IT-Code-News: IT News HeadLines (InfoWorld) 13/02/2009

Google opens Android store to paid apps

Developers of Android applications finally will be able to charge consumers for them, ending a few months of free Android downloads and potentially making Google's mobile platform more attractive to developers.

U.S. and U.K. developers can now go to the Android publisher Web site and upload their applications along with consumer pricing. Paid applications will go on sale in the U.S. starting in the middle of next week and in additional countries in the coming months, Google's Eric Chu wrote in a blog post Friday.

The Android Market launched in October when the first phone based on the platform went on sale. But until now, it hasn't had any checkout or payment system, so application publishers have only been able to offer free software. Google had said it would start allowing sales early this year.

The post did not indicate how much the applications might cost, saying only that developers would be able to "upload their application(s) along with end-user pricing." Unlike on the App Store for Apple's iPhone, developers don't need to get their products approved by Google or by service providers. All they have to do is register for $25 and upload their apps.

The payment and billing tool for Android Market will be Google Checkout. That platform, launched in 2006, allows payment through major credit cards and lets users save their payment information on the site.

Later this quarter, developers in Germany, Austria, Netherlands, France, and Spain will be able to offer paid applications, and by the end of the quarter, additional countries will be announced, Chu wrote.

Also on Friday, Chu wrote that Android Market for free applications will become available to phone users in Australia beginning Sunday, Pacific time. Singapore users will get access in the coming weeks.

Woman sues Microsoft over XP downgrade charge

A woman has filed a class-action lawsuit against Microsoft over a $59.25 charge for downgrading her Windows Vista PC to XP.

In a suit filed in the U.S. District Court for the Western District of Washington in Seattle, Los Angeles resident Emma Alvarado is asking that Microsoft return the fee she paid for downgrading a Lenovo PC with the Windows Vista Business OS preinstalled to Windows XP Professional. Alvarado purchased the PC on June 20, 2008, according to the suit.

Alvarado also is inviting others who have paid fees to downgrade to XP to join the suit (PDF) and is requesting refunds for them as well.

Many customers who purchased PCs with Vista installed opted to downgrade to XP because they weren't happy with Vista's "numerous problems," according to Alvarado's suit.

"As a result, many consumers would prefer to purchase a new computer preinstalled with the Windows XP operating system or at least not preinstalled with the Vista operating system," according to the filing.

The suit goes on to accuse Microsoft of using its "market power to take advantage of consumer demand for the Windows XP operating system" by requiring people to buy Vista PCs and then charging them to downgrade to the OS they really want.

This action violates Washington state's Unfair Business Practices Act and the Consumer Protection Act, according to the suit.

Microsoft spokesman David Bowermaster said the company has not been served with the lawsuit, so it would be premature to comment about it.

When Microsoft released Vista to consumers on Jan. 30, 2007, it gave people the option to downgrade to XP if they weren't satisfied with the new OS.

As a result of overall dissatisfaction with Vista, Microsoft had to extend the amount of time it allowed original equipment manufacturers and custom system builders to sell PCs with XP preinstalled. The company also is facing a class-action suit in the same court over the "Windows Vista Capable" sticker program that let customers know a PC could run Windows Vista. Customers said they found the program misleading.

While the damages that could be awarded in the suit would likely not be a large sum for a multibillion-dollar company, the suit brings up a larger question of whether Microsoft will allow Windows 7 users to downgrade to XP.

Microsoft so far has not said publicly whether it will, and no one from the company was available for immediate comment Friday. Vista, being the OS released before Windows 7, would be the logical choice for a downgrade from Windows 7. However, given customers' dissatisfaction with Vista, Microsoft could offer an XP downgrade as well.

Al Gillen, an analyst with research firm IDC, said it would be a "very risky thing" for Microsoft to do to eliminate downgrade rights with Windows 7. He said it would alienate Microsoft's customer base to not continue giving customers an option if they're not happy with a new version of the Windows client.

Bespin Web-based code editor effort launched

Mozilla Labs this week launched a preview of Bespin, a Web-based code editor intended to boost developer productivity, enable compelling user experiences and promote "open" standards.

Launched as a project within Mozilla's Developer Tools Lab, Bespin features an extensible framework for "Open Web" development, a concept in which applications are compatible with browsers based on open standards and do not require single-vendor plug-ins, according to Mozilla Labs developers Ben Galbraith and Dion Almaer.

[ Read an interview with Mozilla's Brendan Eich, creator of JavaScript. ]

Goals of Bespin include ease of use; real-time collaboration, including sharing live coding sessions; an integrated command line; extensibility in the interface; speed; and accessibility.

Based on JavaScript, Bespin is a code editing client based in a browser. It is intended to "to create an experience on the Web that is as rich as a desktop editor," said Galbraith, co-director of developer tools at Mozilla Labs, on Friday.

"The idea for Bespin is to sort of use later, newer Web technologies to try create a much better experience for code editing on the Web than we've seen before," Galbraith said. A lot of efforts to create Web-based code editors have resulted in editors with poor performance or poor user experiences, he said.

"We haven't seen anything yet on the Web that anyone would consider using for their day job," he said.

The focus of the preview release is speed along with support for large files. "To do this, we?ve used new HTML 5 technologies, specifically the Canvas tag," said Galbraith.

Bespin developers have envisioned cloud-based scenarios for the Bespin editor in which it would be easy to go to a Web site, type the name of an open source project, and then quickly be in that project. Developers could make changes and submit changes to the Web site.

"We don't enable the above scenario today, but it's an example of what is possible once we have a foundation of a great, high-quality Web-based code editor. So that is one of the things we're hoping to facilitate with the Bespin project," Galbraith said.

Although currently a preview, Bespin could turn into something more, he said. "Right now, we're just experimenting," Galbraith said. Mozilla is looking for developer feedback on Bespin.

An early prototype features such basic editing capabilities as syntax highlighting, large file sizes, undo/redo, previewing of files in the browser, and importing and exporting of projects.

Source code for Bespin is being released as open source under the Mozilla Public License.

Indictments tell how H-1B visas were used to undercut wages

Federal agents on Thursday said they arrested 11 people in several states in a crackdown on H-1B visa fraud and unsealed documents that detail how the visa process was used to undercut the salaries of U.S. workers.

Federal authorities allege that in some cases H-1B workers were paid the prevailing wages of low-cost regions and not necessarily the higher salaries paid in the location where they worked. By doing this, the companies were " displacing qualified American workers and violating prevailing wage laws," said federal authorities in a statement announcing the indictments.

[ InfoWorld's Bill Snyder argues the H-1B visa has got to go, but doesn't support the proposal by Sen. Charles Grassley to lay off foreigners first. Meanwhile, the Senate approved strict rules on the hiring of H-1B workers. ]

Employers are required to pay H-1B workers prevailing wages, but those wage rates can vary significantly, by tens of thousands of dollars, depending on the region. How many U.S. workers may have been displaced was not detailed by federal authorities.

The arrests were carried out by federal, state and local agents working in Iowa, California, Massachusetts, Texas, Pennsylvania, Kentucky and New Jersey. The government's action "is the result of an extensive, ongoing investigation into suspected H-1B visa fraud, mail fraud and conspiracy," said Matthew Whitaker, the U.S. attorney for the Southern District of Iowa, in a statement. The investigation was dubbed Operation Pacific Vision.

The H-1B workers were also victims, according to the federal indictments. Some were hired for jobs that didn't exist . One worker from Pakistan, for instance, who arrived in the U.S. for a programming job, ended up with a job pumping gas.

The Iowa-focus and connections raised in the indictments are notable in one regard. It's the home state of the U.S. Senate 's leading critic of the H-1B program, Republican Chuck Grassley , who released in October a study on visa fraud by the U.S. Immigration and Citizenship Service (USCIS) that found that one-in-five H-1B applications were either fraudulent or had violated a law or regulation in some other way.

The company that seemed to get the most attention from federal authorities is Vision Systems Group, which authorities said had its principal places of business in Somerset and South Plainfield, N.J., and an office in Coon Rapids, Iowa. The company was cited in a 10-count indictment. Calls to the company seeking comment were not returned by press time.

The indictment, in part, alleges that Vision submitted a Labor Condition Application, where employers detail prevailing wage data, for a location in Iowa "rather than the prevailing wage where the worker would actually be employed."

The indictment does not say where the H-1B employee would be employed, but from a prevailing wage perspective, location is important.

For instance, using data from the Foreign Labor Certification Data Center Online Wage Library , the prevailing wage of a computer programmer in Des Moines, for instance, ranges from $42,800 a year for a beginner to more than $71,000 a year. But in the Newark, N.J., area, a computer programmer's pay would range from $55,000 to $108,100, according to the wage calculator.

Michael Aytes, acting director of the U.S. Citizenship and Immigration Services (USCIS), said the action "is a prime example of how the Department of Homeland Security identifies fraud."

"Our adjudication officers can spot inconsistencies during the application process that ultimately lead to the successful outcome we're seeing today," said Aytes, in a statement. "Visa fraud undermines the integrity of the immigration system and I'm proud that our officers have helped to ensure that the American people and our customers can continue to depend on a reliable system."

The government arrested on conspiracy and mail fraud, Shiva Neeli in Boston, Ramakrishna Maguluri in Atlanta, Villiappan Subbaiah in Dallas, Suresh Pola, in Pennsylvania, Karambir Yadav in Louisville, Ky., Amit Justa and Venkata Guduru, both in New Jersey, and Vijay Myneni in San Jose.

Charged with conspiracy, mail fraud and wire fraud, was Vishnu Reddy, in Los Angeles, and Chockalingam Palaniappan in San Jose, who operated a company named Pacific West Corporation in Santa Clara, Calif.

Praveen Andapally in New Jersey, was charged with conspiracy, mail and wire fraud, and making a false statement in an immigration matter.

The government can charge mail and wire fraud if it believes the mail was used to send a false statement in support of a visa application.

Computerworld is an InfoWorld affiliate.

Reports: Windows 7 out before Christmas

With Windows 7 Beta getting positive reviews, more rumors are emerging that Microsoft's new operating system will be available before Christmas. But Microsoft is still refusing to admit that Windows 7 will be ready by the end of this year and insists on the January 2010 release date.

Windows 7 will be available at retail by Christmas this year -- say both The Inquirer and CNet News, according to different sources. The Inquirer quotes Microsoft techie Mark Russinovich, who said in a webcast that Windows 7 "will be sent for manufacture three years after Vista did the same, which was in October 2006."

[ Randall Kennedy recently called Microsoft's Windows 7 upgrade strategy disrespectful to IT | Peter Bruzzese, meanwhile, says Microsoft's strategy is the correct one | Test Center: Windows 7 benchmarks unmasked | Special report: Early looks at Windows 7. ]

On the other hand, CNet's Ina Fried quotes "PC industry sources in Asia and the U.S" saying that "they have heard things are on track to launch by this year's holiday shopping season." CNet also says that Microsoft is prepping a program to offer Vista users an inexpensive alternative to updating to Windows 7.

My colleague over at ComputerWorld, Preston Gralla, also uncovered evidence in early January that Windows 7 will ship this year. Based on a leaked internal Microsoft memo regarding the Windows 7 upgrade program, Preston is "assuming that within two or three months of the July 1 date (upgrade program launch), Windows 7 will ship."

According to the leaked Microsoft memo, the Windows 7 Upgrade Program lets PC makers give free upgrades to Windows 7 for customers that purchase Vista computers starting July 1. The free or cheap update would be basically the

equivalent version of Vista to Windows 7. As previously reported, the versions in which Windows 7 will come are highly similar to Vista's.

Microsoft reiterated several times that Windows 7 might not be ready in time for this year's holiday season, sticking to their originally planned launch date in early 2010. However, if indeed Microsoft will give users who buy a new computer with Windows Vista a free/cheap copy of Windows 7 when the new OS becomes available, the launch date of W7 shouldn't be too far away.

PC World is an InfoWorld affiliate.

Will Microsoft let Windows 7 users downgrade to XP?

Downgrade rights for Windows 7 will be "hugely important," an analyst said Thursday, but he's not optimistic that Microsoft will let users continue to install Windows XP on new machines.

Microsoft has yet to reveal its plans for "downgrades" from Windows 7, the in-development successor to Vista , noted Michael Silver , an analyst with Gartner. But the issue is just as important for Windows 7 as it has been for Vista.

"Downgrade rights are hugely important for Windows 7," said Silver. "Will Microsoft offer downgrades [from Windows 7] to XP? They've not answered that question yet. But it's really important."

Microsoft confirmed that it's not ready to spell out downgrades for the new OS. "Final decisions are still being made on details like end-user downgrade rights outlined in the applicable product license terms," a company spokeswoman said in an e-mail.

In Microsoft parlance, "downgrade" describes the Windows licensing rights that let users of newer versions replace it with an older edition without having to pay for another license. In effect, the license for the newer Windows is transferred to the older edition.

When Microsoft launched Vista in early 2007, it spelled out limited downgrade rights to the older Windows XP. Only buyers of PCs with pre-installed editions of Vista Business and Vista Ultimate could downgrade, and then only to Windows XP Professional. That path, however, became extremely popular as users balked at migrating to Vista, and instead bought new computers, then downgraded to XP Professional themselves or ordered systems that had been downgraded to XP at the factory.

Microsoft has recognized the continued popularity of XP in the Vista years. In the last three months of 2008, for example, it extended the availability of XP to both small and large computer makers, pushing out cut-off dates to the end of May and July 2009, respectively.

However, Silver is not optimistic that Microsoft will continue the practice and allow customers with Windows 7 licenses to transfer them to XP. "We're extremely confident that Microsoft will offer free downgrade rights [from Windows 7] to Vista," said Silver. "But will Microsoft do the right thing for customers and give them downgrade rights to XP, or will it try to get some additional revenue out of the situation? At this point, it's hard to tell."

Saying he's somewhat "on the fence" about whether Microsoft would, in fact, offer downgrades from Windows 7 to XP, he quickly added, "I think that there's a slightly better chance that they won't."

The problem facing businesses still running Windows XP, said Silver, is that without downgrade rights they would be forced to make a very tough choice when Windows 7 debuts, and presumably sweeps Vista from new PCs.

"For companies running XP that don't have Software Assurance, no downgrade rights means they will have to get machines pre-installed with Vista," he said, describing the first 12 to 18 months after Windows 7's launch. That's when business typically swear off a new operating system as they test it and their applications, or simply wait out the inevitable bugs that pop up early in an OS's life.

"For the first year or so of Windows 7, organizations using XP will either have to buy Software Assurance or pay for a [Windows 7] upgrade later for those Vista machines," said Silver.

Microsoft's Software Assurance, a type of "buyer protection" program that gives companies rights to all upgrades for a specified period in exchange for annual payments, also allows corporate administrators to freely downgrade any edition of Windows.

Silver's doubt about Microsoft's plans for Windows 7 downgrade rights stems in part from hints by the company about sticking to a Vista-only policy. "If it offers only downgrades to Vista, Microsoft will try to say that it's policy [to limit downgrades] only to the last version," he said. "But that's not true. With XP, they gave downgrades to [Windows] 2000 and [Windows] NT 4.0 and [Windows] 98. In other words, there is precedent for downgrades to more than just one version."

Although Microsoft has revealed some details about Windows 7, including the multiple versions it expects to distribute, it continues to keep other information secret, including the prices it will charge for the new OS and the eventual ship date.

As of earlier today, Microsoft has halted all downloads of Windows 7 beta, the only preview it's offered to the general public. Steven Sinofsky, the senior vice president in charge of the Windows engineering group, however, has said that the company will move directly to a release candidate , and skip the usual multiple betas.

Computerworld is an InfoWorld affiliate.

Report: China Unicom to hold iPhone talks with Apple

China United Telecommunications (China Unicom) is reportedly sending top executives to meet with Apple in the U.S. next month as rumors that the operator plans to bring the iPhone to China gain steam.

China Unicom executives are going to the U.S. to negotiate with Apple over the introduction of the iPhone , and are likely to set a release date, according to a report (in Chinese) carried by Sina.com, citing "knowledgeable sources."

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

China Unicom plans to launch WCDMA (Wideband Code Divison Multiple Access) 3G services in May.

In recent months, Apple had been rumored to be holding talks with China Mobile, the country's largest mobile operator, about selling the iPhone in China. But those talks were always a long shot due to technological and business reasons, and lately rumors have been circulating that China Unicom is talking to Apple about selling the iPhone.

The 3G iPhone supports WCDMA, which is widely used in Asia, North America and Europe. However, China Mobile was granted a license to offer 3G services using TD-SCDMA (Time Division Synchronous CDMA), a different 3G technology that was developed in China and is significantly less mature from a development standpoint.

Even before Chinese regulators made the news official last month, China Mobile was long been expected to receive a license for TD-SCDMA, not WCDMA. For China Mobile to offer the 3G iPhone, Apple would be required to redesign the handset using new components that would need to be sourced from different suppliers. These changes would greatly increase the cost to Apple and likely result in higher prices for end users.

One of the main sticking points between Apple and China Mobile was the Apple Store, which the company uses to sell and distribute third-party applications, Sina reported. This was a sales channel that China Mobile, which has its own plans for an application store. did not want to yield to Apple's control.

For this reason, a deal to bring the iPhone to China will likely involve significant concessions from China Unicom to meet Apple's requirements, the report said.

With global effort, a new type of worm is slowed

There have been big computer worm outbreaks before, but nothing quite like Conficker .

First spotted in November, the worm had soon infected more computers than any worm in recent years. By some estimates it is now installed on more than 10 million PCs. But ever since its first appearance, it has been strangely quiet. Conficker infects PCs and spreads around networks, but it doesn't do anything else. It could be used to launch a massive cyberattack, crippling virtually any server on the Internet, or it could be leased out to spammers in order to pump out billions upon billions of spam messages. Instead, it sits there, a massive engine of destruction waiting for someone to turn the key.

[ Related: "Microsoft puts $250,000 bounty on Conficker worm" | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Until recently, many security researchers simply didn't know what the Conficker network was waiting for. On Thursday, however, an international coalition revealed that they had taken unprecedented steps to keep the worm separate from the command-and-control servers that could control it. The group is comprised of security researchers, technology companies, domain name registrars who have joined forces with the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Internet's Domain Name System.

Researchers had taken apart Conficker's code and discovered that it uses a tricky new technique to phone home for new instructions. Each day, the worm generates a fresh list of about 250 random domain names such as aklkanpbq.info. It then checks those domains for new instructions, verifying their cryptographic signature to ensure that they were created by Conficker's author.

When Conficker's code was first cracked, security experts snatched up some of these randomly generated domains, creating what are known as sinkhole servers to receive data from hacked machines and observe how the worm worked. But as the infection became more widespread, they began registering all of the domains -- close to 2,000 per week -- taking them out of circulation before criminals had a chance to tell their infected computers what to do. If ever the bad guys tried to register one of these command-and-control domains, they would have found that they'd already been taken, by a fictional group calling itself the "Conficker Cabal." Its address? 1 Microsoft Way, Redmond Washington.

This is a new kind of cat-and-mouse game for researchers, but it has been tested a few times over the past few months. In November, for example, another group used the technique to take control of domains used by one of the world's largest botnet networks, known as Srizbi , cutting it off from its command-and-control servers.

With thousands of domains, however, this tactic can become time-consuming and expensive. So with Conficker, the group has identified and locked up names using a new technique, called domain pre-registration and lock.

By dividing up the work of identifying and locking out Conficker's domains, the group has only kept the worm in check, not dealt it a fatal blow, said Andre DiMino, co-founder of The Shadowserver Foundation, a cybercrime watchdog group. "This is really the first key effort at this level that has the potential to make a substantial difference," he said. "We'd like to think we've had some effect in crippling it."

This is uncharted territory for ICANN, the group responsible for managing the Internet's address system. In the past, ICANN has been criticized for being slow to use its power to revoke accreditation from domain name registrars who have been widely used by criminals. But this time it's getting praise for relaxing rules that made it hard to lock down domains and for bringing together the group's participants.

"In this specific case they greased the wheels so that things would move quickly," said David Ulevitch, founder of OpenDNS. "I think they should be commended for that. ... It's one of the first times that ICANN has really done something positive."

The fact that such a diverse group of organizations are all working together is remarkable, said Rick Wesson, CEO of network security consultancy Support Intelligence. "That China and America cooperated to defeat a malicious activity on a global scale... that's serious. That's never happened," he said.

ICANN did not return calls seeking comment for this story and many of the participants in the Conficker effort, including Microsoft, Verisign, and the China Internet Network Information Center (CNNIC) declined to be interviewed for this article.

Privately, some participants say that they do not want to draw attention to their individual efforts to combat what may well be an organized cybercrime group. Other say that because the effort is so new, it is still premature to discuss tactics.

Whatever the full story, the stakes are clearly high. Conficker has already been spotted on government and military networks and has been particularly virulent within corporate networks. One slip-up, and Conficker's creators could reprogram their network, giving the computers a new algorithm that would have to be cracked and giving them an opportunity to use these computers for nefarious purposes. "We have to be 100 percent accurate," Wesson said. "And the battle is a daily battle."

(Sumner Lemon in Singapore contributed to this report.)

Apple issues massive security update for Mac OS X

Apple today issued multiple updates for Mac OS X and Java that patched 55 bugs, including one for its Safari Web browser that prompted a security researcher to blast the company for a half-hearted approach to security.

The updates were the largest released by Apple in nearly a year.

[ Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

The year's first bug updates from Apple patched 48 security vulnerabilities in the company's operating system and its components, four in Apple's implementation of Sun Microsystems' Java, two non-security flaws it admitted it had introduced with faulty code in Mac OS X 10.5.6, and one fix it said was a "proactive security measure." The majority of the bugs -- 32 altogether -- were in open-source components or software not originally crafted by Apple, as in the case of the quartet of Java flaws.

But the Safari vulnerability may be the one most people remember.

According to Brian Masterbrook, one of the three researchers Apple credited with reporting the Safari bug, Apple had information about the flaw more than seven months ago. "After six months passed without a fix, I decided to post a warning on January 11, 2009, due to my judgment that this issue could be exploited at any time as long as it remained unfixed," Masterbrook said in an entry to his blog Thursday , after Apple had delivered its updates. Masterbrook had posted some information about the bug, as well as a workaround to temporarily disable the RSS feed feature in the browser, in a Jan. 11 warning .

The RSS vulnerability -- present in both the Mac and Windows versions of the browser -- could be used to introduce attack code from a malicious Web site. All criminals had to do, said Masterbrook, was dupe users into visiting such a site. Attacks based on tempting users to a rogue site are commonplace on the Internet, although the vast majority of them are aimed at Windows users.

"This vulnerability...does not require intricate knowledge of the processor or operating system to exploit," Masterbrook said today. "I discovered it accidentally, which indicates that this issue could also be discovered by others. These two factors should have indicated to Apple that this vulnerability carried a high risk."

He took Apple to task for the way it handles reports of security vulnerabilities, and patches its software. "It took seven months for Apple to patch this latest vulnerability in Safari, despite numerous opportunities for it to be addressed in updates that were already scheduled," he said. "OS X users are at this point in the unenviable situation of hoping that Apple starts taking these issues more seriously before phishing exploits, drive-by malware, and viruses become widespread on the platform."

Apple addressed the Safari flaw in both the Security Update 2009-001 for Mac OS X , and in a separate update for Windows users that bumped up the browser to Version 3.2.2. While recent data puts Safari's overall browser usage share at 8.3 percent, the Windows edition accounted for a scant 0.3 percent last month, about a quarter the share of Google's Chrome .

The company last patched Safari in November 2008, when it updated the browser twice in less than two weeks to plug more than a dozen holes.

Other parts of Mac OS X that Apple patched today ranged from the Pixlet codec -- which contained a bug that could be triggered by a malformed movie file -- and the Folder Manager to the printing module and Remote Apple Events, which could be exploited to steal information.

The separate Java updates -- one aimed at Mac OS X 10.4, a.k.a. Tiger, the other targeting Mac OS X 10.5, or Leopard -- fixed four vulnerabilities for each version of Apple's operating system, and brought the software up to par with patches Sun released two months ago .

Apple last patched its operating system in mid-December 2008, when it fixed 21 flaws . Today's patch tally was more than double that, and considerably higher than other large security updates the company issued last year, including a 40-bug release in October . In fact, today's update was the largest by Apple since a 90-fix update in March 2008.

Security Update 2009-001 and the Java updates can be downloaded manually from the Apple site or installed using Mac OS X's built-in patch service. Safari 3.2.2 for Windows can be downloaded from the Apple site.

Computerworld is an InfoWorld affiliate.

Microsoft lashes out at Adobe over Silverlight comments

Microsoft is crying foul over recent comments made by an Adobe executive that Silverlight has "fizzled" as a competitor to Adobe's Flash.

In his blog, Tim Sneath, director of the Windows and Silverlight technical evangelism team, accused Adobe Executive Vice President and CFO Mark Garrett of "living in a fantasy world" if he thinks that Silverlight adoption is waning.

[ Yesterday, Microsoft unveiled Moonlight 1.0, which brings Silverlight to Linux and Unix | Test Center: Silverlight 2. ]

"The idea that Silverlight is in anything other than rude health is more to do with what Adobe would like to be the case, rather than what actually is the case," he wrote in the blog posting. "The suggestion that 'Silverlight adoption has fizzled out in the last 6-9 months' is pretty risible, in fact. For starters, Silverlight 2 shipped four months ago, and in just the first month of its availability, we saw over 100 million successful installations just on consumer machines. That doesn't sound like 'fizzling out' to me."

Sneath was responding to comments Garrett made when answering a question about Silverlight and the competitive landscape at the Thomas Weisel Partners Technology & Telecom Conference 2009 in San Francisco on Tuesday. In his comments, confirmed Thursday by an Adobe representative, Garrett said Silverlight adoption was strong when the technology was right out of the gate but has tapered off in the past six to nine months.

Sneath's reference to Silverlight 2, the second version of the technology, is key to his defense of the technology. Silverlight, which comprises a tool for developing and designing Internet applications and a media player for delivering content, was first introduced in 1.0 version in April 2007. However, it wasn't until the release of Silverlight 2 that the technology was fully baked and became truly viable as an alternative to Adobe Flash.

But Microsoft has lost customers when Silverlight didn't live up to its expectations, even after Silverlight 2 was released. MLB.com, which switched from Flash to Silverlight to stream live baseball games beginning in August 2007 with Silverlight 1.0, said in November -- a month after 2's release -- that it was dumping Silverlight and had signed a two-year deal with Adobe to use Flash again for live streaming.

That said, some high-profile Web sites have used Silverlight 2 to live-stream some notable events recently -- the inauguration of U.S. President Barack Obama last month and the 2008 Summer Olympics in August among them.

In his post, Sneath pointed out some other recent high-profile Silverlight customers, not just in the U.S. but also overseas. In the U.S., both Netflix and the Home Shopping Network launched on-demand services that use Silverlight, he said. In Europe, satellite broadcast network Sky launched a video-on-demand service using Silverlight in December, and the technology also is being adopted for television broadcasting portals in Japan and Korea, Sneath added.

But Flash has had a significant head start and adoption of the technology remains strong, according to Adobe, which has been doing some touting of its own, lately not just about Flash but also about a new technology, AIR (Adobe Integrated Runtime). AIR allows developers to use the same tools with which they build Web-based applications to create desktop apps.

Two weeks ago, Adobe said the newest version of Flash, Flash 10, was installed on more than 55 percent of computers worldwide in the first two months of its release and is expected to surpass 80 percent adoption by the second quarter, the fastest installation rate of any versions of the technology. Moreover, AIR has reached nearly 100 million installations in less than a year after release.

Flash is actually gaining momentum since Microsoft released Silverlight, according to comScore research for 2008 that shows Flash increasing its worldwide share of video on the Web from 66 percent to more than 80 percent.

Also, although Silverlight has scored some high-profile Web sites as customers, enterprise developers have said its adoption among businesses -- a scenario in which it actually has an advantage over Flash because of Microsoft's historical strength in that market and the ability of developers to use .NET tools to build Silverlight applications -- has been lackluster.

Developers cited Silverlight 2's launch during an economic recession -- when businesses, particularly enterprises, are hesitant to adopt new technologies -- as a factor hampering its adoption.

Microsoft puts $250,000 bounty on Conficker worm

Microsoft is trying to put some pressure on the criminals responsible for the worst Internet worm outbreak in years, offering a $250,000 reward for information leading to the arrest and conviction of Conficker's creators.

The software vendor said it was also working with security researchers, domain name registrars, and the Internet Corporation for Assigned Names and Numbers (ICANN) to try to take down the servers that have been launching the Conficker attacks. ICANN is the nonprofit corporation that oversees Internet addresses.

[ In his Security Adviser blog, Roger A. Grimes discussed how the Conficker worm upped the ante for security. ]

"The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together," said Greg Rattray, ICANN chief Internet security adviser, in a statement released Thursday. "ICANN represents a community that's all about coordinating those kinds of efforts to keep the Internet globally secure and stable."

Conficker, also known as the Downadup worm, takes advantage of a critical bug in Microsoft's Windows operating system, which was patched last October. Since late December, the worm has emerged as one of the worst computer threats in years, infecting more than 10 million computer systems worldwide, including PCs within the British and French militaries.

If Conficker's author lives in a part of the world that's known to be soft on cybercrime -- Russia, the Ukraine, or Romania, for example -- it may be hard to get a conviction, said the editor of the Hostexploit.com cybercrime research site, who goes by the pseudonym Jart Armin.

On the other hand, the $250,000 reward may be an incentive to hackers who may know who's responsible. Typically, hackers get paid about $10,000 by organized crime groups for writing an attack that reliably works on a significant number of computers, Armin said.

This isn't the first time Microsoft has offered such a bounty. In 2005, it paid $250,000 to two people for identifying Sven Jaschan, the teenager who wrote the Sasser worm.

Ballmer asks Congress to pass stimulus

Microsoft CEO Steve Ballmer urged Congress in a letter to quickly pass the stimulus bill "to begin to put our country back on the path toward long-term economic growth."

Ballmer sent the letter to all members of Congress, expressing his hope that the bill will help create and save jobs, improve education, encourage research and development, and extend broadband coverage.

[ Special report: IT and the economic crisis. ]

"We are experiencing a once-in-a-lifetime economic crisis," he wrote. But the crisis offers an opportunity to get the economy going and rebuild investor and consumer confidence, he said.

Education and training will be key to making sure people have the right skills as technology advances, Ballmer said. "This final package includes significant investments in human capital -- in the citizens of our country. America is second-to-none in turning ideas into innovations," he wrote.

That confidence in the American workforce comes even as Microsoft is under fire for continuing to push the government to loosen restrictions on foreign workers. Microsoft filed a proposal (PDF) for reform of the foreign skilled-worker visa program with Barack Obama's transition team days before the company announced layoffs of 5,000 people. Some critics wonder why Microsoft needs more foreign workers as it is laying off thousands.

In addition to support for education, the government needs to make a long-term commitment to research and development and encourage the private sector to do the same, Ballmer wrote.

He also expressed support for items in the bill that will help extend the reach of broadband and use technology to transform health care. "We believe information technology can help create a connected health system that delivers predictive, preventive, and personalized care -- a system that will improve the health of Americans and help control health care spending," he wrote.

Ballmer sent the letter on Wednesday.

The U.S. Senate and the House of Representatives have each passed slightly different versions of the stimulus bill. They are now working on hammering out the differences, which include different-size investments in health IT, a smart electricity grid, and broadband projects in rural areas.

HP unveils blade PCs and Citrix virtualization bundle

HP is unveiling the fourth generation of its blade PC line and bundling the devices with Citrix XenDesktop 3 virtualization software.

The HP BladeSystem bc2800 and bc2200, due out in March, sit inside the datacenter, letting users connect to them from any location and device, whether it be a thin client, laptop, or regular desktop. Unlike a VDI (virtual desktop infrastructure) model in which multiple virtual machines are contained on a single server, each blade PC can only serve one user at a time. But 280 of them can fit into a single rack, and client virtualization software helps deliver benefits related to security, availability, management, and flexibility, according to HP.

[ Keep up with the latest in virtualization news with David Marshall's virtualization report. ]

"Blade PCs are offering knowledge workers a dedicated and predictable resource," says Dan Nordhues, director of marketing for blade clients at HP. "Because it's in the datacenter, you get all the advantages of the user endpoint being able to be anywhere."

While the HP blade PCs themselves will be released in March, availability for the bundle including both the PCs and Citrix XenDesktop software has not been announced. Pricing has also not been detailed.

The user experience is pretty much the same whether a customer chooses Citrix virtualization software or HP's client virtualization tools, which include the HP Session Allocation Manager and Remote Graphics Software. But HP is trying to reach out to Citrix customers by giving them the option of using XenDesktop, Nordhues says.

Customers can also choose virtualization software from VMware, Nordhues says, although an announcement issued by HP Wednesday highlights only the relationship with Citrix.

The HP bc2200 uses a single-core AMD Athlon 64 processor, while the bc2800 is based on a dual-core AMD Turion processor. Both blades are preinstalled with Windows Vista Business edition and support additional Windows operating systems and Linux.

The blade PC model typically costs more up-front than the purchase of individual desktops, but can deliver ROI in the long run in part by lowering energy costs, HP officials say. HP says its blade PCs use 25 watts each.

Other benefits promised by HP include simplifying software and hardware management; maximizing resource utilization; securing sensitive data in the datacenter; and higher availability. If a user is connected to a blade PC that fails, the user can simply log in again and get a new one, Nordhues says. Even though there is a one-to-one relationship between user and blade at any given time, the users don't have to use the same machine every day.

Customers sometimes opt for blade PCs when they are dissatisfied with the VDI model, either because management software is difficult to use or the cost-per-seat was not what they hoped, Nordhues says. But the client virtualization market overall has not yet taken off as much as vendors hoped. "It's a new paradigm," he says. "Some people don't want to be early adopters."

Network World is an InfoWorld affiliate.

Samsung delays Google Android phone

Contrary to recent speculation, Samsung will not announce a mobile phone based on Google's Android mobile operating next week, the company says. The release of the Android-based phone has been delayed until the second half of this year, Samsung says.

Samsung was expected to introduce the Android phone next week at the Mobile World Congress (MWC) in Barcelona, but the company's head of marketing, Younghee Lee, dismissed the rumors in an interview with the British newspaper The Guardian.

[ Related: It has been speculated that Asustek's new Eee Phone will offer Google's Android software | Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

Lee confirms that the company's Android handset won't be ready in time for MWC next week, and tells the British newspaper the company is "planning internally" a release for the second half of the year.

Many other manufacturers are lined up to release Google Android mobile devices this year. The T-Mobile G2, produced by Taiwan-based HTC, is rumored to come out in May, and Sony Ericsson, Motorola, LG, Asus, and Toshiba are expected to launch Android devices sometime this year as well.

Some say Samsung's Android phone will be thin and glossy, similar to the company's Omnia and Instinct models. But what it -- or any of the new Android phones -- will look like is unknown, as no one has released any specifications or pictures of their upcoming devices.

PC World is an InfoWorld affiliate.

Friday, February 13, 2009

IT News HeadLines (InfoWorld) 13/02/2009

No comments: