Friday, August 3, 2007

Photos:

Cheers!! Enjoy!!
Aurobindo

Laptop makers facing supply shortages

According to DRAMeXchange, makers of laptop computers are currently facing a shortage of various components, and that could get worse this quarter.

The tight supplies of components started last quarter in the area of liquid crystal display (LCD) panels, batteries, hard disk drives, casings, and optical disc drives.

In an eWeek report:

“The situation could grow more serious in 3Q07, as quarterly shipments are expeced to exceed 25.6 million, a quarter-on-quarter increase of 14.4 percent.”

It adds that on the whole, tier-two notebook brands will take a bigger hit, as they face both rising costs and lower than planned shipment volume as they ran into problems sourcing for sufficient quantities of the requisite components.

DRAMeXchange is a market research company dealing with the DRAM, Flash, and PC industries.

Do you reckon that we will be seeing more expensive laptops, or more reasonably, less freebies, for laptops packages towards the end of the year?

How often do you change your laptops anyway?

Should the CIO be a technologist or a business person?

A chief information officer (CIO) must have multiple personalities in order to effectively do their job. They are required to have a personality that demonstrates that they are the company’s leader in information technology (IT). This means that they must have an understanding of the all of the technologies necessary to support the information requirements of the company. However, they must also possess the personality of a business person. This means that they must have knowledge of all aspects of the business operation in order to successfully participate on the senior management team. The question is, “Which personality should be the dominant personality, the technologist or the business person?”

I surveyed a large number of experienced CIOs when I was doing research for my book, “Unwrapping the CIO”. Close to 80 percent of the incumbent CIOs identified strategic planning as the most significant aspect of their job. They did not just mean figuring out which technologies to implement in the company. They were talking about strategic planning as it relates to the industry in which their company participates; the actions of the competition; the profiles of the customer; the distribution mechanisms for the company’s products; and of course, the effective deployment of information technology.

With the exception of information technology, aren’t all of those things business focused? Of course they are. However, it is difficult to address any of those areas without the use of information technology. Therefore, the CIO is required to know and understand each of those business functions. This means that companies need the CIO to be technically savvy as well as strategically focused.

The global investment in information technology (including telecommunications) is growing at a rate of six percent per year. The information technology budget of a company could represent anywhere from five to ten percent of its revenues. This corresponds to a significant amount of fiduciary responsibility for a CIO in a multibillion dollar company. The CIO must have mastered the skill of financial management in order to be a good custodian of a major portion of the company’s resources.

The Sarbanes-Oxley Act was signed into law on July 30, 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It introduced stringent new rules for financial management and reporting. It has a stated objective to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. This high-profile legislation has significantly impacted every company, since reporting compliance is mandatory. This also has a significant implication not only to the enterprise but the CIO as well. The CIO must understand legislative issues as well as the operation of the business.

In addition to being a strategic planner, legislative observer and financial planner, the CIO must possess the skills necessary to be an asset manager, economist, marketing manager and salesperson.

It appears that the business personality will occupy a significant amount of the CIO’s time on a daily basis. Of course, the question becomes, “What about the CIO’s technology duties?

The CIO is the leader of the information technology activities. They are expected to know various types of information technologies. As the senior solutions executive, they are responsible for the direction of systems and technologies. They create seamless and integrated fact-based management decision systems through which the senior leadership team will be able to more effectively direct the business strategies and plans. The CIO rationalizes the value of the existing IT landscape. They manage the technology architecture, applications development, package solutions evaluation and selection, database management, network communications, end-user computing, operations delivery, and project management. In addition, they create an effective model for capital project funding and IT governance priority with the business. The CIO creates the technology vision and definition of the future platforms required to support the enterprise.

The CIO assesses the current IT systems in place and develops, implements, and evolves the tactical and strategic IT plans. They develop management information systems as well as reengineer the business processes that use those systems. Not all systems will be new. Therefore, they also fully integrate recently implemented systems into all frontline business activities, as well as the existing infrastructure and systems portfolio.

CIOs provide for the operation of the company’s global voice and data networks. In addition, their management oversight includes the efficient and effective operation of the company’s data center(s).

The CIO provides support to the worldwide mobile workforce of sales and consultants and provides development and support for the laptop, desktop and Web-based product environments.

The chief information officer reviews, approves, and prioritizes all major technology purchases, development projects, and system implementation initiatives, ensuring business value-added emphasis. They assure the integrity of the corporate data, proprietary information, and related intellectual property through information security and access management. They integrate the information technology functions of newly acquired companies in a timely and efficient manner-if their company has a strategy of growth though acquisition. In addition, they lead the technology integration of newly combined existing businesses, in both infrastructure and people. This may include the consolidation of call centers, data centers, and so forth.

In addition to the aforementioned technology functions, the CIO has the normal people management of the information technology department. They provide motivation, leadership, and development of the technical staff. They are skillful in aligning their diverse professional employees, using their skills to achieve a cohesive team environment. In most cases, they build and manage a team of experienced, talented IT professionals. This means that their responsibilities include motivation, training, recruitment, retention, and career development. Keep in mind that the CIO may be performing these people management functions with a geographically dispersed organization of information technology professionals who reside in multiple countries.

Do the technology activities sound like a full time job? Absolutely.

When trying to figure out which of the CIO’s personalities should be dominant–the technology or the business personality–the correct solution is… it depends. This makes the job of a chief information officer one of the most difficult jobs in the business world. The CIO is required to switch between these principal personalities from one minute to the next. They could walk out of a meeting with the senior management team where the business personality is fully employed into a meeting in the data center with the telecommunications professionals in the IT organization. In the latter meeting, the technology personality must be firmly in control.

When you compare the job of a CIO with other positions, the CIO position will seem intimidating on a good day. A number of corporations use information technology as a strategic weapon in the marketplace. That provides the CIO with the opportunity to have a strong leadership position within your company. To accomplish these formidable responsibilities, they need to wear many different hats and display many different corporate personalities.

So when answering the question, “Should the CIO be a technologist or a business person?”, the answer should be… yes!

How do I... Secure Microsoft Windows XP Professional?

Even though Microsoft Windows Vista has been out for a while and is available from just about anywhere, most organizations -- at least for the time being -- are sticking with the tried and true Windows XP.

By sticking with Windows XP, these organizations can continue to enjoy XP's stability and familiarity. However, XP users will not be able to take advantage of some of Vista's new security features, such as user access control. But there are a number of steps that can be taken to keep Windows XP running smoothly and securely.

The assumption is that you are using Windows XP Professional, although most of these steps will also work for the Home edition. Most of these steps assume that your Windows XP system is not joined to a domain or that you are in a very small workgroup. Further, although there are dozens of steps you can take to secure your Windows XP system; these 14 reasonable steps are designed to give you the most bang for your security buck.

see this screenshots

How do I… Install, configure, and use Microsoft’s iSCSI initiator?

Internet Small Computer System Interface (iSCSI), has taken the storage world by storm. No longer is shared storage a niche enjoyed by only large, wealthy corporations. Internet SCSI is leveling the playing field by making shared storage available at a reasonable cost to anyone. By leveraging the ubiquitous Ethernet networks prevalent in most organizations, IT staff training costs for iSCSI are very low and result in quick, seamless deployments.

Further, operating system vendors are making it easier that ever to get into the iSCSI game by making iSCSI initiator software freely available. iSCSI networks require three components:

  1. An iSCSI target — A target is the actual storage array or volume, depending on how you have things configured.
  2. An iSCSI initiator — An iSCSI initiator is the software component residing on a server or other computer that is installed and configured to connect to an iSCSI target. By using an iSCSI initiator, target-based volumes can be mounted on a server as if they were local volumes and are managed as such.
  3. A gigabit Ethernet network infrastructure — iSCSI requires an IP-based Ethernet network for its transport between systems with initiators (servers) and targets (storage arrays).

In this How do I… blog post, I will show you how to install and configure Microsoft’s iSCSI initiator.

Step 1: Set up your target and communications infrastructure

Before you install the iSCSI initiator on any of your servers or workstations, you must have something to which the initiator will connect. This can be one of the enterprise class arrays, such as those available from LeftHand, EqualLogic, Dell, or EMC or, if you’re on a tighter budget and want to build your own array, a target running iSCSI target software, such as StarWind. For more information about building a SAN on the cheap, take a look at:

I recommend that, whenever possible, you use either a physically separate infrastructure or separate IP network/VLAN for your iSCSI traffic. By doing so, you simplify troubleshooting and configuration later on.

Setting up and configuring your target is beyond the scope of this article.

Step 2: Configure your local iSCSI network adapter

One best practice is to assign either a dedicated gigabit Ethernet NIC or TCP offload adapter (ToE adapter) in each server to handle iSCSI traffic — in other words, don’t share your user-facing network connection for storage traffic. If you’ve created a separate physical network or VLAN for storage traffic, assign this adapter an IP address that works on the storage network. By placing storage traffic on its own network that is routed separately from the main network, you increase the overall security of your storage infrastructure and simplify the overall configuration.

Step 3: Download Microsoft’s iSCSI initiator — if necessary

Depending on the operating system you’re using, you may need to download Microsoft’s iSCSI initiator software. If you’re planning to connect to an iSCSI target from a Windows XP or Windows Server 2003 system, visit Microsoft’s iSCSI initiator download page and obtain the software. If you’re connecting from a Windows Vista or Windows Server 2008 computer, Microsoft’s iSCSI initiator is included with these operating systems, so you can safely skip this step.

Make sure to download the initiator that is designed for your operating system. Microsoft provides builds for both 32-bit and 64-bit Windows. In the 64-bit category, versions are available for both x64-based processors and Itanium-based processors.

Step 4: Install the iSCSI initiator

If you’re running an operating system on which the iSCSI initiator software is not installed, execute the file you downloaded and follow the installation instructions (Figure A). The installer will ask you to decide which components you would like to install.

Figure A

Choose your installation options.
  1. Initiator service — This is the service behind the actual work.
  2. Software initiator — The software initiator is the software service that handles iSCSI traffic.
  3. Microsoft MPIO Multipathing Support for iSCSI — MPIO is a way that you can increase the overall throughout and reliability of your iSCSI storage environment. See Step 6 for more information about how MPIO can be of benefit.

If you have a target that supports Microsoft’s MPIO (check with your manufacturer), you should enable this option. Otherwise, if your target supports MPIO through the use of a proprietary device-specific module (DSM), obtain that DSM from your array manufacturer and follow the manufacturer’s installation recommendations.

Step 5: Connect to the iSCSI array

Now that you have the initiator software installed, you need to tell it where to look for mountable volumes. Start the initiator configuration by going to the Control Panel and choosing the iSCSI Initiator option. From the initiator, choose the Discovery tab, shown in Figure B.

Figure B

The iSCSI initiator’s Discovery tab.

On the Discovery tab, click the Add button under the Target Portals box. This will open the Add Target Portal dialog box, shown in Figure C.

Figure C

The Add Target Portal dialog box.

In the Add Target Portal dialog box, provide the name or IP address of your iSCSI array. The default communication port for iSCSI traffic is 3260. Unless you have changed your port, leave this as is. If you have configured CHAP security or are using IPSec for communication between your client and the array, click on the Advanced button and make necessary configuration changes. The Advanced Settings dialog box is shown in Figure D.

Figure D

Advanced options for connecting to your iSCSI array.

Back on the Add Target Portal, click the OK button to make the initial connection to the iSCSI array. Note that, at this point, you’re not connecting to an actual volume, but only to the array in general. (Figure E)

Figure E

The target portal has been added to the initiator.

Step 6: Connect to a target/volume

Even though you’re connected to the array itself, you still need to tell the initiator exactly which target or volume you want to mount on your local machine. To see the list of available targets on the array you selected, choose the Targets tab, shown in Figure F.

Figure F

The iSCSI initiator Target tab in this example has only a single volume available.

To connect to an available target, choose the target and click the Log On button. A window pops up (Figure G) with the target name and two options from which you can choose.

Figure G

iSCSI target Log On options.

The two options are important. If you want your server to connect to this volume automatically when your system boots, make sure you choose the Automatically Restore This Connection When The System Boots check box. Unless you have a good reason otherwise, you should always select this check box. If you do not, you can’t make the iSCSI target persistent after a reboot and will need to manually reconnect it.

To enable high availability and to boost performance, choose the Enable Multi-path check box. Make sure to understand that multi-pathing (MPIO) requires multiple network adapters dedicated to the iSCSI task, and for maximum availability, you should also have a fully meshed gigabit Ethernet architecture for your storage traffic.

Again, if you are using CHAP or IPSec for communication with a target, click the Advanced button to bring up the Advanced Settings dialog box you saw in Figure D.

Once you finish making decisions regarding how you want to connect to your target, from the Log On To Target window, click the OK button. The target status in the imitator window should change to Connected. (Figure H)

Figure H

The target is now connected.

Step 7: Bind the targets

Now, you have successfully connected to a shared target on your iSCSI array. If you selected the Automatically Restore This Connection When The System Boots check box as explained in the previous step, you can now add the target to the iSCSI service’s binding list. By doing so, you make sure that Windows does not consider the iSCSI service fully started until connections are restored to all volumes on the binding list. This is important if you have data on an iSCSI target that other services depend on. For example, if you create a share on your server and that shared data resides on an iSCSI target, the Server service that handles the share depends on the iSCSI service’s complete availability to bring up the shares.

Note: With older versions of the iSCSI initiators, creating this kind of dependency structure required you to reconfigure individual service dependencies — a process that could get complicated. With the iSCSI Initiator version 2, Microsoft has fixed this issue, but you still need to bind the targets.

The best option is to choose the Bound Volumes/Devices tab from the iSCSI Initiator’s control panel and click the Bind All button at the bottom of the window (Figure I). This will bind all available iSCSI targets (that can be bound) to the iSCSI startup process. If you want to choose individual targets to bind, click the Add button. However, you will need to know the target’s drive letter or mount point. At this point in these instructions, we haven’t gotten quite that far.

Figure I

Bound volumes are listed on this tab.

Step 8: Manage the new volume(s)

When you mount a brand new iSCSI-based volume on your server, Windows treats it the same as if you had added a new hard drive to your computer. Take a look at this: Open Computer Management (Start | Right-click My Computer | Manage). Choose the Disk Management option. If the volume you are using is still blank — that is, newly created on your iSCSI target and does not contain data — Windows will pop up the Disk Initialization wizard, as shown in Figure J.

Figure J

The Windows Disk Initialization wizard.

Note in Figure J that Disk 1 is not yet initialized and has a size of 1,020 MB. This disk is a small target I created on my iSCSI host. An iSCSI-based volume follows the same rules as any other Windows volume. You can create this volume as basic or dynamic (although dynamic is not recommended for iSCSI) or even as GPT (GUID partition table) volumes, which support volumes in excess of 2TB.

Just as is the case with any Windows volume, you need to initialize the new drive, create a partition, and format the new volume. Take note in Figure J that Windows truly sees this disk as just another typical volume. There is nothing on the Disk Management screen to indicate that Windows is treating this volume any differently because it is stored on an iSCSI array.

Summary

Once you get past the mental adjustment that has to take place when you start using shared storage, you’ll probably find that iSCSI (or Fibre Channel, for that matter) shared storage opens up a number of possibilities. These steps are designed to get you quickly on your way and will not cover every scenario, but it will get you started.

Beef up Active Directory security with these three steps

The Active Directory (AD) structure and the data contained in that structure are the keys to a Windows domain, and it’s vital that you implement the proper security and delegation. Here are three simple steps you can take to boost AD’s security.

The Active Directory (AD) structure and the data contained in that structure are the keys to a Windows domain. If you don’t implement proper security and delegation on AD, you could mistakenly grant your users more privileges and rights than they actually need.

