Friday, July 31, 2009

Ballmer Talks Up Windows 7 at Financial Analyst Meeting

By Kurt Mackie07/30/2009

Microsoft executives on Thursday explained the company's business and prospects at the 2009 Microsoft Financial Analyst Meeting in Redmond, Wash.

Chief among those executives was Microsoft's CEO Steve Ballmer, who noted at one point during the presentation that Microsoft's fourth quarter report, released last week, reflected a "wild quarter." Microsoft's revenues were down across all business segments for that quarter.

While Ballmer stressed the generally bad economy as a reason for the revenue decline, he added that "if you look at the year in aggregate, we really had a great year." For the year, Microsoft lowered its costs by $3.1 billion below its guidance, Ballmer said.

The bad economy is seeing businesses shift their strategies, and, in some cases, they're not buying, Ballmer said. In particular, there is a shift toward annuity licensing of Microsoft's software. He noted that initially, annuity licenses will carry less revenue when first booked. The trend shows up in Microsoft's unearned revenue figure, where the unearned revenue is a form of financing by Microsoft. Businesses are trying to react to the down economy by paying over time.

Ballmer noted some milestones for Microsoft, including the Windows 7 release-to-manufacturing dates, announced last week. Microsoft saw more than eight million downloads of the release candidate version of Windows 7, Ballmer said, although it may not be an indication of Windows 7's future success.

Surprisingly, Ballmer revealed that "for the past 12 months, I've actually been running our Windows business." Many thought the Windows reigns were in the hands of Steven Sinofsky, who was promoted to president of the Windows Division earlier this month.

Microsoft makes most of its Windows desktop money off the sales of new PCs sold to businesses, followed by consumer buys, in developed markets. There are also some growth opportunities in emerging markets. China now buys and uses 15 percent of the world's PCs, "and that number is growing," Ballmer said. Microsoft has no control over whether the Chinese or Americans buy new PCs, Ballmer told the analysts.

Microsoft did make a mistake when it lowered its Windows prices for emerging markets, Ballmer said. "We are going to readjust those prices north with Windows 7," he explained.

Ballmer brought up the troublesome issue of netbooks, but he still didn't fully explain Microsoft's business plans with netbooks and Windows 7. Microsoft has achieved a high attachment rate (around 90 percent) of Windows on the low-cost, low-tech machines. However, Windows-based netbooks currently are sold only with the XP Home edition. Such sales bring Microsoft less revenue per unit than Windows Vista-based laptop sales.

The one new concept Microsoft appears to have for selling Windows 7 on netbooks is something called "ultrathin" netbooks, which Ballmer described as "high-power, high performance devices" that will come next year. Ultrathins will be priced higher than netbooks, which typically sell for around $300, he explained.

Last month, Microsoft tried to distinguish netbooks from mobile "consumer Internet devices," which might typically use Microsoft's Windows Embedded CE OS or a Linux OS. В 

Microsoft plans a Windows up-selling strategy, from XP to Windows 7 Starter edition and on up the product line. Ballmer dismissed threats from Google's Linux-based Android and Chrome OS. He said that Microsoft has plans to compete with Android this year on netbooks. As for Chrome OS, Ballmer professed ignorance. Google has suggested that this new "browser operating system" might appear on netbooks in the second half of 2010.

Ballmer also dismissed Apple as a threat to Microsoft's OS market share. He said that Apple only sells about 10 million machines and that "Apple's share globally costs us nothing." However, in the crowd of analysts, Ballmer did note that the majority of the logos facing him were Apple's.

"We have a low share in the investor audience…we have more apple logos than PCs," Ballmer quipped. "That's OK, as long as you're using [Microsoft] Office."

Ballmer criticized the Linux OS as providing no incentive to hardware vendors. He said Microsoft believes in proprietary and open software, but "you can't change our OS." It's hard to build momentum when everything is chaotic, Ballmer said of Linux.

Microsoft Hits New Lows in 4Q Report50 Cent Says ‘Streets Of Blood’ Film Comes From ‘A Rebellious Place’

Micro Focus Finalizes Borland Acquisition with Sweetened Deal

By Jeffrey Schwartz07/29/2009

Two months after agreeing to acquire Borland Software, Micro Focus last week upped its offer after shareholders balked at the initial agreement of $1 per share. After rejecting a second bid of $1.15 per share, Borland accepted Micro Focus' $1.50 per share offer, valuing the deal at $113 million. The transaction closed Monday night.

The acquisition of Borland comes nearly two months after Micro Focus bought Compuware's Quality Solutions Business. Both acquisitions position Micro Focus as a key provider of application testing software. 

By acquiring both companies, Micro Focus is looking to take on Hewlett Packard, who is the leading provider of application testing tools with its HP Quality Center based on technology it acquired from Mercury Interactive in 2006. "HP is the 16 ton gorilla in this space," said Ovum analyst Tony Baer.

It remains to be seen what Micro Focus will do with the remainder of Borland, such as Borland Management Solutions but Baer said he is doubtful Micro Focus will invest much in it moving forward. "Micro Focus was very blunt about the fact that this deal was all about QA, with both Borland and the Compuware tools," he said. Likewise, he predicts Borland's source code management tools will likely be put on maintenance.

The company declined to comment other than to say it will provide more information after its first quarter earnings release August 12.

Borland Launches Requirements Management Tool‘Harry Potter And The Half-Blood Prince’ Stars Get Over Kissing Qualms

RTM Milestone: Windows 7 and Windows Server 2008

By Kurt Mackie07/22/2009

Microsoft popped the champagne corks in Redmond today by announcing that Windows 7 and Windows Server 2008 R2 have both reached the "release to manufacturing" (RTM) stage.

Essentially, an RTM launch day means that Microsoft has baked the final changes into its operating systems. Redmond will now start providing images of those OSes to its partners for integration into various products.

Microsoft is calling the RTM versions "build 7600." This build will be available to Microsoft's partners "within the next few days," according to Microsoft's Windows 7 blog.

Original equipment manufacturers (OEMs) of PCs and server hardware will be the first partners to receive the Windows 7 and Windows Server 2008 R2 RTM images. Those partners will get it "beginning approximately 2 days after we officially RTM," according to the blog, which possibly means this Friday.

For the many other partners itching to get their hands on the RTM, most will have to wait until next month. Microsoft has provided a detailed schedule describing the availability of the RTM, based on the partner type, which can be accessed here.

Subscribers to Microsoft's professional services will be able to get the RTM OSes as early as next month. Downloads will be available for both TechNet and Microsoft Developer Network (MSDN) subscribers on Aug. 6 in English. Those wanting the RTM in other languages have to wait until Oct. 1 to download it.

The general public can still expect to see Windows 7 and Windows Server 2008 R2 products coming to market on Oct. 22, although the server should be available slightly earlier, Microsoft says. Those who preordered Windows 7 under a discount offer will get the OS on Oct. 22. That discount offer ended on July 11 in the United States and Canada.

Peter Jackson Welcomed Freedom To Make ‘District 9′ ‘Grungy’SP2 Released for Windows Vista and Windows Server 2008

Saturday, July 25, 2009

Standards Groups Collaborate on Cloud Computing

By Wyatt Kash07/20/2009

A group of leading standards development organizations are working jointly to foster common standards for cloud computing and storage, beginning with the launch this week of a new wiki resource site called

"We brought together a large number of players so we don't get an enormous mess of standards," said Richard Soley, chairman and chief executive officer of Object Management Group, one of the organizations participating in the effort. Soley announced the formation of the group at a cloud computing symposium held by National Defense University's Information Resource Management College on July 15.

The organizations joining in the collaborative effort include the Cloud Security Alliance, the Distributed Management Task Force, the Open Grid Forum, the Storage Networking Industry Association, and the Open Cloud Consortium, with other groups expected to participate, Soley said.

The Cloud Standards Coordination working group plans to focus its efforts on identifying current and emerging practices and products supporting cloud computing, and helping to rationalize cloud computing and storage standards, according to Soley. It expects to concentrate on several dimensions of cloud computing, including:

Security (including authentication and authorization).Interfaces to infrastructure as a service.Platforms as a service.Deployment formats for cloud applications.Component descriptions.Data-exchange formats.Cloud computing taxonomies and reference models.

The group will also focus on service-level agreements (SLAs), which continue to hamper early efforts to pilot cloud computing tests, said Soley.

In addition, one possible future activity for the Cloud Standards Coordination could be supporting the creation of cloud computing storefronts advocated by Federal Chief Information Officer Vivek Kundra. Kundra, who gave the keynote address at the cloud computing symposium, described an online storefront to be developed by the U.S. General Services Administration (GSA) as a way of advancing the ability of agencies to procure computing-on-demand services.

The group's formation, according to information on the Web site, represents an outgrowth of coordination efforts by the Standards Development Organization Collaboration on Networked Resources Management working group.

‘Blair Witch Project’ Cast And Crew Celebrate 10-Year AnniversaryPrivate Clouds Better for Security, Red Hat CEO Says

Open Source for America Kicks Off with Broad Support

By Kathleen Hickey07/22/2009 Open-source software continues to make inroads into the federal government, and a new organization to promote open-source applications has been established.

Open Source for America is a coalition of more than 50 companies, academic institutions, communities of interest and related groups that will advocate for greater acceptance of the use of open-source software in government information technology systems.

Open Source for America will work to change policies and practices to allow the federal government to better utilize these technologies; coordinate with communities to collaborate with the government on technology requirements; and raise awareness and create understanding among government leaders about the values and implications of open-source software.

“Open-source software can help deliver improved government service plain and simple, and the [Obama] administration recognizes this more than any in our nation’s history,” said David Thomas, principal with Mehlman Vogel Castagnetti and spokesman for the Open Source for America campaign.

Moving to open source could save the government billions of dollars, make government IT deployment more secure and faster to deploy with greater privacy and the ability to eliminate vendor lock-in, Thomas added. Gartner Research recently estimated that, by 2011, more than 25 percent of government vertical, domain-specific applications will either be open source, contain open-source application components or be developed as community source.

Several agencies already are using open-source applications, with the most recent being the U.S. Postal Service. Other agencies that have put open-source software to work include:

The Homeland Security Department, which is funding a program that will help federal, state and local agencies better understand their options for using open-source software.The Defense Information Systems Agency, which is planning to open source a suite of programs that it developed for administrative tasks. The agency has signed a Cooperative Research and Development Agreement with the Open Source Software Institute to help release the source code of the programs.The Defense Department, which launched the Web site earlier this year for developers to work on open-source software projects specifically for DOD.NASA's Goddard Space Flight Center, which has established a Web site for open-source projects developed by center personnel for mission needs.

Nicolas Cage Explains His ‘Ridiculous’ Voice In ‘G-Force’Private Clouds Better for Security, Red Hat CEO Says

Microsoft Hits New Lows in 4Q Report

By Kurt Mackie07/24/2009

Microsoft's financials continued to decline, with the company reporting $13.1 billion in revenue for its fiscal fourth-quarter -- a 17 percent decrease compared with last year's fourth quarter.

Net income for the fourth quarter was $3 billion, compared with $4.3 billion in last year's fourth quarter. Microsoft published those results on Thursday, reflecting its fiscal fourth quarter and year, which ended on June 30, 2009.

Chris Liddell, Microsoft's chief financial officer, indicated that Microsoft had felt the bite of a generally bad economy.

"The fourth quarter marks the end of one of the most difficult, but in some ways encouraging fiscal years in our company's history," Liddell said in a recorded Webcast. "And our estimated results were disappointing due to the poor macroeconomic environment."

Liddell added that Microsoft actually executed much better in fiscal-year 2009 than in the previous year across all aspects of the business, citing product shipments, sales and cost-cutting efficiencies.

For the fiscal year, Microsoft's revenue was $58.4 billion, a decrease of three percent compared with fiscal-year 2008 revenue.

Still, the numbers for the quarter didn't look good. Microsoft's 4Q revenue missed projections, and it was down across all business segments, which may be a historical first for the company.

"They [Microsoft] did miss consensus revenue estimates pretty seriously by about a billion dollars, and this is the first time I'm aware of in Microsoft's history that their year-over-year revenue fell in all five business segments, including the Server and Tools and Business segments," said Matt Rosoff, an analyst with Directions on Microsoft, in a conference call with the press. "Overall revenue was down 17 percent from the prior year, which was a record."

Microsoft's Windows client business segment, a traditional cash cow, didn't fare well. The OEM premium-standard mix was down 13 percentage points on the higher priced premium side. The volume of OEM client licenses decreased 10 percent in the quarter. Revenue from the OEM channel decreased 31 percent. Microsoft typically gets more than 80 percent of its total client revenue from the OEM channel.

The decreased Windows client revenue was partly ascribed to a Windows 7 discount, or "upgrade option" program, which ended on July 11 in the U.S. and Canadian markets. About $276 million in revenue was deferred as a result of the offer.

Microsoft had offered a similar discount with Vista, but about $1 billion in revenue was deferred back then, according to Frank Brod, Microsoft's corporate vice president of finance and administration and chief accounting officer.

Rosoff suggested that "business PC sales are slowing down much faster than consumer PC sales" for Microsoft. Moreover, on the consumer side, netbooks with Windows XP Home edition are selling, but also cutting Microsoft's profits. Rosoff said Microsoft is expected to offer Windows 7 on netbooks, but at a higher cost.

The Server and Tools segment had a six percent revenue decrease "primarily due to decreased Windows Server and SQL Server revenue, partly offset by increased Enterprise CAL Suites and System Center revenue," according to Microsoft's report.

Rosoff noted that the six percent decrease was a new low from when Microsoft first started reporting on the Server and Tools segment. Liddell acknowledged a bad server hardware market, but said he thought it had reached its bottom.

Microsoft's unearned revenue figure includes volume licensing revenue, reflecting three-year licensing agreements with large companies, particularly enterprise contracts. The revenue for volume licensing was $11.3 billion in fiscal-year 2009, down from $12.2 billion last year.

Rosoff said that this was a particularly important quarter for unearned revenue and enterprise agreements because a lot of them were signed three years ago and expired during the quarter. Still, he said that the specific figures for unearned revenue in the Server and Tools segment suggested that Microsoft was doing a good job in getting companies to pay ahead of time for Windows Server 2008 and SQL Server CALs.

Microsoft provided operating expense guidance for its next fiscal year, suggesting it would range from "$26.6 billion to $26.9 billion." In fiscal-year 2009, Microsoft's operating expenses totaled $38 billion.

Microsoft: Windows 7 Will Face ‘Tough’ Market‘Harry Potter And The Half-Blood Prince’ Breaks Midnight Records

Monday, July 20, 2009

Telerik's .NET Tools Suite Bundles Updated RadControls, ORM and UI Test Framework

By Kathleen Richards07/16/2009 Telerik’s Premium Collection for .NET, released last week, updates all seven of its product lines including the data access tool and Web UI testing framework that mark the company’s new strategy to diversify beyond UI components for the Microsoft platform.

The Q2 2009 release includes updated RadControls for Silverlight, ASP.NET AJAX, Windows Presentation Foundation and WinForms; the OpenAccess object relational mapping tool, Reporting and a new WebAii Testing Framework.

"Now we help developers cover their presentation development, their data access and their testing at least as far as UI is concerned, enabling them to focus the majority of their time on what actually creates value for their business and that is their domain logic code right there in the middle," said Todd Anglin, a Microsoft MVP and Telerik’s chief evanglist.

"We are continuing to push in these new directions to make sure that we cover more of the development lifecycle for a developer, more parts of the application and that’s the story that we are really trying to continue to build on as we launch new products here is Q2 2009."

Among the highlights in the new suite, RadControls for Silverlight adds a 3D Charting engine (the API is the same as Telerik’s WPF 3D charting control) and an Outlook-style calendar control called RadScheduler to the suite of more than 30 Silverlight 2 controls. The components are slated to be updated for Silverlight 3, released July 10, later this month. Telerik is running a contest for Silverlight projects built using RadControls – the submission deadline is September 14, 2009.

The Silverlight and WPF controls share the same codebase and use identical APIs, which allows developers to reuse them in both platforms "as long as the rest of the app you are building isn’t using some obscure part of the .NET framework that is not available in Silverlight, " observed Anglin. Seven WPF controls based on existing Silverlight components were added to the Q2 RadControls for WPF suite, now 20 controls are comparable between the two platforms.

A new Visual Style Builder for ASP.NET.AJAX is a point-and-quick CSS customization tool that provides access to skins hosted on Telerik’s Web site. The skins are cross-browser compatible, according to Anglin, and developers can modify them without time consuming CSS coding.

The WebAii Testing Framework for RadControls is a free version of the enterprise-level WebUI Test Studio by ArtofTest that provides automated integration testing of ASP.NET Web sites. The WebAii framework ships with RadControl test wrappers for Silverlight and ASP.NET AJAX. It also offers LINQ support.

The key difference between the two test products, according to Anglin, is that the new WebAii is the API coding layer to give developers the ability to write automated integration tests against Silverlight and ASP.NET Web sites. "This is a very time consuming process that a lot of .NET developers still do manually," he said. The higher end product, WebUI Test Studio, includes a VS designer so that you can visually click through your application and record the test and then save it and execute it. With both of these frameworks, you can create a test once and run it against multiple browsers, explained Anglin.

Telerik acquired Vanatec of Germany, and its OpenAccess ORM product in October 2008. "It has a number of the features that Entity Framework, for instance, will see in the next version, " said Anglin. "So it is definitely a mature product." Among several new features, the company is introducing more LINQ functionality in the Q2 release. A new sample app is based on Microsoft’s 101 LINQ samples.

Telerik Premium Collection for .NET, which includes seven products, is available now for $1,299 per developer seat. It supports VS2005/.NET 3.0 and VS2008/.NET 3.5. The products are also sold separately.

Microsoft Launches Silverlight 3

Microsoft Renames 'Geneva' ID Management Solutions

By Kurt Mackie07/16/2009

Microsoft announced product names for its latest claims-based identity management server platform, dropping the "Geneva" code name.

The Geneva platform (once known as project "Zermatt") consists of three components, and Microsoft unveiled relatively straightforward product names for each. The name switch was announced on Monday at the Microsoft Worldwide Partner Conference in New Orleans.

Geneva Server will be called "Active Directory Federation Services" (ADFS). Essentially, ADFS is the same name used for Microsoft's current single sign-on federation product that's part of Windows Server 2003 R2 and Windows Server 2008.

The Geneva Framework used by developers will be called "Windows Identity Foundation" (WIF). Finally, Windows CardSpace, which helps with the management of access identities, will retain its same name.

Version numbers for the products will be announced later, according to the Vibro.NET Microsoft blog. The blog also emphasized the importance of elevating WIF as a .NET platform for developers.

"This is a Big Deal for developers on the .NET platform, and I want to make sure to give it as much visibility as I can," the blog states. "We claims tinkerers are now recognized first-class citizens in .NET, and it feels good ."

Microsoft is planning to release the new ADFS product in the second half of 2009, and it will be available as part of Windows licensing. Geneva Server is currently available as beta 2, and was released in May.

Possibly, the ADFS product will be released in time for Microsoft's Professional Developers Conference in November, with WIF and CardSpace following soon after, according to Gerry Gebel, an analyst at the Burton Group.

The ADFS platform is important for Microsoft because it will be used to establish connections with Microsoft's Windows Azure platform, supporting hosted applications such as SharePoint Online and Exchange Online, Gebel explained.

The two biggest features of ADFS will be its claims-transform capability and its use of federation metadata, according to Donovan Follette, senior technical evangelist on Microsoft's Identity and Access technologies. The use of federation metadata makes it possible to configure relationships that used to take extra coding to establish.

"Flexibility with claims is the biggest shift that ADFS developers have to get their minds around," Follette explained, in a Microsoft Channel 9 video.

Microsoft changed some of the nomenclature with the new ADFS product. "Account partners" in the old version are now called "identity providers," Follette said. "Resource partners" are now called "relying parties" because they rely on a token that ADFS will provide to them. The use of the "applications" term disappears in ADFS because they are just considered to be another form of relying parties. Lastly, "organizational claims" or mappings will become "rules" in ADFS.

Developers will be able to use PowerShell to automate setups for relying parties (or applications), Follette explained. You can also use PowerShell to place rules, he said.

The new ADFS product will be interoperable with earlier versions of that server, Follette said. It will support the same SAML and WS protocols as the earlier version, but adds token support for SAML 2.0, he added.

50 Cent Says ‘Streets Of Blood’ Film Comes From ‘A Rebellious Place’DirectShow Subject to Attacks, Microsoft Warns

Adobe Releases First Beta of ColdFusion 9

By Jeffrey Schwartz07/15/2009 Adobe Systems this week released the public beta of the next version of its ColdFusion Web development platform. The new version, dubbed ColdFusion 9, will come with an optional integrated development environment (IDE).

By adding the new IDE, dubbed ColdFusion Builder, Adobe is adding capabilities for more sophisticated developers that ColdFusion has lacked. Among other features, Adobe said it will offer a more customized and extensible development environment for coding data-driven applications, offer server management and debugging.

Originally developed by Allair in the mid 1990s and retained by Adobe when it acquired Macromedia, Adobe said there 800,000 ColdFusion developers. But it faces steep competition including Ruby on Rails, Java Server Pages and Microsoft's ASP.NET and others.

"There are a variety of options that were not there a few years ago," said Gartner analyst Eric Knipp. But he added, the new upgrade is substantial and will likely appeal to the more advanced ColdFusion developers. "A lot of the features that are in ColdFusion 9 are features that the advanced ColdFusion developer community has been clamoring for, for a long time."

Notably is the ability to access any part the language from the ColdFusion scripting language, CF Script, and its support for object relational mapping (ORM) to databases via integration with Hibernate, he said.

ColdFusion 9 will integrate with Adobe's forthcoming Flash Builder 4 framework, released to beta last month  "For the first time we are really able to offer a full server side to client side development work flow, with all of our tools and our technology," said Adam Lehman, Adobe's ColdFusion product manager.

"Cold Fusion Builder is an Eclipse based plug-in similar to the Flash Builder, so you basically are installing one inside each other. If I am developing server side code and I want to kick over to write some client access code, and I am in the Flex [Flash] world, all of a sudden I am in the same IDE. We've done a lot to maintain a lot of the fidelity between the two"

The Hibernate support will make it easier developers to provide bi-directional synchronization to databases by providing support for Hibernate-based object relational mapping (ORM). Through the integration, Lehman said developers will be able to access all of the Hibernate internals.

"Today developers spend a lot of time taking that tabular data and basically converting SQL into CFCs [ColdFusion Components when they are writing SQL code for inserts and updates and then moving that into this object model," Lehman said. "Because we are basically removing SQL that means we are truly building database independent applications."

While the ORM support should be welcome by ColdFusion developers, Gartner's Knipp said that capability that is now expected. "I don’t know it’s something that's going to win people over to the language, it might keep them from leaving," he said.

Also new in ColdFusion 9 is Server Manager, a Flex-based AIR application that will allow for the administration of ColdFusion Servers. Developers can run the manager on the desktop and control settings and receive alerts, Lehman said. "You can deploy a data source or update our JVM arguments or even deploy a hot fix," he said.

On the integration side, while ColdFusion 8 introduced support for native .NET code and Exchange, ColdFusion 9 adds native support for Microsoft SharePoint services. Developers can build Web Parts in SharePoint via the ColdFusion Markup Language (CFML), including support for single sign on.

"Everything ColdFusion has access to can now be exposed to SharePoint Server, but we also have a way to talk to the SharePoint back-end services, so if you are building an application that needs to interact with a document repository or some of the content management features, you can do that with native CFML, you don’t have to learn any .NET APIs or anything like that," Lehman said.

The new release will also allow developers and users to create, read and update Excel spreadsheets, generate PDFs from Word and PowerPoint, and create Flash presentations from PowerPoint,

For Java developers, ColdFusion 9 will integrate with key portlet servers via support for JSR-168, JSR 268 and Web Services for Remote Portlets (WSRP).

The new release will also include Adobe's Blaze DS, which will support high speed Flash remoting.

Lehman is not saying when ColdFusion is going to be released but he indicated the company is hoping to ship by the end of the year. Pricing was not disclosed.

Adobe Revamps Flash Platform50 Cent Says ‘Streets Of Blood’ Film Comes From ‘A Rebellious Place’

July Patch Partly Addresses ActiveX Holes

By Jabulani Leffall07/14/2009

There are no surprises with Redmond's six-patch release on Tuesday, but there is plenty of work to be done, security pros contend.

With three "critical" and three "important" items in the July patch, Microsoft is addressing some longstanding issues as well as some rare security holes. As usual, items with remote code execution (RCE) implications dominate the slate, with four bulletins devoted to this exploit. The remaining bulletins are notable for attempting to keep elevation-of-privilege attacks at bay.

Microsoft also has been rather vocal about fixing various DirectX security bugs leading up to this patch.

"Microsoft's July Security Bulletin does not have any surprises due to the intense pre-release activity around the three zero-day advisories that came out in the last six weeks," said Wolfgang Kandek, chief technology officer of Qualys Inc. "Microsoft had already announced that they would address two advisories with patches MS09-028 and MS09-032 for DirectShow and Microsoft Video respectively."

Critical Items
Microsoft's Embedded OpenType (EOT) font engine, which facilitates the formation and structure of text fonts used on Web pages, is first on the roster of critical items in the patch. The fix addresses two privately disclosed holes and is be designed to stave off RCE exploits for all supported Windows OS versions.

The second critical item resolves one publicly reported hole and two privately reported weaknesses in Microsoft DirectShow. At the heart of the matter is the DirectX multimedia control solution. The patch will affect DirectX versions 7.0, 8.1 and 9.0 running on systems using Windows XP, Windows 2000 and Windows Server 2003.

In May, Microsoft began an investigation of a DirectX bug in its DirectShow framework for multimedia files. In June, the company announced it was investigating a potential DirectX bug in Internet Explorer.

The third critical item is what many security experts see as most critical because it suggests what Redmond plans to do to fix its many recurring ActiveX exploit problems.

This fix is a "cumulative security update of ActiveX kill bits," but it only resolves "a privately reported vulnerability" in Microsoft Video ActiveX control. Left unpatched, the vulnerability could allow RCE attacks via a malicious Web page where ActiveX controls are enabled.

Users with accounts configured to have fewer user rights on the system could be affected less by this bug than users having administrative rights.

"Typically, the fear is that you're downloading and installing a malicious ActiveX control from an untrustworthy source," explained Eric Voskuil, chief technology officer of access control solution provider BeyondTrust. "But here we're seeing the dangers from vulnerabilities in multiple nonmalicious ActiveX controls from a known trusted source, Microsoft. In both situations, implementing the best practice of least privilege can have significant security benefits."

Wolfgang Kandek of Qualys added that Monday's zero-day security advisory on ActiveX in Microsoft Office Web Components was nominally addressed through the cumulative patch rollout. However, he cautioned that "until an actual patch comes," IT pros should take a close look at the workaround published in Redmond's knowledgebase article released on Monday.

Yet another security gadfly, Tyler Reguly, doesn't think Redmond went far enough with these ActiveX security bulletins.

"It's interesting to once again see Microsoft issuing a bulletin for an ActiveX control, especially since the fix to this issue isn't to patch but to simply set killbits," said Reguly who is senior security engineer at nCircle. "This means if the malicious individual can manage to convince you to revert the killbits, then you're once again vulnerable. This is a really sad day, when a poor mitigation is acceptable as a valid patch. I expect more from Microsoft."

Important Items
The first "important" fix is designed to stop potential elevation-of-privilege attacks in Microsoft Virtual PC 2004 and Microsoft Virtual PC 2007 editions, as well as Microsoft Virtual Server 2005 R2 and Virtual Server 2005 R2 x64.

Redmond is addressing a vulnerability that could allow for code execution on an infected "guest operating system." Having floating operating systems and guest sessions are key aspects of running virtual machines.

The second important fix addresses Microsoft Internet Security and Acceleration Server 2006. ISA Server provides an application-layer firewall and protects Web servers. The patch is said to help thwart a scenario where "an attacker successfully impersonates an administrative user account" for an ISA server configured specifically for Radius One Time (OTP) password parameters.

Such a highly technical attack may make this vulnerability less of a risk, security experts say.

"These [ISA Server 2006 and Virtual PC patches] are some you don't see very often," commented Eric Schultze, chief technology officer at Shavlik Technologies.

The last important item deals with 2007 Microsoft Office System Service Pack 1 in general, and Microsoft Office Publisher 2007 Service Pack 1 in particular. It is the rollout's fourth RCE exploit fix and is made to protect against an exploit trigger that happens when a user opens a malicious Publisher file.

All six items may require a restart.

Microsoft also provides a July knowledgebase article that describes nonsecurity changes for Vista and Windows Server 2008 as delivered via Windows Update, Microsoft Update and Windows Server Update Services.

Six Security Fixes Expected on Patch Tuesday

Windows Azure Pricing Unveiled

By Kurt Mackie07/14/2009

Microsoft announced pricing for its Windows Azure cloud computing services on Tuesday at its Worldwide Partner Conference in New Orleans.

Windows Azure cloud computing services are currently available for free to participants in Microsoft's community technology preview program. However, the company plans to start offering commercial services on a pay-as-you-go basis when the Microsoft Professional Developers Conference begins in late November.

Microsoft also plans to offer a promotional discount to its partners of five percent on "Windows Azure compute, SQL Azure and .NET Services," which are all part of the Windows Azure Platform. In addition, the company is planning a "development accelerator promotional offer" that will provide a "deep discount" to partners and customers who want to quickly develop and deploy hosted applications on the platform.

The pricing details are described in Microsoft's Windows Azure team blog here. A more detailed analysis of the cloud computing platform, with explanations about how Windows Azure services are priced, is provided in a July white paper by David Chappell, "Windows Azure and ISVs" (PDF).

Chappell argues that cloud computing platforms such as Microsoft's Windows Azure are typically needed by software distributors that deliver applications to their customers via software as a service. Those thinking about hosting their Web site using Windows Azure likely will find Windows Azure service to be an expensive overkill, according to a Microsoft Developer Network (MSDN) forum post.

"I doubt there are many hosting providers who would appreciate you calculating the next Mersenne prime between serving up web pages," explained Neil Mackenzie in an MSDN blog post. "The practical reality is that neither Azure nor AWS [Amazon Web Services] are (price) optimized for hosting a simple web site because it costs a lot more to support their virtualized platforms than it does to support a virtual directory."

Chappell explains in his white paper that Microsoft's Windows Azure pricing is based on three basic variables: "compute time, data storage and access, and bandwidth transferred in and out."

Microsoft will charge $0.12 per hour for compute time, $0.15 per gigabyte of storage per month and $0.01 per 10,000 operations on that stored data, according to Chappell. The bandwidth charge is $0.10 per gigabyte moving in and $0.15 per gigabyte moving out.

There appears to be a way for customers to "remove compute instances" to limit compute time charges, according to a discussion on the MSDN forum.

In addition to the above charges, if customers use the platform's SQL Azure relational database for storage, they will get charged by how much data is stored, plus bandwidth costs.

There are two SQL Azure options -- a Web Edition and a Business Edition. The Web Edition costs $9.99 per month for up to one gigabyte of storage, with a max query time of 10 hours. The Business Edition costs $99.99 per month for 10 gigabytes of storage, with a max query time of 100 hours.

With all of those pricing variables, it all sounds fairly complex to calculate what it will cost to use Windows Azure services on a monthly basis. The Windows Azure team blog hinted that Microsoft plans to relax the pricing for some customers that require "payment predictability" and can commit to a certain level of use.

"While consumption-based pricing provides great flexibility, we have also heard it introduces a level of unpredictability and some customers prefer other options," the blog explains. "At launch [at the PDC], we will share details of subscription offers that provide payment predictability and price discounts that reflect levels of usage commitment."

Microsoft's cloud computing pricing is somewhat similar to that of Amazon Web Services, according to a Burton Group datacenter blog. However, Microsoft has thus far failed to specify any pricing distinctions based on the level of computing resources consumed by users.

"The missing part in the model is the size (or type in EC2 terms) of the compute platform," wrote Drue Reeves, vice president and research director at Burton Group. "I don't think Microsoft would allow an application that requires 5x the amount of memory or CPU time to be the same price as another application with lesser requirements."

Microsoft Extends VS 2010 to Azure Cloud

Microsoft Office ActiveX Security Flaws Disclosed

By Jabulani Leffall07/13/2009

On the eve of its July security patch release, Redmond issued a security advisory on flaws in the ActiveX control function -- the second such advisory in as many weeks.

Redmond's latest off-cycle advisory addresses "a new vulnerability in Microsoft Office Web Components," specifically in the "spreadsheet ActiveX Control" that could give a hacker elevated user rights through a remote code execution attack.

The kicker is that a hacker can exploit the bug via Internet Explorer if ActiveX, which is a Windows framework designed for indentifying and parsing software components, is enabled.

The software giant said on Monday that it was aware of "limited, active attacks attempting to exploit this vulnerability."

Security analysts have tended to point to ActiveX as a potential problem. Apparently, it's now a top priority for Redmond.

"Part of the problem is that one of the two known [ActiveX] bugs was reportedly known by Microsoft for nearly a year," wrote Andrew Storms, director of security at nCircle, in an e-mailed comment. "This information is leaving many people with an unsettled feeling, and wondering just how many other critical bugs are sitting in the Windows OS just waiting to be exploited."

Mike Reavey, director of the Microsoft Security Response Center, confirmed last Thursday that Microsoft has known about ActiveX-related bugs used in IE-related attacks for more than a year, as early as spring of 2008 in fact.

Aside from video files and spreadsheet controls, other recent ActiveX bugs include one outlined in a security advisory rolled out exactly a year ago. In that case, Redmond said that a bug enabled hackers to exploit a hole in ActiveX controls for certain components of Microsoft Access.

Meanwhile, in its advisory on Monday, Microsoft said its investigation "has shown that although Internet Explorer (IE) isn't vulnerable, remote code execution is possible and may not require any user intervention when using IE."

Reavey did intimate that a fix for ActiveX would be likely on Tuesday, but he didn't specify which Windows version the fix would affect. There is already an ActiveX fix slated for a previously identified bug in DirectShow that Microsoft has on tap for Tuesday's rollout.

"If you haven't implemented the killbits already, we recommend that you go ahead and do that to protect yourself against the attacks," Reavey wrote last Thursday after the advance patch release notification.

For now, Redmond is also pointing users to a knowledgebase article link that comes with the latest advisory and outlines ways to work around the flaws. For instance, IT pros can make changes that prevent "Active Scripting and ActiveX controls from being used when reading HTML e-mail messages."

Microsoft Probing ActiveX Bug in Internet Explorer‘Harry Potter And The Half-Blood Prince’ Takes Box-Office Crown

With Expression Blend 3, Microsoft Looks To Link Developers with Designers

By Jeffrey Schwartz07/14/2009 When Microsoft last week launched Silverlight 3, the company set a new stage for .NET developers looking to build out-of-the browser rich interactive applications. But its release and the planned shipment next month of the Expression Blend 3 suite also promises to allow closer collaboration among developers and designers.

Microsoft said at last week's launch event that Expression 3 will ship within 30 days at a list price of $599 ($349 upgrades) but a release candidate is available for download now. Expression 3 allows designers and developers to build behaviors into user interfaces without writing code. 

Enterprise developers are likely to welcome the suite, particularly a newly added component called SketchFlow, which will allow developers and designers to iteratively work on and share workflows. "It's something that anyone who is a Microsoft shop really needs to take a look at," said Gartner analyst Eric Knipp, in an interview.

Microsoft describes SketchFlow is an iterative workflow designer that allows for the dynamic prototyping of a UI-based controls. It provides for rapid development of layouts and the creation of application flows and functions of an app and lets teams visualize those prototypes.

"When you're done you press a button, you can open it in Visual Studio and keep working," said Knipp, who has looked at SketchFlow. "It closes the loop between the designer and developer in a way that has been more manual in the past."

When Microsoft revealed the SketchFlow feature in March at its MIX 09 conference, Dan Chait signed up for the early access program. Chait, who is managing director of New York-based consultancy Lab49, counts large financial services as his clients. At last week's launch, Chait demonstrated his use of SketchFlow during the keynote in a presentation called Visual Kitchen.

In a subsequent interview Chait explained that SketchFlow removes the manual process out of prototyping by allowing developers to iteratively create the processes within the tool. "You can present a number of different design directions to your customers very early on without having to invest a lot of time and money in building actual software," Chait said. "It's a lot like pen and paper prototyping, without any of the down side of pen and paper."

With SketchFlow, Chait starts a project off on a white board and maps out a few of the screens and how they would flow together. Then with a digital camera he takes pictures of those whiteboard sessions, imports them into his computer and in real time, drags and drops the images into SketchFlow and wires them together, which provides an early prototype of the workflow.

"You can click around and navigate from screen to screen, so you go from drawing something on a whiteboard to something you can click around in and determine how it's going to flow together. And iteratively you start to flesh out the pieces."

While that allows him to more incrementally design, it also lets him determine how his team is going to structure the code. "This is really about getting the vision right for the overall application," he said. "Previously there was this big disconnect between the design and the coding process."

While Kniff said enterprises should be looking at SketchFlow, right now it only generates XAML, he noted. "I think it will be interesting to see over time if SketchFlow is expanded to go beyond Microsoft technologies," he said. "It's of limited use to companies that are say using ColdFusion on the back end, though you could still iterate and use a slip of paper, but I think it's a nice innovation and  I hope Microsoft supports it and improves it over time."

Microsoft Launches Silverlight 3‘Harry Potter And The Half-Blood Prince’ Reviews Are In!

Office 2010 Tech Preview Unveiled at Microsoft Partner Event

By Kurt Mackie07/13/2009

Microsoft Office 2010 has reached the technical preview testing stage, company officials announced on Monday at the Microsoft Worldwide Partner Conference.

Attendees at the New Orleans event this week have access to the Office 2010 bits. For others wanting to test the new productivity suite, Microsoft provides a Web form to sign up for the waiting list, which can be accessed here.

Various Office 2010 productivity suite components -- Excel, Word, PowerPoint, OneNote, Project, Publisher and Visio -- all hit the 2010 technical preview milestone today, along with Microsoft SharePoint Server 2010. The schedule for Microsoft Exchange 2010 is slightly ahead of the pack, with a public beta announced back in April.

Office 2010 is expected to be released as a public beta sometime later this calendar year, according to Chris Capossela, senior vice president of Microsoft Office products, in a video discussion. Microsoft officials expect that Office 2010 will appear as a final product in the first half of 2010.

The main theme Microsoft emphasized with today's announcement is that Office 2010 will be accessible by PC, phone and browser. The new enabling factor is something called "Office Web applications," which are lightweight versions of Excel, PowerPoint and Word that can run in a Web browser. Supported browsers currently include Firefox, Internet Explorer and Safari.

The unveiling of Office Web applications represents Microsoft's long-awaited move into the lightweight hosted applications space. Competitors, such as Google and Zoho, have offered Office-like applications that work in a browser for years.

Microsoft will offer its Office Web applications to consumer users for free. Users just have to sign up for a Windows Live account. Businesses won't have free access, but they will be able to subscribe to Microsoft Online Services, which will host the Office Web applications and provide access to them as a service.

All Microsoft Office 2010 volume licensees will have access to Office Web apps. In addition, these licensees will have the option of running Office Web apps from their own on-premises servers.

Microsoft will incorporate the "ribbon" menu system, first introduced in Office 2007, in a number of future products. Those products include the Outlook 2010 mail and calendar solution, the SharePoint 2010 collaboration app, Project 2010 planning app and Visio 2010 diagramming solution.

Document collaboration will be a feature in Office 2010. For instance, users can edit video in PowerPoint 2010 and then share or broadcast those videos. A Microsoft Office Backstage view lets users quickly access features associated with Office 2010 files, enabling integration with other Office or SharePoint apps.

The Office 2010 announcements were part of a keynote address in New Orleans by Stephen Elop, president of Microsoft's Business Division. Elop outlined other Microsoft initiatives of note to partners. For instance, he played up partner opportunities in Microsoft's "Software plus Services" world, in which Microsoft or its partners will offer customers hosted and on-premises software solutions, or a combination of the two approaches.

Some products, such as Microsoft Office Communication Server, have sustained growth in tough economic times, Elop noted. He also touted Microsoft Dynamics products, saying that more than one million Dynamics seats have been sold, and that Microsoft was winning deals over and Oracle's Siebel CRM.

Elop said that Microsoft now has more than 17,000 SharePoint customers and that the company has sold about 100 million SharePoint licenses. Social computing via SharePoint is an area of rapid innovation, as well as a Microsoft partner opportunity, he added.

Elop suggested that Microsoft is making good on its "democratizing business intelligence" theme, in which business users of Microsoft products will be better able to conduct data analyses on the fly. One such feature in Excel, called "Sparklines," lets users slice up and compose data.

‘Harry Potter And The Half-Blood Prince’ Takes Box-Office CrownOffice Developer Conference Cancelled

W3C Pulls Plug on XHTML 2

By Joab Jackson07/13/2009

The World Wide Web Consortium (W3C) has halted work on the second version of the Extensible Hypertext Markup Language (XHTML), and has instead redirected its energies to the next version, HTML 5.

"When the XHTML 2 Working Group charter expires as scheduled at the end of 2009, the charter will not be renewed. By doing so, and by increasing resources in the HTML Working Group, W3C hopes to accelerate the progress of HTML 5," states a W3C news bulletin.

While early reports characterized the W3C's move as the death of XHTML, it is only an experimental version of the markup language that has gotten the axe. Most users of the language should not be affected, according to W3C's Mike Jones, who leads the HTML 5 working group.

"There is a big difference between XHTML 2 and XHTML," he said.

XHTML is a version of HTML that is rendered as a subset of Extensible Markup Language (XML) application. Casting HTML pages into an XML format allows their contents to be parsed more thoroughly by computers, though using XHTML involves more work on the part of Web site developers because XML documents need to be structurally coherent in a way that few HTML pages are.

Version 2 of XHTML is actually a complete rewrite of the markup language, Jones said. "Basically, the vision of XHTML 2 was to start over and fix all the mistakes with earlier versions of HTML," he said. "They were successful in [technical terms], but it never got market uptake. It never got native support in browsers."

Because version 2 was not backward compatible with version 1, which is widely used, few upgraded. XHTML 1, in contrast, is compatible with the current version of HTML, version 4.

Current users of XHTML 1 should not have to make any changes, Jones said. The next version of HTML now being developed, HTML 5, will be completely backward compatible with XHTML 1.

"What I tell people is make no changes at all to your current workflow. We will forever continue to support XHTML 1.0 as long as we're controlling the specification of HTML," Jones said. (Since HTML 5 has not been codified yet, it should not be used in production systems, he said).

New versions of XHTML may not be forthcoming, however.

"XHTML is just the name for one of the two syntaxes that are usable within browsers. All major browsers have two parsers — an XML parser and an HTML parser that can deal with non-well-formed content," Jones said. "We're not adding any specific new features to XHTML. We'll add new features to the abstract language that underlies both of those syntaxes."

One project that may be affected by the cancellation of XHTML 2 is a version of the Resource Description Framework called RDFa (the "a" standing for attributes). Search-engine services, such as Google, deploy RDFa. The impact to RDFa should be minimal, Jones said, because RDFa is already supported by XML.

"If you are working in XHTML and if you're documents are well formed, you can use RDFa and everything should work as designed," he said.

Google To Release OS Aimed at NetbooksTim Burton Assembles ‘Mysterious Puzzle’ For ‘Alice In Wonderland’

Thursday, July 16, 2009

Attunity Adds Change Data Capture Links Between SQL Server and Oracle

By Jeffrey Schwartz05/27/2009

Attunity Ltd. today released software that allows developers to apply change data capture (CDC) between Microsoft's SQL Server and Oracle databases.

Oracle-CDC for SSIS replicates and synchronizes updated data between Microsoft's SQL Server Integration Services and Oracle databases in real time, according to Attunity officials. The CDC tool works in conjunction with connectors the company released in October that provide high-speed links between SSIS and Oracle and Teradata platforms.

SSIS is a free component offered with SQL Server 2005 and 2008 that enables integration and extract, transform and load (ETL) with third-party databases, reporting tools and data warehouses. It has become a de facto ETL tool for large Microsoft-centric enterprises looking to integrate data across platforms, said Gartner analyst Ted Friedman.

"[Users] are finding it to be a very cost-effective alternative to some of the heavier-weight, more comprehensive solutions out there," Friedman said. Among those higher-end data integration and ETL tools are IBM's DataStage and Informatica's PowerCenter.

Within the realm of data integration, CDC has emerged in recent years as a key function for organizations that need to conduct bulk data transfers and batch processing in short windows of time. While the amount of data might be substantial, typically only a small percentage of the overall data within a repository has changed. CDC only replicates the changed information to speed the data transfers and minimize infrastructure requirements.

CDC is used by some large banks that expect data from a customer's online transaction to be updated in real time throughout other channels, including branch systems, ATM machines and call centers. Point-of-sale is also a suitable application.

It is also becoming popular for situations in which decision makers need to act on current data, Friedman said. "I clearly see a trend where CDC is on the rise," he said. "Things like real-time or operational business intelligence that require rapidly sensing important changes to data and getting those changes out so they can be analyzed."

Attunity first started offering CDC tools in 2004, and while it offers leading technology, the company is struggling financially, Friedman said. The company last month reported that its $2.2 million in revenues for the first quarter of this year were down 32 percent over the same period last year. A partnership with Microsoft could boost its fortunes because SSIS falls short when it comes to handling batch-oriented data, according to Friedman.

Attunity's CDC tool will appeal to developers who need to apply that capability to Oracle data but are not skilled in that database platform, said Itamar Ankorion, the company's director of business development.

"We hide all of the complexity of working with the Oracle data and how changes are captured and we automatically generate all of the packages within SSIS," Ankorion said. Packages are created via the SSIS wizard to move data from one source to another. Developers can edit SSIS packages via Visual Studio or Business Intelligence Development Studio.

The software starts at $2,500. An average installation costs around $40,000 Ankorion said.

Microsoft Kills Its Oracle Data Provider for ADO.NET

Microsoft Alert: Big Problem With SharePoint Service Pack 2

By Kurt Mackie05/22/2009

Microsoft on Friday announced that there's a problem for those who applied Service Pack 2 (SP2) to Microsoft Office SharePoint Server 2007 (MOSS 2007) -- namely, it's timed to expire in 180 days.

In addition to MOSS 2007, other products were affected by the service pack problem. Those products include "Project Server 2007, Form Server 2007, Search Server 2008 and Search Server 2008 Express," according to Microsoft's announcement.

Windows SharePoint Services 3.0 is not affected, the announcement added.

Microsoft is currently working on a hotfix and a knowledgebase article to remedy the SP2 problem. Basically, applying the SP2 update resets the product's activation as if the trial version of the software were installed.

IT pros who installed SP2 should check Microsoft's SharePoint Team blog here for details and updates. The knowledgebase article is expected to be available in less than 48 hours. Microsoft plans to describe a workaround solution in its knowledgebase article.

"To work around this issue customers will need to re-enter their Product ID numbers (PID) on the Convert License Type page in Central Administration," the SharePoint team explained in its blog. Users can retrieve their product ID at Microsoft's Volume Licensing Service Center Web page here.

Data aren't affected by the SP2 problem, according to Microsoft. However, the software will cease to work for end users after 180 days if the hotfix or workaround isn't applied.

For those trying to install MOSS or Windows SharePoint Services on Windows Server 2008 R2, you need to use the SP2 versions of those applications, according to this Microsoft blog.

Microsoft first publicly unveiled the availability of SP2 for MOSS 2007 and Office server products toward the end of April. At worst, early installers of SP2 have used up 24 days of the 180-day "trial" period.

SP2 Released for Windows Vista and Windows Server 2008

Sun Launches Third Release of OpenSolaris

By John K. Waters06/02/2009

On the eve of its annual JavaOne Conference, Sun Microsystems unveiled a new version of the OpenSolaris operating system. Version 2009.06 is the third release of the open source implementation of the company's Unix-based operating system. The company launched OpenSolaris 2009.06 at CommunityOne, a three-day event which runs in conjunction with the week-long JavaOne conference.

The new release sports virtualization support, storage enhancements and performance upgrades, all of which should appeal to enterprise customers, Sun officials said, noting this release will impact all users of its Solaris operating system.

"OpenSolaris is the technology that's going into the next-generation Solaris platform," said Charlie Boyle, Sun's director of Solaris product marketing. "One of the great things about doing open development is that we're extremely transparent to our community and our users. If you're an end user of OpenSolaris or Solaris, you can see what we're building and then evaluate when you want to pick those new features."

Amid speculation about the future of Sun and Java,В OpenSolaris may be the asset of the company that's least likely to be affected by its pending acquisition by Oracle Corp. Solaris in all its forms might be among the "safest" products in the company's catalog, said IDC analyst Al Hilwa. "There's no real overlap with anything that Oracle is doing. Oracle has a couple of fingers in the Linux pie, but so does Sun," he said.

Enterprise Features Added
The biggest change in this release is the addition of network virtualization technologies developed in Project Crossbow. The four-year-old project combines "the building blocks" of network virtualization and resource management by virtualizing the stack and Networked Information Center (NIC) around any networking service protocol or virtual machine.

Network virtualization presents virtual NICs inside the stack to any application or virtual machine, and connects them via virtual switches and network services. In OpenSolaris, this arrangement is called a "virtual wire" or vWire.

Crossbow effectively rebuilds the network stack for modern systems and use cases, according to Boyle. "All the vendors have continued to bolt on new technologies to their stacks over the years," he said. "But as we move into multi-threaded, multi-core systems, and 10- [and] 40-gigabit Ethernet, we have to rethink the way the network stack works."

Boyle maintained that this technology, which is built into the platform, has the potential to change software development. "As a developer, you can create a microversion on your laptop of the production environment in your datacenter," he said. "It's no longer that the developer is just off coding in some corner somewhere, thinking only about their applications. They can actually think about how their apps will be deployed and model that deployment during the development process. Then, they can take that model and move it to a bigger server for test and QA, then roll it out to multiple servers in your datacenter. The only thing you're changing is the size of the virtual machine."

What may interest developers most in this release is a Web-based tool set called SourceJuicer. SourceJuicer automates the OpenSolaris Image Packaging System (IPS) package build process. Developers submit code and a build manifest, and the tool validates that code, builds the app, packages it for both Sparc and x86 machines, and then publishes it into the OpenSolaris repository. Anyone running the OS will see the application in their search list.

Another feature, called Single Click Install, allows developers to publish a link on any Web site that leads to an automatic installation program directly from the repository. All updates to the software are automatically reflected in the IPS package manager.

Since the last update of OpenSolaris, more than 10,000 IPS packages have been added to the network repositories, Boyle said.

OpenSolaris 2009.06 also provides support in Sun's ZFS file system for flash storage. ZFS now understands the type of flash running on a system, and then optimizes the storage configuration automatically based on the workload and flash elements, Boyd said.

The new release adds native support for CIFS (Microsoft's Common Windows File System) as a full peer to Network File System (NFS). Sun said that will provide support for Windows security, naming and access control for file sharing across Windows, Linux and Solaris platforms.

OpenSolaris 2009.06 is available now for download here.

Microsoft Unveils Windows 7 Downgrade Plan‘Harry Potter And The Half-Blood Prince’ Breaks Midnight Records

Eclipse Galileo Marks Fourth Release Train

By John K. Waters06/24/2009 The Eclipse Foundation today announced its fourth "release train," a coordinated, simultaneous launch of a group of open-source Eclipse projects that has become an annual event. Representing a key milestone for Eclipse, this year’s new release train, code named "Galileo," is the largest yet, comprising 33 projects and more than 24 million lines of code.

The release includes a range of advancements in the Eclipse OSGi-based frameworks and runtimes; new support for the creation of Domain Specific Languages (DSL); and enterprise-focused features, such as new support for Mac Cocoa 32 and 64 bit, and the 2.1 version of the PHP Development Tools (PDT) project.

This annual synchronized project release supports the Eclipse commercial ecosystem, and at the same time unites the Eclipse community, said Eclipse Foundation executive direction Mike Milinkovich. "The fact that you can get so many different Eclipse projects lined up and shipped on the same day really spurs adoption," Milinkovich said. "That’s looking outward; looking inward, it helps the community come together. We have all these people out there working on their own projects, and it’s easy for them to become insular. Getting into the release train forces them to look up and participate more, and the result is, they feel more a part of the Eclipse community."

The release train strategy is an important example of how an open source community benefits from the "all bugs are shallow" principle that underlies open source software, said Forrester analyst Jeffrey Hammond. "The level of transparency in the Eclipse release train process, and the way that bugs and enhancements are triaged in (or out) of the train are impressive," Hammond said, "and equaled by few commercial organizations."

The annual release train also provides regular release milestones that make it easier for dependent projects to plan and execute their own development plans, he added. "By stabilizing APIs and features in early milestones, and then [focusing] on killing bugs, the projects stabilize from the core out," he said. "As far as I’m concerned, this milestone-based process is really the locomotive that pulls the entire train."

Milinkovich said predictability is one of the key benefits of this approach. "Most products that are based on Eclipse these days pull from multiple projects in the community," he said. "The fact that you can get so many lined up and shipped on the same day really helps those projects."

There’s a lot for developers to like in this year’s release train, Hammond pointed out. In this release in particular, Eclipse is moving well beyond a Java and C++ IDE. New PHP tools are folded into the release, as are major improvements to the RAP (Rich Ajax Platform), and extension of in the ALM lifecycle in the form of the Mylyn task-focused interface for Eclipse, beefed up modeling tools, and enhanced data tools.

Hammond also applauded the annual deadlines. "I think it forces teams to engage in ruthless вЂtime-boxing,’ and the result is that questionable features get pushed out of the time-box earlier in the process," he said. "And that results in higher quality. I’m not sure it’s resulted in more code/features, but I think it’s improved the focus on quality."

PDT Makes The Train

This is the first year the PDT project was a part of the release train, and that deadline gave project team members pause. Roy Ganor, PDT project lead and team leader in Zend Technologies’ ( developer group, said the decision to participate was not an easy one.

"Now we can’t understand how we lived without it!" he said. "The advantages of joining the release train are enormous. First off, we are more controlled and visible. This is something open source projects should always strive for. Many open source projects act as "use at your own risk." Now, with the whole community behind us after a great release cycle, I can say that Eclipse PDT has made a great step forward and is much more stable and usable than ever."

Eclipse PDT ( is an Eclipse-based development environment for developing PHP scripts. It’s the first tool to support the new language features in PHP 5.3, such as "namespaces" and "closures," and it has become the de facto standard for PHP development.

Ganor added that the community feedback during preparation for the release train, along with the June 24 deadline, "made us more aligned with industry standards" and "more open for new ideas."

The PDT is one of the most popular Eclipse projects, and proof, Ganor said, that Java isn’t the only language Eclipse can support. He cites release candidate statistics that indicate that the PHP-specific Eclipse package has been downloaded more than the Java Classic version. "And the numbers keep going up in favor of PHP," he said. "It seems that the rising popularity of PHP and the ability of PHP developers to absorb better techniques and tools for their development lead them to adopt the new Eclipse PDT (2.1) even faster."

Galileo is also the first Eclipse release train to make several major language translations available on the date of the release. The list of "language packs" available today with Galileo includes: Simplified Chinese, Traditional Chinese, French, German, Japanese, and Korean. Other translations will be available later, Milinkovich said. In years past, these translations were not available for two to three months after the June release. Milinkovich credits the Eclipse Babel project for accelerating delivery of these language packs.

Last year’s "Ganymede" release train combined the launch of 23 Eclipse projects; 2007’s "Europa" release included 21 projects; and the original 2006 "Callisto" release synchronized 10 project launches. The Foundation released Eclipse 3.0 and 3.1 in June of 2004 and 2005 respectively, establishing the last week of the month for this annual "release train."

The Eclipse Foundation grouped the projects participating in this year’s release train under four headings: Runtime, Modeling, Enterprise, and Mobile (see sidebar).

All of these tools and technologies are available for download now from the (The projects in the Galileo release train are now available for download at the Web site.

Callisto, Europa, and Ganymede are the four "Galilean" moons, named for their discoverer, the seventeenth century astronomy Galileo Galilei. Reportedly, the next release train will be named "Helio."

Fedora Project Releases Update To Linux Distribution‘Blair Witch Project’ Cast And Crew Celebrate 10-Year Anniversary

Fedora Project Releases Update To Linux Distribution

By Jeffrey Schwartz06/16/2009 The Fedora Project, a community open source effort sponsored by Red Hat, last week released the latest version of its namesake Linux distribution. Fedora 11, code-named "Leonidas," includes upgraded virtualization capabilities, improved graphics and sound card compatibility, and support for additional file systems, notably ext4.

While Fedora is not typically used for widespread enterprise rollouts, it often portends features or capabilities under development for Red Hat Enterprise Linux. "It represents the bleeding edge of Linux," said 451Group analyst Jay Lyman. "This doesn’t really compete with the enterprise Linux distributions, but it does hold their feet to the fire."

The improved virtualization features include a new console and an upgraded virtual machine guest creation wizard. Guest machines can run more securely via support for SELinux, the component of the Fedora Linux kernel that implements mandatory access control and role-based access control, according to the Fedora Project.

Also improved in Fedora 11 is the kernel mode setting, that supports more video cards from ATI, Intel, and NVIDIA. Perhaps the most obvious improvement will see as a result of the upgraded kernel mode setting feature is accelerated boot-up time, which the organizers of the volunteer-based Fedora Project said is down to 20 seconds.

According to the Fedora Project, the new release loads fonts and other content faster via the improved PackageKit support that debuted with Fedora 9. The new Fedora 11 supports more finger print readers and offers new inputs for international language content. The added file system support also supports higher device size and file size limits, according to the Fedora Project. Fedora 11 also comes with the Minimalist GNU (MinGW) cross-compiler tool for building Windows executables. A complete list of features is accessible here .

Along with the release of Fedora 11, the Fedora Project has released the beta of a new developer portal aimed at providing an improved interface for community members to contribute code and share information. The new customizable dashboard tracks contribution and discussions and is available for community comment.

Despite Hoopla At WWDC, Apple Offers Incremental Extras For Enterprise Developers‘Blair Witch Project’ Cast And Crew Celebrate 10-Year Anniversary

Survey: IT Salaries Getting Pinched in 2009

By Kurt Mackie06/29/2009

The general economic downturn is leaving its mark on IT salaries, according to an independent study released on Monday.

Janco Associates issued its "2009 Mid-Year IT Salary Survey," which compared salaries in June with those in January of 2008. The mean salary in mid-size enterprises decreased 0.6 percent over that 18-month period --В $73,439В in June vs.В $73,905В in January of 2008.

Those working in large enterprises showed a 0.2 percent increase in salary over that six-month period. The mean salary wasВ $81,652В in June vs.В $81,475В in January of 2008.

Janco Associates didn't perform a direct year-to-year comparison because that's tricky to do with mid-year statistics, according to Victor Janulaitis, Janco's CEO. However, the company plans to do a direct year-to-year comparison next time in January, he said.

"This year is a disaster," Janulaitis said. Businesses have gone away, IT contractors have been cut and people who would retire are staying in the workforce longer because their retirement investment portfolios have been eroded, he explained.

The cuts have affected IT planners and their support staff, help-desk personnel, and quality control and training employees, among others.

Those who earned big salaries weren't spared. The study found that more than 200 IT pros in New York City making six-figure incomes are seeking work as the result of being laid off, or because of bankruptcies and mergers.

In addition to finding decreased salaries, the study concluded that demand for IT pros has decreased overall.

The Janco Associates study surveyed 28,869 people in mid-size companies and 22,368 people in large companies. The study defined a large company as having more than $500 million in annual revenue. A mid-size company was defined as having more than $125 million in annual revenue.

More information on the survey can be found at the Janco Associates Web site here.

‘Blair Witch Project’ Cast And Crew Celebrate 10-Year AnniversaryMicrosoft Security Essentials Beta Available June 23

Microsoft Gets Patent on OS-Disabling Technology

By John K. Waters06/02/2009

Oracle CEO Larry Ellison made a surprise appearance at the annual JavaOne conference in San Francisco this morning. Ellison joined Sun Microsystems Co-Founder Scott McNealy onstage during the opening keynote in an effort to reassure developers that the Java platform would be in safe in Oracle's hands.

McNealy invited Ellison to the stage, calling him "the next leader of the Java community."

Both execs avoided discussing any details about Sun's future after the acquisition, focusing instead on Java. "I don't think you're going to see a lot of change in Java coming from Oracle," Ellison said. Referring to Oracle's long-standing support for Java and its frequent partnerships with Sun, he added, "If you're curious about what's going to happen in the future, I think you have to look in the past."

Ellison pointed out that Oracle's middleware strategy is "based 100 percent on Java" and that Oracle's Fusion suite of applications is built entirely on Java. "I think we've invested more in Java than anyone else in terms of dollars," Ellison said. "We are going to continue to invest and to accelerate our investment. We see increased investment in Java coming from the Oracle-Sun combination, and an expansion of the overall community."

This was Ellison's first public appearance since the announcement in late April of Oracle's intention to acquire Sun for $7.4 billion.

Ellison said that he has been meeting with different groups inside Sun, talking about the possibility of the OpenOffice group generating JavaFX-based libraries. OpenOffice is an open source office suite created and supported by Sun. The JavaFX platform is Sun's runtime and tools combo for content authors and Web developers building rich Internet applications (RIAs).

"We'd like to see accelerated development based on this exciting new platform: Java with JavaFX," Ellison said. "Going to JavaFX is going to allow us to build fantastic UIs [user interfaces] in Java...We're committed to seeing JavaFX exploited throughout Oracle and throughout Sun."

Given the presence of Adobe's Flash and AIR runtimes, and Microsoft's moves to expand Silverlight, many observers have questioned whether JavaFX will gain critical mass. "I don't think it's surprising that Ellison would like the idea of JavaFX," said James Governor, principal analyst and founder of RedMonk. "Most major ISVs in the business intelligence space now rely on front ends built using the Adobe Flash platform. SAP, for example, is a major consumer of Flash. Meanwhile Microsoft continues its push into richer media with Silverlight. Why would Ellison acquire an end-to-end stack and then double down on it? In the keynote he mentioned rebuilding OpenOffice with JavaFX functionality; clearly Oracle's ERP apps might benefit from some of the same treatment."

In his praise of JavaFX, Ellison included a sharp criticism of AJAX tools, which he said programmers currently "suffer" with. "Ellison's comments about AJAX were pretty off the mark," said industry analyst Neil Ward-Dutton. "If you look at who's building rich Web apps right now, they use AJAX (and Flex, etc.) because it's close to the tech they're used to using," he said. "Interactive-experience designers know Dynamic HMTL, XML, JavaScript, ActionScript; they don't know Java, and they don't want to know Java. JavaFX has some nice features but it's coming from way behind the other alternatives, and the availability of skills and the size of the community are key challenges for it right now."

Ellison also talked up the possibility of increasing the number of Java-based devices. He mentioned Android phones, and suggested that Java-based netbooks might emerge

Governor said he didn't find any of Ellison's remarks surprising, but he was slightly less sanguine about the impact Oracle will have on the Java community. "Historically, Oracle has been more sales- than community-driven," he said, "so it's very hard to predict what impact acquiring Sun will have on that culture. We will have to wait and see."

‘Harry Potter’ Star Tom Felton Talks ‘Iconic’ Villain Draco MalfoyOracle Chief Ellison Anointed ‘Next Leader of Java Community’

Oracle Chief Ellison Anointed 'Next Leader of Java Community'

By John K. Waters06/02/2009

Oracle CEO Larry Ellison made a surprise appearance at the annual JavaOne conference in San Francisco this morning. Ellison joined Sun Microsystems Co-Founder Scott McNealy onstage during the opening keynote in an effort to reassure developers that the Java platform would be in safe in Oracle's hands.

McNealy invited Ellison to the stage, calling him "the next leader of the Java community."

Both execs avoided discussing any details about Sun's future after the acquisition, focusing instead on Java. "I don't think you're going to see a lot of change in Java coming from Oracle," Ellison said. Referring to Oracle's long-standing support for Java and its frequent partnerships with Sun, he added, "If you're curious about what's going to happen in the future, I think you have to look in the past."

Ellison pointed out that Oracle's middleware strategy is "based 100 percent on Java" and that Oracle's Fusion suite of applications is built entirely on Java. "I think we've invested more in Java than anyone else in terms of dollars," Ellison said. "We are going to continue to invest and to accelerate our investment. We see increased investment in Java coming from the Oracle-Sun combination, and an expansion of the overall community."

This was Ellison's first public appearance since the announcement in late April of Oracle's intention to acquire Sun for $7.4 billion.

Ellison said that he has been meeting with different groups inside Sun, talking about the possibility of the OpenOffice group generating JavaFX-based libraries. OpenOffice is an open source office suite created and supported by Sun. The JavaFX platform is Sun's runtime and tools combo for content authors and Web developers building rich Internet applications (RIAs).

"We'd like to see accelerated development based on this exciting new platform: Java with JavaFX," Ellison said. "Going to JavaFX is going to allow us to build fantastic UIs [user interfaces] in Java...We're committed to seeing JavaFX exploited throughout Oracle and throughout Sun."

Given the presence of Adobe's Flash and AIR runtimes, and Microsoft's moves to expand Silverlight, many observers have questioned whether JavaFX will gain critical mass. "I don't think it's surprising that Ellison would like the idea of JavaFX," said James Governor, principal analyst and founder of RedMonk. "Most major ISVs in the business intelligence space now rely on front ends built using the Adobe Flash platform. SAP, for example, is a major consumer of Flash. Meanwhile Microsoft continues its push into richer media with Silverlight. Why would Ellison acquire an end-to-end stack and then double down on it? In the keynote he mentioned rebuilding OpenOffice with JavaFX functionality; clearly Oracle's ERP apps might benefit from some of the same treatment."

In his praise of JavaFX, Ellison included a sharp criticism of AJAX tools, which he said programmers currently "suffer" with. "Ellison's comments about AJAX were pretty off the mark," said industry analyst Neil Ward-Dutton. "If you look at who's building rich Web apps right now, they use AJAX (and Flex, etc.) because it's close to the tech they're used to using," he said. "Interactive-experience designers know Dynamic HMTL, XML, JavaScript, ActionScript; they don't know Java, and they don't want to know Java. JavaFX has some nice features but it's coming from way behind the other alternatives, and the availability of skills and the size of the community are key challenges for it right now."

Ellison also talked up the possibility of increasing the number of Java-based devices. He mentioned Android phones, and suggested that Java-based netbooks might emerge

Governor said he didn't find any of Ellison's remarks surprising, but he was slightly less sanguine about the impact Oracle will have on the Java community. "Historically, Oracle has been more sales- than community-driven," he said, "so it's very hard to predict what impact acquiring Sun will have on that culture. We will have to wait and see."

‘Harry Potter’ Star Tom Felton Talks ‘Iconic’ Villain Draco MalfoyDOJ Inquires About Java Licensing

Despite Hoopla At WWDC, Apple Offers Incremental Extras For Enterprise Developers

By John K. Waters06/09/2009

With Apple Inc. refreshing its iPhone line and Macintosh platform this week at its Worldwide Developer Conference, the company is continuing its incremental efforts to make its offerings appeal to enterprises.

The new iPhones and upgraded Macintosh client and server offerings unveiled at the WWDC in San Francisco on Monday offer some noteworthy, though modest new capabilities for enterprise developers and IT managers. But because of their large consumer appeal -- Apple said it has sold 40 million iPhones -- enterprises cannot ignore what comes from the Cupertino, Calif.-based company.

Perhaps most noteworthy to enterprises, the newest releases offer improved connectivity to Microsoft's Exchange Server. Mac OS X 10.6 Snow Leopard, due in September, will include native support for Microsoft Exchange through ActiveSync. The feature makes it possible to use Apple's Mail client or Microsoft's Entourage client with Exchange 2007 Server without the IMAP restrictions. Because Exchange is the most widely deployed messaging and collaboration platform, enterprises are reluctant to support mobile devices that don't interoperate with it.

Apple added native Exchange support to the iPhone about a year ago, also via ActiveSync. That upgrade also included remote kill capabilities and some other Exchange-oriented management features. When the newly launched iPhone OS 3.0 debuts later this month, it will offer some additional business-oriented security features, including hardware encryption capabilities, and the ability to wipe out all data from a device if it is lost or stolen.

''These are features and capabilities that consumers really don't care about [but IT managers do],'' said Michael Gartenberg, VP of strategy and analysis at Interpret, LLC, a market research firm. ''One of the last complaints from the enterprise has been a lack of good Exchange clients for Mac OS, and they're fixing that with Snow Leopard.''

The company also released a developer preview of Mac OS X Snow Leopard Server, the next major release of its server platform, due in September. It's built on a full 64-bit UNIX server OS, and based on open standards, Apple said. It comes with features aimed at developers, such as Podcast Producer 2, for automating the creation and publication of podcasts, and Mobile Access Server, which provides secure access to firewall-protected network services for iPhone and Mac machines.

Apple's release of an upgraded Macintosh client platform comes as Microsoft is set to release Windows 7, which the company said will be released October 22 . Apple is hoping this will give pause to those enterprises faced with the eventual loss of support for Windows XP. ''The upcoming release of Windows 7 represents a huge inflection point,'' Gartenberg said, ''because Microsoft has said you really can't stay on XP any more. Given the cost of OS migrations in the enterprise, which often represent not just the cost of an operating system, but acquisition of new hardware, I suspect that Apple is hoping that businesses will say, 'if we're going to be pushed off XP as a platform, perhaps it's worth looking at all the platforms that are business friendly.' I think we're going to see Apple targeting those enterprises.''

It's a target few anticipate Apple will hit in a large way. Macintosh-based systems represent a small sliver of computers used by enterprises, and there's no evidence that that will change. What continues to stymie Apple's enterprise goals is good examples of Apple-based enterprise applications, said Bola Rotibi, principal analyst at Macehiter Ward-Dutton,

''Apple is showing some impressive features and capabilities, and some good developer support with SDKs and APIs, to be sure,'' Rotibi said. ''And I agree that the company has got the enterprise in its sights. But the question is: where are the big enterprise apps? Where are the big companies making a commitment to the Mac platform? In the enterprise, we're still talking .NET and Java.''

In an ideal world, businesses would adopt the best machine for a given job, Rotibi said. ''Then I think Microsoft would have something serious to worry about. But that's not what we see, usually. Apple still has a pretty wide perception chasm to get across to impact the enterprise. Which is not to say that they can't cross that gap. But there have been plenty of good technologies that didn't make the jump.''

Still, Gartenberg said, the momentum of iPhone adoption and the subsequent inroads it's making into the enterprise are likely to move Apple's platforms toward greater acceptance by business. ''Once you had the Exchange support for the iPhone, you started to see executives becoming fans of the device,'' said Gartenberg. ''That led to them buying MacBooks and bringing them into the company to do their work. And when a senior vice president of the company brings a MacBook into the office, hands it to the CIO, and says make it work, it's now a business machine whether IT likes it or not. That's going to impact enterprise developers.''

Office Developer Conference Cancelled

Microsoft Security Essentials Beta Available June 23

By Kurt Mackie06/18/2009

Microsoft on Tuesday will roll out a public test version of its free consumer security application, which was previously known by its code name, "Morro."

Microsoft is now replacing the Morro name, calling the new application "Microsoft Security Essentials." A public beta will be available for testing on Tuesday, June 23, according to a "Microsoft Security Essentials Fact Sheet." The Fact Sheet, dated June 2009, was provided via e-mail today by a Microsoft spokesperson.

Various news outlets have been showing screen shots of a pre-beta version of Microsoft Security Essentials. According to those screenshots, the installer for the program contains a Microsoft Genuine Advantage application that checks to see if the user is running a non-pirated copy of Windows. If not, Microsoft Security Essentials does not install, according to an Addictive Tips article.

The check for genuine copies of Windows seems counter to Microsoft's initial stated purpose when it unveiled Morro. The company announced in November that "the new solution will address the growing need for a PC security solution tailored to the demands of emerging markets." Microsoft typically faces piracy issues in those very same emerging-market countries, especially where the cost of Windows is unaffordable.

Microsoft currently provides free monthly security patches, even to users of pirated Windows copies. However, the company doesn't seem willing to let non-legitimate Windows users run Microsoft Security Essentials.

Morro also was supposed to be a replacement for Microsoft's OneCare online security consumer offering, which Microsoft plans to terminate. Retails sales of OneCare are scheduled to end on June 30, but the service still may be available through other channels. The Microsoft spokesperson stated that the company has not "made any announcements regarding the end of direct-to-consumer sales [of OneCare] or the subscription service."

Microsoft said in November that "direct sales of OneCare will be gradually phased out when 'Morro' becomes available." However, it seems likely that Morro, or Microsoft Security Essentials, will still be at beta by that time. Microsoft promises to keep supporting OneCare customers for the duration of their year-long subscription.

Microsoft Security Essentials will be designed to protect against rootkits, spyware, trojans and viruses, according to Microsoft's Fact Sheet. It will provide "real-time" protection and can validate threats in the wild in near-real time via a feature Microsoft calls "dynamic signature service." Certain actions will automatically trigger Microsoft's dynamic signature service, such as downloads of malicious content, "unexpected network connections" and attempts to modify the user's system, according to the Fact Sheet.

Microsoft is recommending the removal of other anti-virus and anti-spyware programs before installing Microsoft Security Essentials to avoid performance problems. Many have speculated that Microsoft's free anti-malware program will provide direct competition to security solution providers such as Computer Associates, McAfee and Symantec. Those vendors all offer more comprehensive security suite products for a price, compared with the free Microsoft Security Essentials, which has more basic functionality.

Microsoft Security Essentials will be capable of running on Windows XP SP2 and SP3, Windows Vista and Windows 7, according to the Fact Sheet. The beta will be available in Brazil, Israel and the United States on June 23, and will be available some time later this year for testing in China.

Those wanting to try the beta will be able to get it at this site, which will become active on June 23.

Microsoft Rolls Out New Forefront Betas‘Harry Potter’ Star Emma Watson On ‘Awkward’ Kiss With Rupert Grint