IT-Code-News: IT News HeadLines (InfoWorld) 11/02/2009

PC power tweaks can save a bundle

Saving money using power management has been a well worn mantra in the datacenter for some time, but now Gartner has put a cash figure on the likely cost savings from managing an organization's PC power consumption -- $43,300 per year.

The analyst company said that the total power consumption (per year) for a "well-managed 2,500-PC organization is 43 percent lower than an unmanaged one." This, Gartner has calculated, means that organisations actively employing power management functionality can expect to save $43,300 per year, compared with an unmanaged 2,500-PC organization.

[ Read up on how to benchmark datacenter energy costs | Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

Another $6,500 can be saved per annum by turning off and unplugging machines from the electrical socket (even when switched off, PCs consume some power when left plugged in). However Gartner warns this could affect staff productivity because updates will need to be carried out during working hours, and it is somewhat impractical to do this in reality.

"Much attention on power consumption has focused on the datacenter, but PC power consumption in an organization can also be significant, especially given steadily rising electricity prices," said Federica Troni, principal analyst at Gartner.

"IT organizations should recognize that the greatest savings come from employing power management features. They should investigate the power management capabilities of their PC life cycle management tools and PC power management point solutions to implement these policies and to better support management activities."

Gartner has even created a model -- actually an Excel spreadsheet -- to assess the impact of different variables on an organization's total PC power use, although this model is only available to Gartner's customer base and not the general public. The model makes use of a number of common assumptions in order to make these calculations.

These assumptions include that there are 2,500 staff in the organization; the ratio of PCs to employees is 1-to-1; staff work an eight-hour business day 230 days per year; and active use of the PC during working hours is 70 percent of the time. The power calculation assumes a cost of $0.1 for one kilowatt-hour (kWh).

Using these parameters, Gartner's model can calculate the power consumption for desktops, notebooks, and associated monitors during the workday and after hours. The model is based on three different scenarios -- the well-managed, unmanaged, and unplugged organization.

Techworld is an InfoWorld affiliate.

Startup Talis targets desktop security

Start-up Talis Data Systems Wednesday launched a hardware-based security device that can be inserted into a PC to control use of USB storage devices and access to networks based on defined user privileges.

The hardware, called the Datagent Security Module, was developed foremost to meet the needs of military agencies and others in government, says Tom Darton, president of Talis. As in the private sector, there's a lot of concern about uncontrolled use of USB ports, and Datagent is intended to monitor and restrict use of thumb drives and other portable storage.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Datagent also provides what Darton calls "sensible domain separation" to allow controlled access to networks.

"In the military, there are the NIPRNet and the SIPRNet, for example," Darton says. "With Datagent on the desktop, you can allow or disallow network access based on various factors, such as time of day."

Talis, founded three years ago by Matt Castelli, Terence Slyntz and Brad Saunders, has about 10 employees. It's backed with an undisclosed amount of private venture capital, including a 60 percent equity stake of $2.3 million from Pilot Power Group, a retail electric provider based in San Diego.

Slyntz and Saunders remain as outside consultants. Castelli, now the company's director, says the 3.5-inch-sized Datagent hardware, installed in a floppy drive, is managed via workstation-based software called AuditX.

Talis intends to primarily market Datagent by integrating the hardware into Dell and HP computers through authorized resellers, with an expected cost ranging from about $1,200 to $3,500 depending on the number of authorized networks.

Datagent is certified to the EAL-4 security level defined by the National Security Agency, according to Talis.

Network World is an InfoWorld affiliate

Security expert: Microsoft should cut IE's links to Windows

Microsoft would better protect users by severing Internet Explorer 's connections to Windows, then patching the browser invisibly in the background -- daily if necessary, a security expert argued Tuesday.

"The browser is the heaviest-used application that interacts with the Internet, and the most likely source of malicious content. IE vulnerabilities should be given the highest priority and patched first," said Wolfgang Kandek , CTO at security company Qualys.

[ Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

But that's not what happens in the real world, he said. "Unfortunately, the vulnerability data that we collect shows that companies treat browser patches just like all other patches. IE's patch deployment cycle correlates very closely with other critical patches."

According to data Qualys collected from scans of several hundred thousand Windows PCs owned by its customers, the patching pace for IE vulnerabilities was essentially the same as the rate at which users fixed other non-IE critical flaws.

To pick up that pace, Kandek suggested that Microsoft sever Windows' links to IE completely, then boost IE's update frequency and take some, or all, of the control out of users' hands. "There's just too much user interaction required by Microsoft for IE," he said, referring to the way Microsoft updates its software, IE included, using services such as Windows Update.

"If Microsoft removed IE from Windows and made it independently updatable, I think you'd get improved update performance," said Kandek.

Although pulling IE from Windows would mean that Microsoft would have to come up with a different mechanism for Windows Update -- currently the service relies on IE -- Kandek believes the benefit to users would be significant. "Taking IE out of the [monthly] patch cycle would give us better protection," he said.

Rather than patching IE only once a month , as it does now, Kandek would like to see Microsoft pick up the pace by rolling out fixes as soon as they're ready, in effect mimicking the update process that Mozilla Corp. uses for Firefox , or the even less intrusive approach that Google Inc. applies to its Chrome browser.

Firefox users receive a notice when security updates are available, and can click through to download and install the patches. Chrome users, meanwhile, do nothing: Google pushes patches to its browser automatically, and they're installed with no user action required. Either method would be preferable to Microsoft's current update strategy for IE, Kandek said.

That applies for all IE users, including those working for companies where IE is mandatory, and patch deployment can be delayed by testing, or for fear of disrupting workflow. "I think that you should just determine for the corporation to trust Microsoft and their quality control" on the patches, Kandek said. "Browser patches are heavily tested by Microsoft, and unlikely to break any existing functionality on the desktop."

Microsoft could conceivably split IE from Windows with its newest browser, Internet Explorer 8, which reached "release candidate" status late last month. "IE8 would be a good opportunity," said Kandek.

Ironically, he may get his wish if the European Union has its way. The Competition Commission, the EU's antitrust agency, recently hit Microsoft with a new set of charges , this time concerning IE. On Jan. 15, the Commission said that by tying IE to Windows, Microsoft "distorts competition" in browsers and gives IE "an artificial distribution advantage" over rivals like Firefox, Apple Inc.'s Safari and Opera Software ASA's Opera.

"If the [Commission's] preliminary views were confirmed, the Commission would consider ordering Microsoft to give users an objective opportunity to choose which competing Web browser(s) instead of, or in addition to, Internet Explorer they wanted to install in Windows, and which one they wanted to have as default," said EU spokesman Jonathan Todd in an e-mail. "Microsoft could also be ordered to technically allow the user to disable Internet Explorer code should the user choose to install a competing browser."

Although IE's market share has been steadily shrinking -- under assault from Firefox, first of all, Safari second -- it accounted for about 68 percent of all browsers used last month, according to Internet metrics vendor Net Applications Inc.

Computerworld is an InfoWorld affiliate.

On-demand ERP vendor NetSuite targets retailers

On-demand ERP (enterprise resource planning) vendor NetSuite is gunning for business among North American retailers with a new software suite for multi-channel businesses, the company announced Wednesday.

The Multi-Channel Retail Management Suite has features for creating Web stores that connect with retail locations, providing a unified view of inventory, accounting, and customer information; package tracking information for customers; and support for multiple currencies and languages. NetSuite is also integrated with eBay.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Other capabilities include marketing campaign tools, such as a "shopping cart abandonment" feature that can be used to send customers coupons for items they initially placed in their online shopping cart but subsequently failed to buy.

Pricing for the suite varies based on specific customer configuration requirements, the company said.

NetSuite is also hyping the suite's tight integration with the point-of-sale system made by OnSite, a software vendor that also makes a number of other products that integrate with NetSuite. OnSite's POS features include electronic signature capture and the ability to create gift cards.

While NetSuite has aligned forces with OnSite, customers will still be able to integrate NetSuite's software with other point-of-sale systems, a spokesman said.

NetSuite customer Distribution Video & Audio, of Palm Harbor, Florida, is using the OnSite POS, said CEO Brad Kugler.

DVA is primarily a wholesale and online business, but each December it opens up its warehouse for a sale that draws thousands, he said. "We were in dire need of some type of point-of-sale add-on to NetSuite."

The company went with OnSite due to its tight integration with NetSuite, he said. "Downloading inventory [information] to a POS and then back? I didn't want to deal with that."

DVA is only using the OnSite system four or five days a year. "I was able to get it very cheaply because of that," he said.

Overall, NetSuite and the on-demand model have worked out well for DVA, according to Kugler.

Before NetSuite, DVA had been using a range of software, including spreadsheets to track inventory and Intuit's QuickBooks product. As revenue climbed toward $20 million, the company began looking for a unified system, he said.

There are "definitely fewer headaches" with the on-demand model compared with on-premise systems he has used from SAP and Microsoft, he said: "It's not possible to have a system like that without a full IT staffer [on site], and there's $80,000 [a year] right there. I'm not into cutting jobs, but I don't need it."

NetSuite has proved to be reliable, according to Kugler. So far he has had only one unscheduled service outage, which lasted about an hour.

Although he is not sure whether the on-demand model has proved to be less expensive, dollar for dollar, it offers him greater day-to-day flexibility, Kugler said: "I can travel more, my sales guys can, and I can do orders on the spot at trade shows. We were never able to do that before."

While ERP vendor Epicor has launched a SaaS product for retailers, many other vendors in the retail ERP space -- which includes giants such as SAP and Oracle, as well as a range of specialists including Island Pacific and Retalix -- have not yet followed suit, said Janet Suleski, research director, retail, at AMR Research.

Suleski praised the multi-channel focus in the new NetSuite offering. Other vendors "haven't cracked the code on multi-channel retailing yet," she said. "[But] the key word is 'yet.'"

RIM releases patch for buggy ActiveX control

Research iIn Motion has patched a piece of software for Windows PCs that could leave them vulnerable to attack when loading new applications onto BlackBerry devices.