And when it comes to mistakes, the AD structure isn’t very forgiving. Putting the wrong privileges in the wrong hands could lead to a complete rebuild of your domain. That’s why it’s important to take three simple steps to better protect your AD implementation — plan, delegate, and audit.

Plan

Map out your company’s departmental structure. Then, use this diagram to create your own organizational units (OUs), and give them names that are meaningful to your company.

The reason for this is two-fold. By designing and naming your own OUs, you’ll create a logical place for all of your users, all of your user groups, and all of your hardware. This simplifies management of these items through the Group Policy Editor, making administration of your domain a lot easier.

In addition, creating your own OUs allows you to design your own security policy for the different OU types. This is important because the default permissions on the OUs built into AD aren’t as restrictive as they should be.

Delegate

Administering an AD domain is a big job, and the same person or the same account shouldn’t be responsible for everything. Too many privileges tied to one account spell disaster: If an intruder compromises that account or the person holding that account leaves (or becomes disgruntled), your entire domain would be at risk.

Instead, your AD implementation should include two types of administrators: data administrators and service administrators. This helps spread out the responsibility, boosting security in the process.

Data administrators
These admins are responsible for maintaining the information stored in AD. This has nothing to do with files and folders; these administrators are in charge of user accounts, computer accounts, group accounts, and so on. A data administrator is similar to the Account Operators group of an NT domain.

Because AD requires control over all computers, it’s essential that any computer connected to your internal network is part of the domain. Otherwise, you have a computer inside your security boundary that you have no control over.

When creating accounts and groups for data administrators, assign only those rights and privileges necessary to administer the OUs within their control. In addition, make sure these accounts don’t have privileges to browse the Internet or read e-mail.

In addition, don’t allow data administrators to create accounts for other data administrators; service administrators should be responsible for this. These steps plug a tremendous security hole and force the account holders to perform only their assigned functions when using the account.

Service administrators
These admins are responsible for the day-to-day, behind-the-scenes tasks of managing and maintaining the domain. They’re also responsible for managing all of the different services the domain offers to its users. This includes the domain name system (DNS); availability of the global catalog (GC) servers; replication of data through distributed file system (DFS); your company’s domain controllers (DCs) and different sites within your forest; trust relationships with other domains; and, most important, the AD schema.

The service administrator role is quite powerful, and you should reserve this position for the most experienced and knowledgeable members of your team. Keep in mind that while these administrators have more privileges than the data administrators, their actions are also under more scrutiny.

Audit

No AD implementation would be complete without the auditing of objects and events. It’s an important part of the process — and not only as a measure of determining the succes

News to know: Virtual worlds; Green data centers; Black Hat; IT failures

Notable headlines:

Dan Farber: The future of virtual worlds.
The third Web wave–two degrees of separation. Denise Howell: AlwaysOn Stanford Summit: lawyers for Google, IBM, and Apple ponder the patent system.

Complexity and the greening of the datacenter.

Harry Fuller: Green: tech and VC money converge.

Michael Krigsman:
Wisconsin’s Apologist for IT Failure. Transparent Failure.

David Berlind: Tech Shakedown #3:
McAfee’s ‘Block/Allow this change’ dialog is a useless warning. Proof that there are two types of computer users: Dumb and Dumber.

Ryan Naraine: Hacker movements: Murphy joins Apple; Caceres to Matasano. Remembering five years of vulnerability markets. Russell Shaw: VoIP security vulnerabilities demonstrated at Black Hat conference.

Larry Dignan: How will Yahoo address social networking?

FAQ: A concentrated power boost for solar energy. Gallery (right).

Mary Jo Foley: Ad-funded Microsoft Works pilot starting soon. Works 9.0 to come in both free and paid flavors. Microsoft delivers new test build of SQL Server 2008.

House panel approves legal shield for bloggers.

TechCrunch: Amazon To Launch Payments Services; Will Compete With PayPal and Google Checkout.

NYPost: Discovery buys Treehugger.com. MarketWatch: Disney reports higher earnings, buys ClubPenquin.

Adrian Kingsley-Hughes
: Beginning of the end for PATA.

Ryan Stewart:
The debacle of the BBC’s iPlayer.

Christopher Dawson: Supercomputing for a mere $800k.

Dan Kusnetzky: Virtualization Mission Creep?

Are people more polite in virtual worlds
?

Computerworld:
HP makes 90% of unhealthy laser printers tested by researchers.

Joe McKendrick:
‘Whole-brained’ enterprises need SOA: here are the numbers to prove it.

Kenya wants to grab piece of outsourcing pie.

EA reports loss.

Dan Farber:
HP’s expanding software portfolio.

Roland Piquepaille: Nanotechnology-based flexible hydrogen sensors.

VMware starts road show ahead of planned IPO.

Gallery: Photos: Motorbikes go green.

Russell Shaw: ShoreTel files infringement counterclaim against Mitel.

AP: CA ups its 2008 outlook.

365 Main details SF outage problems.

eWeek: SAP enhances ERP 6.0.

'Rock Band' takes top video game honor

A video game that turns players into virtual rock stars won a top industry award this week, beating a field of action titles featuring lush graphics and complex stories.

In a move that reflects growing enthusiasm for games with broad appeal, the Game Critics Awards named Rock Band as best of show for the industry's annual E3 convention held last month to showcase upcoming products.

"The most interesting thing to me, when you look at the winners, is that new, original franchises really dominated this year," said Geoff Keighley, co-chairman of the awards.

"A lot of pundits look at the industry and say that it's so franchise-driven, there are so many sequels. Then you look at the winners list and it's a bunch of fresh air."

Rock Band, to be published by MTV and distributed by Electronic Arts, allows up to four players to strum guitar or bass, pound drums, or sing in time to any of dozens of modern and classic rock songs.

The game topped creepy underwater shooter Bioshock, combat game Call of Duty 4, science-fiction role-playing game Mass Effect and apocalyptic title Fallout 3, which all wowed critics with stunning graphics.

The Game Critics Awards have been around for a decade and are decided by 36 journalists who submit nominees in more than a dozen categories. The games have to have been playable by journalists at E3 rather than just shown in videos.

A far cry from the pomp and circumstance the Academy Awards bring to Hollywood, the low-key Game Critics Awards nonetheless give bragging rights to developers and publishers.

For example, in its quarterly earnings report on Wednesday, THQ boasted that four of its games, including Stuntman: Ignition and de Blob, were nominated for awards, though none of them won.

In another nod to the popularity of casual games, Sony's LittleBigPlanet, which lets users create environments for photorealistic cloth characters to frolic in, won best original game.

Sony's Killzone 2 pulled in a special commendation for graphics, a notable achievement in a year with an abundance of outstanding visuals.

Despite the immense popularity of its Wii console that is widely credited with triggering the casual games boom, Nintendo walked away with only one award, best handheld game for The Legend of Zelda: Phantom Hourglass for its DS device.

"It was a lack of really new stuff from Nintendo," Keighley said. "I don't know if it's the canary in the mine shaft that shows Nintendo is not doing so well...also, the judging body is geared toward the hard-core gaming crowd."

Microsoft's Mass Effect for its Xbox 360 game machine won best console game while Halo 3, the next installment of its wildly popular alien-blasting title, won for best online multiplayer.

Electronic Arts, the world's biggest game publisher, won six awards, though several of those were linked to titles such as Rock Band that it is not developing itself. EA's Madden NFL 08 football title won best sports bame.

Keighley said he was open to the idea of making the awards a higher-profile event, but indicated he was leery of anything that would detract from casting a serious critical eye on a medium often dismissed as appealing only to teenaged boys.

"I think we're extremely over-conscious of not trying to commercialize the awards in any way. The last thing I want is for a TV producer to come in and say, 'Great, but let's put in an award for hottest virtual babe'," Keighley said.

Are people more polite in virtual worlds?

PALO ALTO, Calif.--Do people behave better in virtual worlds than on blogs, forums and chat rooms on the Web?

A group of virtual world advocates say "yes." They just can't prove it yet.

"Character rancor is much different on blogs, Twitter, (and so on)...It can get very petty," Jaron Lanier, scholar in residence at the Center for Entrepreneurship and Technology at the University of California, Berkeley, said here Wednesday at the AlwaysOn technology conference.

"In Second Life, it's almost more like theater," Lanier said. "I don't see people getting into petty interpersonal knots with each other. But this is anecdotal."

His theory is that people behave better in virtual worlds because they can be economically tied to their property, for example, and as he described it, they have "more to lose if they're creepy." Lanier's other theory is that seeing people, even in the form of an avatar, evokes empathy.

Lanier, a pioneer of virtual world technology who coined the term "virtual reality," acknowledges he's biased. In the 1980s, he founded VPL Research, the first company to sell virtual reality products; its patents were acquired by Sun Microsystems in 1999. His most recent venture, animation software company Eyematic Interfaces, was bought by Google. And he's an adviser to Linden Lab, creator of the popular virtual world Second Life.

Lanier played host to a panel at Stanford University that included Philip Rosedale, CEO of Linden Lab; Irving Wladawsky-Berger, vice president at IBM; and Chris Melissinos, chief gaming officer at Sun. To be sure, all of the panelists have a stake in seeing virtual worlds take off more widely with Internet users, corporations and advertisers, so that they can become viable economic engines. A major factor in that growth will be in showing the intangible benefits of virtual worlds, such as fostering human relationships that are more polite than say, anonymous posts in Internet forums, according to the panelists.

"We've studied this," Rosedale said. "We have forums and we watch them fight in forums and then see them be civil to each other in Second Life."

Wladawsky-Berger backed up this notion by saying that virtual worlds present information technology in a much more human way. "As a result, we'll be able to do a tremendous amount more. Enterprise resource planning will be reinvented for virtual worlds," he said, giving the example that hospitals could manage their operations in a virtual world in a way looks more like their hospital.

IBM has 5,000 employees in Second Life, and according to Wladawsky-Berger, "virtual worlds are a godsend for meetings." He said that IBM has a code of conduct for staff in Second Life that they need to "be nice" and dress their avatars "appropriately" in meetings. But when among friends in the virtual world, they can do whatever they like, he said.

"Training and meetings are the killer apps of virtual worlds. Don't underestimate any technologies that help us do those things in a more human way," Wladawsky-Berger said.

Lanier joked that IBM staff "can't help it that they compulsively go to meetings."

Rosedale admitted that Second Life is just barely getting off the ground. "It's still hard to use 3D, the interface is still awkward," he said. Despite this, Second Life is growing rapidly, with 30 percent of its residents from the United States, the bulk from Europe and a growing number signing up from Japan, he said.

Second Life is about 250 square miles in digital atoms, or five times the size of San Francisco, he said. And it has about 830 residents who make more than $1,000 a month in the virtual world. The economy in SL, he said, is about 100 percent larger than it was six months ago. And that might be buoyed by the launch of new voice technology next month.

"We're going to close the world much more rapidly using these technologies than with the Web," he said.

To hammer home his point, Lanier then added: "Civility is killer app of virtual worlds."

PayPal offers 'pay later' option

Online payment service PayPal will offer credit financing with General Electric's GE Money Bank in a bid to win new customers and improve business for merchants that use its service.

PayPal, which is owned by eBay, is facing increased competition from Google's Checkout, which has made a concerted effort to win over businesses that sell on eBay.

The new PayPal service, called PayPal Pay Later, lets online merchants offer a credit account with flexible financing options such as no payments for 90 days.

A PayPal representative said that interest on deferred payments would be shared between PayPal and GE and that rates will be competitive with other private label credit products.

She said the merchants will not pay any additional fees, but will pay the regular PayPal processing fees. Research commissioned by eBay showed that 56 percent of PayPal users are more likely to buy from a retail site if a deferred payment option is available, eBay said.

Microsoft to test ad-supported version of Works

Microsoft said on Wednesday it will offer a free, advertising-supported version of its basic productivity software, Microsoft Works, as part of a test program with computers manufacturers.

The world's largest software maker has been pondering the future of Microsoft Works, its basic spreadsheet and word processing software, in the face of rising competition from Google's suite of business software services.

Unlike Google Docs and Spreadsheets, which are delivered through an Internet browser, Microsoft plans to preinstall Works on computers and display advertisements stored in cache. The software normally retails for $39.99.

When a user connects to the Internet while using Works, that cache of ads will refresh, said Melissa Stern, a Microsoft senior product manager in the Office group.

The company plans to roll out the advertising-supported Microsoft Works SE 9 in a few months. Microsoft would not disclose either the PC makers with which it was working or the markets for the test program.

Google and other Internet rivals are threatening to topple Microsoft's dominant position in desktop software with software services delivered over the Web supported by advertising or subscriptions.

Microsoft Chief Executive Steve Ballmer has said the company needs to embrace the "software as a service" movement without abandoning its bread-and-butter desktop products. The company has invested heavily in its Web advertising business with the goal of building a powerhouse to rival Google.

One of the goals of the test program is to figure out if there is a viable business model for advertising supported software, Stern said.

Please don't steal this Web content

Lorelle VanFossen is passionate. An author, travel writer and nature photographer, she also has a popular blog about, well, blogging. Her pet peeve is online plagiarism, which she encounters nearly every day.

"It's one of my favorite subjects," she said. "I make my living from my writing, and when people take it because they are ignorant of copyright laws--or think that because it's on the Internet, it's free--it makes me really mad. It's stealing content, in my mind."

VanFossen isn't referring to the kind of plagiarism in which a lazy college student copies sections of a book or another paper. This is automated digital plagiarism in which software bots can copy thousands of blog posts per hour and publish them verbatim onto Web sites on which contextual ads next to them can generate money for the site owner.

Such Web sites are known among Web publishers as "scraper sites" because they effectively scrape the content off blogs, usually through RSS (Really Simple Syndication) and other feeds on which those blogs are sent.

VanFossen's Lorelle on WordPress blog is an authority on the Internet for blogging dos and don'ts. One of the no-nos is using content from other sites without getting permission.

VanFossen has several ways of checking to see if other sites have scraped her posts. She puts full links in her posts to other articles of hers so that when one of her stories is posted on another Web site, it will link back to her story, and she can see the Trackback. Trackback is a "linkback" method Web publishers use to identify who is linking to or referring to their articles.

She has set up Google Alerts with her byline so that she will get notifications any time Google comes across a news site or blog with a reference to her. She also does a keyword search for her name on Google search, Google Blog Search and Technorati. In addition, she uses a WordPress plug-in that allows her to insert a digital fingerprint, a series of unrelated words, into her posts that she can search on in case her byline is stripped.

Invariably, VanFossen comes across her posts on other sites.

If she hasn't had a previous problem with a site, she will send the site publisher an e-mail asking them to not use her content without her permission. If she doesn't get a response, or she has had problems with the site in the past, she sends a "cease and desist" letter that informs the owners that they are violating her copyright and warns them she will take legal action under the Digital Millennium Copyright Act, or DMCA, unless they remove her content.

VanFossen also contacts the company that hosts the Web site, as well as advertisers on that site and search engines, providing the necessary evidence via mail or fax, as required. "The DMCA puts the onus on advertisers, Web hosts and search engines to remove copyright violations," she said. "I have a form letter I use."

In December, Michelle Leder, editor of Footnoted.org, used a cease-and-desist order to get her content taken off a site that was continuously republishing her posts. "Even the post I wrote about him stealing my content was posted on his site," she said with a laugh.

"It wasn't the issue of money," Leder added. "When other people's business model is based on stealing content, that's a significant problem."

One site that offers a free service for tracking copyrighted content online is CopyScape. About 200,000 Web site owners use the free service every month, and thousands pay for a higher-level service, said Gideon Greenspan, chief technology officer of Indigo Stream Technologies, which offers the service.

There are many aggregator Web sites that collect content from a variety of sources, often related to a specific topic area, like real estate or cars, around which they can serve contextual ads. While some of the sites reproduce entire blog posts or articles from other sites (CNET News.com included), others offer just headlines or the first paragraph or a few paragraphs. Many include attribution and a link back to the original article. But providing attribution does not preclude a copyright violation, experts say.

I just ordered the world’s cheapest laptop

Brand new for $150. That’s right, $150. With free shipping. From Sweden.

Larry Dignan’s blog post on ZDNet about the Medison Celebrity laptop set off a flurry of excitement here at TechRepublic last week. Sure, the Celebrity is a bare-bones kind of deal (14-inch LCD, Intel Celeron 1.5 GHz chip, 40 GB hard drive, 256 MB of memory, Fedora Red Hat and office apps pre-installed), but at $150, heck, I can stock up and just pull a fresh laptop out of the closet every time one breaks. I can accidentally leave my laptop in a hotel room on a business trip or spill coffee on the keyboard without the world instantly coming to an end. Seriously, I think an affordable, stripped-down machine like this one would make a great secondary, semi-disposable portable computer for those of us who don’t need to do a lot of power computing on the road. Even TechRepublic content guru Bill Detwiler wants one as a Christmas present for his four-year-old daughter. For months Bill has been eyeing various starter machines for his young prodigy, and at $150, the Celebrity sounds like the best deal going, at least on paper. But is it really the Right Tool for the Job? TechRepublic senior editor Mark Kaelin is chomping at the bit to find out and has volunteered to personally donate an extra 256 MB of RAM to the cause just to see the Medison Celebrity really scream.

First, though, we have to get our eager mitts on one of these babies. I’ve already placed my order with 2Checkout.com, but I’ve been told I’m looking at a four- to six-week wait, minimum (and possibly up to three months). And the longer I wait, I’m sure the more my coworkers’ and friends’ jeering, skeptical comments will get to me. These suspicious buggers have been sending me links like these for almost a week:

Comment to an Engadget article:

Reasons not to trust Medison, manufacturer of the Celebrity laptop:

  • They’re a Swedish company without a Swedish address or phone number
  • Their only address appears to be a residential mail drop in the UK
  • shared with a number of companies that appear to be barely legitimate
  • Their UK office doesn’t have a phone number
  • A Google search for “Medison” turns up nothing
  • The laptop photo appears to be that of a different company’s product
  • You can’t build a laptop for $150. The LCD panel itself costs at least $70 in volume

From Slashdot:

The more you dig into the details of this company the more fishy it starts to seem. I would suggest any potential buyers be wary on this one.

From 2Checkout.com (the company that actually processes orders for the Medison Celebrity) in response to a post in the Forums section of their site:

Given the pricing and presentation, your doubts and concerns regarding the Medison Celebrity are understandable and we sympathize with your apprehension. If you are unsure about your purchase you may well be better served to stand by see how the situation plays out. Doubts regarding the integrity of 2Checkout or our desire to provide safe, simple, service oriented online transaction are without merit however, and even if you choose not to purchase this product we hope for future opportunities to provide you with an e-commerce solution you can trust for both your sales and purchases online.

Oh man. When Medison’s own retail partner is publicly distancing itself from the company and its product, can that be a good sign? And finally, a friend sent me this:

From Flipshark.com: The Romanian Laptop Scam

In the past few months this scam has become an epidemic victimizing an endless number of eBay users. This scam is running so rampant, that by the time one scammer’s auction is reported and shut down, another two have taken its place. Basically the scam is carried out as follows: The scammer sets up a fake (or shill) auction selling brand new high ticket items. The items most commonly used in perpetrating this scam are computers, laptops (ibooks/imacs), cameras, and other expensive electronics.

My first reaction: Silence punctuated by nervous laughter.

Second reaction: Snarky e-mail to my friend. “But this is different. This is a Swedish laptop scam.”

Third reaction: Check my credit card statement for fraudulent purchases. Every five minutes. For seven days straight. And cuss our executive editor Jason Hiner up and down the halls of TechRepublic for setting us on the trail of the Celebrity in the first place. (Damn his oily hide.)

But the truth is, no matter how jaded we all think we’ve become as consumers, greed really does spring eternal, at least when it comes to tech toys that we can test and crack open. And it’s not just base greed, either. I, for one, want to believe the Medison Celebrity is the real thing because I want to believe that corporate do-goodism is alive and well in the world. So I’m shaking off my paranoia and making a bold prediction. Four to six weeks from now, we will unveil a Right Tool image gallery of the Medison Celebrity on TechRepublic. And to the twenty or so doomsaying mockers (you all know who you are) who have been spamming me with consumer fraud alerts for the past seven days? Every single one of you has ended your messages to me the same way: “The Medison Celebrity is obviously fake. But if you do get one, and it actually works, be sure to tell me. Because I’ll want one too.”

Folks, start saving those pennies. $1.67 a day for the next 90 days should about do it.

Will laser printers be banned from nightclubs?

I quit smoking almost three years ago, and quite a few states in the U.S. have enacted smoking bans in various places of business, but now research says even cute little laser printers can kill ‘ya! Check out the News.com article: “Study: Laser printers may pose health risks.”

Here’s a snippet from the article:

Emissions from office laser printers can be as unhealthy as cigarette smoke, according to an Australian professor who is now calling for regulations to limit printer emissions.

The average printer releases toner particles that can get deep into the lungs and cause respiratory problems and cardiovascular trouble…. The team tested 62 laser printer models–all relatively new–and found that 17 of them were “high emitters” of toner particles.

For more information, check out these news sources:

What will businesses do with all of those laser printers if regulations are swiftly put into place? This has to be a hard hit for the printing industry. Come to think of it, with the recent emphasis on “green,” I don’t think it will be long before patrons are forbidden to bring their laser printers into restaurants, nightclubs, and airports.

IT career: Moving into a higher-paying specialty

If you decide to stick with IT for the long haul, in order to move up the corporate ladder and make more money, you might look at the management tract. Although management has been the fastest growing tech category for several years, according to a recent article in InformationWeek, you might try moving into a higher-paying specialty for more prestige and money. According to Yoh, a leading staffing agency for high-tech talent that tracks the pay of thousands of staffers on short- and long-term projects, the average hourly wage for the average technology worker in Q1 2007 was $31.80.

But for those tech workers who specialized, things got a little more lucrative. Here’s a breakdown of some of the highest hourly rates by specialty:

  • .NET Developer: $53.40
  • Database Administrator: $59.80
  • ETL Developer: $66.52
  • Hardware Engineer: $75.68
  • Java Developer: $57.27
  • Project Manager: $60.73
  • SAP Functional Consultant: $76.67
  • Technical Consultant: $83.72

Yoh’s report also indicates that some of the emerging technologies that are fueling tech job growth are Web 2.0, SaaS, and social networking. Technologies with across-industry appeal like RFID and eCTD (Electronic Common Technical Document), are creating openings too.

So should one go out and immediately seek certification in any of these disciplines when and if they should become available? The InformationWeek jury seems to be out on that one. Their surveys indicate that “over the last 12 months, only 6% of staff and 4% of managers received a bonus that was tied to a certification or training. Just 3% of staffers and managers received a “hot skill” premium. Yet certification and education are part of moving into higher-salary jobs.”

Vista kernel defenses defeated

It appears that a security feature present in the 64-bit edition of Windows Vista can be easily circumvented. One of the security provision in this edition of Vista would be the fact that only digitally-signed code can be loaded into the kernel.

Well, until the arrival of a free utility from Australian developer LinchpinLabs, that is.

The idea behind allowing only digitally-signed code to run is that it would stymie rootkits, which involves loading driver code into the kernel to corrupt it from within and to cloak itself.

According to researchers at Symantec, however, LinchpinLabs’ Atsiv renders this a moot point by using signed drivers to load other, unsigned code into the Vista kernel.

Excerpt from Network World:

[Atsiv’s] command line tool loads [its own] appropriate driver, which then in turn allows loading of unsigned drivers due to the implementation of their PE loader,” said Whitehouse [an architect with Symantec’s advanced threats research team]. “A side effect of using their own load is noted by the authors in their design documentation: ‘Atsiv doesn’t add the driver to the PsLoadedModuleslist so it is not visible in the standard drivers list.’

The counter-argument by LinchpinLabs’ creators, identified only as “Dan” by the Network World article, is that Vista’s signing requirement doesn’t prevent malware but merely prohibits freedom to choose.

In fact, below is an excerpt from an article on rootkit.com titled Loading unsigned drivers on Vista. It pulls no punches:

A signed file uniquely identifies the company that developed that file but when companies can be created and registered in jurisdictions known for protecting the privacy of company founders and directors you have to ask what does driver signing actually represent? Signed drivers can be signed by an arbitrary legally registered company.

Absent any control over what the driver actually is or does, this provides no real additional security, other than removing author anonymity. So do the new Vista “features” improve system security or only impose limitations?

While driver signing certificates can be revoked new certificates, with enough money, can be created faster than it takes to change a files signature. If this is indeed the case then it is the hobbyists and home user that end up paying the cost.

I personally am of the view that Microsoft is really trying to improve its security record. Then again, if you are like me, you just ignore the warnings and install a driver anyway, even if it is not digitally-signed.

Consumer-Driven Contracts: A Service Evolution Pattern

Overview: This paper discusses some of the challenges in evolving a community of service providers and consumers. It describes some of the coupling issues that arise when service providers change parts of their contract, particularly document schemas, and two well-understood strategies - adding schema extension points and performing "Just enough" validation of received messages - for mitigating such issues. Both strategies help protect consumers from changes to a provider contract, but neither give the provider any insight into the ways it is being used and the obligations it must maintain as it evolves.

here you can see this...

Thursday, August 2, 2007

IT career: Moving into a higher-paying specialty

If you decide to stick with IT for the long haul, in order to move up the corporate ladder and make more money, you might look at the management tract. Although management has been the fastest growing tech category for several years, according to a recent article in InformationWeek, you might try moving into a higher-paying specialty for more prestige and money.According to Yoh, a leading staffing agency for high-tech talent that tracks the pay of thousands of staffers on short- and long-term projects, the average hourly wage for the average technology worker in Q1 2007 was $31.80.

But for those tech workers who specialized, things got a little more lucrative. Here’s a breakdown of some of the highest hourly rates by specialty:

  • .NET Developer: $53.40
  • Database Administrator: $59.80
  • ETL Developer: $66.52
  • Hardware Engineer: $75.68
  • Java Developer: $57.27
  • Project Manager: $60.73
  • SAP Functional Consultant: $76.67
  • Technical Consultant: $83.72

Yoh’s report also indicates that some of the emerging technologies that are fueling tech job growth are Web 2.0, SaaS, and social networking. Technologies with across-industry appeal like RFID and eCTD (Electronic Common Technical Document), are creating openings too.

So should one go out and immediately seek certification in any of these disciplines when and if they should become available? The InformationWeek jury seems to be out on that one. Their surveys indicate that “over the last 12 months, only 6% of staff and 4% of managers received a bonus that was tied to a certification or training. Just 3% of staffers and managers received a “hot skill” premium. Yet certification and education are part of moving into higher-salary jobs.”

Nine Tips for Better Online Job Hunting

It goes without saying that the Internet has drastically changed the way people today hunt for jobs. After all, it's probably been a few years since you've submitted a resume via mail or fax. But even though most professionals turn to the Internet first for help locating a new position, not all understand the finer points of a Web-based job search. Following are some tips to keep in mind the next time you look online.

1. Think big.

It's wise to start your search by visiting large job sites such as CareerBuilder.com because of the sheer number of listings offered. In addition, employers of all sizes and in every industry are apt to list their job openings on sites with strong brand recognition. Checking out smaller niche Web pages can be helpful, but if you're at a crossroads in your career or willing to relocate, the big boards offer the widest view of what jobs are currently available.

2. Scan the oldies but goodies.


When visiting job boards, many job hunters make the mistake of limiting their search to positions posted in the last few days. A position posted one month ago might still be open, especially if it requires hard-to-find skills. Plus, with most job seekers focusing on recent postings, you may be competing with fewer candidates. A dated job advertisement doesn't reflect the quality of the company or the potential desirability of the position.

3. Visit recruiter sites.

In addition to browsing the large boards, visit the Web sites of recruiting firms that specialize in your field, which maintain their own job postings. Some even offer detailed career information and job search advice. The advantage of these sites is that job seekers can conduct highly targeted searches and also connect with a recruiter who can work on their behalf.

4. Go surfing.

Job sites offer more than just listings. They also can serve as a launching pad for other opportunities. For instance, you may find an appealing job posting for which you are overqualified. Though you're not right for this role, you now know the company is hiring. Visit the prospective employer's Web site to see if there are any additional openings. Send a resume and cover letter to the company expressing your desire to be considered for future jobs.

5. Get social.


Networking is one of the most effective ways of locating new opportunities, and the Internet makes it easier than ever to expand your web of contacts. Social networking sites such as LinkedIn.com provide "virtual" opportunities to connect with other professionals -- in your area or halfway across the world. Participating in chat rooms and discussion forums, such as those hosted by professional associations in your field or industry, also is an excellent way to find about open positions.

6. Don't blast away.

Most job sites enable users to apply for a position with the simple click of the mouse. But don't blindly blast your resume to every company you come across. Hiring managers seek tailored resumes that directly tie a job seeker's unique skills and abilities to the requirements of the position. Take the extra time and effort to customize your application materials to each specific opportunity.

7. Spell well.

Completing employment applications online is convenient but potentially costly if you're not careful. Be mindful of your spelling and grammar when typing information directly onto online forms. Typos are no less problematic on screen than on paper. In a Robert Half International poll of employers, typos and grammatical errors were cited as the most common mistakes job seekers make on their resumes.

8. Tread carefully.

There's a time and a place for everything. With that old adage in mind, be careful of when and where you do your online job hunting. Using your company's computer and Internet connection to look for a new position is a bad idea. Employers have the right to monitor the sites you visit and the e-mails you send. So, resist the temptation to hunt for a new job at the office if you want to keep the one you have for the time being.

9. Follow up!

When job hunting online, it's critical that you follow up with prospective employers after applying for a position. More than a few resumes have gotten lost in cyberspace. If you've submitted your application and haven't heard back from the company, make a call or send an e-mail to verify that the resume was received and to reassert your interest in the position. Don't worry; you're not going to annoy the employer. Eighty-two percent of executives polled by our company said job seekers should contact hiring managers within two weeks of submitting application materials.

While the Internet has revolutionized the way job seekers connect with prospective employers, an online job hunt shouldn't be the only strategy you use to find a new position. The best searches combine a variety of approaches, including exploring the services offered by recruiting and staffing firms, touching base with members of your professional network, and participating in industry events where you can hobnob with hiring managers.

US still world's top spammer

The US is still responsible for more unsolicited email than any other country, according to new figures.


Security firm Sophos said that 19.6 per cent of all spam originates in the US, more than twice as much as that coming from the next worst offender, China, which produces 8.4 per cent of the world's spam.


The UK is reponsible for 2.8 per cent of all unsolicited email, in 10th place in the global chart. However, spam is a truly global problem, according to Sophos.


"For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world," said Carole Theriault, senior security consultant at Sophos.


Spammers operate by spreading viruses that allow them to take control of infected PCs. These PCs become 'bots' - computers that are operated remotely to generate spam in high volumes.


Once spammers have a large number of 'bots' under their control, they can use the network, or 'botnet', to send unsolicited emails in vast quantities.


"We can see compromised systems send messages on a dozen different topics, from stock scams and cheap mortgages, to saucy porn and diet drugs. ISPs seriously need to examine whether they're doing enough to monitor whether their users are unwittingly relaying spam as well as educate them about the how to defend their home PCs," said Theriault.

SQL Server Still No. 1 in Databases

Microsoft SQL Server is still No.1. According to the 2007 Database and Data Access, Integration and Reporting Study, completed by BZ Research in late June, 74.7 percent of enterprises are using SQL Server. This is slightly lower than the 76.4 percent reported in a comparable July 2006 study, but it’s still significantly higher than the other popular databases.

BZ Research, like SD Times, is a subsidiary of BZ Media. This survey, conducted during the second half of June, was completed by 686 software development managers.

The study showed that the other top databases, in terms of use, are Oracle (54.5 percent in 2007, up from 51.3 percent in 2006), Microsoft Access (54.4 percent, down from 56.1 percent), MySQL (43.4 percent, up from 38.5 percent), IBM DB2 (23.5 percent, up from 20.4 percent) and PostgreSQL (11.2 percent, down from 11.6 percent). All other databases had less than 10 percent responses.

One Microsoft user in this anonymous survey said, “SQL Server is much, much easier to use with ADO.NET than Oracle is at the moment. If Oracle ever addresses this, then we might be able to utilize Oracle more in the future.” Another commented, “Oracle is perceived as requiring a ‘Priesthood’ to program, configure and run. SQL Server is just another tool and is integrated with Visual Studio.” A third said, “SQL Server is more than adequate for our needs, easy to administer, works well with Visual Studio and runs fine on an x86 server. It is our standard for most in-house deployments. A lot of our third-party vendors use it too.”

Not everyone, of course, uses SQL Server: “We’re a major corporation and Oracle is a de facto standard for enterprise computing (along with IBM DB2). Microsoft SQL Server, though we use it, is not industrial strength.” Another added, “IBM is much easier to work with than Oracle in terms of tech support and sales.”

And sometimes it just depends: “We develop J2EE and .NET applications, SQL Server from Microsoft is everywhere in the small to mid customers, Oracle is in the large customers. When we sell applications we need to deploy apps that already mesh with existing databases.” Another said, “MySQL has been started to test as alternative to Oracle.”

Sybase had its fans and critics: “Sybase is still the de facto standard on Wall Street. It practically runs itself allowing the DBA staff to take on ‘other duties as assigned,’” said one respondent. Another said, “We wish Sybase added features as quickly as MySQL would, would extend T-SQL, and implement other features commonly found in other databases. Otherwise we’ll probably leave it.”

Not all installed databases are used for new projects, but are retained as part of legacy systems. The 2007 study also asked which databases were used for the most recently completed project. For this question, SQL Server was used by 51.0 percent of projects, followed by Oracle at 37.1 percent, MySQL at 20.7 percent, Access at 14.9 percent, DB2 at 12.5 percent and PostgreSQL at 4.2 percent. All other databases had fewer than three responses.

One respondent said, “Most [databases] are legacy, but new development is to be Oracle or SQL Server.”

Choosing Familiarity

When asked why they chose a specific database for their most recent project, nearly half of all respondents—45.9 percent—said “familiarity with the database.” The other top answers were “high availability or reliability features” (21.3 percent), “lowest development costs” (20.1 percent), “lowest deployment costs” (18.6 percent), “covered under site license” (17.1 percent) and “requested by specific applications” (15.3 percent).

The lowest responses to this question were “won competitive bidding” (1.9 percent) and “lowest memory footprint requirements” (3.1 percent).

The full study, with verbatim responses, is available for purchase from BZ Research.


Microsoft Moves Ahead with Software Modeling

With the goal of generating applications from simple models an elusive goal, Microsoft and others are working on technology to make it a reality.

Some say the possibility of delivering applications from models exists today in the form of the UML (Unified Modeling Language) and MDA (Model-Driven Architecture). But the use of tools supporting these technologies typically require serious expert involvement, some observers say.

Richard Mark Soley, chief executive of the Object Management Group, located in Needham, Mass., which oversees many of the modeling specifications such as UML and MDA, said developing applications via modeling is entirely feasible.

"The answer is absolutely, yes—software (and hardware) has already been generated from UML models. And other modeling languages also (MDA includes several, including UML, MOF [MetaObject Facility], BPMN [Business Process Modeling Notation] [and] SysML [Systems Modeling Language]) can be used to generate applications from models."

Grady Booch, chief scientist at IBM's Rational business unit and the co-creator of the UML, likes to cite the usage of the technology in various instances. In fact, one of Booch's more salient examples of the prevalence of the use of UML is a reference to the technology on an episode of the CBS television series "NUMB3RS," which involves a math genius who helps the FBI.

PointerClick here to read how BigLever's Gears Software Product Line tool helps developers take a factory approach to building software.

The genius sites a UML model as key to delivering an application that helps to solve a case. Indeed, Booch showed a clip of the show at the IBM Rational Software Development Conference in June.

However, Microsoft sees UML and its ilk as too hard and too heavy a process, and is working on delivering its own modeling technology.

S. "Soma" Somasegar, corporate vice president of Microsoft's Developer Division, said Microsoft has some incubation projects that focus on modeling. He expects to see fruit from those projects in the next six to 12 months, he said.

Somasegar said the modeling effort has been a pet project of Microsoft chairman Bill Gates. The company has put some of its best developers on the effort, including Don Box and Chris Anderson, who helped build the company's Microsoft Windows Communication Foundation, a key pillar of the .Net Framework 3.0.

Indeed, Box has referred to himself as Microsoft's chief modeling officer. On the notion of creating applications from models, Somasegar said, "We've had aspirations in this company for a long time. We've had aspirations saying, using business process modeling, we should be able to lay down a set of models and people have to deal with the models and, if they define the models right, then the applications pop out. So you really don't need to write code."

However, "That's really one extreme view of looking at it," Somasegar said. In certain domains, "we will be able to do that sooner than later," he added. "But I foresee people writing code for a long, long time, particularly in building business applications." But Microsoft has long talked about raising the abstraction level.

"What you had to write five to 10 years ago in terms of the number of lines of code for a particular application, today I am sure it is orders of magnitude less," Somasegar said. "We've abstracted, we've got frameworks, we've got controls, we've got this, and we've got that. And to me, modeling has taken the abstraction to a whole new level."

Somasegar would not go into specific detail on how Microsoft is approaching the issue of simplifying the model-driven development process. In general, though he said: "If you can have a central repository of models or a common way of working against models...then you can do a lot."

In short, Somasegar said Microsoft's developers believe "the platform has advanced enough and the tools have advanced enough, that we feel like we have an opportunity to go make some big steps forward in the model-driven development world. So we have a set of incubations going on and Don Box is one of the key guys, along with some others, who are working on this."

And Somasegar said he hopes to be able to display some early prototypes of what Microsoft has been working on within the next year.

In the meantime, Microsoft has been working on its Software Factories approach to enabling the generation of software for specific uses by following a factory-like approach. This is the company's implementation of the software product line method of development. IBM also has similar capabilities. The goal of all these approaches is to drastically increase productivity and promote more reuse of software components and models.

Modeling is not new, but the overall technology has never reached mass scale in terms of ease-of-use and flexibility. Some early attempts at modeling included the so-called CASE (Computer-Aided Software Engineering) tools and others.

"Modeling has existed for many years in fact," said Mark Driver, an analyst with Gartner Inc. "CASE did this with COBOL and C++ to a large degree. Oracle Designer has done this with Form for years as well," he said.

However, "the problem is that model driven development has been very limited in terms of flexibility and advanced application features," Driver said.

Today modeling is making a comeback through business process modeling schemes like Business Process Execution Language (BPEL) and business rules engines, "but in a tempered fashion," Driver said. "Also tools like Compuware's OptimalJ have done some nice things around MDA," he added.

Jeffrey Hammond, an analyst with Forrester Inc., said there are modeling tools that will generate 100 percent of your application code today.

"I've worked with and talked to customers who do this, and they see improved quality and higher productivity per developer as a result," Forrester said. However, these benefits do not come without cost though, he said.

"You need to put a lot of information into a model-driven tool before it will generate code — they have high activation energy," Hammond said. "Many organizations who would like to get to this point lack the organizational commitment to see it through. They start with a model driven approach, but when there is a problem with a code generator or the project is suffering from time pressure," he said. Frequently developers "will break into the generated code and modify it at the text level," he said.

For its part, CA on July 30 announced the availability of CA Plex r6, a rapid application development environment that enables model-driven development of .Net, Java 2 Platform, Enterprise Edition (J2EE) and IBM System i Web services, the company said.

With CA Plex r6, Web services can be managed as "first-class" objects, and developers can view, diagram, document, and manage these objects in their enterprise model, officials at CA, which is based in Islandia, N.Y. said.

The product delivers many of the attributes consistent with modeling, including component reuse, code generation and others to the creation of Web services, and facilitates the use of objects across service oriented architectures, as well as client/server and legacy applications, the company said.

Super Mario worm circulates

A new worm is really plumbing the depths - by exploiting interest in a well-known computer game character.


An email currently circulating has an attachment claiming to be a game featuring Nintendo legend Mario, but it actually contains the Romario-A worm.


Once it has infected your PC, the worm then attempts to mail itself to contacts in the recipient's address book as well as spreading on USB drives and other removeable media.


"Fraudsters are constantly innovating to find new ways of tapping into users' psyches to tempt them into clicking on infected links and attachments," said Graham Cluley, senior technology consultant at Sophos.


However, even after clicking on the attachment you may not be aware that anything is wrong as it will take you through to the promised game.


"This kind of attack is particularly stealth-like because nostalgic gamers can actually play the game once they click, giving them no reason to suspect that something more sinister is lurking beneath," said Cluley.

Microsoft Submits Photo File Format For Standardization

Microsoft hopes its new digital-photo file format will one day replace the widely used JPEG format as the industry standard for electronic photography and digital imaging.
Microsoft on Tuesday said an international standards body has agreed to vote on whether to accept the company's new digital-photo file format as a standard, which Microsoft hopes will one day replace the widely used JPEG format as the industry standard for electronic photography and digital imaging.

The Joint Photographic Expert Group has agreed to submit formal balloting of HD Photo to JPEG's national delegations for approval by the fall. The tentative name for the spec is JPEG XR.

Expected to help Microsoft's cause is the fact that the company is making the technology available without charge. "Microsoft's royalty-free commitment will help the JPEG committee foster widespread adoption of the specification and help ensure that it can be implemented by the widest possible audience," JPEG said in a statement.

Microsoft claims the new file format would enable digital photographers and editors to capture and transmit higher quality images at half the size of photos created in today's JPEG standard. The company also claims HD Photo produces fewer unwanted visual artifacts and offers lossless data compression, which means no visual information is lost when the file is shrunk and then recreated to its original size.

The current JPEG standard has been around for 20 years and is used by photographers at major news organizations such as the Associated Press. It's also found in image editing programs, including those built by Adobe Systems, and is supported in digital cameras and printers.

Microsoft has already released HD Photo in the market through its own products. The file format is natively supported by its new Windows Vista operating system and in .Net Framework 3.0. HD Photo is also supported by Apple's Mac OS X operating system.

In trying to drive the technology further into the market, Microsoft has developed a plug-in that adds HD Photo support to Adobe's popular Photoshop editing program.

Microsoft Works to become a free, ad-funded product

Microsoft’s next version of its small-business/home productivity suite, due imminently, will be free and ad-funded.

Microsoft Works 9.0 — which will be the new product’s name, if Microsoft opts to stick with its current nomenclature — might also debut at some point as Microsoft-hosted low-end productivity service, as many have been speculating. A hosted version of Works would give Microsoft a head-to-head competitor with Google Docs & Spreadsheets and other consumer- and small-business focused services, analysts have said.

For the time being, however, the new version of Works will be ad-funded, according to Satya Nadella, the newly minted Corporate Vice President of Microsoft’s Search & Advertising Platform Group. Nadella told me during an interview on July 27 that Microsoft recently released the new ad-funded version of Microsoft Works.

If Works 9.0 is out, I haven’t found it yet — other than a couple download links on torrents and other sharing sites. Anyone else seen it?

(I’ve asked Microsoft for more information on the new ad-funded Works suite. No word back yet. Update: Even though Microsoft’s own vice president discussed the product, no one will talk. The official comment, via a Microsoft spokeswoman: “We’re always looking at innovative ways to provide the best productivity tools to our customers, but have nothing to announce at this time.”)

Nadella added that Works will be just “the first of the ad-funded software we are going to do.” When I asked for other examples of products Microsoft might decide to make free and ad-funded, he mentioned Office Accounting Express — a product which is currently available as both a free download and as a component of certain Office Live paid subscriptions. He also said software downloads/shareware was another category ripe with products that could be free and ad-funded.

The decision to make Works ad-funded is not coming out of the blue.

Microsoft Works 8.0, which Microsoft introduced in 2004, sells for $49.95. It introduced the 8.5 OEM update to Works in 2006. Microsoft Works includes an address book, calendar, database, dictionary, PowerPointŠ¾ Viewer, basic Word, and templates. Traditionally, a number of PC makers have preloaded the Works product on low-end PCs. But with its Office Ready PC program, Microsoft has begun pushing PC makers to preload higher-margin Microsoft Office rather than the cheaper Microsoft Works, on new machines.

In his October 2005 “Internet Services Disruption” memo, Chief Software Architect Ray Ozzie noted that “(p)roducts must now embrace a ‘discover, learn, try, buy, recommend’ cycle – sometimes with one of those phases being free, another ad-supported, and yet another being subscription-based.” He added: “Groups should consider how new delivery and adoption models might impact plans, and whether embracing new advertising-supported revenue models might be market-relevant.”

Even before Ozzie outlined his marching orders, Microsoft was mulling an ad-funded version of Works. According to a document seen by News.com in 2005, Microsoft was already running the numbers on what it would take to do an ad-funded version of its low-end suite. According to that report:

“If ad revenues exceed 67 cents per year, we could actually give Works away and still make more money,” two Microsoft researchers and one person from MSN stated in a paper presented to Chairman Bill Gates at a Thinkweek brainstorming session earlier this year.”

Do you think a free, ad-funded version of Microsoft Works — even if it’s not a “service” — will help Microsoft fight off Google and other Web-based productivity suite vendors? Do you still expect Microsoft to release a non-ad-funded, paid version of Works as a subscription service at some point?

IE most influential tech product in last 25 years?

Despite the ubiquity of the iPod, Microsoft's Internet Explorer is the 'most influential' tech product of the past 25 years, according to a survey of IT professionals.

The survey was carried out by the Computing Technology Industry Association (CompTIA), a 25-year-old trade body which certifies IT professionals and is funded by major vendors, including Microsoft. Out of the top five products in the poll, only one -- the iPod -- is not a Microsoft product.

Internet Explorer, which garnered two-thirds of the vote, was launched in 1995. Originally based on the little-known Spyglass Mosaic browser, its main competitor at the time was Netscape. By the time Internet Explorer version 5 was released in 1999, it had become the world's most popular browser.

It still holds that position today, although it is facing steadily increasing competition from the open-source browser Firefox, seen by many as a more stable and secure product.

Second place in the poll went to Microsoft Word, selected by 56 percent of respondents. Windows 95 was third (50 percent), followed by Microsoft Excel and Apple's iPod in joint fourth place (49 percent). Respondents were able to vote for multiple technologies.

Microsoft and CompTIA have traditionally been closely aligned, particularly in the fight against open-source software -- both are key members of the Initiative for Software Choice, which frequently takes an anti-open-source stance

Earlier this year, CompTIA threw its weight behind Microsoft in Redmond's fight against an EU report which allegedly favoured open-source software. On another occasion, when the European Commission fined Microsoft last year for not sharing or licensing protocol information with its rivals, CompTIA called the US$357m fine "arbitrary and capricious".

CompTIA's survey was completed by 471 IT professionals and was carried out in May and June of this year. Other products which made the top 10 include (in order from sixth to tenth): the BlackBerry, Photoshop, McAfee VirusScan, Netscape Navigator and the PalmPilot.