Monday, November 24, 2008

Researchers Find Vista Kernel Memory Security Bug

Windows Vista may have a potential buffer-overflow security problem, according to researchers at Innsbruck, Austria-based enterprise security firm Phion. On Friday, the researchers described an exploit involving the iphlpapi.dll application programming interface.

The researchers passed illegal PrefixLength values to routing tables using the CreateIpForwardEntry2 method. It corrupted Vista's kernel space memory, they explained.

"When adding a route entry to the IPv4 routing table using the method CreateIpForwardEntry2 and passing an illegal value greater than 32 [2] for the destination PrefixLength member in the DestinationPrefix structure contained in the MIB_IPFORWARD_ROW2 structure [3], kernel space memory is being corrupted resulting in random blue screen crashes," wrote Thomas Unterleitner, a member of Phion's research team.


The team had used a program to corrupt Vista's memory. However, they also tried passing illegal values using the "route add" command and got the same results.

The problem affects security at the client level and could enable code injection, according to Unterleitner. However, the exploit requires administrative privileges to carry it out. A spokesperson for the Microsoft Security Response Center said in an e-mailed response that they were unaware of any affects on customers.

"To exploit the vulnerability, the attacker would have to already be a privileged user on the system; either an Administrator or part of the network administrator's group, which limits the impact of this attack to users that already have a high-level of trust on the system," the spokesperson wrote.

Phion first informed Microsoft of the problem on Oct. 22. The company is providing a workaround solution for users of its netfence entegra client security solution. However, Microsoft's spokesperson wrote that the company can't vouch for "third party security updates or mitigations."

The Microsoft spokesperson did not say when the company planned to issue a fix, but Unterleitner told ZDNet UK that "Microsoft will ship a fix for this exploit with the next Vista service pack."

Windows Vista Service Pack 2 Beta was released to private testers in late October, but the final release awaits meeting certain quality improvements, according to Mike Nash, Microsoft's corporate vice president for Windows product management, in an announcement. No date for Vista SP 2 is specified as yet.

The exploit affected Vista Enterprise and Vista Ultimate editions, but it likely affects other Vista versions, Unterleitner wrote. Windows XP is not subject to this buffer-overflow security problem.


Microsoft Ups Exploit Code Warning
Microsoft Faced Big Issues in Fixing SMB Hole
‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected

IBM-Based Systems Top List of 'Greenest' Supercomputers

The latest iteration of the Green500 list was released at the SC08 supercomputing conference in Austin, Texas. It is the first time high-performance computers have executed more than 500 million floating-point operations/sec (megaflops) for every watt of energy they used, according to the list's compilers.

The most energy-efficient supercomputer is a 2,016-processor machine at the University of Warsaw's Interdisciplinary Centre for Mathematical and Computational Modeling. The system, based on IBM BladeCenter QS22 servers, produced more than 536 megaflops per watt.

That system and the next six systems on the list run IBM's multicore Cell Broadband Engine (Cell/B.E.) processor. Four of those systems use IBM's new QS22 blade server. The top four machines all achieved more than 500 megaflops per watt.


Overall, the participating supercomputers showed a 17 percent increase in energy efficiency since the last edition of the ranking, released in June.

Wu Feng and Kirk Cameron, associate professors at Virginia Tech, started the Green500 in 2006 as a way to encourage supercomputer developers to think more about the amount of energy their creations consume. In the past few years, supercomputer managers have started to notice that the increasing size of their machines brought about a corresponding increase in energy bills.

"For decades now, the notion of performance has been synonymous with speed," the Green500 Web site states. "This particular focus has led to the emergence of supercomputers that consume egregious amounts of electrical power and produce so much heat that extravagant cooling facilities must be constructed to ensure proper operation."

The Green500 list is compiled from the biannual Top500 list of supercomputers, the latest iteration of which was released earlier.

Top500 participants were encouraged to submit data on the average amount of energy their systems used during a Linpack run, a benchmark that determines their rankings on the Top500. Positions on the Green500 are calculated by dividing the Linpack score, measured in flops, by the average amount of wattage used during the testing.

In the latest Green500 compilation, 276 of the top 500 sites submitted their energy usage, a 19.5 percent increase from the number of submissions in June. The list's compilers estimated the rest of the scores.


Energy Department Supercomputer Poised To Be World’s Fastest
Seth Rogen’s ‘Green Hornet’ Will Tell Hero’s Origin Story Because ‘No One Knows Anything About The Green Hornet’
‘Twilight’ Takes A Big Bite Out Of The Box Office With Record-Breaking Opening Weekend

Saturday, November 22, 2008

ISO/IEC Publishes Office Open XML Standard

ISO/IEC on Tuesday published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.

The main goal in promoting OOXML as an international standard was to support document preservation. Governments and organizations currently use older binary or "legacy" document formats that may be unsupported by present-day or future commercial software applications.

The standardization process for OOXML through the International Organization for Standardization (ISO) was filled with contention. A report by analyst firm Gartner, hosted by Microsoft (PDF), depicted the tension surrounding the standardization of ISO/IEC 29500:2008 as largely due to vendor squabbles and positioning.


"ISO's approval of OOXML on 2 April 2008 capped more than 18 months of bitter arguments motivated largely by vendor interests (and came nearly two years after ISO approved ODF as a standard)," wrote Gartner analyst Michael Silver in the report, "ISO Standard 'Office' Formats Overpromise Compatibility."

ODF, or OpenDocument Format, is an ISO standard that similarly describes file formats used for presentations, spreadsheets and word processing. ODF is backed notably by IBM and Sun Microsystems, both of which offer free Office-like productivity suites.

Silver's report notes that neither ODF nor OOXML ensures "100 percent fidelity." A document created in application using one format will lose some details and visual presentation when opened in a similar application using the other document format.

Silver's report doesn't mention complaints about the ISO fast-track process itself, which involved studying a document of more than 6,000 pages. Participating members complained about not seeing the final changes before voting. There also were questions about why the publication of the ISO/IEC 29500:2008 standard was delayed after approval.

In September, five months after ISO/IEC 29500:2008 was approved, IBM issued an announcement stating that it would review its participation in standards bodies "based on the quality and openness of their processes, membership rules, and intellectual property policies." The company planned a November summit to release its recommendations.

IBM's announcement does not mention complaints about the OOXML ISO process as a reason for its review. However, observers involved in the ISO/IEC 29500 process, such as Alex Brown, convener of ISO/IEC JTC 1 SC3 4 WG1, made that link.

Microsoft's original OOXML spec is different from the ISO/IEC 29500:2008 standard. The international standard is the product of months of feedback from technical committees and final votes by participating-member countries. OOXML was fast-tracked according to ISO's Joint Technical Committee 1 rules. It had been recommended to ISO by Ecma International, which had earlier approved it as an Ecma standard.

The four-part ISO/IEC 29500:2008 document is currently available for purchase for $279.13 (342 Swiss francs) from the ISO Store. The total number of pages, with all four parts, is 7,229 pages.

A description of the ISO/IEC 29500:2008 document is provided in ISO's press release.


OASIS Forms ODF Interop Committee
‘Madagascar: Escape 2 Africa’ Knocks ‘High School Musical 3′ Off Box-Office Peak
First Look: OpenOffice.org 3.0

Dynamics NAV 2009 Coming Next Month

Microsoft exec Kirill Tatarinov on Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.

The NAV 2009 product, designed for small-to-medium businesses, is expected to be available on Dec. 1 in a number of countries.

Tatarinov, who is Microsoft's corporate vice president for Microsoft Business Solutions, addressed an audience of customers and partners. It wasn't the best of times to be talking about a new product launch. However, despite the bad economy, "more than 50 percent of successful Dow Jones companies actually got started in times of recession," he noted.


Tatarinov emphasized the user experience in Microsoft Dynamics NAV 2009. It has been designed to have a "look and feel just like Office," he said. In addition, Microsoft provides 24/7 online training support to get its customers up to speed.

The product features an upgraded roles capability, letting users see screens relating to their job functions.

"With NAV 2009 we are shipping 21 pre-configured roles that address the needs of specific personas in organizations," Tatarinov said, adding that they can be customized or expanded by Microsoft's partners.

NAV 2009 also features integration with Microsoft SQL Server 2008 to enable business intelligence capabilities. Tatarinov said that the integration makes it possible to "make sure that everybody in the organization…gets access to sophisticated business analytics."

The last new element to NAV 2009 is its incorporation of Web services using "pre-integrated interfaces," Tatarinov said. As an example, he presented a product demo of an order-processing scenario in which a product delivery date gets checked by calling a service.

At some point, NAV 2009, and other Dynamics products, will be integrated with Windows Essential Business Server, Tatarinov said.

"We're announcing that the entire portfolio of Dynamics products will be integrated, tightly integrated, with the recently announced Windows Essential Business Server, which is a server solution addressing the needs of medium-sized organizations with out-of-the-box integration of the entire portfolio of security tools, management tools, and the rest of the infrastructure tools," he said.

Microsoft announced the general availability of Windows Essential Business Server 2008 just last week.

The integration components will be add-ins to Windows Essential Business Server 2008, allowing the administration of Microsoft Dynamics via a single console. Microsoft has already provided this add-in capability for Microsoft Dynamics AX 2009 users.

Users of Microsoft Dynamics CRM 4.0 will have the ability to create customer self-service Web-based interfaces using a feature called "eService Accelerator for Microsoft Dynamics CRM 4.0," which will be available by the end of the year.

General availability for Microsoft Dynamics NAV 2009 varies by country. Dec. 1 is the planned date for the following countries: Australia, Canada, Denmark, France, Germany, India, Ireland, Italy, Mexico, the Netherlands, New Zealand, Spain, United Kingdom and United States.

More Microsoft Dynamics NAV details can be found at Microsoft's Web site here.


Wayans Brothers Have Their Sights Set On Singing, Dancing Teens In ‘Dance Flick’
PDC: Microsoft Previews Windows Server 2008 R2
Red Hat Expands HPC Solution Availability

Thursday, November 20, 2008

Microsoft Hires Yahoo Search Team Engineer

Microsoft is hiring a member of Yahoo's search team who is considered to be a key engineering asset. Sean Suchter, Yahoo's vice president of search technology, resigned from Yahoo on Wednesday and will join the Microsoft Live Search team.

Suchter will start work at Microsoft's Silicon Valley Search Technology Center on Dec. 22, according to a statement obtained by Mary-Jo Foley and attributed to Satya Nadella, Microsoft's senior vice president of search, portal and advertising.

Suchter's departure from Yahoo was reported on Wednesday by ValleyWag, which published a letter to the Yahoo search team from Tuoc Luong, Yahoo's senior vice president of search worldwide. The letter confirms Suchter's resignation and renews the call for Yahoo to compete against Google in the search advertising market.


ValleyWag's source called the loss of Suchter "the end for Yahoo Search," describing him as a key executive.

"If Microsoft has convinced him to leave and join them, they won't need to buy Yahoo Search," the tipster said.

Suchter's resignation coincidentally comes two days after Yahoo announced that Jerry Yang will be stepping down as Yahoo's CEO. The company has also announced a plan to cut around 1,500 people after experiencing a flat third quarter.

Yang was involved in negotiating a hostile takeover bid for Yahoo begun by Microsoft in late January. Microsoft stepped away from its offer in May, but kept the door open to buying Yahoo's search business.

Yahoo rejected Microsoft's bid to buy just the search business in June. A sale to Microsoft "would leave the company without an independent search business that it views as critical to its strategic future," the company stated in a press release.

Yahoo's stock hit a new low today compared with its 52-week period, closing at $8.95 per share in after-hours trading.

Yesterday, Microsoft's CEO Steve Ballmer told shareholders that Microsoft was "done" with trying to acquire Yahoo but would consider a search collaboration deal.


Sun and Microsoft Ink Live Search Deal
‘W.’ Star Josh Brolin Says Portraying A Sitting President Made The Project ‘More Attractive’
Former MSN Exec Braves the Slopes at Yahoo

IE8 Release Candidate Coming on 1Q 2009

Microsoft's Internet Explorer 8 apparently will have its product debut sometime next year, according to an announcement released on Wednesday by the company. The Web browser is currently available as IE8 Beta 2, and Microsoft hopes to get some more feedback from the public and technical community before finalizing it.

A blog post by Dean Hachamovitch, Microsoft's general manager of Internet Explorer, laid out a time line for IE8's release.

The release candidate (RC) version of IE8 will be available in the "first quarter of 2009," Hachamovitch wrote, marking the end of the beta period.


"We want the technical community of people and organizations interested in web browsers to take this update [the RC version] as a strong signal that IE8 is effectively complete and done," he wrote.

After getting final feedback on the RC version, Microsoft plans to deliver the final product. Hachamovitch didn't provide a specific date. However, the time between RC and product release can be short. In the case of Silverlight, Microsoft's multimedia solution, it took just 17 days to go from RC to product release.

The announcement of the IE8 product time line drew some skeptical comments on Microsoft's IE blog. One reader wrote, "I hope the time between RC and RTM [release to manufacturing] is at LEAST 3 WEEKS so that we have time to sync up with whatever you actually plan to ship."

Another reader asked if all of the internal IE8 fixes were listed on the Microsoft Connect portal. "Kellie" of Microsoft (perhaps Kellie Eickmeyer, IE lead program manager) replied that the bug fixes would be posted "when the RC build is released."

At least three readers complained about testing a buggy Beta 2 version of IE8. They pleaded with Microsoft to release a third beta before the RC. "Please give us a testable beta before a release candidate," one wrote.

Microsoft wants feedback on "critical" matters, which Hachamovitch described as "issues impacting robustness, security, backwards compatibility, or completeness with respect to planned standards work."

The protocol for reporting bugs is described here. To download IE8 Beta 2, go here.


‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected
Vista SP2 Goes Out in Limited Beta

Free 'Morro' Anti-Virus To Replace Microsoft OneCare

Redmond is rolling out a free anti-virus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.

Microsoft, which unveiled Morro on Tuesday, also plans to phase out its subscription-based security and PC maintenance service called Windows Live OneCare.

Morro's release will protect a greater number of consumers, according to Microsoft's announcement. Critics, including competitors, see this as the death of Windows Live OneCare rather than the birth of something new.


"[Symantec] views [Microsoft's] announcement as a capitulation and a reinforcement of the notion that it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection," stated Rowan Trollope, Symantec's senior vice president of consumer business, in an e-mail.

The software giant said in its announcement that Windows Live OneCare will continue to be sold for Windows XP and Windows Vista at retail through June 30, 2009.

"Direct sales of OneCare will be gradually phased out when 'Morro' becomes available. Regardless of their method of purchase, Microsoft will ensure that all current customers remain protected through the life of their subscriptions," the statement said.

Time will tell on Microsoft's strategy, but one independent security vendor rep described it as a rebranding effort.

"I see nothing that tells me how Morro will be more or less effective than OneCare," said Tyler Reguly, security research engineer at nCircle. "It sounds like [Microsoft] spent time streamlining the efficiency of the anti-malware engine at the core of OneCare and is simply rebranding it on release."

Reguly added that he doesn't want to speculate on why the rebranding is occurring, but his best guess is that it's "due to stigma surrounding the Windows Live OneCare brand, which had numerous bad reviews and negative ratings in AV comparisons."

Microsoft describes Morro as utilizing less system resources than its OneCare predecessor, and it will have fewer features as well. It's designed to protect PCs that don't already have anti-virus programs installed. Gone are the process management and backup capabilities that came with OneCare.

From Shake-Up to Breakup?
Technologists had praised Microsoft's release of Windows Live OneCare when it made its debut in May of 2006. It was thought that OneCare would shake the applecart in the anti-virus market and reinvent the category by including backup and management features. At that time, AV vendors voiced concerns that Redmond would use its Windows market domination to push OneCare as it did Internet Explorer.

Such worries among competitors have dissipated. In 2007, Symantec held a 26.6 percent share of the $10 billion software security market. McAfee Inc., the runner up in the pack had 11.8 percent of the market, according to IT research firm Gartner.

"So even if it's free, the Microsoft 'OneCare-light' offering will certainly fare worse than its predecessor, essentially putting consumers at increased risk without additional protection," wrote Symantec's Rowan Trollope, in his e-mailed statement.

Serving the Underserved
Microsoft's perspective is that Morro will reach emerging markets that may be using entry-level PCs. Morro will be "architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs," according to Redmond's announcement.

"This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware," said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft, in a statement.

It's not clear how Microsoft will release Morro, but making it free is hardly a defeat for the company.

"With relatively insignificant marketing of OneCare, Microsoft still gained two percent market share in a couple of years. That's a large number of computers actually," said Randy Abrams, technical director of security firm ESET. "This decision to go to the free software is as far from a defeat signal as you can get."

Abrams added that the move simply "signals that Microsoft is willing to adopt different strategies to increase effectiveness."


‘Gears Of War’ Screenwriter Aims For ‘Gritty And Real’ Big-Screen Version Of Video Game
‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected
Microsoft Ups Exploit Code Warning
Worm Hits Windows 2000 in China

Wednesday, November 19, 2008

'IP Peace of Mind' Year 2 for Microsoft-Novell

Microsoft and Novell issued an announcement on Tuesday marking the two-year anniversary of their controversial agreement surrounding Linux patents. In addition, the companies described a couple of updates that they plan to make available to their enterprise customers.

One of the updates to come is Novell's plan to deliver an advanced management pack for SuSE Linux Enterprise to be used with Microsoft System Center Operations Manager 2007 R2. The pack is expected to be available in the first half of 2009, coinciding with the R2 release of Microsoft's management solution.

The advanced management pack will extend the capability of Microsoft's platform to manage both Windows- and Linux-based servers in one solution, according to the announcement.


The second development that the companies announced on Tuesday is the "upcoming beta availability of Moonlight," an open source version of the Microsoft Silverlight multimedia platform.

No date was announced, but Miguel de Icaza's blog stated on Nov. 10 that the Moonlight Beta 1 will be available "in the next few days." De Icaza is an open source software pioneer and vice president of the developer platform at Novell overseeing the Moonlight project.

In year two of their partnership, Microsoft and Novell have added "more than 200 new joint customers," according to the announcement. The partnership entails joint marketing, ongoing interoperability studies through an interoperability lab and intellectual property (IP) protection.

Under the deal, first announced in early November of 2006, customers that buy certificates from Microsoft get technical support on SuSE Linux Enterprise Server from Novell and IP indemnification from Microsoft. The indemnification is a promise from Microsoft not to sue SuSE Linux Enterprise Server users for unspecified IP violations of Microsoft's patents.

The program is designed for organizations running mixed Windows- and Linux-based computing environments, promising them "interoperability and intellectual property peace of mind."

"The interoperability and IP peace of mind that our agreement provides is clearly resonating with customers," said Susan Hauser, Microsoft's general manager of strategic partnerships and licensing, in a prepared statement marking the anniversary.

Hauser noted that Novell is offering a "new Expanded Support program" that extends to "even more customers, including those running Red Hat Enterprise Linux."

Red Hat was not one of the Linux distributors that joined Microsoft's IP protection plan.

One of the benefits of Novell's expanded support is helping users switch from Red Hat Enterprise Linux to Novell's solution. A Yankee Group study cited by veteran Microsoft watcher Mary-Jo Foley suggested that Red Hat lost some of its Linux server market share following the Microsoft-Novell agreement.

Microsoft early on tried to establish IP protection agreements with other Linux vendors, but it had few takers. Linspire, Xandros, LG Electronics and Turbolinux were among the few to agree.

The open source Linux community generally became incensed when a Microsoft exec told Fortune magazine that Linux operating systems violated 235 of Microsoft's patents.

As far as known, Microsoft has not actually carried out its implied threat to sue Linux users for violations of Microsoft's patents.


OASIS Forms ODF Interop Committee
Red Hat Expands HPC Solution Availability
‘W.’ Star Josh Brolin Says Portraying A Sitting President Made The Project ‘More Attractive’

Microsoft Demos New SQL Server Features at PASS

Microsoft today previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."

The company introduced the centralized app and system management capability at the annual Professional Association for SQL Server (PASS) Conference, being held this week in Seattle. Though PASS is an independent user association, Microsoft typically has a strong presence at its annual conferences because of the large number of SQL Server customers and partners that attend.

The Kilimanjaro preview was among a handful of incremental announcements at PASS this week, where Microsoft is focusing on convincing customers to upgrade to SQL Server 2008.


In the keynote address, Ted Kummert, corporate vice president of Microsoft's data and storage platform division, highlighted the new centralized app and systems management capability as the latest component in the company's effort to further bolster SQL Server as a platform for data warehousing and enterprise scale application development.

With Kilimanjaro, planned for release in the first half of 2010, customers will be able to consolidate data sources and increase the amount of information in the repository without degrading performance, according to the company.

Microsoft first outlined its most current SQL Server roadmap last month at its Business Intelligence (BI) Conference, also held in Seattle, where the company described Kilimanjaro as the next key update to SQL Server 2008. In an interview Tuesday in advance of Kummert's keynote, Quentin Clark, general manager of Microsoft's SQL Server group, said Kilimanjaro is not the next version of SQL Server; that will come within 36 months of the release of SQL Server 2008, which shipped this past summer.

"Kilimanjaro is really an add-on kind of release. It's not really a major release, it's not a new database," Clark said. "We will do bug fixes and other minor stuff but it's not a major release of the database engine."

That said, Clark acknowledged that the engine in SQL Server will be improved with Kilimanjaro. At the Windows Engineering Hardware Conference (WinHEC) in Los Angeles earlier this month, Clark demonstrated support for systems with more than 64 cores.

Microsoft said it is working with Hewlett-Packard Co., IBM and Intel for Kilimanjaro to support up to 256 logical processors running on the next release of Windows Server, called Windows Server 2008 R2.

In its bid to enable massive parallel processing in SQL Server, Microsoft has also begun talking up a technology under development, code-named "Madison." Slated for release during the Kilimanjaro timeframe, Microsoft said Madison, based on the technology it acquired in September from DATAllegro, will let organizations scale data warehouses to hundreds of terabytes. Microsoft said it will have a preview of Madison within the next 12 months.

A key component under development that will support Kilimanjaro are new tools under the code name "Gemini," which Microsoft unveiled at its October BI summit and outlined for PASS attendees. The goal of Gemini is to let a broader set of users manipulate data without relying on BI or IT experts.

Also at PASS, Microsoft officials talked up SQL Data Services (SDS), announced as part of its cloud services portfolio at last month's Professional Developers Conference (PDC) in Los Angeles.

The company announced customers who are beta testing SDS, among them NeoGeo, a German-based developer of database and storage solutions, and Infosys Technologies Ltd., a global provider of outsourcing services. NeoGeo is testing SDS for what it hopes will be a low-cost, cloud-based relational storage repository, while Infosys is building a service that could let car dealers share information online using SDS.


Microsoft Outlines Next-Generation Databases
‘High School Musical’ Star Ashley Tisdale Is Ready To Pass The Torch To New Co-Stars

Ballmer Spotlights R&D at Microsoft Shareholder Meeting

Microsoft held its Shareholder meeting for 2008 on Wednesday, and shareholders approved all nine board-member nominees on the proxy slate. Shareholders also approved two executive compensation measures, ratified Deloitte & Touche as Microsoft's independent auditor and defeated three shareholder-initiated proposals.

In response to a question, Microsoft CEO Steve Ballmer nixed the idea that Microsoft is planning to acquire Yahoo. Ballmer said Microsoft was "done with all of these [acquisition] discussions with Yahoo." However, he added that Microsoft is "very open" to doing some sort of search collaboration deal with the company.

The theme of the meeting, if there was one, was an appeal by Microsoft to preserve its long-term investment initiatives, particularly its research and development spending.


Ballmer said that Microsoft is still investing in research for the long term, and touted the benefits. He gave the example of Microsoft's expansion into the enterprise market, which many said Microsoft couldn't pull off. The decision to go that direction was made 20 years ago. Today, Microsoft's server and tools segment is a $13 billion business, he said.

Ballmer also pointed to Windows Azure, Microsoft's "operating system" in the cloud that was announced last month at the company's Professional Developers Conference. Ballmer described Windows Azure as the result of a multiyear investment, adding that it was "started out by two guys working on something."

Microsoft is in a leadership position, Ballmer said, despite the current troubled economic climate. He noted that "revenues jumped 18 percent last year to pass $60 billion." He added, "Operating profits are at 21 percent to $22-and-a-half billion, which makes Microsoft amongst the two or three top operating-income companies in the United States." He said Microsoft returned $16.5 billion to shareholders through stock buybacks and dividends.

"Our strong financial position allows us to reinforce our competitive advantage by continuing to invest in R&D, continue to make carefully targeted acquisitions and continue to take a long-term view of the investment required for future growth," Ballmer said.

He said that Microsoft is also looking at reducing its costs, utilizing its resources more and "reducing the head count for this financial year and the next financial year." However, its R&D investments will continue.

Microsoft's Chairman Bill Gates also spoke at the shareholder meeting. Gates noted that digital technology is becoming smaller, more powerful and more affordable. He said we are moving from the one billion people who use PCs today to broader use on mobile platforms, reaching many more people.

Gates also announced the retirement of Jon Shirley from Microsoft's board. Shirley, a past president at Microsoft, had joined the company in 1983, when Microsoft's sales were at $100 million. With Shirley off the board, the board now shrinks from 10 members to nine members.

Shareholders approved an executive officer compensation plan that would set an incentive pool at "0.35% of the Company's operating income for the 2009 fiscal year."

The proxy statement provided interesting compensation figures -- including salary, bonuses, stock awards and other compensation -- for the fiscal year that ended on June 30, 2008:

Ballmer received $1.4 million;Chris Liddell, Microsoft's senior vice president and chief financial officer, received $3.5 million;Kevin Johnson, Microsoft's president of the Platforms and Services Division, received $6.8 million;Jeff Raikes, president of the Microsoft Business Division, got $7.6 million; and Kevin Turner, Microsoft's chief operating officer, took in the most at $10 million.

An amendment to Microsoft's director compensation plan for nonemployees was approved by shareholders. It increases "the maximum number of shares of common stock that may be awarded to eligible non-employee directors from 10,000 to 20,000" shares, according to Microsoft's proxy statement.

Shareholders defeated all of the investor-proposed social measures. One of them was a proposal to strengthen Microsoft's efforts against the censorship of speech over the Internet, as carried out by some governments. A representative for the New York City Pension Funds said that Microsoft's recently announced anticensorship effort had been rejected by the human rights group Amnesty International as having too many loopholes.

The effort in question is called the "Global Network Initiative," which Microsoft announced it had joined in late October.

A second measure proposing a Board Committee on Human Rights at Microsoft was rejected as well.

Finally, a measure to better disclose company charitable contributions of $5,000 or more to various organizations was defeated. The argument in favor of doing that was somewhat rambling, but the shareholder proposing it appeared to oppose funding gay rights organizations.

The Webcast and proxy materials for Microsoft's 2008 Annual Meeting of Shareholders is available at the Microsoft Investor Relations page here.


Yang To Step Down as Yahoo CEO
‘Eagle Eye’ Sets Sights On Box-Office Crown
‘Beverly Hills Chihuahua’ Still Top Dog At Box Office

Tuesday, November 18, 2008

Microsoft Sues To Protect Visual Studio Users

Three companies are seeking indemnification from Microsoft after being sued for using technology associated with Microsoft's Visual Studio software development platform, according to an IDG News Service story published on Monday.

The case involves Allstate Insurance Co., Dell Inc. and Federal Express Corp. All three companies are targets of a federal suit filed in Delaware by WebXchange, according to a story by Nancy Gohring.

WebXchange, based in Menlo Park, Calif., holds a patent on an e-commerce routing technology. Microsoft filed a lawsuit last week in the U.S. District Court in San Francisco against the company. Microsoft seeks to have WebXchange's patents in the cases against the three companies declared invalid.


The WebXchange lawsuits affect Visual Studio, as well as the SOAP Protocol and Web services, according to a story by CNET News' Ina Fried.

A statement from Microsoft, cited by Fried, called WebXchange's patent infringement lawsuits "spurious," as well as "invalid and unenforceable."


‘Watchmen’ Set Visit: Zack Snyder’s Enthusiasm, The Owl Ship And … The Village People?
‘What Just Happened’: Reeling, By Kurt Loder
Microsoft Reveals Oslo Tools

Microsoft Unveils Exchange and SharePoint as Services

Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft -- Exchange Online and SharePoint Online -- which are now available to organizations of all sizes in the U.S. market. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.

The services previously were accessible at the beta level. Microsoft is now spotlighting their general U.S. public availability as part of its overall software plus services strategy. The company has already sold "more than half a million seats for Microsoft Online Services" in the past year, according to Microsoft's announcement.

This public launch comes after Microsoft's announcements of the Windows Azure cloud operating system and Azure Services Platform at its Professional Developers Conference late last month. Those announcements suggested a company shift by Microsoft toward building up its services capabilities.


Elop, who is president of thee Microsoft Business Division, told an audience at the San Francisco launch event yesterday that "Eventually, all Microsoft Web-based technology will be delivered from this foundation [Windows Azure and Azure Services Platform]."

Despite the buzz around Azure, Exchange Online and SharePoint Online currently are not offered from the Azure Services Platform, according to an article by veteran Microsoft watcher Mary-Jo Foley. Moreover, she cited a Forrester Research study indicating that what Microsoft is offering today is not full-featured versions of Exchange or SharePoint. Users wanting the full solutions can get the on-premises installed versions running on a server.

Elop told the launch audience that cost is the main reason why people would adopt online versions of Exchange and SharePoint.

"It is our estimate that between 10 and 50 percent cost savings can accrue to organizations that take advantage of this form of online services from Microsoft," Elop said.

Pricing for the online services is based on "pricing levels" associated with the number of users in an organization. Microsoft is promoting a "Business Productivity Online Standard Suite" that starts from "$15 per user per month." The suite includes "Exchange Online, SharePoint Online, Office Communications Online (coming soon), and Office Live Meeting," according to a Microsoft Online Services pricing page.

Alternatively, a free 30-day trial is available for those who will sign an agreement. Trial information is available here.

In addition to providing partner support, Microsoft has some automated tools to help organizations assess their planning called "Solution Accelerators for Microsoft Online Services."

Microsoft partner support is growing. The company counts "more than 1,500 companies" that have enrolled since July as online services partners.

Microsoft plans to offer new online solutions next year, including one that will add "IT management and security capabilities for businesses." More information is available at the Microsoft Online Services page here.


‘Saw’ Through ‘Saw V’ In One Night: 10 Hours Of Torture
PDC: Microsoft Office To Be Available as a Service
Final ‘Twilight’ Trailer, Shot By Shot: Romance, Violence … And Prom!

CIO Role Becoming More Strategic, Study Finds

CIOs have come a long way, but they haven't quite reached the status of "full and active participants" in creating strategies in organizations, according to a new study released this week by the Center for CIO Leadership.

The study, dubbed the "2008 CIO Leadership Survey," found that CIOs are increasingly leading change in the enterprise. It surveyed 300 CIOs in 45 countries spanning 32 industries. Respondents described their roles, with 91 percent of participants indicating that they have a "clear vision of how IT will drive business forward" and with 90 percent indicating that they "lead and influence others, even without formal authority."

Other findings about CIOs included:

85 percent head up initiatives "to ensure their organization is flexible for change";87 percent reported having "strong relationships" with other executives; and69 percent have "developed a process to delegate authority to enable time for strategy."


CIOs have strong positions but improvements can be made, according to Harvey Koeppel, executive director of the Center for CIO Leadership, in a statement released on Tuesday.

"The CIO is the only executive that has an end-to-end view of global business processes, and thus is uniquely positioned to move from technology implementer to strategic business advisor," Koeppel said. "Now, more than at any other time in recent memory, CIOs are better positioned to lead, and businesses have never been more open to the type of transformational improvements the CIO function can deliver."

However, to a certain extent, CIOs are still stuck in a technical role rather than a strategic one. Only 67 percent of respondents were "active participants" in developing strategy, and only 63 percent secured resources for technology-driven initiatives. Furthermore, only 64 percent reported having a plan in place "to grow and acquire talent."

More information on the "2008 CIO Leadership Survey" can be found at the Center for CIO Leadership's site here.


Survey Indicates Strong Demand for Networking Talent
‘Madagascar: Escape 2 Africa’ Knocks ‘High School Musical 3′ Off Box-Office Peak
Terrence Howard Loses ‘Iron Man 2′ Role To Don Cheadle: Report

Organizations Urged To Update WPA After Security Crack

A team of security researchers this week demonstrated an attack confirming that the Wi-Fi Protected Access (WPA) protocol can be compromised.

The good news, for vanilla WPA users at least, is that the attacks affect only WPA implementations that use the Temporal Key Integrity Protocol (TKIP) -- the lesser of two methods for securely exchanging pre-shared keys. Moreover, the vulnerability doesn't allow an attacker to completely recover a TKIP key.

The bad news is that an attacker can crack TKIP to decrypt traffic that's sent from a wireless access point (WAP) or router back to client devices and can crack an integrity checksum that (if properly manipulated) could enable them to insert up to seven custom packets into a data stream.


The upshot, according to industry watchers, is that organizations should either implement a more secure version of WPA (using the Advanced Encryption Standard algorithm, or AES) or switch to WPA2, the as-yet non-standard but (by all accounts) impregnable successor to WPA.

Security researchers Martin Beck and Erik Tews outlined their discoveries at the PacSec 2008 Conference, held this week in Tokyo.

Ahead of Beck and Tews' presentation, industry watcher Gartner Inc. urged its clients to take action and -- pursuant, it said, to its own long-standing recommendations -- make the switch to WPA2, which uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, or CCMP. (For the record, CCMP also uses the AES algorithm.)

The impetus, Gartner said, was clear: Even in the absence of a verified proof-of-concept -- much less a bona-fide WPA-cracking-exploit -- organizations need to seriously think about shifting away from WPA and toward WPA2.

For one thing, analysts John Pescatore and John Girard wrote, news of a WPA vulnerability shouldn't really surprise anyone. In fact, some of the methods used by Beck and Tews are similar to those that Tews himself used only two years ago to crack a 104-bit Wired Equivalent Privacy (WEP) key -- WEP, a deprecated predecessor to WPA, is still commonly used in consumer gear -- by capturing (in a best-case scenario) just 40,000 packets.

At the time, Tews and his team urged that "WEP should not be used any more in sensitive environments." They urged users to switch to WPA (with TKIP) or -- "even better" -- to WPA2.

Gartner has counseled just such an approach for some time, according to Pescatore and Girard. "Reports of this new crack are not surprising, and in fact represent the normal cycle of security solutions becoming vulnerable over time," they wrote, noting that "WPA has long been known to be theoretically vulnerable to 'dictionary attacks,' which require massive computational resources not available to most hackers and so are not a serious threat."

With the disclosure and availability of the first (albeit limited) WPA cracking exploit -- a development version of "aircrack-ng" (a popular network detector, packet sniffer and WEP/WPA cracking tool) is said to include an experimental implementation of Beck and Lews' WPA TKIP crack -- it's time for enterprise IT organizations to bite the bullet and either implement WPA2 or, failing that, use a stronger flavor of WPA (such as AES), Pescatore and Girard urge.

"Wherever possible, migrate WLANs from WPA to WPA2. If this is not feasible, use installed WLAN intrusion prevention systems...to monitor WPA usage and detect attempts to compromise TKIP," they wrote. "If no migration to WPA2 is planned and no form of WLAN monitoring is in place, ensure that vulnerable access points are not used in public areas."

The potential for havoc, experts said, is severe: An attacker could use Beck and Lews' method to trigger a denial-of-service (DoS) attack, or -- perhaps more alarmingly -- to pass data through a firewall.


Gartner Warns of Wi-Fi Vulnerabilities
‘Beverly Hills Chihuahua’ Still Top Dog At Box Office
‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected

Yang To Step Down as Yahoo CEO

Jerry Yang is transitioning out as Yahoo's CEO, but he will continue on as a member of the board, according to an announcement issued late on Monday by the online search and advertising company. The announcement came as Yahoo's stock continued to slide, closing on Monday at $10.63 per share.

Microsoft, which initiated a hostile takeover of Yahoo in late January, had once offered to pay cash plus $33 per share for Yahoo stock. However, that deal to buy all of Yahoo fell through and was called off by Microsoft in May.

Yang was blamed by Microsoft's CEO Steve Ballmer for the failed deal, and the press generally echoed that conclusion, although Yang had said Microsoft was the one to back out.


Microsoft's post-hostile takeover position has been that it would consider a deal to acquire just the search part of Yahoo's business. However, Yahoo has been cool to that idea.

A cash-strapped Yahoo had been seeking an alternative deal -- a partnership with No. 1 search ad giant Google. That plan, in which Yahoo would host Google search ads, was vehemently opposed by Microsoft. Advertisers also complained and Washington, D.C. legal observers were critical. In response, Google officials called off the proposed ad hosting deal with Yahoo earlier this month.

Yahoo's deal-making has come with a cost. The company paid $37 million for advisor fees just to deal with Microsoft's offers this year and the failed Google deal.

Yang has been the favorite whipping boy of corporate raiders and stock speculators. He faced the ire of shareholder Carl Icahn, who received three positions on Yahoo's board after pressuring Yahoo's management to renew a deal with Microsoft.

Yahoo had additional shareholder ire to deal with on top of Icahn's criticisms. The company had flat financial results in its third fiscal quarter. In response, Yahoo announced that it plans to cut 1,500 employees.

The search for Yang's replacement now begins. Chairman Roy Bostock is currently looking both internally and externally for a new prospect. Yang, who had been appointed to the CEO position by Yahoo's board in June of 2007, will stay on as CEO until his replacement is found.

Yang was the original cofounder of Yahoo with David Filo in April of 1995. The two came up with the idea for the company as Stanford University graduate students working on an Internet directory page.


Could ‘Runaways’ Movie Be The New ‘Goonies’? Marvel President Hopes So
Yahoo-Google Ad Deal Off

Yang To Step Down as Yahoo CEO

Jerry Yang is transitioning out as Yahoo's CEO, but he will continue on as a member of the board, according to an announcement issued late on Monday by the online search and advertising company. The announcement came as Yahoo's stock continued to slide, closing on Monday at $10.63 per share.

Microsoft, which initiated a hostile takeover of Yahoo in late January, had once offered to pay cash plus $33 per share for Yahoo stock. However, that deal to buy all of Yahoo fell through and was called off by Microsoft in May.

Yang was blamed by Microsoft's CEO Steve Ballmer for the failed deal, and the press generally echoed that conclusion, although Yang had said Microsoft was the one to back out.


Microsoft's post-hostile takeover position has been that it would consider a deal to acquire just the search part of Yahoo's business. However, Yahoo has been cool to that idea.

A cash-strapped Yahoo had been seeking an alternative deal -- a partnership with No. 1 search ad giant Google. That plan, in which Yahoo would host Google search ads, was vehemently opposed by Microsoft. Advertisers also complained and Washington, D.C. legal observers were critical. In response, Google officials called off the proposed ad hosting deal with Yahoo earlier this month.

Yahoo's deal-making has come with a cost. The company paid $37 million for advisor fees just to deal with Microsoft's offers this year and the failed Google deal.

Yang has been the favorite whipping boy of corporate raiders and stock speculators. He faced the ire of shareholder Carl Icahn, who received three positions on Yahoo's board after pressuring Yahoo's management to renew a deal with Microsoft.

Yahoo had additional shareholder ire to deal with on top of Icahn's criticisms. The company had flat financial results in its third fiscal quarter. In response, Yahoo announced that it plans to cut 1,500 employees.

The search for Yang's replacement now begins. Chairman Roy Bostock is currently looking both internally and externally for a new prospect. Yang, who had been appointed to the CEO position by Yahoo's board in June of 2007, will stay on as CEO until his replacement is found.

Yang was the original cofounder of Yahoo with David Filo in April of 1995. The two came up with the idea for the company as Stanford University graduate students working on an Internet directory page.


Yahoo-Google Ad Deal Off
Could ‘Runaways’ Movie Be The New ‘Goonies’? Marvel President Hopes So

Microsoft Store Offers Top Prices for U.S. Consumers

Microsoft has opened another consumer-oriented electronic software distribution (ESD) point, this time serving U.S. customers. The new Microsoft Store is online only -- no bricks and mortar. It will sell Microsoft's consumer software titles, plus Microsoft hardware such as keyboards and mice.

The U.S. opening is part of Microsoft's ongoing expansion into the direct online sales market. In June, the company announced Microsoft Stores in the United Kingdom and Germany. Another store portal already exists for consumers in Korea.

Microsoft plans to launch store portals for other countries over the coming year. The company's short list includes creating stores for France, Japan, The Netherlands and Spain.


The new online stores would seem to be a blow to Microsoft's retail partners operating actual physical stores. Brick-and-mortar retail stores have faced a general contraction, with Circuit City announcing Chapter 11 bankruptcy restructuring just last week and CompUSA having already closed many of its retail stores. Consumer retailer Best Buy did not respond to a press inquiry on how its stores may be affected.

Microsoft put its best face on the matter in a press release. The company suggested that "retailers will be able to compete with the Microsoft Store through special pricing, discounts, and the ability to draw from a range of products beyond what Microsoft offers." That idea comes from Larry Engel, general manager of Microsoft Store & Marketplace, as cited in Microsoft's press release.

Retail stores already faced competition from Windows Marketplace, an online portal that offers more than just Microsoft software titles. But Windows Marketplace will soon disappear, according to Trevin Chow, Microsoft's senior program manager, who was in charge of helping to create Microsoft Store.

"With the launch of Microsoft Store, Windows Marketplace will be shut down as an e-commerce site," Chow wrote in his blog. "The 'Digital Locker' service will remain operational through the first half of 2009, and we'll be sending out emails and web communications to help customers with any transition away from Digital Locker."

Digital Locker helps users to store their software license numbers online. Microsoft has a similar feature in Microsoft store. Chow wrote that Microsoft Store ESD customers can redownload the software throughout its lifecycle, which is typically about five years. The customer's product key is stored in the user's Accounts page at Microsoft Store, enabling subsequent downloads.

Microsoft intends to offer its products at Microsoft Store at the manufacturer's suggested retail price. Engle suggested that customers will still flock to Microsoft Store because of the "immediate satisfaction of purchasing, downloading and installing these products within minutes."

At present, you can have the satisfaction of paying for and downloading Microsoft Office 2007 Professional for $499.95 at Microsoft Store or Windows Marketplace. You could also get the boxed copy of the software at that same price, plus shipping, from Best Buy.

Alternatively, you could cut your costs and get a boxed copy of Microsoft Office 2007 Professional through Amazon.com at $379.99 with free shipping, for a net savings of $119.96.


‘Twilight’ Tuesday: Stars Answer More Of Fans’ Burning Questions … Like What It’s Like To Kiss Robert Pattinson
PDC: HP Startup Tests Windows Azure Cloud Platform
PDC: Microsoft Office To Be Available as a Service
50 Cent Drops ‘Before I Self Destruct’ Trailer

Microsoft Store Offers Top Prices for U.S. Consumers

Microsoft has opened another consumer-oriented electronic software distribution (ESD) point, this time serving U.S. customers. The new Microsoft Store is online only -- no bricks and mortar. It will sell Microsoft's consumer software titles, plus Microsoft hardware such as keyboards and mice.

The U.S. opening is part of Microsoft's ongoing expansion into the direct online sales market. In June, the company announced Microsoft Stores in the United Kingdom and Germany. Another store portal already exists for consumers in Korea.

Microsoft plans to launch store portals for other countries over the coming year. The company's short list includes creating stores for France, Japan, The Netherlands and Spain.


The new online stores would seem to be a blow to Microsoft's retail partners operating actual physical stores. Brick-and-mortar retail stores have faced a general contraction, with Circuit City announcing Chapter 11 bankruptcy restructuring just last week and CompUSA having already closed many of its retail stores. Consumer retailer Best Buy did not respond to a press inquiry on how its stores may be affected.

Microsoft put its best face on the matter in a press release. The company suggested that "retailers will be able to compete with the Microsoft Store through special pricing, discounts, and the ability to draw from a range of products beyond what Microsoft offers." That idea comes from Larry Engel, general manager of Microsoft Store & Marketplace, as cited in Microsoft's press release.

Retail stores already faced competition from Windows Marketplace, an online portal that offers more than just Microsoft software titles. But Windows Marketplace will soon disappear, according to Trevin Chow, Microsoft's senior program manager, who was in charge of helping to create Microsoft Store.

"With the launch of Microsoft Store, Windows Marketplace will be shut down as an e-commerce site," Chow wrote in his blog. "The 'Digital Locker' service will remain operational through the first half of 2009, and we'll be sending out emails and web communications to help customers with any transition away from Digital Locker."

Digital Locker helps users to store their software license numbers online. Microsoft has a similar feature in Microsoft store. Chow wrote that Microsoft Store ESD customers can redownload the software throughout its lifecycle, which is typically about five years. The customer's product key is stored in the user's Accounts page at Microsoft Store, enabling subsequent downloads.

Microsoft intends to offer its products at Microsoft Store at the manufacturer's suggested retail price. Engle suggested that customers will still flock to Microsoft Store because of the "immediate satisfaction of purchasing, downloading and installing these products within minutes."

At present, you can have the satisfaction of paying for and downloading Microsoft Office 2007 Professional for $499.95 at Microsoft Store or Windows Marketplace. You could also get the boxed copy of the software at that same price, plus shipping, from Best Buy.

Alternatively, you could cut your costs and get a boxed copy of Microsoft Office 2007 Professional through Amazon.com at $379.99 with free shipping, for a net savings of $119.96.


‘Twilight’ Tuesday: Stars Answer More Of Fans’ Burning Questions … Like What It’s Like To Kiss Robert Pattinson
50 Cent Drops ‘Before I Self Destruct’ Trailer
PDC: HP Startup Tests Windows Azure Cloud Platform

Monday, November 17, 2008

Ubuntu ARMed for Mobile Expansion

Netbooks and mobile computers will soon be able to run the Ubuntu operating system with additional energy efficiency. The breakthrough comes from porting Ubuntu to the ARMv7 processor architecture, which Canonical last week announced it planned to do.

UK-based Canonical is the commercial sponsor of Ubuntu, a Linux-based, open source free operating system for desktop and laptop PCs. The move to ARMv7 will help bring a full set of open-source software, including the OpenOffice.org productivity suite, to the mobile computing market.

The addition of Ubuntu will allow netbooks and hybrid computers "to deliver a rich, always-connected, mobile computing experience without compromising battery life," according to Canonical's announcement.


The ARM architecture has always had "a power advantage" to x86 processing, wrote Mark Shuttleworth, Ubuntu Project founder, in a Linux blog. He noted that the Nokia N810 Internet tablet powered by ARM can last several weeks on standby with a cell phone-sized battery.

The adoption of ARMv7 to Ubuntu "could set the stage for Intel to lose the software advantage that has enabled x86 to shrug off attacks from other architectures for the last 30 years," Shuttleworth added.

According to Canonical, its support of ARM distribution strengthens the ARM Linux ecosystem and provides the opportunity for open source developers to provide a "wider choice for consumers looking for the best operating system for their digital lifestyles."

The extension of Ubuntu "will pave the way for the development of new features and innovations to all connected platforms," stated Ian Drew, vice president of marketing for ARM, in the announcement. He added that the always-connected Internet market is rapidly expanding.


Google Issues Mobile OS Security Fix
‘Saw’ Through ‘Saw V’ In One Night: 10 Hours Of Torture

Intel Exec Thanked Ballmer for Vista Capable Help

Court documents may contain a "smoking gun" reference to Microsoft CEO Steve Ballmer's participation in a crucial decision to downgrade capabilities needed to gain Windows Vista Capable certification in new PCs.

Microsoft is being sued for deceptive marketing practices in U.S. District Court in Seattle over claims that the changes were made to help Intel sell off millions of existing 915 chipsets that could not handle all of the requirements of a Windows Device Driver Module (WDDM) and could not be "Vista Capable."

The smoking gun within the court documents is an e-mail from Intel executive Renee James to Will Poole, who at the time ran Microsoft's Client business. James passed along thanks from Intel CEO Paul Otellini to Ballmer "for listening and making these changes" to remove the WDDM requirement from initial Vista Capable devices on store shelves.


The suit alleges that Vista-capable device buyers were deceived because systems that didn't meet the WDDM requirement could only run the OS at the Vista Basic level.

The court documents contain e-mail correspondence between Microsoft and Intel executives, including strident requests by Intel to either move the Vista release date back three months or remove the WDDM designation. Microsoft did not move the release date. However, in the months leading to the launch of Vista, the company dropped the WDDM capability as a requirement for promoting PCs as Vista Capable. The day Vista launched, the court documents allege, WDDM was reinstated.

The WDDM brouhaha started between June 2005 and January 2006 when OEMs Dell, Sony and Fujitsu asked Microsoft to wave the requirements. Microsoft wouldn't budge, according to a story in the Seattle Post Intelligencer, which has closely followed the case. Then Otellini got into the mix by allegedly sharing "feedback" with Ballmer. By Jan. 30, 2005, after refusing requests from the OEMs, Microsoft said it was dropping the WDDM requirement from the Vista Capable program.

This plan, the documents said, was not well received by Jim Allchin, Microsoft's co-president of platform products & services, who reported to Ballmer.

"I think this plan is terrible and it will have to be changed" because it would be "misleading customers" if OEMs say a machine is Vista-capable and will run all the core Vista features, Allchin stated in an e-mail. "I know we don't want to hurt the OEMs, but end customers must be the top priority. We must avoid confusion. It is wrong for customers. And we probably will have to change your current plans."

Ballmer's alleged involvement revolves around a series of e-mails between James and Poole. James requested a later release date -- June 1 as opposed to April 1, 2006 -- for devices with Vista Ready stickers because "the April 1st date in retail means a significant change in terms of our ability to meet demand with Vista ready parts and in short will cost us significant business."

Poole didn't change his mind, but, according to the court documents, Otellini chipped in with "feedback" for Ballmer. At the same time, James sent an e-mail to Poole telling him that Otellini "thinks you really don't understand that almost all of the mobile SKUs for the next five months are with Centrino and Alviso and therefore NEVER Vista ready."

Poole circulated that e-mail within Microsoft and got executive feedback --none specifically from Ballmer -- essentially stating this was Intel's problem, not Microsoft's and the release date should stand with the WDDM requirement. Two days later, however, Poole told Intel that Microsoft would drop the WDDM requirement for the Vista Capable logo so that the Intel chipset would qualify but warned it "will not get some other benefits that come with WDDM drivers that cannot be ported to them."

The end result is James' e-mail to Poole after that decision that "Paul [Otellini] did send a note to Steve [Ballmer] thanking him for listening and making these changes."

Ballmer has said he was not in the loop on the Vista Capable decision, and a Microsoft spokesman reiterated that stance to the SeattlePI by stating that "Ballmer has no unique knowledge of the facts in this case. Anything he knows about the Windows Vista Capable programs he learned from executives whom he empowered to run the program and make decisions."

Plaintiffs have asked to depose Ballmer to learn more. Neither Poole nor Allchin is now with Microsoft.


Paramore’s ‘Twilight’ Song ‘Decode’ Premieres On Stephenie Meyer’s Web Site
Ballmer Points to Others in ‘Vista Capable’ Lawsuit

VMware Fusion 2.0.1 Gets Performance Boost

VMware has released an update to Fusion, its desktop virtualization solution for Mac OS X. The latest release, version 2.0.1, which began shipping Friday, includes a number of resolved issues, performance enhancements and other improvements, as well as compatibility updates for the latest Apple MacBook and MacBook Pro systems.

Fusion 2.0.1 includes several performance fixes associated with CPU utilization, boot times and load times. Other improvements include:

Improvements to sharing, including nested folders and publishing Windows guest applications to Mac;A change to AutoProtect that postpones taking a snapshot when the user is working with the virtual machine;Hints enabled in the Help menu;Improvements to the Unity view; andA fix for running 3D applications (including games and Google Earth with 3D acceleration) on new MacBook, MacBook Pro and MacBook Air systems.

A complete list of fixes (and remaining known issues) can be found in VMware's release notes here.


VMware Fusion 2.0.1 is available now as a free download for all users (including users of Fusion 1.x, who are eligible for a free upgrade to 2.x). It requires Mac OS X 10.4 or 10.5 and Intel-based Mac hardware. Downloads and further information can be found here.


Only 2 Fixes Expected on Patch Tuesday
Paramore’s ‘Twilight’ Song ‘Decode’ Premieres On Stephenie Meyer’s Web Site
Parallels Desktop 4.0 Gets Performance Boost, DirectX 9.0 Support

Sunday, November 16, 2008

Energy Department Supercomputer Poised To Be World's Fastest

The Energy Department's Oak Ridge National Laboratory has upgraded its Cray XT-based Jaguar supercomputer. The upgrade will put the machine in the running as the world's fastest supercomputer, as measured by twice-annual Top 500 list of most powerful supercomputers, the next iteration of which will be announced next week.

The upgraded computer has been run at 1.64 petaflops, or quadrillion floating-point operations per second. By comparison, in the last Top 500 count, compiled in June 2008, it benchmarked a peak rate of 260 teraflops, or one trillion floating point operations per second.

In that list, the Los Alamos National Lab's IBM-based Roadrunner ranked at the world's most powerful supercomputer, churning out a peak of 1.37 petaflops.


"Jaguar is one of science's newest and most formidable tools for advancement in science and engineering," Raymond Orbach, the Energy Department's under secretary for science, said in a statement. "It will enable researchers to simulate physical processes on a scale never seen before, and approach convergence for dynamical processes never thought possible."

The system has already run one job that required a sustained performance of 1.3 petaflops.

Most of the work Jaguar will carry out will be on behalf of the Energy Department's Innovative and Novel Computational Impact on Theory and Experiment (INCITE) program, which grants computer time, on a peer-reviewed basis, to universities, industries and other government agencies. (A summary of some of the largest jobs completed by Jaguar and other INCITE computers may be found here.)

The first version of Jaguar went live in 2006, and was capable of 26 teraflops. Through successive upgrades the system scaled to greater capacities. The most recent version of Jaguar had 84 Cray XT4 blade cabinets.

This new upgrade adds 200 liquid-cooled XT5 blade cabinets into the configuration. The current system is made up of over 45,000 2.3 Ghz quad-core Opteron processors from Advanced Micro Devices. It has 362 terabytes of memory and is supported by a 10 petabyte file system.

The Oak Ridge lab designed the system to balance computational power with throughput. The machine provides about 578 terabytes per second of memory bandwidth and an input/output bandwidth.

Oak Ridge will continue to test the machine through next month, and put it into production in early 2009.


Simonyi in Space Take II
Voting Machine Security Is Still an Open Question
Terrence Howard Loses ‘Iron Man 2′ Role To Don Cheadle: Report

Sun To Cut More Than 15 Percent of Global Workforce

Sun Microsystems, a leader in Java and open source technologies, put market "speculation to rest" today. CEO Jonathan Schwartz announced that the company is realigning itself to "adapt to the new economic reality."

That reality, according Schwartz, is the world economy is shrinking. Sun customers are putting purchase orders on hold. As a result, Sun will reduce its global workforce by 5,000 to 6,000 employees in the next year, which equates to 15 percent to18 percent of its workforce.

"There's been a lot of speculation about Sun in the marketplace," Schwartz said in a video presentation announcing the company's realignment. He said red flags began to go up earlier this year when a major investment bank failed and a "weakness in the economy" spread from the United States to Europe and beyond.


"Our assumption is that the current [economic] environment we're in isn't going to be changing anytime soon," Schwartz said in the video. "In order to adapt our business model to this new economic reality, we are going to be making a series of relatively difficult but necessary changes."

In addition to the job cuts, Sun is creating new business groups for its software organization, according to a company statement. The new groups include Application Platform Software, Systems Platforms, and Cloud Computing & Developer Platforms. Marketing efforts for products and technology will be conducted by the individual groups, according to the plan.

Along with changes at Sun, Rich Green, former executive vice president of software, announced he was leaving the company. His bio was no longer posted on the Sun Microsystems Web site early Friday afternoon.

The restructuring plan, approved by the board of directors, is aimed at reducing annual overhead by as much as $800 billion, according to the announcement. Sun will spend from $375 million to $450 million next year implementing the plan.

Schwartz said the company will be "disinvesting" in complexity and inefficiency, noting that "Sun has become too difficult to do business with." He said that by realigning products, organizational structure and business processes, Sun will strive to be "the easiest company in the world to do business with."

Sun Microsystems will continue to invest in areas such as cloud innovation, open source technologies and "true data centers," according to Schwartz. He said Sun will concentrate on areas that generate profitable returns, and be a "little more aggressive in areas that aren't producing returns."

"We have an obligation to our shareholders, even in the midst of a very complex and somewhat opaque global economy, to deliver the kinds of returns they deserve and expect," Schwartz said. "We are going to be making those kinds of changes starting with the restructuring we announced today."


Elizabeth Banks Stays Behind The Camera For Sci-Fi Flick ‘The Surrogates’
Yahoo To Cut Jobs After Flat 3Q Performance
Russell Crowe, Ridley Scott Offer More Details About Robin Hood Flick ‘Nottingham’

Saturday, November 15, 2008

Microsoft Faced Big Issues in Fixing SMB Hole

Microsoft has come clean and confirmed that it took seven years to deliver its Server Message Block (SMB) fix. The SMB fix is part of Microsoft's November security patch, released on Tuesday.

Redmond had a problem back then, according Security Response Center spokesperson Christopher Budd in a blog post. Basically, when the issue of an exploit affecting the application-level network protocol first came up in 2001, the software giant couldn't "make changes to address the issue without negatively impacting [other] network-based applications."

Providing a hotfix might have resulted in glitches that would have rendered "many, or nearly all, customers' network-based applications inoperable," Budd wrote.


The SMB vulnerability is related to a previously disclosed SMBRelay attack. Intruders equipped with a copy of the published exploit can get onto a workstation almost unnoticed and read and write files. They can also modify the Windows registry, delete objects and access e-mails, among other actions.

As a stop-gap over the past seven years, Microsoft recommended SMB signing, which is a security mechanism in the SMB protocol that can be used for authentication purposes. The signing function had been available before 2001 in Microsoft Windows NT 4.0 Service Pack 3 and Microsoft Windows 98.

With the SMB vulnerability fix in November's patch release, security experts who followed the issue are breathing a sigh of relief. Not only has a fix come out, but there now is a fuller explanation of the problem.

No one was more relieved than former Microsoft security staffer and current Chief Technology Officer at Shavlik Technologies, Eric Schultze. Having brought the problem to the attention of the software giant, Schultze had come to view the SMB exploit as a pebble in his shoe over the years.

"It's been a ride, as I had been pushing for a fix since 2001," he said. "We even ended up having a meeting with the OS and Internet Explorer teams. At first, we thought it was mitigated in IE, but that only worked for non-OS calls to SMB. Well, it looks like [Microsoft] has finally seen the light."

These days, vulnerabilities to Microsoft product and services rarely become public before Microsoft delivers a patch. And over the years, chances of widespread exploitation have become slimmer due to quicker response times from Microsoft.

Budd believes the Microsoft team got it right with the November patch.

"[The patch] addresses the SMBRelay issue but does so in a way that doesn't have the negative impact on applications that we originally believed addressing this issue would have," he wrote.


‘Max Payne’: Rain Man, By Kurt Loder
‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected
Off-Cycle Microsoft Patch Targets Worm-Like Windows Bug

Office Web Apps Will Work on iPhones

Microsoft's Office Web applications, announced late last month at Microsoft's Professional Developers Conference, will work on "multiple platforms" including Apple's iPhone, according to a Microsoft Channel 10 blog.

Lightweight versions of Excel, OneNote, PowerPoint and Word will be accessible by supported Web browsers, including Internet Explorer, Firefox and Safari, according to the blog. The iPhone uses MobileSafari, a version of Apple's Web browser.

Safari support apparently is a new development. A FAQ on the Microsoft Office Live Workspace Web site just lists Internet Explorer and Firefox as the only compatible browsers. The browser won't have to use Microsoft's Silverlight to run the Office Web applications, the blog explains.


Users won't be restricted to Windows or Mac OS X operating systems. They can use Linux, as long as the browser is supported, according to the blog.

A Live ID will be needed to use Office Web applications. In order to collaborate and exchange document files over the Internet, users will need an Office Live Workspace account. The Workspace is just a storage place on the Internet -- it doesn't let you edit documents unless you have the associated Microsoft Office application located on your PC, Mac or device.

A second option for sharing documents in real time over the Internet is Microsoft SharedView, which is integrated with Office Live Workspace, according to the blog.

Microsoft is still figuring out how to price Office Web applications. Business customers can use them via subscription or "existing volume licensing agreements," the blog states. Consumers may get them via subscription or an ad-funded model through Office Live. Universities will get access to Office Web applications for free using the Live@edu service.

A "limited technical preview" of Office Web applications will be conducted this fall, according to Chris Bryant, group product manager for Microsoft Office. Bryant announced Office Web applications on Day 2 at the PDC, as shown in this video snippet.


PDC: Microsoft Office To Be Available as a Service
‘Iron Man’ Recasting Makes Us Wonder: Does Swapping Actors Ever Work?

AMD Releases Next-Gen Opterons

Advanced Micro Devices will release the next generation of quad-core Opteron processors, a line formerly code-named "Shanghai," by the end of the year, according to Steve Demski, an AMD product and marketing manager.

The will be the first line of AMD server and workstation processors created with the smaller 45-nanometer lithography process, which should provide improved performance and lower power requirements. The previous Opteron generation were created by a 65 nanometer process.

The five new Opteron models AMD will release by the end of the year will range in speed from 2.3 Ghz to 2.7 Ghz. All will run at 75 watts. Additional special editions for 55-watt low-power usage (the HE models) and 105-watt high-performance usage (SE) will be available in the first part of 2009.


Demski touted the smaller lithography process as being key for the energy savings. The lithography process involves etching out circuits on the dye using laser beams, in this case beams 45 nanometers wide, rather than 65. Printing circuit patterns on the chip wafer with a finer process means the circuitry itself will use less power, as it is smaller and more tightly laid out.

"With a smaller dye shrink, you actually have a lower capacitance on the dye itself, and that leads to lower idle power," Demski said. "We measure about 25 percent lower idle power at the CPU level, and at the system level that equates to about 8 percent lower power."

The chips also feature a new technology, called Smart Fetch, which reduces power consumption further, namely by turning off individual cores when they are not needed. The company predicts that this approach can cut power usage by up to 21 percent.
The new lithography process has also allowed AMD to up the clock speed on the Opterons, while not creating any additional heat. While the former generation, code-named "Barcelona," topped out at 2.3 Ghz, this generation ranges from 2.3 to 2.7 Ghz -- all running at the same 75-watt power envelope as Barcelona chips.

In addition, the chips will also come with a number of tweaks that should improve performance. The L3 cache has been increased from 2MB to 6MB. The chips will support the faster, next-generation DDR II 800 random access memory. A more efficient way of checking coherency among the various cores has been added.

AMD has also doubled the frequency of the HyperTransport bus, from 8GB per second, to 16GB per second. This should provide "significantly more bandwidth between CPUs," Demski said.

All these improvements should add up to better benchmark scores for the chips. And Demski provided a few. He boasted that a 2.7 Ghz Opteron 2384 could performed 32 percent faster than an Intel E5450 3 Ghz Xeon in executing integer-throughput tasks, as well as 14 percent faster in executing Java programs. The company has submitted these benchmarks to the Standard Performance Evaluation Corporation for posting.

Cray, Dell, Fujitsu, Hewlett-Packard, IBM and Sun Microsystems have all prepared server or workstation platforms that will incorporate this generation of processors, Demski said.

The 75 watt models, will range from $377 wholesale, for the 2.3 Ghz 2376, to $989 for the 2.7 Ghz 2384.


‘Madagascar: Escape 2 Africa’ Knocks ‘High School Musical 3′ Off Box-Office Peak
Powerful Grid Set To Handle Collider Data

Thursday, November 13, 2008

SMB Exploit Took 7 Years To Fix, Security Pros Say

It has taken years and a few concept findings by hackers for Microsoft to finally patch its Server Message Block (SMB) vulnerability, but the point is that it's finally done, security experts say.

Eric Schultze, an IT security gadfly, said jokingly that he has been holding his breath for seven years -- waiting for the patch that Microsoft finally delivered on Tuesday.

And Schultze, who is chief technology officer at IT security shop Shavlik Technologies, believes it's about time.


"I used to demonstrate this attack in classroom training events around the country," he said. "It was very eye opening for people to see a very easy-to-use exploit that could result in accessing anyone's computer on their network."

Schultze added that the problem was acknowledged by Microsoft in 2001 but it was never fixed, which "was an equally eye-opening bit of news for the classroom participants years ago."

There were other warnings as well. Hacker-turned-security-researcher Josh Buchbinder (a.k.a. "Sir Dystic") published remote code exploits that revealed the same vulnerabilities that Redmond cited on Tuesday with the SMB fix.

Meanwhile, Symantec Research Manager Ben Greenbaum suggests that the flaw may have its roots eight summers ago at the security conference Defcon 2000. At that event, Veracode Chief Scientist Christien Rioux (a.k.a. "Dildog") released the code.

Greenbaum said in a prepared statement that he didn't know why Microsoft had waited so long to fix the issue.

SMB is an application-borne network protocol enabling shared access to files and serial ports, as well as remote printers. While the flaw affecting SMB was just deemed "important" by Microsoft in its November patch bulletin, Schultze said that the remote code execution implications and the lag time on the patch were "pretty scary."

"The [SMB exploit] should keep IT managers up at night until it's fully patched," Schultze cautioned. "It's like, 'How do I know I haven't already been hacked with this exploit?' [and] 'Who's been accessing my computer without my password?' And the answer is, you really don't know."

Years ago, hackers could use a copy of the SMBRelay program to access a workstation on a typically configured corporate network without scrutiny. Microsoft conceded that previously available "public tools," including a Metasploit module, "have been and are available to perform this attack," according to a blog post. Metasploit is the open source toolkit used by hackers to build attack code. It's also used by security professionals to publish proof-of-concept exploits.

Redmond has yet to respond publicly and specifically about the perceived lag time on Tuesday's patch.

Right after Tuesday's roll out, Schultze had a hunch about the familiar exploit pattern but still wasn't convinced.

"So I tested and confirmed that the patch does indeed address the SMBRelay attack revealed by Dystic in March 2001," he said. "This pretty much means that Microsoft has known of this problem since 2001 and was not able to, or chose not to, fix it until now."

Schultze added that this also means that working exploit code has been available for all operating systems, including Windows NT 4, Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. However, as Microsoft correctly states, exploitation is mitigated on Vista and Windows Server 2008. That said, Schultze considers the item to be "critical."

There is little insight outside of Redmond as to how Microsoft's patch selection process works. For security researchers who spoke out about the SMB patch, prioritization will continue to be a challenge as far as both the patch release cycle and the installation cycle on the enterprise side.

"Our opinion is that last month's big release, plus the recent out-of-band, high-profile release, used up most of the normal production resources of MSFT's security team and they were only able to QA a limited number of new patches," said Wolfgang Kandek, CTO of Qualys Inc. "However, we do not think that is there is a slowdown in terms of vulnerabilities like this that constitute classes of vulnerabilities that are well known by now, but -- as we've seen -- not necessarily well defended against."


Off-Cycle Microsoft Patch Targets Worm-Like Windows Bug
‘Twilight’ Tuesday: Anna Kendrick Says It Was ‘Easy To Get Googly Eyed’ At Robert Pattinson
Paramore’s ‘Twilight’ Song ‘Decode’ Premieres On Stephenie Meyer’s Web Site