IT-Code-News: IT News HeadLines (InfoWorld) 01/01/2009

Quotes of note from 2008

So many notable quotes, so little space to recount them -- that's the annual conundrum as we think back on the year and recall comments that stuck with us long after they were uttered. We've assembled some of those notable comments from stories we wrote and stories we read and offer them here in not-quite chronological order because we wanted to let Oracle CEO Larry Ellison have the last word.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

So much for holiday spirit
"It seems Ellis got fed up with Danny being obsessed with the Wii and refusing to play with him. He was told it was his turn on the Wii next, but he took it a bit too literally and used his secret weapon to sabotage the machine." -- Kerry Emsley, the mother of Danny Emsley and his 4-year-old brother Ellis, who ruined Danny's Wii by, well, weeing on it after his brother refused to share.

"It must surely be counted as a leak." -- Darren Emsley, the boys' father, who spent months trying to find the Wii for Danny, commenting that he hoped the "accident" would be covered by home-owner's insurance.

Lights! Cameras! Action!
"In a funny sort of way, I now know why Britney Spears is so screwed up. I'd never been to this kind of a photo shoot before. So I flew down to La Guardia and was driven to Soho Studios, which has this cool post-industrial look, which is very good for this kind of thing. I went into this studio and immediately had a makeup person, a wardrobe person, and a person who was offering me vegetarian smoothies. And I thought, if you lived in a world where people were doing your hair, your face, dressing you and bringing you smoothies, you might really believe that you are somebody more than an average human." -- John Halamka, CIO of Harvard Medical School and the CareGroup, in a January interview with CIO, talking about his appearance in a BlackBerry advertising campaign.

Who cares?
"Let a marketing person loose for 10 minutes and they'll come up with a category. You can say UMPC or MID, what the hell's the difference?" -- Phil McKinney, then-CTO at Hewlett-Packard, expressing exasperation at the Consumer Electronics Show regarding various terminology used to describe ultramobile PCs.

Feeling Blu
"As you can probably guess, all of us at Sony are feeling blue today. But that's a good feeling." -- Sony CEO Howard Stringer speaking at CES two days after Warner Bros. announced plans to back Blu-ray Disc.

But there's another view of Blu-ray
"You know, Blu-ray is a bag of hurt. I don't mean from a consumer point of view -- it's great to watch movies -- but the licensing is so complex. We're waiting until things settle down and Blu-ray takes off in the marketplace before we burden our customers with the cost of the licensing and the cost of the drives." -- Apple CEO Steve Jobs.

Do no evil
"While the rights they've reserved themselves are very broad, it's probably a case of their actual practice being more conservative. We just have to hope they maintain their stance of not being evil." -- Josh King, vice president for business development and general counsel at Avvo.com, a legal advice site, talking about Google's claims that its terms of service gave it a license to user content in various of its products.

Labels
"All these labels -- 'geek' and 'nerd' and 'mild Asperger's -- are all getting at the same thing.... The Asperger's brain is interested in things rather than people, and people who are interested in things have given us the computer you're working on right now." -- Temple Grandin, an associate professor at Colorado State University, on the connection between people with a form of autism called Asperger's Syndrome and IT professionals.

Shortage? What shortage?
"We've got four 300-millimeter fabs, so we can really hose this stuff out," said Sean Maloney, executive vice president and chief sales and marketing officer at Intel, explaining in June how the company planned to fix a shortage of its low-cost, low-power Atom processors. By October, the shortage was over.

A bunch of what?!
"I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them" -- Linus Torvalds, with characteristic color, explaining why he's fed up with security companies hyping software vulnerabilities.

Hamilton, Madison, Jay turn in their graves
"I get the sense that the court is suffering from a poor understanding of how anonymous speech works in the Internet age. I find the court's attempt to compare The Federalist Papers to the likes of penis enlargement e-mails not only wrong-headed but ultimately offensive to the reasons why we have a First Amendment." -- Ray Everett-Church, director of privacy and industry relations at e-mail marketing vendor Responsys and a critic of spammers, questioning a Virginia Supreme Court decision in September.

Ouch! That will leave a mark
"When you have an object that extends from the surface of Earth to geosynchronous altitude, every satellite currently in orbit, every piece of debris, and every satellite in the future will crash into the elevator. Every one, with no exception." -- Ivan Bekey, a former NASA scientist currently with Bekey Designs, speaking at a "space elevator" conference.

Burp
"It's not good to have lots of undigested products in your range. Symantec and McAfee both have indigestion." -- Websense CEO Gene Hodges on his company's plans to eschew the acquisition fervor that hit the enterprise security software market. As for whether Websense would be acquired, Hodges said that's "in the hands of the gods."

Application squirts
"All you do is squirt applications to the cloud." -- Richard Payling, Capgemini vice president of global outsourcing regarding a partnership under which is company and Amazon.com will offer application development and hosting services using Amazon's infrastructure.

Woe unto the engineers
"Engineers will no longer have any influence or say whatsoever in the way that their product appears to the outside world," either to end-users or IT administrators. -- Avaya president and CEO Charles Giancarlo at VoiceCon regarding the effect of a product development reorganization at his company.

From the Yahoo-Microsoft saga
"Until now I naively believed that self-destructive doomsday machines were fictional devices found only in James Bond movies. I never believed that anyone would actually create and activate one in real life. I guess I never knew about [Jerry] Yang and the Yahoo Board," billionaire investor Carl Icahn, in a June 4 letter to Yahoo Board Chairman Roy Bostock, referring to a severance plan Yahoo adopted shortly after Microsoft made its acquisition bid, and which Icahn termed a poison pill measure to scare Microsoft away.

"To this day I would say that the best thing for Microsoft to do is to buy Yahoo." -- Jerry Yang on Nov. 5, during a keynote appearance at the Web 2.0 Summit in San Francisco, shortly after the Google search ad deal collapsed and days before announcing he would step down as CEO as soon as a replacement is found.

[ For the complete saga of Microsoft's attempted takeover of Yahoo, check out InfoWorld's special report ]

Tell it, Larry!
"The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. I can't think of anything that isn't cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?

"We'll make cloud computing announcements. I'm not going to fight this thing. But I don't understand what we would do differently in the light of cloud computing other than change the wording of some of our ads. That's my view." -- Oracle CEO Larry Ellison during a meeting with analysts when he was asked what Oracle is doing about cloud computing.

Stephen Lawson, James Niccolai and Agam Shah in San Francisco; Fred O'Connor and Elizabeth Heichler in Boston; Juan Carlos Perez in Miami; Sumner Lemon in Singapore; and Jason Snell of Macworld contributed to this round up of 2008 quotes.

The 25 greatest blunders in tech history

Imagine how different the tech industry might have been had Gary Kildall accepted IBM's offer, back in 1980, to license his computer operating system for a top-secret project. CP/M would have been the OS that shipped with the original IBM PC, and the world might never have heard the name of Kildall's competitor, who eventually accepted the contract: a Mr. Bill Gates.

For all the amazing advances that the computing industry has brought us over the years, some of its most pivotal moments are memorable for all the wrong reasons. Not every idea can be a winner, and not even Microsoft can avoid every misstep. But as they say, those who forget history are doomed to repeat it -- then again, others just keep screwing up. n the interest of schadenfreude, here is a look back at the last 20 years' worth of blunders, fumbles, also-rans, and downright disasters you may have forgotten about -- or wish you could.

Top tech flops Nos. 21-25: PS/2, VR, compression wars ...
Top tech flops Nos. 16-20: Copland, Gnu Hurd, Oracle Raw Iron ...
Top tech flops Nos. 11-15: Palm OS Cobalt, Netscape 6, search engines ...
Top tech flops Nos. 6-10: Itanium, Mac clones, e-currency ...
Top tech flops Nos. 1-5: DRM, paperless office, iPod imitators ...

The top tech resolutions for 2009

New Year's is a great occasion for taking pause to reassess priorities, needs, and wants. As we enter what looks to be a trying 2009, such a pause is even more critical. IT resources will be limited and business pressures higher. But that doesn't mean you withdraw or go into reactive mode. In tough times, being clear on your priorities is even more important, as everything you do is more critical. So InfoWorld asked its CTO Council member and its cadre of expert contributors for their top New Year's resolutions to give the tech industry a list that we hope will help you make the most of your 2009 priorities.

1. Get out of IT mode. For IT managers, now is a time when the classical management skills and priorities may need to outweigh IT considerations. "Your opinions need to be part of the mix in order for your business to survive and thrive -- so put them out there," advises CTO Council member Gene Rogers, chief technologist for advanced network and space systems at Boeing's Integrated Defense Systems group.

Bob Lewis, InfoWorld Advice Line blogger and author of Keep the Joint Running: A Manifesto for 21st Century Information Technology, seconds Rogers' sentiments: "Eliminate any and all IT projects: There are no IT projects. Every project is about improving how the business operates, or what's the point?" What does that mean? Lewis explains it thusly: "If the project is considered complete when the software has been put into production, it's an IT project and needs to be redefined. If it's considered complete when the users have been trained in how to operate the new software, it's an IT project. It's a business improvement project only if it includes redefinition of how the business is supposed to run, if users are trained in how to perform their new responsibilities using the new software, and if the project isn't finished until the business is successfully operating differently and better."

2. Slay sacred cows. The difficulties projected for 2009 present a rare opportunity to attack situations that are off-limits during good times. CTO Council member Igor Shindel, an independent consultant, suggests that this year is the time to replace Microsoft Office, swap out Microsoft Exchange, or replace Oracle Database as part of an effort to reduce long-term costs. These complex technologies are hard to get rid of because organizations must accept reduced feature sets and will perceive a higher risk in letting them go. But the payoff is worth it, he says, so "this is the year to tackle these projects."

IT will also face a monetary objection to such changes, notes Jon Williams, CTO of NBC Universal's iVillage unit. That objection: The company has invested a lot in these systems, so you can't just toss them. In fact, Williams notes, IT will be under pressure to stick with such complex systems, even if they are the wrong long-term option.

3. Get smarter about IT spend and delivery. This is a perennial resolution, but it easily falls by the wayside as both technologists and business users fall in love with new capabilities from the latest and greatest whatever. "We need to bolster our emphasis on quality," notes CTO Council member Glenn Ricart, managing director of the PricewaterhouseCoopers Center for Advanced Technology. "With the budgetary cutbacks, people are being asked to do more with less, and too often the result is lower quality of delivery. That really hurts the IT organization's credibility and can start a downward spiral. It's better to do the same or slightly less but do it very well, then top management will have confidence that they'll get additional top-notch service if they add to your budget," he says.

InfoWorld Tech's Bottom Line blogger Bill Snyder has advice on two ways to accomplish this resolution. First, squeeze every IT dollar. "Make sure that any business unit or employee requesting a purchase can explain how it will contribute to profitability. Demand specifics, not generalizations," he says. Second, "hire slowly, fire even slower. It's tempting to cut costs by cutting personnel, and sometimes that's necessary. But remember that losing experienced personnel can cost a business in the long run. Institutional memory is precious."

One specific way to save money smartly is to be open to open source, advises InfoWorld Open Sources blogger Zach Urlocker. "In many cases, organizations just default to certain closed source applications or infrastructure decisions because they are not familiar with other options," he notes. Yet, open source approaches can reduce total cost by as much as 90 percent over traditional offerings. There's another benefit for staffers: "Even if the decision is made to go with closed source, staff will appreciate getting exposure to new technologies."

And whatever you do, remember that interpersonal relationships are especially key to succeeding in tough times, advises Advice Line blogger Lewis. "No matter what you're trying to accomplish, the interpersonal relationships have to work before anything useful will happen. If it's ITIL, for example, everyone with a hand in your new processes has to trust everyone else with a hand in the process, or they'll second-guess each other's work to death. This will turn even the most efficient process design into sludge. If it's offshore development, to take a second example, it won't work unless the onshore analysts and offshore developers have confidence in each others' abilities."

InfoWorld resources: A strategy for IT in tough times, cost-saving tips, recession-proof technologies, best open source software, Open Sources blog, and InfoWorld open source topic center.

4. Be ready for the cloud. You're going to need to cut costs this year -- that's no secret. But you can do so in a way that prepares you for the cloud computing platforms now emerging, argues NBC Universal's Williams. "What if all IT departments cut their datacenter capacity by 20 percent in 2009 and expand back into the cloud in 2010?" he poses.

Getting ready for cloud computing will require a change in mind-set at many IT shops: letting business processes go elsewhere. So, as part of preparing to take advantage of the cloud, InfoWorld Real World SOA blogger David Linthicum recommends you promise yourself the following: "I resolve that I will not fight the movement of business processes outside of the my datacenter, as it makes sense."

InfoWorld resources: Cloud computing special report, cloud computing platform comparison, analysis of Microsoft's Azure cloud platform, and cloud computing primer.

5. Make a final decision on which OS to go forward with -- Mac OS X, Windows, or Ubuntu Linux -- then do it. Windows Vista was coldly received when it debuted, and for good reason. But with SP2, Vista is as stable as it will ever be, notes InfoWorld Enterprise Windows blogger J. Peter Bruzzese. So, if you're going to stick with Microsoft's OS, "start upgrading the hardware to prepare for Windows 7 eventually but get Vista going now," he advises, so you can learn the under-the-hood changes and techniques that Vista brings to Windows, and that will be the underpinnings of Windows 7.

If you're not going to stick with Windows, then jump ship in 2009 -- after all, it's now clear that Windows 7 won't be a brand-new OS but simply a better Vista, so what are you waiting for? Plus, the next Mac OS X, Snow Leopard, will also be a continuation of the current OS, so there's no reason to delay your journey down that path. Linux's stability also argues for not waiting.

Plus, Bruzzese notes, spending the money on new hardware and apps will be good for the economy: "Spend the money in 2009 when it can really help."

InfoWorld resources: Windows 7 benchmarks, Windows Vista SP2 benchmarks, tips for Macs in business, Mac OS X Snow Leopard preview, Ubuntu switching tips, Enterprise Desktop blog, Windows Sentinel tool, and Enterprise Windows blog.

6. Lead on green. Green techniques -- from energy reduction to reducing the use of toxic materials -- save both the environment and money. So what's good for the planet is good for the business, and that's a string motivator in 2009.

"IT energy costs continue to grow without a corresponding increase in business value. There is a lot of pressure to reduce IT costs in 2009, and it's an easy choice between paying less to a utility and laying off experienced employees," says CTO Council member Marvin Richardson, managing director of Trexin Consulting.

Rein in energy waste. "There are plenty of steps companies can take to reduce power costs," notes Ted Samson, InfoWorld's Sustainable IT blogger. Utilities are sweetening the deal by giving rebates to aid in implementation of energy-saving technologies. "This is a real opportunity for the CTO to provide visible, popular leadership that will be appreciated by his or her company, employees, and customers. Oh, and it's the right thing to do for both ecological and economic reasons," Richardson adds.

Among the steps you can take are virtualizing your datacenter and pushing suppliers for nontoxic manufacturing methods. "Reduce travel by 20 percent and increase the videoconferencing budget by 20 percent," suggests PricewaterhouseCoopers' Ricart. Recycle your old equipment properly, such as through sales or donations to employees and charities and hiring recyclers that won't ship the materials overseas, where they end up being disassembled by hand, poisoning the people there.

At the University of Hawaii, InfoWorld contributing editor Brian Chee shows how it's done: "My first New Year's resolution is to dramatically reduce the energy footprint of my lab by retiring my older, less-efficient servers in favor of blades. Future blades will be cheaper than stand-alone servers, and the power supplies are much more efficient. Overall, I think I can cut my server rack power usage in half, especially since I'm virtualizing everything now."

InfoWorld resources: Energy-saving strategies, Sustainable IT blog, power-saving myths, InfoWorld green-tech topic center, InfoWorld virtualization topic center, and facilities management techniques.

7. Get serious about architecture. "Focus on enterprise architecture and governance," advises CTO Council member Jeff Gleason, enterprise architect at Aegon USA Investment Management. "During good times, we're usually too busy to worry about things like current state architecture, future-state road maps, and governance of project priorities and IT spend. Yet it's always tough times like now when we wish our enterprise architecture practice were more mature, that we didn't have so much redundancy, that system changes were easier and faster, and that project priorities are more clear. The architecture group is always talking about this stuff, but it's never until we have to cut costs that anyone pays attention."

InfoWorld resources: Real World SOA blog, relationship between SOA and enterprise architecture, Enterprise Architecture virtual conference, and InfoWorld SOA topic center.

8. Get serious about business continuity. "Resolve to have a business continuity plan in place and to have at least one full disaster prep drill during 2009," advises InfoWorld Test Center editor Curtis Franklin. "There's no reason not to have a fully developed plan, and no reason to think that your plan will work if you haven't tried it."

9. Get serious about security. "Resolve to have a full information security audit during 2009," Franklin also advises. The audit should include every application, job function, and individual that touches sensitive data, with special attention given to those touching sensitive customer data.

While IT focuses on its security, the industry as a whole needs to fix the security problems of the Internet, adds Security Adviser blogger Roger A. Grimes. "The Internet is quickly growing into the way the world works, and the criminals control much too much of it. It's time to start drawing a line in the sand and say, 'Enough is enough!' And take back our Internet."

InfoWorld resources: Top security land mines, tips for educating employees on security, Security Adviser blog, and data protection topic center.

Nine Web sites IT pros should master in 2009

Here's a time-saver for IT executives swamped by last-minute budget cuts and end-of-the-year performance reviews: We've written your 2009 goals for you, with our list of nine Web sites you need to study during the next 12 months.

This list is not for geeks. It’s for IT professionals of a certain age, who don’t spend every waking hour online but need to keep up with the latest innovations on the Internet.

[ Want more career pointers? Spruce up your resume with our tips for techies. | Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Master these Web sites, and you’ll prove you can innovate during the most trying economic times. And you’ll do it more efficiently than your 20-something employees, who waste too much time chasing the new, new thing on the Internet that may not survive the downturn.

1. LinkedIn
Forget Facebook. In the last six months, LinkedIn has become the de rigueur Web 2.0 site for IT professionals. LinkedIn has 30 million members, almost double what it had a year ago. And it raised more than $75 million in venture capital during 2008, so it has staying power. It has a host of new features that make it the most productive networking site on the Web. Spend some time updating your LinkedIn profile and reaching out to current and former colleagues. You can show your boss that you’re well connected, and you’ll be ready in case you’re on the next layoff list. In 2008, LinkedIn made our list of the 20 most useful social networking sites on the Web.

2. Google Apps for Business
Call it what you like -- software as a service or cloud computing -- but it’s the future of enterprise IT departments, and you need to get on board with it. You’ll be under more pressure than ever in 2009 to find cheaper ways to deliver IT services. One way to do that is to pilot a Google Apps project, such as document sharing via GoogleDocs or video sharing via Google Video. Your staff can build one of these collaboration projects in a jiffy, and the information will be available to employees from any location on any computer. Among Google Apps proponents: The District of Columbia government.

3. VMware Communities
Chances are you’ve already embarked on a server virtualization project, and continued consolidation of your servers is a key money-saving goal for 2009. Most of you are using VMware for your server virtualization projects, and our product reviewers recommend you stick with VMware over Microsoft’s Hyper-V for the foreseeable future. To get the best real-world feedback on how best to deploy VMware, keep your eyes on the VMware Communities Web site. It’s got user groups in your community and lots of tips from other VMware developers that can help you solve problems faster.

4. Secunia
Security will continue to be a top priority for 2009, but you’ll need to figure out how to do it on the cheap. That’s where Secunia.com comes in. This site aggregates security vulnerability information from leading vendors, providing you with one-stop shopping for the latest news about security bugs and the software patches available to fix them. The site has an active community of IT security folks who can help you fix operating systems and applications before you get attacked. Secunia made our list of 20 useful IT security Web sites in 2008.

5. Green Grid
With the economy in shambles and energy prices plummeting, you’re likely to hear a lot less about global climate change and carbon neutral business operations than you did six months ago. Nonetheless, green IT can still be a huge advantage for IT departments because it will save you money. Plain and simple: Green IT saves greenbacks. So get to know the Green Grid’s Web site and make sure that whatever you buy in 2009 for your datacenters is in line with their advice and metrics. Here’s more information about the Green Grid along with three other organizations that offer advice about lowering datacenter power consumption.

6. Twitter
At first glance, Twitter seems like a colossal waste of time. But the fact is this real-time messaging service is taking off in IT circles. And if you don’t jump on the bandwagon soon, you might be too late. Twitter provides an easy way to keep your staff and coworkers informed about where you are and what you’re doing. You can also sign up for the latest technology headlines from Wired, Slashdot, and others. It doesn’t take long to sign up for Twitter -- give it a whirl so that you’ll know what your Generation Y employees are talking about. See 20 must-follow Twitter feeds here.

7. Yammer
If Twitter seems too frivolous to you, try Yammer. It’s essentially Twitter for the office. The benefit of Yammer is that it’s a private communications channel for coworkers to share quick messages about what they’re working on, get questions answered, or blast out news. Xerox and Cisco are among the 200-plus companies enjoying improved collaboration thanks to Yammer. One benefit of Yammer over Twitter: It seems to have a sustainable business model.

8. Ruby on Rails
Ruby on Rails is one of the best open source tools to appear in recent years. This Web development framework lets you create working applications in a matter of hours. Advocates of this development platform include the New York Times, Yellowpages.com, Twitter, and Hulu. See 15 amazing Web applications built with Ruby on Rails here. Version 2.2 of Ruby on Rails came out in November, so you don’t have to worry about being on the bleeding edge.

9. Enterprise Mobility Matters
Like it or not, the latest smartphones -- the BlackBerry Storms and Apple 3G iPhones (slideshow: Smartphone showdown: iPhone vs. BlackBerry Storm ) -- are headed toward your corporate network. So you better get ready to protect sensitive corporate information from the risks that these consumer devices open up. If you don’t want to encrypt them, make sure you have centralized control over them so that you can wipe data from lost or stolen cell phones. We like the Enterprise Mobility Matters Web site from market research firm Strategy Analytics because it offers a comprehensive look at enterprise mobility issues.

Network World is an InfoWorld affiliate.

2009 security predictions: Deja vu all over again

The security industry is fueled largely by FUD (Fear Uncertainty and Doubt.) So it's not unusual for most forecasts in the industry to be full of grim prognostications of imminent chaos and calamities.

By that measure, the predictions contained in several recent security forecasts for 2009 will probably be somewhat of a relief for security managers.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Most of the security vendors' forecasts predict dramatic spikes in volumes of spam, phishing, botnet activity and malware targeted at companies. The reports also highlight sharp increases in attacks directed against Web and mobile applications. But the concerns largely deal with issues that security managers are already familiar with and there are few, if any, really nasty new threats in store around the corner, according to the forecasts.

Like with years past, forecasts are colored by the vendor's specific view of their places in the market. For example, Verisign, a provider of Internet infrastructure services, predicted increased attacks against critical targets including SCADA (Supervisory Control and Data Acquisition ) systems, which deliver power. Desktop security software vendor Sophos , meanwhile, warned about dramatic increases in malicious e-mail attachments, and huge spikes in spam volume. And Web application security product vendors predicted an increase in Web attacks.

Together the forecasts paint a picture of a threat environment, while not pretty, looks largely like the one this year -- except that it will have more of everything. Among the forecasts were the following:

-- In 2009, more than 80 percent of all malicious content will be hosted on sites with "good" reputations , according to Web app security vendor Websense . Continuing a new trend, attackers will also move to a distributed model for controlling botnets and for hosting malicious code. Such 'fast flux' networks allow malicious Web sites to be moved around quickly to make it harder, if not impossible, to locate and shut them down.

-- Phishing attacks against users of social networking sites will become more sophisticated, predicted MessageLabs , which is owned by Symantec . The goal of phishing attacks is to collect as much personal information as possible to allow the sending of highly targeted and sophisticated spam messages. Expect also to see an increase in attacks targeting smart phones, MessageLabs said. Attacks, delivered via free application downloads and games, surfaced this year and will become more malicious.

-- Next year, expect a sharp increase in SQL injection attacks on Web sites and an increase in scareware products, which are designed to scare people into buying largely useless products, says Sophos. Expect also to see a continuation in the increase of malicious e-mail attachments and spam both of which saw huge spikes in volume this year, Sophos said.

-- Online criminals looking to improve their odds of success will increasingly start using blended approaches that combine e-mail, Web-based attacks and system intrusions, says Cisco Systems Botnets will become more versatile and criminals will use them to send spam, host malware or use them in direct attacks against specific targets. With an increase in remote workers and the related use of Web-based tools, mobile devices and virtualization technologies are also bound to cause more security worries for corporations, Cisco noted.

-- Distributed Denial of Service (DDoS) attacks will continue to grow in magnitude, said arbor Networks. The largest bandwidth flood attacks this year generated peaks of about 40 gigabits of traffic. Next year, expect to see that number approach 100 gigabits, making it much harder for ISPs to rapidly mitigate such attacks, Arbor said.

-- There will be an increase in attacks on SCADA systems , which control critical infrastructures such as electrical power transmission, Verisign predicted. The global financial crisis and resulting institutional mergers, consolidations and collapses will provide "unprecedented opportunities" for cybercrooks to seek to exploit in 2009, the company warned.

-- Among the newer threats in the collection of predictions for next year are those targeted against so-called Rich Internet Application and cloud computing environment according to Websense. As the popularity of RIA grows there will be a growth in attacks that take advantage of vulnerabilities found with core RIA components and within user-created components to take remote control of end user systems. Similarly cloud computing environments will be increasingly used for sending spam or hosting malicious code, Websense noted.

Meanwhile IT managers themselves appeared to have a slightly different take on what the future holds on the security front.

A poll of 825 IT managers conducted by think-tank the Ponemon Institute, conducted on behalf of patch management vendor Lumension Security, showed about half saying that outsourcing was their biggest security concern.

Much of the concern appeared to be driven by the anticipation that companies will be increasing outsourcing of functions involving sensitive and confidential data to third parties, according to the study. Other threats mentioned by the group involved the threat from cybercriminals and security issues stemming from the growing use of mobile devices to store and access sensitive data.

Computerworld is an InfoWorld affiliate.

The 11 stupidest moments in tech for 2008

Tech is overflowing with creative and hypermotivated people who do a lot of pretty incredible things. But they can be counted on to do some pretty silly things, too -- which is lucky for us, since high-profile pratfalls are part of what makes this industry fun to watch. Certainly 2008 had no shortage of silly goings-on.

Caught up in the Christmas spirit (and spirits), I'll toast 11 of my favorite flights of industry foolishness from the past year, and match each with a fresh Brandy and Egg Nog. So this list is sure to get more insightful and coherent as we go along.

[ Want to avoid performing high-profile pratfalls? Check out "Top 10 tech embarrassments you'll want to avoid." Also read InfoWorld's top underreported tech stories of 2008 and the top 10 stories of 2008. ]

Microsoft advertising: Down the rabbit hole
I think Microsoft's marketing and advertising people took a vow last New Year's Eve to spend all of 2008 on acid. First the "Mojave" campaign, in which the company introduced people to the coolest parts of Vista under a different name ("Mojave") and recorded the results (people liked the Mojave demo). Then the publicity trust enlisted Jerry Seinfeld to star in a series of truly strange commercials that had almost nothing to do with computers or anything else. I admit to enjoying them (exactly for their weirdness), but Microsoft clipped short its arrangement with Seinfeld after making only two spots. (Seinfeld earned $10 million for his efforts.)

The company's next big thing was the "I'm a PC" campaign , whose main message seems to be "See, really hip, creative people who do wacky things for a living use PCs, too, not just Apples." Campaign cost: $300 million. All of these ads are defenses against Apple's gains toward winning the hearts and minds of the computer-buying public, though Microsoft still controls a huge share of the consumer OS market, and an even greater share of the business market. Hey Microsoft: Spend 2009 sober; take your massive advertising budget and use it to hire the software design people you need to bring your OS back to the top of the heap.

Rumors of Steve's death...
On October 3, some genius started a bogus rumor on the micro-blogging site Twitter that Apple's Steve Jobs had suffered a severe heart attack and had been rushed to a hospital. The "news" spread like wildfire on Twitter and elsewhere, bringing panic to many in the tech industry, and causing Apple stock to take a dive before quickly recovering. All in all, it was a bad day for "citizen journalism."

'New Facebook' angers many, no 'Facebook Classic' in sight
Social networking site Facebook got many of its members' undies in a twist earlier this year when it revamped the design of its front page. Numerous groups with cheery names like "New Facebook Blows" sprang up almost overnight, and the biggest of these, " Petition Against the 'New Facebook' ," attracted more than a million members.

With the new design, users have to click a couple of times to get to their beloved Facebook apps. The old design had all of the apps listed in a prominent vertical menu on the home page. For a while Facebookers could choose the design they preferred, but the service eventually deactivated the old version .

"The new design is different, and we understand that some people will be uncomfortable with the changes," Facebook's Mark Slee announced in the site's official blog. "But over time, we think people will appreciate the advantages of the new design and the new features it offers."

Truth be told, the new Facebook looks cleaner and more usable now than it did before. Clearly Facebook intends to be more about communication between members, and not so much about accessorizing a personal profile page with messy and browser crashing trinkets à la MySpace.

A Wikipedia love story
In a classic case of mixing business with displeasure, Wikipedia cofounder Jimmy Wales dumped his girlfriend , ex-Fox commentator babe Rachel Marsden, and posted the news on Wikipedia. In retaliation, Marsden put some of Wales's clothing (left at her apartment in New York) up for auction on eBay and said some snarky things about Wales in the process. Anyway, Valleywag -- the tech industry's equivalent of the National Enquirer -- broke the whole story and even unearthed some of the steamy IM conversations between Wales and Marsden.

Here's our favorite line from the Valleywag coverage: "Marsden subsequently told friends that Wales gave her feedback on her website design - is that what kids are calling it these days? - for 24 hours straight in a D.C. hotel." It took me about an hour to figure out what actually happened in the tragicomic affair, and I felt about 10 IQ points lighter afterward.

Another year, another 'Google killer'
One of the most widely anticipated new products of 2008, a search engine called Cuil, developed by four ex-Google people, was hyped (not surprisingly) as a "Google killer." The new search engine debuted, kinda sucked, and then sorta disappeared.

The first mystery was how to pronounce the product's weird name (like "cool," not "quill" or "kewl" or "cue-ill"); the second puzzle was what the name meant (allegedly an old Irish term for both "knowledge" and "hazel"), and the third and biggest stumper was why Cuil's search results had such a weak relevance quotient, to the point of being bizarre. Some first-time users reported that Cuil even had trouble yielding relevant results when searching its own name. That's just nuts.

Microsoft and Yahoo: Will they or won't they?
Will Microsoft buy Yahoo ? The behemoth of Redmond launched an unsolicited $44.6 billion takeover attempt of the venerable Web portal this year, an effort highlighted by a personal love note from Microsoft CEO Steve Ballmer to the Yahoo board . Then Yahoo, which could really use a date, played hard to get for so long that Microsoft gave up, never to return. Well, not in 2008, anyway.

The failed courtship generated no small measure of frustration among Yahoo investors. Here's billionaire investor Carl Icahn in a letter to the Yahoo board of directors:

"Until now I naively believed that self-destructive doomsday machines were fictional devices found only in James Bond movies. I never believed that anyone would actually create and activate one in real life. I guess I never knew about [Jerry] Yang and the Yahoo Board."

Was Yahoo leader Jerry Yang the man who botched the deal? A lot of people think so. Maybe Yang did, too. He stepped down as Yahoo CEO in November.

Sprint: What if roadies ran the world?
It's funny how the advertising industry has conditioned us not to expect to find any connection between the subject matter of ads and the products they promote. My favorite example this year (other than this one from Gatorade) was a Sprint commercial that imagined a world in which roadies (the guys that lift the amps and pull the wires for rock bands) run everything--in the ad, an airline. I giggled at the 30-second spot, but it could just as well have been used to pitch fish sticks or odor eaters. Anyway, here it is.

A few hiccups in political tech this year
In tech terms, 2008 was a bad year for the Republicans. While the Obama campaign was rewriting the rules for campaigning and fund-raising on the Web , John McCain and his people made one gaffe after another. The first came when Mr. McCain himself cemented his "out-of-touch old guy" image by admitting that he didn't use a computer and hadn't much need for e-mail either. Not that he wasn't trying: "I am learning to get online myself, and I will have that down fairly soon, getting on myself," McCain told the New York Times .

Meanwhile, the Republican nominee's running mate, Sarah Palin, hewed to the campaign's Luddite theme by conducting official business via her private Yahoo Mail account-- an account that an interloper hacked into . Some of her e-mail messages were published on a Web site called Wikileaks.

Later, in the heat of the campaign, McCain adviser Douglas Holtz-Eakin credited his boss with having brought the BlackBerry into being . What McCain really had done was some work in the Senate Committee on Commerce, Science and Transportation that arguably helped create market conditions in which the BlackBerry thrived. But why split hairs?

Matters grew even dicier when the GOP decided to sell off the computers and smart phones that the McCain campaign had provided to staffers for use during the campaign. Problem was, the McCain folks forgot to wipe the data from some of the BlackBerry phones it sold, and several went out the door with sensitive information still on them , including the phone numbers of several prominent political figures who had worked with the campaign.

Obama's campaign wasn't perfect either. The nominee's attempt to be the first candidate in history to announce his choice for vice president via text message, uh, failed. The announcement that Joe Biden was the guy went out in the middle of the night on August 24, but not before the news had been leaked to and reported by CNN reporter John King.

Princess Leia reporting from Chicago for CNN
CNN claimed a breakthrough on election night by "beaming in" a 3D image of reporter Jessica Yellin to a CNN studio in New York to talk to commentator Wolf Blitzer. You know, like in Star Wars. Yellin spent half of her air time going on about how it worked and how cool it was, explaining that she was actually inside a tent in Chicago's Grant Park where 35 cameras spun around her taking images that were processed by 20 computers.

But it wasn't really a hologram. Rather, Yellin's image was simply overlaid on top of the CNN broadcast feed. When Blitzer stood in the New York studio and said "You're a terrific hologram," he was talking to thin air.

The year in iPhone apps
Apple won't sell just any piece-of-crap iPhone app at its App Store. Still, a couple of things in 2008 left me a little confused about the vetting process used to decide which apps make it in and which don't. On the one hand, you can buy Cow Toss, an app for your iPhone that lets you throw cows around the device's screen. But on the other, you can't buy iBoobs , perhaps the best use of the iPhone's accelerometer feature I've seen to date.

Never mind, though. You can still buy an app called Hold On, whose sole purpose is to time how long you can keep your fingertip pressed on a large white button on a red screen.

For a while there, the App Store was selling an application called I Am Rich, which sold for -- get this -- $1,000. The app did basically nothing other than plant a red jewel thing on the iPhone's menu screen, sending to all the world the message (as creator Armin Heinrich puts it) that "I can afford to buy a $1000 iPhone app" or (maybe more likely) "I am profoundly stupid." Yet something like eight people set aside their Neiman Marcus catalogs long enough to purchase the app--a bargain at one-third the price of a limited-edition Jay Strongwater Nutcracker Figurine . Developer Heinrich told the Los Angeles Times that he earned $5,880 for his trouble, while Apple snapped up a tidy $2,520, its standard 30 percent cut of app sales.

Effective employee relations during difficult times
In perhaps the e-mail dummheit of the year, the media consulting firm Carat accidentally shared with its employees both the news of impending layoffs, and the cool and calculated ways it intended to communicate them. The e-mail message, which was intended only for senior managers, included a PowerPoint slide show with talking points (obtained by AdAge). From the talking points:

"If you would like to go home today and come back tomorrow to clean out your desk or office, you are free to do so. We would like you to meet with your manager following our meeting to transition your work. We will be communicating to your team today. Your manager will be contacting clients. We ask that you do not contact your clients to discuss this situation."

The e-mail was sent out by Carat's top HR exec in New York. I can only imagine the scene: panic, screaming, high heels running down a well-appointed hallway toward the IT office. The company's IT department tried to pull back the wayward e-mail, but failed.

And on and on...until next year
So that's about all the dopey tech moments I could remember from 2008. I'm sure I've neglected a few good ones, so please chime in in the Comments section to relive some more special moments from 2008. At this point 2009 looks like it's going to be a tough year in tech (and everywhere else), but here's hoping that we can have a few laughs along the way, and that it's not all gallows humor. Happy New Year, everybody.

PC World is an InfoWorld affiliate.

Gmail notice touts Chrome and Firefox, dismisses IE

Google is pushing users of its Gmail e-mail service to dump Microsoft's Internet Explorer for its own Chrome browser or Mozilla 's Firefox .

When users of IE6 reach Gmail.com, a "Get faster Gmail" message appears in the Web-based service's menu bar. The message, in turn, links to a page on Google's Web site that touts Chrome and Firefox 3 as being "twice as fast" at running Gmail.

[ For more on the Browser battles check out Firefox 3.1 vs. Chrome vs. IE 8 | Also, see the special report on Google's open source Chrome browser and related story "Firefox fights back." ]

Last week, the Gmail site also displayed the message to users browsing with Microsoft's IE7, but Google has since discarded that version of the notice. Users running other browsers, including Apple's Safari and Opera Software ASA's namesake browser, haven't been shown the speed-up message.

Google currently lists IE7, Firefox 2.0 and later releases, Chrome and Safari as the only supported browsers for Gmail . Others, including Opera and older editions of IE, Firefox and Safari, can be used to access the e-mail service but aren't able to handle some of its features.

More than 21 percent of users who browsed the Internet last month ran IE6, according to Web metrics company Net Applications. IE7, meanwhile, accounted for about 48 percent of the browser market during November, with Firefox 3 in third place with nearly 16 percent.

Google has been aggressively marketing Chrome since it stripped the browser of its beta label earlier this month. A day later, for example, Google dropped Firefox as the default browser bundled with Google Pack application bundle and added Chrome in its place.

Google, Mozilla, and WebKit -- the open-source project that provides the engine for Apple's Safari -- have spent much of the second half of this year trumpeting JavaScript performance improvements , a necessary move, they say, to make Gmail and other Web applications run at speeds similar to that of traditional desktop software.

Computerworld is an InfoWorld affiliate.

Microsoft: MD5 hack poses no major threats to users

In reaction to the news today that security researchers have come up with a way to spoof the digital certificates that secure many Web sites, Microsoft downplayed the threat to users.

In a security advisory , Microsoft acknowledged the disclosure earlier in the day of an exploit of long-known bugs in the MD5 hashing algorithm used to create the digital certificates that in turn provide proof of a secure connection between users and Web sites. But the software vendor minimized the danger that users could face.

[ Related: "Researchers devise undetectable phishing attack" | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information," said Microsoft. The company added that it wasn't aware of any actual attacks using the techniques described by an international team of researchers from Germany, the Netherlands, Switzerland, and the U.S.

Microsoft also noted that most of the certificate authority vendors that issue digital certificates have abandoned MD5 and upgraded to the more secure SHA-1 algorithm.

However, there are several notable exceptions that still rely on MD5, including VeriSign 's RapidSSL.com certificate authorization scheme. The researchers, who presented their findings at a security conference in Berlin today, said they in fact were able to hack RapidSSL.com and produce fake digital certificates.

A more stringent class of digital certificates, dubbed Extended Validation, are always signed using SHA-1, Microsoft added. "As such, [they] are not affected by this newly reported research," the company's advisory read.

Extended Validation, or EV certificates, are supported by all current Web browsers, which display a special icon or shade the address bar when the user surfs to a site secured by one. Microsoft's own Internet Explorer , for instance, turns the entire address bar green when it encounters a site secured by an EV certificate, while Mozilla 's Firefox tints part of its address bar the same color.

Although Microsoft didn't offer any specific steps for users to take to protect themselves in light of today's disclosures, it urged them to keep Windows updated with the latest software patches.

Microsoft wasn't the only company that responded to the news about the exploit of the MD5 bug. Earlier today, Mozilla also acknowledged that the MD5 algorithm could be hacked and that phony digital certificates could be created as a result.

"This is not an attack on a Mozilla product, but we are nevertheless working with affected certificate authorities to ensure that their issuing processes are updated to prevent this threat," Johnathan Nightingale, a Mozilla spokesman on security issues, wrote in an entry posted on the company's blog. Like Microsoft's advisory, Nightingale's warning also said that Mozilla hadn't seen any evidence of actual attacks.

Even so, Nightingale recommended that Firefox users remain watchful. "We advise users to exercise caution when interacting with sites that require sensitive information, particularly when using public Internet connections," he wrote.

Computerworld is an InfoWorld affiliate.

Steve Jobs health rumor resurfaces

Apple's stock fell abruptly on Tuesday, but later recovered some ground, after an online report said CEO Steve Jobs bowed out of next week's Macworld Expo keynote address because of declining health.

In a report it labeled "rumor," the gadget blog Gizmodo quoted an unnamed source as saying Apple "is choosing to remove the hype factor strategically" by holding the keynote without Jobs, whose "health is rapidly declining." Gizmodo said the source had been correct in the past, though only about Apple products and not about Jobs. Apple did not comment for the Gizmodo post and did not immediately respond to IDG News Service requests for comment.

[ Related: "No Jobs keynote at Macworld '09." ]

Apple's Nasdaq stock (AAPL), which had closed at $86.61 on Monday, fell as low as $84.72, a drop of about 2 percent. But shares ended the day at $86.29, down just $0.32, or 0.37 percent.

Apple announced on Dec. 16 that Phil Schiller, senior vice president of worldwide product marketing, would deliver the keynote at Macworld Expo in San Francisco on Jan. 6. For many years since he returned to Apple in 1997, Jobs has given that speech and used it as a launch platform for important products, including the iPhone in 2007 and the MacBook Air in 2008.

At the same time, Apple said it would stop exhibiting at Macworld Expo after the January event. The company said trade shows had become a minor part of its marketing strategy.

Concerns have been raised about Jobs's health since his appearance at Apple's Worldwide Developer Conference in June, when some observers said he appeared gaunt. Jobs said in 2004 that he had undergone surgery for pancreatic cancer. On Oct. 3, Apple shares fell more than 10 percent after a report that Jobs had suffered a major heart attack. The stock recovered after Apple said the report, from a "citizen journalist" on an unfiltered section of CNN's Web site, wasn't true.

How smart are you really when it comes to tech?

These days, being skilled is critical to keeping your tech or IT job, not just to advance. It's hard to know, of course, what you really know. That's where we can help.

Perhaps job status is not your concern: You simply like to challenge yourself. We can help there as well.

How? Through our series of quizzes from IT and tech experts.

Each of our quizzes follows the same structure: Just answer our 20 questions and see how well you rate. Correct responses are worth 5 points.

Ready? Then put your tech knowledge and IT savvy to the test:
* 2008 tech news-in-review quiz
* Windows administrator quiz
* Linux administrator quiz
* Geek IQ quiz 2008 edition
* Geek IQ quiz 2007 edition
* Programming IQ quiz
* Network security quiz
* DBA skills quiz
* Tech celebrity quiz

Green IT's slow growth

Could saving the Earth -- and your company's bottom line -- be as simple as using fresh air to cool your datacenter?

It's not quite that simple, but it can be one step toward those goals because companies that use natural air to cool their facilities are seeing big benefits on both the environmental and financial fronts. In fact, IT leaders, analysts and environmental advocates say there are plenty of opportunities for tech organizations to create more Earth-friendly operations that cut energy needs and slash a company's carbon footprint while saving money, too.

[ Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

But many organizations still aren't capitalizing on such initiatives -- even the ones that are relatively easy and inexpensive to implement.

IT executives who responded to Computerworld 's annual Forecast survey seem to echo that reluctance. Nearly half (42 percent) said their IT departments have no plans to launch projects in the next 12 months to reduce energy consumption or carbon emissions, and nearly three quarters reported no plans to create committees to oversee energy-saving initiatives.

Yet experts say organizations that ignore green computing now are going to have to catch up if they want to stay competitive. "The green issue is not going to go away. There's too much at stake," says Rakesh Kumar, an analyst at Gartner.

That's not to say IT leaders don't have their reasons for staying away from green computing. Kumar says some of them think it's a fad. Christopher Mines, an analyst at Forrester, says others believe global warming is a crock and that there's no need to act on the issue, or they see green as merely increasing expenses.

Many others are nervous about reworking established systems and processes. "The last thing these people want to do is take a screwdriver to IT processes that work and start re-engineering them to make them more efficient," Mines says.

Early adopters
Increasingly, however, IT leaders and other executives are putting aside such concerns and pushing for green IT initiatives.

When IDC surveyed 300 CEOs for its September 2008 "U.S. Green IT Survey," 44 percent of the respondents said that IT will play a very important role in their organizations' efforts to reduce their environmental impact. Compare that to the 2007 survey, in which only 14 percent of CEOs said they felt that way.

The 2008 survey also showed that energy costs were the most pressing reason for the adoption of green IT.

"We don't see many or indeed any companies that are hesitant to explore green IT projects," IDC analyst Vernon Turner wrote in an e-mail on this topic. "In fact, the scary thing is where to start, and it may be that reason why there is somewhat a feeling of lost souls. There has been a lot of marketing by the IT vendor community around green, and I think that CEOs and CIOs are 'green-washed' by it."

To be sure, developing enterprisewide green policies is a major undertaking. On the other hand, IT departments can implement some green IT initiatives without reworking entire policies, processes and procedures -- and without spending a lot of cash.

Moreover, they can sell management on these projects based not just on the initiatives' environmental merits but on their financial rewards as well.

"A lot of stuff is going to give you a short-term payback," Kumar says. He says that given today's economy, CIOs should focus on green initiatives that will have paybacks well within 18 months. Projects with such quick ROI range from reducing energy demands by enabling more telecommuting and teleconferencing to consolidating datacenters, he says.

"These, in our opinion, equal green IT," Kumar says.

With so many focused on reducing energy demand, IT organizations can easily sell initiatives that reduce power consumption -- a quick way to save money and become green, says Katharine Kaplan, product manager at Energy Star for Consumer Electronics and IT at the U.S. Environmental Protection Agency.

"Power management is probably one of the easiest, low-cost ways to get big, big savings," Kaplan says, pointing out that using power management features on desktop PCs can save $50 per computer per year. Enabling power management tools on monitors can save another $12 to $90 annually per monitor.

Becky Blalock, senior vice president and CIO at Southern Co., an Atlanta-based energy company, says her organization is implementing power management technology to ensure that its 26,000 desktops are asleep at night and during other times of inactivity. Although the numbers aren't in yet, Blalock says she expects high savings throughout the organization.

Managing desktops is just the start, says Henry Wong, senior staff technologist in the eco-technology program office at Intel Corp. He points out that better asset management is another simple step that can cut energy demand and costs. Just examine your operations to identify and turn off any device that isn't used or needed.

Mark O'Gara, vice president of infrastructure management at Highmark, a health insurance company in Pittsburgh, says he's examining the need for any device that draws power -- any fax machine, printer, or copier -- and figuring how to reduce its energy demands by either using power management tools or getting rid of the device. He says he's working with the company's facilities department to get baseline readings so he'll be able to measure progress.

"You can start to see what energy we use, find opportunities to reduce power costs and find ways to reduce it through capital improvements," O'Gara says.

Another quick way to introduce green benefits that have financial paybacks is through refresh initiatives and procurement policies, says Michelle Erickson, initiative director of the sustainable IT program in global operations and technology at Citigroup Inc. in New York. For example, Citi is looking at implementing thin clients, which, because they have lower power needs, save money and reduce the company's carbon footprint.