The flaw lies in an ActiveX control used to load third-party applications onto BlackBerrys connected to a PC via a USB cable. An ActiveX control is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates. However, the controls have been prone to vulnerabilities.

[ President Obama recently announced plans to keep his BlackBerry | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

RIM said in an advisory that a vulnerability is introduced to a PC when someone runs the BlackBerry Application Web Loader Version 1.0 ActiveX control with any version of Microsoft's Internet Explorer browser. The advisory contains a link to the patch.

The vulnerability is an exploitable buffer overflow, which is a problem in memory that could allow an unauthorized program to run. RIM didn't give details on how it might be exploited.

However, the U.S. Computer Emergency Readiness Team (CERT) said an attacker could be able to execute arbitrary code with the privileges of a user by getting that user to view a specially-crafted HTML document. It could also cause Internet Explorer to crash, CERT wrote in an advisory.

The problem scores a 9.3 on the Common Vulnerability Scoring System (CVSS), a way to evaluate the danger of a flaw. A score of 10 is considered the most dangerous, and anything above a seven is considered highly severe.

RIM advises that customers apply the patch. In its latest security updates on Tuesday, Microsoft also released a "kill bit" for the affected ActiveX control. A kill bit blocks an ActiveX control from running in Internet Explorer.

PC processor shipments to drop in 2009

PC microprocessor shipments slowed in the fourth quarter and will continue to decline this year, according to an IDC survey released on Wednesday.

Microprocessor unit shipments will decline by about 15 percent in 2009 compared to last year, according to preliminary numbers from the market researcher. Worldwide microprocessor shipments during the fourth quarter dropped 17 percent sequentially and 11.4 percent year-over-year, IDC said.

[ How severe is the impact of the economy on IT? Find out in "Is tech in more trouble than we think?" And also learn the "Five top spending priorities for hard times." ]

The research firm couldn't quantify the number of microprocessor shipped during the fourth quarter, but the fall was precipitous, said Shane Rau, research director at IDC.

"After hinting at a decline last September, the market fell of a cliff in October and November," Rau said.

The worldwide recession has slowed PC demand which will continue to affect microprocessor shipments. Worldwide PC shipments fell 0.4 percent year-over-year in the fourth quarter of 2008, IDC said in study released last month. Shipments of netbooks totaled 10 million in 2008, but strength in netbooks was outweighed by slow or even declining sales of traditional laptop and desktop PCs.

Intel took a big chunk of the server, mobile and desktop chip space from its rivals, Advanced Micro Devices and Via Technologies.

Intel's market share in unit shipments was 81.3 percent in the fourth quarter, up from 80.8 percent share in the third quarter and 76.7 percent in the fourth quarter a year earlier. AMD had a 17.7 percent share in the fourth quarter, down from 18.5 percent during the third quarter and 23.1 share it had a year earlier. Via Technologies held a 0.4 percent share during the fourth quarter, compared to 0.2 percent it had the previous year.

After dominating most segments, Intel is now looking for new markets to grow, Rau said. The company has its feet wet in the mobile space with chips like Atom for mobile devices, but the competition is intense from entrenched competitors like Texas Instruments and Qualcomm, Rau said. These markets are either flat or in decline because of the recession, which also poses a big challenge for Intel.

Beyond entering new markets, Intel on Tuesday announced it would try to provide faster chips by shifting to the 32-nanometer manufacturing process. The move should stimulate chip demand for Intel and help it gain market share over rivals, Rau said.

"Intel is enabling its customers to build better products rather than just cutting price," Rau said.

Intel already dominates the netbook space with its Atom processor, though Via could present some challenges. The small chip vendor can provide inexpensive chips for netbooks and enable new form factors, so customers may look at its chips as an Intel alternative.

As long as Via continues to ramp its C7 and Nano processors, it will inevitably gain some share though the numbers are hard to quantify, Rau said.

"[Via] is more a rebel with less to lose," Rau said.

Intel's primary rival, AMD, has held a steady market share in desktop processor shipments, but has been volatile in the mobile processor space. It hasn't been able to match Intel on pricing and features on mobile chips, Rau said.

The news for AMD is better in the server space, where it recovered from the earlier Opteron server chip mistakes with a new chip codenamed Shanghai it shipped last year. Unfortunately the recovery came when the worldwide economic crisis began, which has slowed down adoption of its server chips. But the company is well-placed to see those chip shipments rise as economies recover.

AMD's worst competitor is itself, and its strategies tend to work best if it doesn't focus on competition with Intel, Rau said. AMD's products on the crosshairs of specific market segments dominated by Intel -- like the Athlon Neo for ultrathin laptops -- have worked in the company's favor.

But with the recession, AMD needs to focus more on surviving in the market, not market share, Rau said. The company is spinning off its fabs and lowering its cost structure through downsizing.

But AMD has a price advantage over Intel, Rau said. If the company releases chips on time and lowers the cost structure, it will have better control over pricing its products. That could bring the company back into contention against Intel.

"No one should think that AMD's going away... the market needs two viable competitors to remain competitive," Rau said.

Microsoft update takes on spam-spewing botnet

Microsoft has beefed up the Malicious Software Removal Tool (MSRT) that ships with its Windows operating system so that it will detect and root out the notorious Srizbi botnet code.

"This month's MSRT takes on one of the largest botnets currently active worldwide," wrote Microsoft spokesman Vincent Tiu in a blog posting Tuesday, the day the update to the software removal tool was released. "Win32/Srizbi has been accused of being responsible for a huge chunk of spam e-mail messages sent in the years after its discovery," he added. "We hope to make a positive impact with the addition of Win32/Srizbi into MSRT."

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Because Microsoft's detection software runs on hundreds of millions of computers worldwide, including many that are not running up-to-date antivirus software, a move like this can bring a botnet to its knees. That's what happened in September 2007, when Microsoft added detection for the Storm Worm botnet . Within 24 hours it had removed about 91,000 Storm infections, and soon the botnet was a shadow of its former self, experts say.

However, the results may not be so dramatic this time around. Srizbi was effectively knocked out of action last November when operators of the McColo Internet service provider in San Jose, California, were kicked off the Internet .

That takedown knocked the Srizbi command-and-control servers out of operation, and only about 1 percent of the botnet is still active. There are, however, several hundred thousand Srizbi-infected PCs out there, all of which are quietly waiting for new instructions, should criminals ever discover a way to reach them now that McColo is out of commission.

Microsoft could have taken a bigger bite out of spam had it targeted another botnet called Xarvester, said Joe Stewart, a botnet researcher with security vendor SecureWorks.

Still he applauded Microsoft's move to clean up the Srizbi-infected computers. "It's good to get them cleaned up, but it's not going to have the impact that it had on Storm."

Tech layoffs: The real numbers aren't so bad

From the constant drip of tech industry layoff announcements, you'd think huge numbers of IT workers would be out on the street. And certainly Cisco, Dell, Hewlett-Packard, IBM, Intel, Oracle, SAP, Sun, and others have announced thousands of layoffs. But the numbers they report don't reflect actual people losing their jobs, so the real tally of tech workers who have found themselves jobless is significantly smaller than you'd think.

"I honestly do not think the tech sector is in as bad a shape as it might appear," says Frank Scavo, managing partner at Strativa, a technology management consulting firm. "IT executives have been quite conservative in their IT spending growth over the past several years. And when the economy took a downturn last year, they were pretty quick to make cuts."

[ Good IT news amid the gloom: Two firms project that 2009 will bring salary increases, InfoWorld reported last week that tech is still a safe career choice today, and despite the economy, certain IT skills remain in demand. ]

The grim initial picture
To be clear: The economy is bleak, and tech vendors are taking necessary action. "IT vendors are protecting themselves against what most now assume will be a weak market throughout much of 2009, with IT spending cutbacks spreading to other sectors like software applications and network infrastructure," explains IDC analyst Stephen Minton.

Indeed, last month saw a raft of layoff plans like no other in the portion of the tech industry that supplies business IT. Microsoft said it will reduce its workforce by 5,000, Intel will cut 6,000, Sun said an ongoing worker reduction could stretch toward 6,000, SAP revealed intentions to ratchet down its total headcount by 3,000, Oracle axed 500, and even IBM, which reported positive earnings, confirmed layoffs. Although Big Blue did not provide an exact number, a union Web site for IBM employees put that at about 4,200 and reported rumors that it could soar as high as 16,000. What's more, Dell warned in December that it would cut as many as 8,900 employees worldwide.

Late last week, Cisco Systems CEO John Chambers said the networking giant may eliminate 1,500 to 2,000 jobs, a move that Chambers said he hopes would enable Cisco to avoid larger layoffs like other tech stalwarts were forced to put into practice.

So from these announcements from just the major tech vendors, that's as many as 35,600 jobs lost, not counting the remainder of the 16,000 rumored layoffs at IBM or the 24,600 people Hewlett-Packard said last year that it would let go as part of its EDS acquisition.

Estimates elsewhere range from 125,000 to 200,000, but they include HP's layoffs from last year plus consumer-oriented tech vendors and telcos, such as AT&T, Sprint-Nextel, and Yahoo.

The real layoff numbers revealed
But InfoWorld's count of actual layoffs -- people who have lost real jobs -- from these business IT tech vendors is nowhere near 35,000. Instead, it's about 9,600. That's not good news for those who've lost their jobs, but it's not the kind of number that should cause a panic.

Why the disconnect? Because announced layoffs aren't actual layoffs. "It's smoke and mirrors," says Natalie Petouhoff, a senior analyst at Forrester Research, "to tell shareholders they're doing what they need to do." The announced numbers include vacant positions and planned positions, so eliminating them doesn't actually result in anyone fired. And the announced numbers include layoffs that may occur later on.

For example, in Microsoft's case, on the day it announced layoffs, Microsoft actually shed about 1,400 employees. The rest of the 5,000, it said, would come during the next 18 months. "Microsoft might be able to reduce headcount by that number in the next year and a half simply by not hiring in certain divisions," says Neil MacDonald, an analyst with Gartner.

Sun followed a similar tack when it said last November that it was reducing jobs. Then, in January the company started that process by cutting 1,300 people -- a far cry from the 6,000 job losses the company offered originally.?

IBM, for its part, was stingy with headcount details, but the union site Alliance@IBM put that number at 4,200. Intel said it would lay off employees as it closes four plants around the globe and said that some of the 6,000 people will be offered new jobs in other facilities rather than cut loose entirely. Thus far, Intel has not publicly revealed how many jobs have been eliminated; instead it said the cuts will come throughout the rest of this year.

Dell, meanwhile, advanced its restructuring in early January by saying it would move some manufacturing out of Limerick, Ireland, and lay off 1,900 workers there beginning this month.

Rumors have been swirling that Oracle will slash up to 8,000 people, though the Wall Street Journal reported that the apps vendor has cut 500 in North America thus far (Oracle has yet to disclose any specific numbers). And reports indicate that SAP has let go 300 to date.

All of these actual layoffs adds up to about 9,600.

Future remains murky, but hopeful
Of course, the current 9,600 statistic is sure to rise. But the reality is still far better than the 35,000 or more figures that the series of layoff announcements would indicate.

And no doubt, everyone hopes that the actual cuts now, coupled with a hoped-for turnaround in the economy later this year, will mean those potential future cost won't be needed, or at least not to the same degree. "Nobody is happy to be making these cuts in IT. The hope is that current layoffs and spending reductions will enable organizations to ride out 2009," says IDC's Minton. "Those tech providers that have costs under control now should be in good shape to profit from the recovery next year," agrees Strativa's Scavo.

Intel updates laptop, desktop chip plans

Intel on Tuesday accelerated plans to release two dual-core laptop and desktop processors, tweaking its road map as it juggles manufacturing efforts to cut costs.

The company will ship dual-core processors for mainstream laptops and desktops made using the 32nm process, skipping plans to release similar chips manufactured using the 45nm process. The chips will ship in the fourth quarter.

The road map update will quickly bring the latest technologies to laptop and desktop chips, company officials said during a press conference in San Francisco on Tuesday. Intel officials could not say when those chips would reach laptops and desktops.

The 32nm-process chips will be an upgrade over existing 45nm chips that go into current desktops and laptops. The chips will be cheaper to manufacture, work faster and draw less power.

The early shift to the 32nm process will reduce Intel's manufacturing cost, said Jack Gold, principal analyst at J. Gold Associates.

The new chips could also bring excitement to a sore laptop market and provide users a reason to upgrade. For essentially the same cost, users will get a jump in performance with the latest technology Intel has to offer, Gold said.

The new dual-core laptop chips code-named Arrandale replace Nehalem-based Auburndale processors, Intel said. Intel will also ship 32nm dual-core desktop chips code-named Clarkdale, which will replace Nehalem-based Havendale chips.

Arrandale will boost graphics performance while drawing less power than Core 2 processors, said Stephen Smith, vice president and director of group operations at Intel. The new chips will also be more energy-efficient, which could improve laptop battery life.

The clock speeds will be similar to chips used in existing laptops, but offer better performance at a similar power envelope by running more threads via each core.

The new chips will be part of Westmere microarchitecture, which is a shrink of Intel's existing Nehalem microarchitecture. Nehalem, which is used in Intel's Core i7 desktop, integrates a memory controller and provides a faster pipe for the CPU to communicate with system components. It is considered a significant upgrade over Intel's earlier microarchitectures, as it cuts bottlenecks to improve system speed and performance-per-watt. Intel earlier said it would ship dual-core laptops and desktops built around Nehalem in the second half of 2009.

Demand for chips is shrinking, so Intel has to take a drastic step to improve demand for its products, said analyst Gold.

With chip demand slowing, the returns on developing 45nm laptop chips may also be minimal, Gold said. Intel's shift to the 32nm process is smooth, which provides an incentive to quickly move to Westmere chips, he said.

"The optimum time to shift is when demand is down and risk is less," Gold said.

Earlier on Tuesday, Intel CEO Paul Otellini said the company would spend $7 billion over the next two years to revamp manufacturing plants.

Intel is prioritizing its move to the new 32nm process technology to lower chip-manufacturing costs and increase production. That will help the company make more chips at lower costs and add efficiencies to the production process, Intel officials said on Tuesday.

The new manufacturing process will also help create tiny integrated chips that can be fit into devices like set-top boxes and TVs, Intel said during its fourth-quarter earnings call in January. That could help Intel enter new markets and add revenue opportunities.

Intel will begin producing chips with 32nm circuitry in four fabs starting in late 2009. A nanometer equals about a billionth of a meter. In chip manufacturing, the figure refers to the denser features etched on the surface of chips. Chip manufacturers like Intel and AMD are building smaller and smaller transistors into chips to perform quicker and draw less power.

Microsoft gets its 10,000th U.S. patent

Microsoft is marking on Tuesday the recent awarding of its 10,000th U.S. patent, granted for its surface computing technology.

U.S. Patent No. 7,479,950 outlines how users can place objects, ranging from cell phones to fingers, on the surface computer's table-like display and the computer will identify the objects and track their position, orientation, and motion, Microsoft said. This allows objects to be associated with data or media, such as a collection of music or photos.

Microsoft was granted 2,000 patents in 2008, ranking it fourth among companies receiving U.S. patents, Microsoft said. The company spends about $8 billion a year on research and development.

"Most technology companies, Microsoft included, have been increasing their emphasis on IP in recent years, trying to derive greater business value from their intellectual assets," said Bart Eppenauer, chief patent counsel for Microsoft, in a statement released by the company.

Patents had been thought of as clubs to be used in court against competitors, Microsoft said. But now, patents and IP are "serving as bridges to collaboration through licensing and other technology collaboration," Eppenauer said.

The company in 2003 began a commitment to broaden IP licensing efforts and has since signed more than 500 licensing agreements with companies of all sizes and types, Microsoft said. The company's 2006 IP agreement with Novell, though, has been a controversial one, raising ire in the Linux community over whether Novell made too big a concession to Microsoft over Linux IP issues.

[ For an updated look at this controversial deal, see: The Microsoft-Novell Linux deal: Two years later ]

Adobe revamps online marketplace for AIR apps

Adobe Tuesday revamped an online marketplace for applications developed on its AIR (Adobe Integrated Runtime) to make it easier for developers to find, post, and get feedback on AIR applications.

The Adobe AIR Marketplace showcases developer applications that are powered by AIR, a runtime that allows developers to create cross-platform desktop applications with the same technologies they use for building Web-based applications, such as HTML, AJAX (Asynchronous JavaScript and XML) and Flash.

[ Test Center: Adobe breathes fresh AIR into RIA. ]

While Adobe calls the site a "marketplace," the applications on it are actually free for download and not for sale, the company said.

Adobe has improved the search and download capabilities of the site, as well as added RSS feed and "e-mail a friend" features that make it easier for developers to share applications.

Developers also can rate, review and comment about features of applications to give developers instant feedback, according to Adobe. The revamped site also allows developers to create profiles for themselves and manage the applications they post in a self-service interface.

Adobe also has added dashboards that show statistics, ratings and reviews for AIR developers to the site.

Adobe said that there are already hundreds of AIR applications on the marketplace, which was first launched in October 2007 so developers could begin sharing apps built on a beta version of AIR.

Adobe released the first full version of AIR at the end of February 2008. The company hopes the runtime will help it bring the success it's had with Web development and design tools such as Dreamweaver and Flash to the desktop by giving those developers and designers an easy migration path to building desktop applications.

Adobe said last week there have been more than 100 million installations of AIR less than a year after its release, proving that developers are at least testing the technology, if not using it for wide-scale desktop deployments.

McAfee touts integrated compliance suite

McAfee has taken steps to integrate its vulnerability assessment and policy management products in a single suite to make it easier for enterprises to stay on top of compliance initiatives.

Total Protection for Compliance provides centralized reporting for audit and compliance purposes via ePO (ePolicy Orchestrator), the primary management console for a wide array of McAfee security products. It lets security managers combine audit and scanning results to generate reports for compliance initiatives such as the Payment Card Industry guidelines, federal requirements like FISMA, and the Center for Internet Security's best practices, says Bob Tesh, McAfee's group marketing manager.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

McAfee's Vulnerability Manager and Policy Auditor products are included in Total Protection for Compliance.

"We've changed Vulnerability Manager, which performs agent-less policy assessments, so it's now looking for both the known good as well as the vulnerabilities," Tesh says.

Vulnerability Manager 6.7 (formerly Foundstone Enterprise) is now integrated with ePO so it can populate ePO with information about IT assets in order to generate compliance-related reports, Tesh notes.

Policy Auditor 5.0.1, McAfee's agent-based software that runs on desktops and servers, is also now sharing information with ePO that can be used to centralize automated compliance reporting.

Another new element in the Total Protection for Compliance suite is what McAfee is calling its CARMA (Counter-Measure Aware Risk-Management Application), which takes threat information produced by McAfee Avert labs to co-relate with any discovered vulnerabilities in IT assets.

While not intended for real-time analysis, the CARMA-generated reports with ePO give security managers details about where their systems may be vulnerable to new types of threats, and can help justify investment in endpoint security protection, Tesh said.

Total Protection for Compliance is priced based on the number of monitored IP addresses, ranging from $100 to as low as $10 with 75,000 monitored assets.

Network World is an InfoWorld affiliate.

Microsoft shuts off Windows 7 beta downloads

Microsoft has shut off the Windows 7 beta spigot, but will allow users who have started the download process to wrap it up by Thursday.

As promised more than two weeks ago, Microsoft blocked new downloads of the Windows 7 preview Tuesday. The site where users could formerly obtain the beta now reads: "Sorry, Windows 7 Beta downloads are no longer available."

[ Special report: Early looks at Windows 7 ]

Although Microsoft had said it would cut off users Tuesday, company spokesman Brandon LeBlanc had said last month only that on Feb. 10 "new downloads of the Windows 7 Beta will no longer be available." At the time, he did not specify an hour Tuesday when the downloads would be pulled.

Last night, about 70 minutes before the deadline expired, LeBlanc specified that midnight would be the end of new downloads.

Microsoft extended the deadline for Windows 7 beta from an earlier Jan. 24 cutoff to satisfy customer demand, it said over two weeks ago. However, the company has declined to say whether a 2.5 million cap it had once set had been reached or surpassed, nor would it specify how many copies it has provided users.

People who began to download the massive disk image file -- 2.44GB for the 32-bit version, 3.15GB for the 64-bit -- before Tuesday have until noon (EST) Thursday to complete the process, and activation keys will be available indefinitely, LeBlanc reiterated Monday.

The deadlines do not apply to subscribers to the TechNet and Microsoft Developer Network services. Those users, typically IT professionals and developers, will continue to have access to the beta. Microsoft has not said when it will offer an updated build of Windows 7 to the public, although the head of Windows development has announced that the company will move directly from the beta to a "release candidate" milestone. In the past, Microsoft has run through multiple public betas of its operating systems before taking the next step to release candidate.

Copies of the Windows 7 beta, and a leaked version of at least one post-beta build, were still available at file-sharing sites Tuesday. On the Pirate Bay BitTorrent tracking site, for example, traffic in Windows 7 remained brisk.

Windows 7 beta is set to expire Aug. 1, 2009, at which time users must either update to a newer version of the operating system, or reinstall an earlier edition of Windows, such as Vista or XP.

Computerworld is an InfoWorld affiliate.

Six myths about movable media storage

Every few months, there's another horror story about lost tapes or stolen laptops, and we're left wondering if the information stored on the missing media will be put to some nefarious use, thereby adding personal injury to a public relations insult.

The importance of protecting these media has become a no-brainer. But managers are often hampered in their efforts because they buy into one or more of the following six myths of movable media:

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

Myth 1: Tapes are obsolete.
The humble magnetic tape, a seeming relic of the mainframe and batch-processing era, has given way in some instances to disk-to-disk backups to remote sites over networks. But for rapid and efficient backup, archiving and restoration of large quantities of data, there's no beating tape.

Iron Mountain offers both data backup over a network connection and tape storage at its sites. "In a disaster scenario, when time is of the essence, there is nothing more efficient than putting a collection of tapes in a vehicle and driving it to a recovery site," says Ken Rubin, a senior vice president at the information protection and storage company. "And the bandwidth limitations on transporting terabytes or petabytes of data over the line make that impractical."

Still, some users want to move on. "We are trying to get out of the tape business because of the threat of physical loss," says Christopher Leach, chief information security officer at Affiliated Computer Services Inc. He says ACS is setting up a service to send encrypted data backups to clients via a Web browser if the files aren't too big.

Myth 2: Protecting tapes and laptops is a job for technical people.
The protection of information technology is, of course, a job for IT. But there is a big and often overlooked role for others in the organization as well.

New York state CIO Melodie Mayberry-Stewart draws on a 12-person legal team to research best security practices, especially in the financial industry. Some of those people specialize in areas such as encryption and telecommunications, she says. In addition, she has a separate team of technologists who specialize in security and risk management. Mayberry-Stewart says the lawyers negotiate "painstakingly detailed" contracts and "memoranda of understanding on service levels" with companies such as Iron Mountain that transport and store the state's tapes -- some 4,000 per month -- from four mainframe data centers.

At Sun Microsystems, tapes are created at seven datacenters around the world. While each center manages its own data-retention processes, "they don't get to make up all their own rules," says Leslie Lambert, Sun's chief information security officer. So where do the rules, policies and procedures come from? "We have a very vigilant legal team, a privacy team, a business conduct team, internal auditors, external auditors, and an information protection law group -- all working together," she says.

Leach says keeping up with state and federal regulations on data protection and retention demands human expertise, but it's such a daunting task that he gets automated help via risk and compliance management software from Relational Security.

Myth 3: Losing a tape is primarily a security problem.
It can be a security disaster, to be sure, and it will certainly be a PR nightmare if the public finds out. But there are other equally harmful, if less dramatic, possibilities.

"I don't think so much about losing employee information [such as Social Security numbers], although that is certainly important," says Brian Lurie, IT vice president at medical products maker Stryker Corp. "What keeps me up nights is the possibility of losing a tape and then having to produce data for the FDA for a lawsuit. I worry about liability to the company from losing information that we, by law, must retain."

While the law requires that some information be kept for seven years, Stryker must retain data on customers who have Stryker products in their bodies for as long as they live, Lurie says. Although the company mirrors its disks at a remote disaster recovery center, after a certain amount of time, some data will exist only on tape transported and stored remotely by Iron Mountain.

Lurie periodically sends auditors to Iron Mountain's facility to inventory Stryker's tapes. He says regular audits are part of a three-part tape-protection program that also includes carefully crafted contracts and working with a reputable tape-storage vendor.

Experts say thefts of tapes followed by illegal usage are so rare as to be almost a nonissue. Loss of tapes through simple human error, causing processing disruptions down the line, is by far the most common problem.

Myth 4: There are no technology solutions; it's all about tight controls.
Procedures and controls that are well thought out, automated where possible and tested are the best way to limit losses from wayward tapes and laptops, experts say. But technology can be a big help.

The primary tool remains data encryption. While the technology doesn't address Lurie's concerns about lawsuits over unrecoverable data, it's nice to be able to tell lawyers, reporters and the police that the bad guys can't do much with that laptop because the hard disk is encrypted, or with those tapes because they are unreadable.

All employee desktops and laptops at ACS are required to be "whole-disk encrypted," Leach says. "Once the disk is encrypted, we monitor it and track it, and if you try to decrypt your hard drive, we know it and we notify your manager."

ACS has more than 1 million tapes at its tape library in Dallas, and its standard practice is to encrypt their content. But, Leach says, some clients don't want to incur the cost and effort of decrypting the backup tapes they receive from ACS, so they request that the content be kept in the clear. "For those tapes, we have very strict packaging, signing and tracking at every step, almost like a chain of custody in a legal case," he says. "Tapes go into turtle boxes that are locked and unlocked at each end."

In addition, he says, "we insure them for a high amount, not because the tapes or CDs are worth a lot of money, but because that triggers tighter processes and closer scrutiny by the shipper."

Users report that they are studying new technologies to supplement or substitute for encryption. The state of New York is looking at thumbprint scans to protect laptops and tape cases. And ACS is examining prototypes of three magnetic devices that will erase the contents of tapes inside a locked case if it is broken open.

Iron Mountain says the best automated help of all may come from a tape inventory-control system to help eliminate the No. 1 cause of lost tapes -- human error inside the company.

Myth 5: Encryption is a silver bullet.
While encryption is often considered the best technical solution, it has drawbacks. For example, if you retrieve a tape but have lost the keys to decrypt it, you might be out of luck. Also, encrypting data before writing it to tape, a laptop hard drive or removable media can take copious computer resources. Finally, at many companies, encryption is optional or a requirement that can be circumvented.

For these reasons, Stryker doesn't encrypt laptop hard drives unless there's sensitive data on them. Sensitive information that remote users may need stays on protected servers, where it is accessed only when needed and not retained locally. Lurie acknowledges that this isn't perfect because it requires voluntary user compliance.

Lurie says his chores will be eased when Stryker moves to Windows Vista, because the operating system offers options for automatically encrypting data. "But it's a burden -- you need additional memory, and it slows down the machine," he adds.

Myth 6: If you protect your tapes and laptops, you can feel secure.
News stories have focused attention on lost tapes and laptops, but there are a number of other devices walking out your company's door every night. Lurie says mobile devices such as BlackBerrys are protected at Stryker. "I have the ability to remotely wipe them out," he explains. "If lost, we send a signal to it immediately to clear the memory."

But flash drives, CDs, and DVDs are more problematic, he says. Lurie's solution: "If it's not encrypted, we just discourage the downloading of sensitive information to them."

Lurie says he even worries about the humble cell phone. "We don't allow cameras in our building, but there are lots of people who have them on their phones," he says. "If someone takes a photo of someone or something and posts it on the Internet, we've got a potential liability. I'm not sure how to deal with that yet, but I've been giving it a lot of thought."

Computerworld is an InfoWorld affiliate.

Scientists create faster, more energy-efficient microchip

Scientists from Singapore's Nanyang Technological University (NTU) and US-based Rice University have successfully created a microchip that uses 30 times less electricity while running seven times faster than today's technology.

In layman's terms, this means a mobile phone powered by the new proof-of-concept microchip will significantly improve the device's battery life to as much as two weeks without recharging.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

The technology, dubbed "probabilistic complementary metal-oxide semiconductor" (PCMOS) was invented by Professor Krishna Palem of Rice University and director of NTU's institute for sustainable nanoelectronics.

Team member Dr Natalie Kong Zhi Hui, teaching fellow, NTU, said: "Our technology is a significant contributor toward environmental-friendliness -- green computing, or probabilistic computing, with an extremely energy-aware attribute. This is due to the fact that, unlike conventional designs that view noise as a nuisance, our design concept embraces noise as a 'gem' -- this novel technology recycles noise."

Dealing with noise
While today's silicon transistors become increasingly "noisy" as they get smaller, engineers have historically dealt with this by boosting the operating voltage to overpower the noise to ensure accurate calculations, leading to higher energy consumption levels.

"With this PCMOS technology, noise/parameter variations are part of the overall design and are managed as a resource to achieve significant energy savings. The success of this project will go a long way in promoting the advent of a new generation of 'green' IT at lower costs to consumers," says Associate Professor Yeo Kiat Seng. He is NTU's head of division of circuits and systems, school of electrical and electronic engineering, college of engineering.

The team hopes to realise a new generation of probabilistic-based nanoelectronics with diverse applications in media, biomedical and consumer electronics. The team envisions that PCMOS technology will enter the consumer computing market in as little as four years and may present itself as a parallel to mainstream CMOS technology in the near future.

MIS Asia is an InfoWorld affiliate.

Wednesday, February 11, 2009

IT News HeadLines (InfoWorld) 11/02/2009

No comments: