest point, the 1080p JVC LT-32WX50 is slated to ship in November - but there's nothing skinny about its price (except maybe the effect on your wallet), which JVC describes as "less than $3000."

Dell to enter smartphone market in China

Dell plans to start selling a mobile device in China but has not yet announced availability, it said on Monday.

Despite reports that it had introduced a new phone in China, Dell said that it has only confirmed that it is working on "mobile product development for China Mobile."

Dell did show off some phone prototypes at an event, but did not make any announcements about form factors or when it might introduce a product, said Andrew Bowins, a spokesman for Dell.

In fact, even though many photos of the prototype have appeared online and show that it is clearly a phone, Dell would not say that it is actually working on a phone. Instead it would only confirm "mobile product development" for the largest mobile operator in the world.

The Wall Street Journal quotes a China Mobile spokeswoman who says that Dell's new handset is called the mini31 and will support the operator's new applications store.

The computer maker supports China Mobile's Ophone development, which is an open mobile software platform for mobile Internet, Dell said. The company declined to say which operating system its device would use.

Past rumors have linked a Lenovo phone running Android with the Ophone name.

Dell was participating in a China Mobile event, where the operator announced its mobile application store, Bowins said.

Rumors of a new phone from Dell have been circulating all year. The computer maker once made a handheld device, the Axim PDA, but cancelled it in 2007.

Dell would not comment on whether it intends to introduce a phone in other regions beyond China. If it does, it would be entering an increasingly crowded and competitive market. The introduction of the iPhone, and subsequent challengers including the Palm Pre and Android devices, has changed customer expectations for how smartphones should look and what they should do. Still, the market for cell phones continues to grow and China is the largest cell-phone market in the world, so Dell may be hoping to capitalize on both trends.

Security certificate warnings don't work, researchers say

Every Web surfer has seen them. Those "invalid certificate" warnings you sometimes get when you're trying to visit a secure Web site.

They say things like "There is a problem with this Web site's security certificate." If you're like most people, you may feel vaguely uneasy, and - according to a new paper from researchers at Carnegie Mellon University - there's a good chance you'll ignore the warning and click through anyway.

In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users).

"Everyone knew that there was a problem with these warnings," said Joshua Sunshine, a Carnegie Mellon graduate student and one of the paper's co-authors. "Our study showed dramatically how big the problem was."

That's not great news. Often the warnings pop up because of a technical problem on the Web site, but they can also mean that the Web surfer is being redirected somehow to a fake Web site. URLs for secure Web sites begin with "https."

The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web.

They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites.

"That's sort of a backwards understanding of what these messages mean," Sunshine said. "The message is validating that you're visiting the site you think you're visiting, not that the site is trustworthy."

If a banking Web site shows a message that its security certificate is invalid, that's a very bad sign, security experts say. It could mean the Web surfer is being subjected to a so-called man-in-the-middle attack. In this type of attack, the criminal inserts himself between the Web surfer and the site he's visiting, in the hopes of stealing information.

Security experts have long known that these security warnings are ineffective, said Jeremiah Grossman, chief technology officer with Web security consultancy White Hat Security. That's because users "really don't know what the security risks mean," he said via instant message. "So they take the gamble."

In the Firefox 3 browser, Mozilla tried to use simpler language and better warnings for bad certificates. And the browser makes it harder to ignore a bad certificate warning. In the Carnegie Mellon lab, Firefox 3 users were the least likely to click through after being shown a warning.

The researchers experimented with several redesigned security warnings they'd written themselves, which appeared to be even more effective. They plan to report their findings Aug. 14th at the Usenix Security Symposium in Montreal.

Still, Sunshine believes that better warnings will help only so much. Instead of warnings, browsers should use systems that can analyze the error messages. "If those systems decide this is likely to be an attack, they should just block the user altogether," he said.

Even when visiting important Web sites like banks, "people are still dramatically ignoring the warnings," he said.

Microsoft may have known about critical IE bug for months

The vulnerability that sent Microsoft scrambling yesterday and is being used by hackers now to attack Internet Explorer (IE) users may have been reported 18 months ago or more.

In the security advisory it issued yesterday, Microsoft credited a pair of researchers - Ryan Smith and Alex Wheeler - with reporting the bug. Smith and Wheeler once worked together at IBM's ISS X-Force, although Wheeler now is at Texas-based 3Com's TippingPoint DVLabs.

Wheeler confirmed that he and Smith uncovered the vulnerability, but he gave most of the credit to Smith. Wheeler declined, however, to say when the bug was reported to Microsoft. "I don't feel comfortable talking about that," he said, citing a non-disclosure agreement related to the vulnerability that he signed at the time. Instead, he steered questions to his former employer, ISS X-Force.

"But we worked on it prior to my time with TippingPoint," Wheeler acknowledged. Wheeler, who is the manager of DVLabs, started at TippingPoint in January 2008.

The CVE (Common Vulnerabilities and Exposures) number for the vulnerability - CVE-2008-0015 - points to a possible early 2008 reporting date. According to the database, the CVE number was reserved on Dec. 13, 2007.

ISS X-Force was not immediately able today to confirm a reporting date for the vulnerability, but the security firm did note in its own advisory, also published Monday, that hackers have been exploiting the bug since at least June 9, 2009, nearly a month ago.

In fact, X-Force listed two separate vulnerabilities in its advisory, saying that the flawed Microsoft Video Controller ActiveX Library, or the "msvidctl.dll" file, not only contained the buffer overflow bug attributed to Smith and Wheeler, but also harbored a memory corruption vulnerability discovered by X-Force researcher Robert Freeman.

Microsoft did not respond to questions about when it was informed of the vulnerability, and if it was in late 2007 or 2008, why it had not patched the problem.

No matter when it was reported, the bug is serious, Wheeler said today. "This particular vulnerability is relatively easy to exploit in a reliable way, if that makes sense," he said. "Although it does require setting up malicious hosting servers to serve the exploit ... you have to go to a [malicious] Web page to be compromised."

Attack code hasn't been posted widely, Wheeler added, but it won't be hard for other hackers to duplicate what's already in the wild. "It will be relatively simple to do that," he said, "compared to what they have to choose from at the moment."

Yesterday, Microsoft not only confirmed ongoing attacks against IE6 and IE7 users running Windows XP, but also offered an automated tool that sets 45 different "kill bits" in the ActiveX control, effectively disabling it and rendering attacks moot.

But Wheeler suggested another option: switch browsers. "Unless they're specially configured, other browsers will face substantially lower risk," said Wheeler. Browsers such as Mozilla's Firefox, Google's Chrome and Apple's Safari don't rely on ActiveX technology to drive add-ons, as does IE.

"Any client-side vulnerability is serious," said Wheeler, "but of the range, this one is in the more serious range."

Microsoft has promised to patch Windows and/or IE, but has not committed to a delivery date. Its next regularly-scheduled security updates will be released a week from today, on July 14.

Blogger: Windows 7 UAC feature still vulnerable

The Microsoft blogger who first called attention to a security vulnerability in Windows 7's User Account Control (UAC) feature claims it still exists and that Microsoft won't fix it, even as the company nears final code completion on the OS.

Long Zheng, who writes the popular "I Started Something" blog, has posted a video online showing how UAC, a security feature first introduced in Windows Vista that sets user privileges on a PC in Windows 7, can be exploited.

Zheng also pointed to an instructional document by Microsoft Technical Fellow Mark Russinovich that attempts to explain UAC, saying it clearly states that Microsoft has no intention of fixing a change it made in the UAC in Windows 7 that leaves the new OS less secure because it allows someone to remotely turn the feature off without the user knowing.

Zheng first pointed out this change and its vulnerability back in February. At the time he said that the new UAC "standard user" default setting, which does not notify a user when changes are made to Windows settings, is where the security risk lies. A change to UAC is seen as a change to a Windows setting, so a user will not be notified if UAC is disabled, which Zheng said he was able to do remotely with some keyboard shortcuts and code.

UAC has been a controversial feature since Microsoft introduced it in Windows Vista to improve its security and give people who are the primary users of a PC more control over its applications and settings. The features prevents users without administrative privileges from making unauthorized changes to a system.

In Russinovich's document, he does acknowledge that Zheng and others' observations about how third-party software can use the feature to gain administrative rights to a PC is accurate.

However, according to Zheng's blog post, Russinovich seemed to dismiss this possibility for remote code execution and offer no fix for it, because he said that there are other ways for malware to get into the system via UAC prompts.

"The follow-up observation is that malware could gain administrative rights using the same techniques," Russinovich wrote. "Again, this is true, but as I pointed out earlier, malware can compromise the system via prompted elevations as well. From the perspective of malware, Windows 7's default mode is no more or less secure than the Always Notify mode ("Vista mode"), and malware that assumes administrative rights will still break when run in Windows 7's default mode."

Microsoft did not officially respond to a request for comment on Zheng's claim and video post. However, a company spokesperson said privately that Zheng may have misinterpreted Russinovich's document.

"The point seems to me to make it harder for malware to get on the system in the first place, by helping the end user make better decisions through the prompts they get, and having more and more users run in standard user mode vs. in admin mode (because admin mode is what exposes your machine to risks)," said the spokesperson, who asked not to be named, via e-mail.

Microsoft had stood by the change to UAC's default setting when Zheng made his first vulnerability claim, saying that the feature cannot be exploited unless there is already malicious code running on the machine and "something else has already been breached."

Microsoft has said that Windows 7, currently in a preview release, will be available to both businesses and consumers on Oct. 22. The release to manufacturing of the OS, at which all code will be final, is expected late next month.

China's SMIC posts another loss as chip shipments drop

China's largest contract chip maker, Semiconductor Manufacturing International (SMIC), reported an eighth consecutive quarterly loss Thursday but said it hopes to become profitable late this year.

Revenue in the January to March quarter fell 46.2 percent from the previous quarter to $146.5 million as wafer shipments dropped by almost half, SMIC said in a statement.

Orders began recovering during the quarter and SMIC may reach profitability late this year or in 2010, Richard Chang, the company's CEO, said in a conference call with analysts.

"We are hopeful that the worst is behind us," Chang said.

SMIC posted a quarterly net loss of $178.4 million, adding 50 percent to the scale of its losses one year earlier and marking a decline from losses of $139.5 million in the previous quarter. Losses exceeded revenue because SMIC booked depreciation expenses of over $200 million related to one of its factories.

SMIC shored up its finances with new credit lines of $240 million from Chinese banks during the quarter, but it remains open to deals with strategic investors who can bring the firm added value, Chang said. The firm will spend up to $150 million this year to expand its 300-millimeter fabrication capacity, he said.

Recovering demand from China and from customers out of inventory have started boosting orders, SMIC said. The firm predicted revenue would rise by about 60 percent in the second quarter.

SMIC's business will recover fastest in communications rather than consumer products or PCs, Chang said. The firm expects a rise in chip orders this year as China rolls out a mobile network based on the domestically developed standard TD-SCDMA (Time Division Synchronous Code Division Multiple Access).