Erickson also recommends setting procurement policies that specify that new equipment must be Energy Star-complaint, thereby ensuring that the company is getting more energy-efficient computers. And with new Energy Star standards rolling out in 2009, the policy will apply to servers too.

Similar strategies can be employed in the data center, Wong says. Look at the machines you have, and consolidate where you can to maximize the use of each server -- but make sure that you can still meet the needs of your business units.

"We did this at Intel and had a $3 million cost avoidance," Wong says. The dollar savings came from not having to build a new physical structure and pay for that new building's ongoing maintenance. As for the green benefits, there's less demand for power and new equipment.

"You can see another building that doesn't have to exist anymore. And it's the HVAC system, the people, the maintenance area -- it's not just IT. That's a really big to-do," Wong adds.

But even organizations that aren't ready for those kinds of projects can simply start by controlling the temperature, Wong says. Although it will be necessary to monitor the humidity when doing so, most companies can raise the temperature at least a few degrees and start lowering their air conditioning demands. And don't forget about using that natural air for cooling.

It might not be the biggest step, but it's a start.

Pratt is a Computerworld contributing writer in Waltham, Mass. Contact her at marykpratt@verizon.net.

Computerworld is an InfoWorld affiliate.

Researchers devise undetectable phishing attack

With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.

To do this, they've exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign's RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Hashes are used to create a "fingerprint" for a document, a number that is supposed to uniquely identify a given document and is easily calculated to verify that the document has not been modified in transit. The MD5 hashing algorithm, however, is flawed, making it possible to create two different documents that have the same hash value. This is how someone could create a certificate for a phishing site having the same fingerprint as the certificate for the genuine site.

Using their farm of Playstation 3 machines, the researchers built a "rogue certificate authority" that could then issue bogus certificates that would be trusted by virtually any browser. The Playstation's Cell processor is popular with code breakers because it is particularly good at performing cryptographic functions.

They plan to present their findings at the Chaos Communication Congress hacker conference, held in Berlin Tuesday, in a talk that has already been the subject of some speculation in the Internet security community.

The research work was done by an international team that included independent researchers Jacob Appelbaum and Alexander Sotirov, as well as computer scientists from the Centrum Wiskunde & Informatica, the Ecole Polytechnique Federale de Lausanne, the Eindhoven University of Technology and the University of California, Berkeley.

Although the researchers believe that a real-world attack using their techniques is unlikely, they say that their work shows that the MD5 hashing algorithm should no longer be used by the certificate authority companies that issue digital certificates. "It's a wake up call for anyone still using MD5," said David Molnar a Berkeley graduate student who worked on the project.

In addition to Rapidssl.com, TC TrustCenter AG, RSA Data Security, Thawte and Verisign.co.jp all use MD5 to generate their certificates, the researchers say.

Launching an attack is hard, because the bad guys must first trick a victim into visiting the malicious Web site that hosts the fake digital certificate. This could be done, however, by using what's called a man-in-the-middle attack. Last August, security researcher Dan Kaminsky showed how a major flaw in the Internet's Domain Name System could be used to launch man-in-the-middle attacks. With this latest research, it's now become easier to launch this type of attack against Web sites are secured using SSL (Secure Sockets Layer) encryption, which relies on trustworthy digital certificates.

"You can use kaminsky's DNS bug, combined with this to get virtually undetectable phishing," Molnar said.

"This isn't a pie-in-the-sky talk about what may happen or what someone might be able to do, this is a demonstration of what they actually did with the results to prove it," wrote HD Moore, director of security research at BreakingPoint Systems, in a blog posting on the talk.

Cryptographers have been gradually chipping away at the security of MD5 since 2004, when a team lead by Shandong University's Wang Xiaoyun demonstrated flaws in the algorithm.

Given the state of research into MD5, certificate authorities should have upgraded to more secure algorithms such as SHA-1 (Secure Hash Algorithm-1) "years ago," said Bruce Schneier, a noted cryptography expert and the chief security technology officer with BT.

RapidSSL.com will stop issuing MD5 certificates by the end of January and is looking at how to encourage its customers to move to new digital certificates after that, said Tim Callan, vice president of product marketing with Verisign.

But first, the company wants to get a good look at this latest research. Molnar and his team had communicated their findings to Verisign indirectly, via Microsoft, but they have not spoken directly with Verisign, out of fear that the company might take legal action to quash their talk. In the past, companies have sometimes obtained court orders to prevent researchers from talking at hacking conferences.

Callan said that he wished that Verisign had been given more information. "I can't express how disappointed I am that bloggers and journalists are being briefed on this but we're not, considering that we're the people who have to actually respond."

While Schneier said he was impressed by the math behind this latest research, he said that there are already far more important security problems on the Internet -- weaknesses that expose large databases of sensitive information, for example.

"It doesn't matter if you get a fake MD5 certificate, because you never check your certs anyway," he said. "There are dozens of ways to fake that and this is yet another."

Microsoft refutes Windows Media Player vulnerability

Microsoft is denying that an alleged vulnerability affecting its Windows Media Player software, identified by a security researcher on Christmas Eve, is a security risk for PC users.

On a company blog Monday, Microsoft said the laims posted on SecurityFocus's Bugtraq site on Dec. 24 that a bug in Windows Media Player 9, 10 or 11 on Windows XP or Vista allowed remote code execution are "false." Dec. 24 is known in much of the world as Christmas Eve, the night before the annual Christmas holiday.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"We’ve found no possibility for code execution in this issue," according to a Microsoft Security Response Center blog entry .

Microsoft acknowledged that the code posted on Bugtraq does crash Windows Media Player, Microsoft's software for playing music and video files, but the application can be restarted "right away" and doesn't affect the rest of the system.

Microsoft also in the blog entry criticizes the security researcher, identified as Laurent Gaffié on the Bugtraq post, for not reporting the vulnerability to the company when it was first found so the claim could be dismissed earlier.

"If he had, we would’ve done the exact same investigation we just completed," according to the blog entry. "When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information and ultimately closed the case if we didn’t find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year."

Microsoft said it began investigating the report of the vulnerability as soon as it was posted late Christmas Eve, and that researchers worked over the holiday period to look into the situation.

Microsoft ultimately discovered that the so-called vulnerability was part of "ongoing code maintenance" and that it's already been addressed in Windows Server 2003 Service Pack 2. Microsoft plans to address the problem in future versions of its software.

Top 10 tech embarrassments you'll want to avoid

Call it the "oh-no second." You know -- the interval between clicking the Send button on a private e-mail and realizing you just cc'd the entire universe.

But it's not just e-mail. Thanks to the ease, speed, and reach of technology, we now have the potential to be bigger doofuses in front of more people than at any other time in history.

[ Also read InfoWorld's top underreported tech stories of 2008 and the top 10 stories of 2008. ]

For example, nothing says "I am a professional" more than intimate messages from loved ones popping up on screen during a presentation to the board. Then there are the pricey pocket-size gadgets that always seem to wind up in the swimming pool, the washing machine, or worse. Don't forget about social networks that allow you to get up close and personal with the mucous membranes of complete strangers. And if you're wearing a wireless microphone while you read this, turn it off now. You'll thank us later.

Here's a comforting thought: Whatever mortifying things you've done, somebody else has probably done worse. In fact, following are ten examples of real people who have been shamed by technology, along with some ways you can avoid a similar fate -- lest you end up in articles like this one.

Tech Embarrassment 1: Bad husband, no nookie
Making snide sexual comments about someone in an e-mail and then accidentally sending it to them is embarrassing. Making snide sexual comments about your wife's colleagues -- and accidentally copying her boss on the message -- is a recipe for unemployment...if not celibacy.

Mike, a book author in New York, learned that the hard way.

"I was writing about a Christmas party thrown by my wife's employer," he says. "She's a professor of nursing, and they had an annual 'Nurses Ball' for faculty and student nurses. I sent one of my frequent 'what we're doing now' e-mails to several friends, and I accidentally included the dean of the nursing school where my wife taught. I jokingly referred to the party as the annual 'balling of the nurses.'"

In his defense, Mike says he was taking medication at the time. As for the dean: "I don't believe she was at all happy with me," he writes, "which may be why my wife no longer teaches there.'"

How to avoid having this happen to you: Before you send your pharmaceutically enhanced e-mail, try on a pair of Google Mail Goggles, which make you solve simple math problems before sending late-night Gmail missives.

Tech Embarrassment 2: Is that a laser pointer, or are you just happy to see me?
You can probably think of many things that you don't want to see displayed on a wall of a classroom, but there's one thing in particular that you don't want to see ten times larger than life.

Karen, a technology instructor in Texas, was showing a roomful of teachers how easy it was to get onto the Apple Learning Interchange. She writes:

"My computer desktop was being projected up on a 5-by-5-foot screen. I started typing the Apple Web address in my browser. Unfortunately, I mistyped one little letter -- and suddenly there appeared lots and lots of mad, male porn on the screen. The faster I closed the boxes, the faster new ones appeared. My copresenter was laughing too hard to help me."

After a few seconds (which she says seemed like a few years), Karen managed to turn off the projector. Fortunately, the audience was amused. Maybe they learned a few things.

How to avoid having this happen to you: Bookmark the URLs you need before you get up in front of the crowd. And bone up on your Ron Jeremy jokes, just in case.

Tech Embarrassment 3: The audience is listening
Christopher Buttner, founder of PRThatRocks in Northern California, had just finished a two-hour speaking engagement in front of a large university crowd when he dashed off to the loo for a long-awaited respite. With his wireless microphone still on.

"I had to go so badly that when I made it to the urinal, I let out an incredibly loud moan of pleasure, augmented by the sound of streaming water-on-water," he writes. "The wireless lavalier mic I was wearing was still broadcasting live through the PA system in the lecture hall. My lecture, and subsequent moment of relief, was also being recorded."

When he returned to the hall, Buttner received a standing ovation. And, apparently, immortality. "I think my moaning sound sample, and various water-on-water audio clips, are used in a sound library somewhere at a major digital recording institute in Northern California," he says.

How to avoid having this happen to you: If you can't remember to unclip the mic, be sure to strap on a Motorman's Friend.

Tech Embarrassment 4: Your cell phone is not a flotation device
We don't know what it is about smart phones, but they seem magnetically attracted to bodies of water -- particularly in the bathroom.

Patti Wood, a motivational speaker in Georgia brave enough to use her full name, writes:

"I was in a hotel room, talking to my sister on the cell phone while I put on makeup to give a speech. I got mascara in my eye, so I reached over the toilet to get some tissue. Sure enough, I blinked, and the cell phone dropped into the toilet. I reached in and grabbed it soaking wet, and managed to dry it off. It is still my cell phone. My sister still teases me about talking on the phone near the toilet."

Not to be outdone, Jill, a chef (and CrackBerry addict) in Chicago, says she was on a flight home and really had to use the facilities. So, she...

"...went to the lav and sat down, and heard a disheartening 'thunk.' It was my BlackBerry hitting the airplane toilet -- never to return to my hands. In my confusion and rushing to make the flight, I had slipped it into my back pocket before getting on the plane, and I forgot to take it out."

Fortunately, she had both insurance and current backups of all her data. Less than a day later, she was up and cracking again.

How to avoid having this happen to you: When you really gotta go, leave the phone behind. And be sure to back up your mobile data daily, just in case.

Tech Embarrassment 5: When you animate e-mail, the terrorists win
Generally it's a bad idea to send e-mail with cute little animations embedded. But if you must send e-mail with cute little animations, don't do it the day after a national tragedy.

Neal, an executive with an Internet consulting firm in Georgia, shares a story about working for a small midwestern Web agency in 2001 that had just opened an office in New York:

"We were planning to have an open house in early October. The e-mail invitation was scheduled to go out on September 12 (yes, one day after 9/11). That morning I told the owner's secretary not to send the invitation because nobody was in the mood for a party in New York. I was overruled, and the secretary pressed the Send button. The invitation embedded a small animation: An airplane leaving Milwaukee and flying to New York City -- directly toward the Twin Towers."

Within a minute the phones started ringing. Angry e-mail poured in. Neal says the company disabled the animation, but it was too late. The party never happened, and the New York office closed shortly thereafter.

How to avoid having this happen to you: Did we mention that it's a bad idea to send e-mail with animations inside?

Tech Embarrassment 6: Change your wiki ways
Getting caught "sprucing up" your own Wikipedia entry is embarrassing. Getting caught doing it for your girlfriend -- and then breaking up with her via Wikipedia -- can only mean one thing: You're Jimmy "Jimbo" Wales, founder of the online encyclopedia.

In February 2008, Wales publicly dumped former Fox News commentator Rachel Marsden after a brief fling, following accusations that he had changed Marsden's Wikipedia entry to be friendlier to her. She apparently found out by reading a statement he'd posted to his personal Wikipedia page (now since moved to his own blog).

Marsden responded via an e-mail that magically found its way to Valleywag:

"You are the sleazebag I always suspected you were, and [I] should have listened more carefully to my gut instincts -- and to my friends. No, in fact, you are much, much worse than I ever expected. You are an absolute creep, and it was a colossal mistake on my part to have gotten involved with you....There is nothing good left to say whatsoever. Goodbye Jimmy, and good riddance."

After sending the e-mail, Marsden sold clothes that Wales had left at her apartment on eBay.

For the record, Wales denies giving Marsden special treatment. We suspect she doesn't think it was all that special either.

How to avoid having this happen to you: 1. Don't date Jimmy Wales. 2. Don't date Rachel Marsden. 3. And if you must date either of these people, don't leave dirty laundry behind.

Tech Embarrassment 7: Good morning...now please clean out your desk
Firing people via e-mail is truly tacky. Writing a sample fired-by-e-mail message for the bosses to review -- and then sending it to the entire company instead -- is something worthy of "The Office."

But on September 3, employees at a struggling New York ad agency came to work and found the following message in their inboxes:

"I have some difficult news which that affects you and your position with the company. Based on the continued reduction in our client's' spend ...we no longer have a role for you. ...Your last day with the company will be _____________. If you would like to go home today and come back tomorrow to clean out your desk or office, you are free to do so."

According to Roger Matus, author of the Death By Email blog and CEO of InBoxer, that message was to be sent to 10 percent of the employees at New York's Carat agency after approval by senior management. Instead, everybody got it -- along with detailed charts, PowerPoint slides, and strategy memos for the as-yet-unannounced companywide reorg.

Did we mention that the person who sent it was the company's "Chief People Officer"? We're guessing there's at least one person at Carat who was asked to clean out her desk.

How to avoid having this happen to you: Get an enterprisewide e-mail management system from a company like InBoxer or Permessa. And, really, drop the cute job titles -- it isn't 1998 anymore.

Tech Embarrassment 8: Don't show, don't tell
When your computer is hooked up to the big projector in the room, you want to give off a professional impression. That doesn't include intimate chat with your lover boy.

Laura, a tattoo artist in Pennsylvania, was in a computer training class when she decided to check her e-mail.

"Halfway through [my] reading a scandalous e-mail from a then-boyfriend, someone said, 'Um...you probably want to get off of that,'" she writes. "I forgot that the computer I was using was the 'sample' screen broadcast in front of the whole audience."

Jennifer, a PR associate in California, says she was giving a presentation during a meeting when her Outlook e-mail kept appearing on screen.

"At the time, I was dating this guy that kept calling me Babydoll," she says. "He sent me an e-mail saying, 'Hi Babydoll, last night was great ;-)'"

How to avoid having this happen to you: Unless you absolutely need to go online during your dog and pony show, disconnect from the Net first, Babydoll.

Tech Embarrassment 9: Photo no-nos
The embarrassing online photo is such a staple of the Internet age that we dedicated an entire story to it earlier this fall. Even then we missed a few good ones from people who really should know better. If these guys aren't embarrassed, they should be.

Like Sergey Brin in drag, for example. As a Stanford undergrad, the Google co-founder apparently liked to explore his feminine side.

Not to be outdone, blogger Chris Pirillo is just 10 fingers away from an obscenity charge in this candid outdoor shot taken somewhere in Alaska. We understand he has unusually large hands. Really.

Meanwhile, tech blogger Robert Scoble makes Pirillo look like Brad Pitt with this PR photo for his Naked Conversations book, substituting a laptop for a big pair of mitts. We think Bob needs a bigger computer -- much, much bigger.

(Thanks to former Valleywagger Nick Douglas for digging these up in the first place.)

How to avoid having this happen to you: 1. Learn how to use Photoshop. 2. For pics that escaped in your carefree college days before you sobered up and got a real job, services such as Reputation Defender will search for and destroy them for a fee.

Tech Embarrassment 10: Twitterhead
Twitter and other microblogs have inspired folks to share everything. And we mean everything. If you can say it in 140 characters or less, it's guaranteed somebody has said it on Twitter.

Here are tweets from five different Twitterati found via search.twitter.com. These people should be embarrassed, but probably aren't.

(Note: That last tweet actually linked to an eBay auction for bowls.)

People, people, people. Please. Does the phrase "too much information" mean anything to you?

How to avoid having this happen to you: Besides deleting all your gross friends, using tools such as Twits Like Me or Twubble can help you find Twitter users who share your interests in (we hope) less earthy matters.

Contributing Editor Dan Tynan likes to embarrass his wife and children on a regular basis. The rest of the time he tends his blogs, Culture Crash and Tynan on Tech. PC World is an InfoWorld affiliate.

Offshoring and outsourcing in 2009: What does the future hold?

All things considered, 2008 was a relatively stable year for the IT services industry. Deals got smaller and shorter, but they grew in number. The second tier providers and Indian vendors did well, along with Accenture and IBM Global Services. The outlier was EDS, where weakness led to its acquisition by Hewlett-Packard.

IT outsourcing providers were largely unscathed by the economic downturn throughout much of the year. "It took almost two quarters for the effects of the slowdown to manifest in providers' financial statements," says Eugene Kublanov, CEO of San Ramon, Calif.-based outsourcing advisory NeoIT. By the end of this year, however, CIOs became too distracted by the economic destruction surround them to do any outsourcing deals. "As the markets crumbled and CIOs were confronted with the prospects of their personal employment, naturally, decision-making around strategic cost cutting and efficiency took a back seat," says Kublanov.

[ Avoid business-damaging nightmares; read "Painful lessons from IT outsourcing gone bad" | And if your IT job is moving overseas, maybe you should too. Find out where the hot jobs are abroad and what it takes to move where those jobs are, in InfoWorld's "offshore yourself" special report. ]

That's all poised to change in 2009. The only problem is, that may be bad news for both IT services providers and their IT leader customers.

Back to the future: More -- not better -- outsourcing
"Whenever there's a downturn people outsource more, not less," says Gartner analyst Linda Cohen. "Organizations want to take costs out wherever they can. CFOs are pounding on their CIOs to just outsource it, just offshore it."

"The difficult economic conditions will push companies further than before to consider what stays in house and what gets done by others," agrees NeoIT's Kublanov. "Additionally, demands by the business for further cost reduction will need to be addressed in an environment where many companies have already leveraged labor arbitrage to source the low-hanging fruit."

CIOs may sign hasty deals for a short-term returns. In a case of what Cohen calls "convenient amnesia," IT leaders may forget all the lessons they learned rushing into bad outsourcing arrangements and chasing elusive benefits. "Everyone has a gun to their head right now," she says. "But the financial voodoo of outsourcing deals doesn't work. You have to accept the reality that if you hand your mess over to a vendor, you're going to eventually have to pay for that burden they take off your plate. You can pay it now or pay it later, but you're going to have to pay."

Bad deals can lead to degradation in service performance and price increases down the line. Smart buyers will ask for shorter term lengths, but in times of economic pressure rational thinking is hard to come by. "People do bad deals for short-sighted reasons," Cohen says. "We've seen it before and we'll see it again."

For vendors: Pain at the margins
Service providers will be only too happy to sign on any new business in 2009. "They're chasing the albatross of quarter-to-quarter earnings," says Cohen. Outsourcers may do anything for revenue, even if it's outside of their sweet spot. It'll be like 2001 all over again. "It looks like good revenue, but in the later years, the provider starts to see profit problems," says Cohen. Then the customer starts getting his "A" team replaced by a "D" team, prices creep up, everything is a change order."

Providers with cash will be king, giving Indian vendors the upper hand. They may try to buy up second-tier companies in the United States, Europe, and Asia, or buy into deals at a discount, just to get a foothold in the United States. They will even buy up customer assets, something they've been unwilling to do in the past. "They'll do anything for cash," says Cohen. But as with any other contract, "a deal that looks too good to be true will read better than it lives."

But the offshore providers will face the additional pressure on their margins as the dollar continues to depreciate.

Outsourcing innovation: Transformation? What transformation?
Remember all that talk about how an IT services provider could be your partner in innovation? Forget about it.

"The focus will shift away from open-ended efforts," says Stan Lepeak, research director of outsourcing consultancy EquaTerra. "Buyers will not have much appetite for transformation in 2009."

"Innovation or big solution implementations will slow down dramatically," agrees Cohen, "unless you prove I'm going to get back in cost improvements a lot more than I put out and it would have to be a pretty rapid ROI for any transformation."

One bright spot: The sustainability of green
Although outsourced innovation will be set aside in 2009, the greening of IT outsourcing deals will not... if only because sustainability can mean cost savings. "Purely environmental desires will take a back seat to explicit cost savings desires," says Lepeak of EquaTerra. "But green that hits the bottom line will flourish."

The only question is-who will see that benefit on their bottom lines?

"There will be a push by buyers on service providers to lower their cost of operations by employing green techniques and pass that savings on to the buyer," says Cohen. "Service providers are trying to go green for own profitability. Buyers will push for that to become a cost improvement for themselves rather than a profitability and performance for the vendor."

CIO.com is an InfoWorld affiliate.

AT&T restores service after outages

AT&T on Monday said it had restored service after power outages and bad weather caused its service to go down in parts of the United States.

A power failure hit an AT&T facility in Bloomfield, Mich., on Sunday morning local time, which caused mobile service disruption in parts of the midwest region of the United States, the company said on Sunday.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

Though most services were back up on Sunday, AT&T said some customers may have experienced "sporadic service issues" on Monday as it "rebooted equipment impacted by power outages," the company wrote on its Twitter page. However, as of a few hours ago, AT&T said it had fully restored services.

Frustrated AT&T subscribers on Sunday reported cell phone and data services being affected in multiple states and major cities such as Chicago from the outage. Some users also reported not being able to access AT&T's data network using Apple's iPhone or Research In Motion's BlackBerry mobile devices.

"As I write this, some 10 hours after the outage began, I don’t have many facts other than my Blackberry didn’t work for about 9 hours today," wrote blogger Matt Friedman on the Tanner and Friedman blog.

AT&T did not respond to request for comment about the outage.

Windows 7 takes shape

We all knew it was coming, but now it feels real. With its debut to select developers in November, Windows 7 is no longer just a label but a real OS. And the public beta is expected this spring.

Those expecting a radical redo of Windows will be disappointed; Microsoft CEO Steve Ballmer and other company executives call it a fixed Vista. And a fixed Vista will be welcome to users who found the operating system's security controls, new interface, and application compatibilities woes to be very off-putting. (Whether they'll like the revamped Windows 7 UI remains an open question -- it's already received criticism.)

[ Can your PC run Windows 7? Find out with InfoWorld's free Windows Sentinel performance monitoring tool. ]

IT will like Windows 7 because by the time it ships in early 2010, the app compatibility issue will have resolved itself (by then, most apps will have been updated for Vista, which should make them work in Windows 7), the underlying platform will be much more stable and proven, and the revamped security interface should make it easier for IT to protect their businesses without worrying about users turning off security in protest -- as happens in Vista.

With Windows 7, users can expect essentially the same performance as with Vista SP2, according to InfoWorld Test Center benchmarks. Given how much slower Vista was compared to Windows XP, that's a positive development. In its "pre-beta" form at least, Windows 7 looks to notably boot faster than Vista does.

Windows 7 is more than just a more-mature Vista. Microsoft plans to add new technology such as yet another version of its taskbar, streamlined file lists called libraries, and touch support, as well as improve some Vista features such as desktop gadgets and its backup facility that could outdo Apple's beloved Time Machine.

Acer launches laptop with Intel's quad-core chip

Acer launched on Monday a powerful quad-core laptop at a price that may appeal to buyers on a budget.

The company's Aspire 8930G-7665 laptop is designed as a gaming laptop or desktop replacement. The laptop is powered by Intel's Core 2 Quad mobile processor with four cores that runs at up to 2.0GHz and includes 6MB of cache, according to Acer.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

With a starting price of $1,799, Acer's laptop could be a bargain compared to expensive quad-core laptops from the world's top PC vendors. Hewlett-Packard and Dell both offer quad-core laptops as either gaming laptops or mobile workstations with prices starting at over $2,000. Acer is the world's third-largest PC vendor behind HP and Dell, according to analyst firm IDC.

The laptop includes an 18.4-inch screen that can display high-definition images and video. It also includes 4GB of RAM, Nvidia's GeForce 9700M GT graphics card with 512MB of video memory, a 500GB hard drive, a Blu-ray Disc drive and Wi-Fi wireless networking. It comes preloaded with the 64-bit version of Windows Vista Premium OS.

The laptop is now available in the U.S. through retailers, the company said. Acer could not be immediately reached for comment on worldwide availability.

Microsoft specs out 'Pay-as-you-go' PC scheme

Microsoft applied last week for a patent that spells out a "pay-as-you-go" concept where users would be charged for both the software they run and the computing horsepower they use.

According to the patent application filed last week with the U.S. Patent and Trademark Office, the "Metered Pay-As-You-Go Computing Experience" scheme would meter software use and access to specific computer hardware. Fees would be charged against a pre-paid or billed account.

[ InfoWorld lays out five possible paths for Microsoft during the post-Gates era in "What future is in store for Microsoft?" | Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

"The current business model for computer hardware and software relies on a user purchasing a computer with hardware and software that is suited to the most demanding applications that the user expects to encounter," said Microsoft in the application. "Therefore, a user may buy a multi-core processor with a significant amount of memory and advanced video support for gaming applications that are only used on the weekend, while the user's day-in, day-out activities may involve little more than word processing or web-browsing."

Microsoft's plan would instead monitor the machine to track things such as disk storage space, processor cores, and memory used, then bill the user for what was consumed during a set period.

"A different business model may allow a more granular approach to hardware and software sales," Microsoft argued. "A computer may have individually metered hardware and software components that a user can select and activate based on current need. When the need is browsing, a low level of performance may be used and when network-based interactive gaming is the need of the moment, the highest available performance may be made available to the user."

Fees would be lower for low-performance chores, such as writing e-mail or surfing the Internet, and higher for high-performance tasks.

For consumers, Microsoft said, the advantage of such a model would be a lower price at the outset for a powerful PC. Computer makers would gain the ability to standardize on higher-end systems, it added. But the company admitted that the overall cost to the user might be higher. "Although the cost of ownership over the life of the computer may be higher than that of a one-time purchase, the payments can be deferred and the user can extend the useful life of the computer beyond that of the one-time purchase machine," Microsoft contended.

Key to the concept is something Microsoft called a "security module," embedded either in the hardware or provided as software, that would meter the computer's usage. "To make this model successful, a mechanism must be in place that supports a highly secure method of adjusting performance coupled with a secure, auditable measurement and payment scheme to allow a variety of pre-paid and post-paid mechanisms for capturing and settling highly granular, infinitely adjustable, performance variations," said the patent application.

The security module would also lock the PC to a specific supplier, perhaps an ISP, much as a subsidized cell phone is locked to a specific mobile carrier for the life of a contract. "The metering agents and ... the security module allow an underwriter in the supply chain to confidently supply a computer at little or no upfront cost to a user or business, aware that their investment is protected and that the scalable performance capabilities generate revenue commensurate with actual performance level settings and usage," said Microsoft.

Pricing could be on an hourly rate, perhaps with different "bundles" priced according to the software offered and the hardware necessary to run that software. An "Office" bundle, for example, might include word processing and spreadsheet software that could access two of three processor cores and a medium level of graphics performance for, say, $1 an hour.

A "Gaming" bundle, meanwhile, would make available all the PC's processor cores and 3D graphics support for $1.25 an hour.

"Both users and suppliers benefit from this new business model," Microsoft argued. "The user is able to migrate the performance level of the computer as needs change over time, while the supplier can develop a revenue stream business that may actually have higher value than the one-time purchase model currently practiced."

Computerworld is an InfoWorld affiliate.

Thursday, January 1, 2009

IT News HeadLines (InfoWorld) 01/01/2009

No comments: