Timely Topics for IT Professionals
About ACM TechNews
ACM TechNews is published every week on Monday, Wednesday, and Friday.
ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.
To send comments, please write to firstname.lastname@example.org.
Volume 5, Issue 446: Wednesday, January 15, 2003
- "Entertainment, Tech Firms Reach Truce on Digital Piracy"
Washington Post (01/14/03) P. E1; Krim, Jonathan
The Recording Industry Association of America, the Business Software Alliance, and the Computer Systems Policy Project are hoping to seal the rift between the entertainment and technology industries over the issue of digital piracy by announcing their opposition to legislation that would require electronics companies to redesign their products to curtail such infringement. The agreement dissuades the government from trying to adjust "consumer's expectations" about the delineation of fair use of digital content, according to sources. The tech sector has long been antagonistic to such government-authorized directives, while the entertainment sector has lobbied the government for assistance to prevent the illegal copying and distribution of copyrighted digital content. People familiar with the agreement believe that it is an attempt by the music industry to change its image as a corporate entity that is anti-technology and wants to stamp out fair use of content, a perception that stems from its litigation against file-sharing services. One industry insider suggests that the music labels "may want to distance themselves" from the movie studios, which have fervently pushed for government mandates requiring the use of anti-piracy technology. Another insider hints that the agreement means technology companies will oppose attempts to redefine users' digital rights or to amend copyright laws such as the Digital Millennium Copyright Act (DMCA), which is the goal of legislation sponsored by Rep. Rick Boucher (D-Va.). Boucher insists that the new agreement will not affect his bill, and points out the non-participation of the Motion Picture Association of America and the Consumer Electronics Association. Meanwhile, Rep. Howard L. Berman (D-Calif.), who supports legislation that would make it legal for content owners to hack into computer systems in certain circumstances, lauded the agreement.
Click Here to View Full Article
- "More Computer Viruses Expected in 2003--Expert"
A monthly average of 600 to 700 new computer viruses will emerge this year, according to anti-virus solutions provider Sophos, continuing a pace established over the past two years, but decreasing from the 800 to 900 viruses per month that were born during 2000. Instant messaging worms and "executable email-aware" worms will be especially popular, as virus writers race to create the next high-impact "super Windows worm" that can be spread by email or instant messaging, says Sophos consultant Graham Cluley. Furthermore, the number of "Backdoor Trojans" will increase during 2003, Sophos notes. The number of viruses targeting mobile phones and personal digital assistants should remain small and not increase during 2003, and viruses are unlikely to be used as cyber-terror weapons, according to Cluley. He says, "A virus in cyber-terrorism is like releasing a blown up balloon--you don't know where it's going to end up and may even return to hit you in the face."
Click Here to View Full Article
- "Business Apps Get Bad Marks in Usability"
CNet (01/14/03); Gilbert, Alorie
Difficult to use business applications impede many software projects and cost companies millions of dollars, according to Forrester Research. Forrester says many enterprise resource planning (ERP) applications are too difficult for ordinary users, and that many straightforward tasks are hard to accomplish using the programs. ERP helps automate everyday work duties, such as aspects of human resource management, order taking, and accounting. The study included ERP applications from 11 leading vendors. The Forrester analysts involved did not receive any special training in the programs before testing, but attempted only what they considered normal, upfront tasks. Those included downloading updates and software patches, changing security profiles, and adjusting the program to reflect changes in company organization. Analyst Laurie Orlov said ERP customers should demand better usability from their software vendors, especially in the current constrained budget environment. Large firms often spend millions of dollars implementing these systems, and anywhere from 10 percent to 15 percent of that amount usually goes toward software training for personnel. Poor usability hinders the effectiveness of ERP projects because workers spend more time doing things, require more training, and in some cases abandon the electronic process altogether.
- "W3C Embraces Scalable Vector Graphics Specs"
InternetNews.com (01/14/03); Boulton, Clint
The World Wide Web Consortium (W3C) is ready to consider Scalable Vector Graphics (SVG) 1.1 and SVG Mobile as standards that would help mobile devices display rich graphics better. An influx of new cell phones and handhelds sometimes have trouble displaying certain media. The new standards would make it easier for developers to make their content compatible with smaller displays found on mobile devices. SVG allows images on XML Web pages to show up on any screen, no matter the size or resolution. The new SVG 1.1 version separates SVG components, and SVG Mobile puts them together again for optimal display on mobile devices. The modular SVG 1.1 also allows two new SVG subsets--SVG Tiny for cell phones and SVG Basic for handheld computers with relatively larger screens. SVG 1.1 components can also be combined with other W3C-approved innovations such as XForms, which allows for input forms with rich graphics. SVG and SMIL Basic combined allow vector graphics and streaming media. W3C fellow Dean Jackson says, "With 3GPP already incorporating Mobile SVG, we are already starting to see more rich and useful content in third generation cell phones."
- "Hearings Sought on Data Agency"
Washington Post (01/14/03) P. E5; O'Harrow Jr., Robert
Congressional members are requesting more information about the massive data mining project planned by the Defense Department. Sen. Russell Feingold (D-Wis.) plans to introduce a bill that would halt work until Congress has finished a review of the project. Other Senate members have expressed concerns about the lack of consultation with Congress, and Sen. Patrick Leahy (D-Vt.) recently probed the Justice Department about its possible involvement. Growing controversy over John M. Poindexter's Information Awareness Office comes from different quarters, and both liberal and conservative civil liberties groups have banded together to work toward eliminating funding for the project. The Information Awareness Office aims to build technology that would allow the government to detect and preempt terrorist activity, based on the analysis of suspicious commercial and private activity. Until recently, the office's Web site displayed a logo similar to the great seal of the United States, with an eye atop a pyramid overlooking the globe, and the Latin words "scienta est potentia," or "knowledge is power." Poindexter said recently he recognized such a system should include safeguards for personal privacy, but that his obligation was to allow the government to make full use of technology within the limits set by policymakers. Besides his office's own proposed system, Poindexter has already begun assisting other government agencies in their own data collection and analysis.
- "Games of Infinite Possibilities"
Raleigh News & Observer Online (01/15/03); Cox, Jonathan B.
North Carolina State University assistant professor of computer science R. Michael Young is researching artificial intelligence that allows evolving storylines in computer games. Young says that instead of following programmers' expectations of how a game player reacts, these new games study users and change plots to fit their style. Still, he says there must be some tension between what the player expects and what makes for a better story, so not everything is entirely predictable. Such computer games would build upon a model of storytelling Young is refining. His group recently added artificial intelligence capabilities to the first-person shooter game Unreal Tournament by linking it to servers running their artificial intelligence programs. The technology has applications beyond gaming as well, since it would enable interactive learning methods. Young says that academic gaming development sometimes crosses the commercial sector, but that the pressures to meet a product deadline do not accommodate academia's need to study larger problems. Young became interested in his current area of study when considering how to have computers solve complex problems, then explain the solution to humans with understandable instructions. He says the mechanical aspects of robotics are advancing quickly so that humanoid machines can navigate themselves and ascend stairs. He expects that artificial intelligence will slowly pervade people's everyday lives, beginning with traditional computer devices that can communicate ideas not preprogrammed.
Click Here to View Full Article
- "Can Wi-Fi and Lasers Bridge the Last-Mile Gap?"
Internet.com (01/10/03); Sutherland, Ed
Telecommunications and wireless access firms are looking at free space optics (FSO) as a way to link homes and offices to high-speed network thoroughfares. FSO uses light pulses to transmit data at speeds up to 100 Mbps, and requires laser equipment with a clear line of sight between them. Companies in Manhattan used FSO technology to connect to the Internet after the Sept. 11 attacks wiped out some communications links. AT&T is said to be in the final stages of an FSO project that would allow the company to link businesses to its high-speed DSL service without having to go through local phone exchange monopolies. The system would be paired with a Wi-Fi connection as well, so that customers could still have links in case of fog or other impeding weather conditions. AT&T CTO Hossein Eslambolchi expects that FSO connections will be available to businesses within the next six to 12 months. Omnilux is marketing a device that could be used in a similar service, called Omni-Node. The system uses transmitters with flashing LEDs to share bandwidth among several houses, each within a quarter mile of one another. Omnilux describes the system as an optical mesh network, and several Californian ISPs are testing the equipment, but other experts warn there would first have to be a dense enough group of subscribers for the network to function well.
- "Open Source Group Issues Top Ten Web Vulnerabilities"
InternetNews.com (01/13/03); Mark, Roy
The Open Web Application Security project (OWASP) released a list of the 10 most pressing Web application security problems for government and commercial organizations yesterday. Among them are information from Web requests that goes unauthenticated; improper enforcement on authenticated users' access controls; improper security of account credentials and session tokens such as passwords, session cookies, and keys; a misconfigured Web and application server; improper handling of error management; cross-site scripting errors; buffer overflows; insecure cryptographic coding; poorly shielded administrative functions; and command injection flaws. The report states that hackers can take advantage of such "surprisingly common" vulnerabilities with available tools. OWASP explains that an organization invites the world to send HTTP requests every time it implements a Web application, and hackers can embed intrusions within such legal requests. This makes Web application code a vital component of the security boundary that should always be accounted for. Even more amazing, some of these security problems have been known for decades, but this has not stopped software development projects from repeating such errors. ACM Risks Forum moderator Peter G. Neumann reports that "The underlying reality is shameful: most system and Web application software is written oblivious to security principles, software engineering, operational implications, and indeed common sense."
For more information about ACM's Risks Forum, visit http://catless.ncl.ac.uk/Risks.
- "Phone Units Join in Effort for Seamless Wireless Net"
New York Times (01/14/03) P. C18; Feder, Barnaby J.
Motorola, Proxim, and Avaya today are expected to announce a collaborative effort to develop technology that enables wireless communications to seamlessly transfer between networks. Analysts say the project is the boldest attempt yet to exploit the proliferation of the high-speed Wi-Fi standard. With such technology in place, a cell phone user could, for example, continue a phone call that originated over an internal voice-over-Internet network as he leaves the office by transferring it to a public carrier. The process could also work in reverse; a user could begin a download using a wireless hub in Starbucks, for example, and then transfer the download uninterrupted to their office computer. "The way [Wi-Fi] hot spots are evolving, it could take a lot of traffic off of traditional wireless networks," notes analyst Frank Dzubeck. Experts privy to the joint venture note that among the daunting technical challenges the partnership faces is the harmonization of disparate security and frequency levels in different wireless networks.
(Access to this site is free; however, first-time visitors must register.)
- "Report: Internet Security Threats Will Get Worse"
eSecurity Planet (01/08/03); Desmond, Paul
Internet security problems will worsen in the new year, with the biggest threats coming from new mass-mailing worms and rising hactivism, according to a recent study by Internet Security Systems (ISS). More incidents targeting consumer broadband and wireless LANs are also expected. The report found that a total of 1,867 security incidents occurred in the fourth quarter of 2002, a 35 percent increase over the third quarter's 1,385 reports. On a positive note, the firm says the number of hybrid threats and worms fell to 101 in the fourth quarter, a decrease of 28 percent from the third quarter. ISS also notes that hybrid threats (blended elements of viruses, worms, and Trojan horses) are surviving longer and tend to target critical systems such as servers. Meanwhile, 644 new software vulnerabilities were discovered in the fourth quarter; 347 were in the commercial sector and 297 were among open-source products. Most vulnerabilities were based on buffer overflows, which can allow unintentional access to a system. Finally, the report reveals that 23 percent of incidents took place during the weekend, when companies usually have less people working.
Click Here to View Full Article
- "Security Experts to Teach Teens 'Ethical Hacking'"
Associated Press (01/13/03); Wack, Kevin
Computer security expert Andy Robinson is launching a program for high school students in Maine that aims to teach them both computer security skills and relevant ethics. As a student himself, Robinson received direction from the study of computers, and hopes his class will help current students stay out of trouble and begin careers in the field. The program is named the Tiger Team, which is the term used for professionals hired by a corporation to test system security. Anywhere from six to 10 students can participate, forming two teams that build systems and then attack one another. Robinson says many of the students already have formidable hacking skills, and need to be taught responsibility. Lawyers, business people, and law-enforcement officers will also help teach the students. University of Main Prof. George Markowsky, who heads the mathematics and computer science departments and taught Robinson as a young man, says the program helps "harness [the students'] energy in a positive way." Markowsky also sits on the board of the Information Security Foundation, which sponsors the Tiger Team project. Robinson, who also is president of net/main infoSecurity Solutions, plans to expand the Tiger Team concept nationwide.
- "Study Shows Linux on the Rise in Data Centers"
IDG News Service (01/13/03); Vance, Ashlee
The open-source Linux operating system will have an increasing presence in corporate data centers, according to a new report from the Goldman Sachs Group. The report concludes that Linux's popularity among corporate technology buyers will stem from the technology's eventual maturation, as well as its availability on relatively inexpensive equipment that incorporates Intel and Advanced Micro Devices processors. With more companies switching to Linux, Unix server vendors could find their revenues dropping, while Microsoft, which is already behind the Unix vendors in terms of data center penetration, will face the additional challenge of vying with Linux for the mind share of new clients. The report says Microsoft's existing customer base should not be threatened by Linux, but notes that Microsoft may have to ramp up competitive pricing of its products as Linux becomes more popular. In addition, the Linux platform could serve as a springboard for Java 2 Enterprise Edition (J2EE)-based applications that could become a serious rival with Microsoft's .Net software. "The emergence of Linux could also prove to be a negative for the software industry in general, as its success could lead to a proliferation of open-source models in other areas in software, which could drive down pricing in each of those areas," the study maintains. However, Goldman Sachs notes that Unix vendors could take advantage of Linux's growing popularity: HP, IBM, and Sun are investing in Linux and have begun to ship Linux servers, and they could improve the operating system's scalability thanks to their proficiency in developing high-end servers with 16 or more processors. They could aid Linux's data-center penetration by exploiting their relationships with existing clients, while Goldman Sachs predicts that they will one day embed advanced Unix features within Linux.
Click Here to View Full Article
- "Time to Rethink Digital Copyright Act"
Boston Globe (01/13/03) P. C3; Bray, Hiawatha
Hiawatha Bray suggests that the new Congress should reconsider the Digital Millennium Copyright Act (DMCA), especially in light of the latest case to cite it. The DMCA, which was originally instituted to prevent the piracy of copyrighted digital content by outlawing the circumvention of any anti-copying technology used by content owners, is now being applied to the toner cartridge industry. Computer printer maker Lexmark International is suing Static Control Components basically because it sells chips designed to replace "killer chips" that the manufacturer installs in its toner cartridges so that they cannot be reused. Lexmark came up with the killer chip so that consumers would have no choice but to buy replacement toner cartridges directly from the company, instead of turning to services that refill empty cartridges and resell them at cheaper prices. Bray acknowledges that one aspect of Lexmark's civil case may be legitimate, because it alleges that a key element of Static Control Components' chips is an unauthorized copy of Lexmark software. However, Lexmark claims that the Static Control chip enables users to access Lexmark's printer software without the manufacturer's permission, and therefore violates the DMCA. Bray makes an extreme projection in which all different kinds of products can be legally allowed not to function when used or sold in appliances, vehicles, or houses other than those produced by the original manufacturer--all thanks to the DMCA.
To read more about DMCA, visit http://www.acm.org/usacm.
- "Internet Browser That Quadruples Surf Speed Wins Irish Science Prize"
Agence France Presse (01/11/03)
A web browser named "XWEBS" developed by 16-year-old student Adnan Osmani in Mullingar, Ireland, has won a prestigious Irish exhibition prize for young scientists for successfully increasing Internet surfing speed up to 500 percent. Dublin University College scientists tested the browser and found it increased speeds starting at 100 percent and ranging to 500 percent, depending on the Internet connection used. Osmani spent 1.5 years developing XWEBS, writing 780,000 lines of code, and Osmani believes the browser can boost speeds up to 600 percent. He says, "At seven times it actually crashes so I have to limit it to six." XWEBS comes with built-in access to 120 search engines, a built-in media player, DVD capability, and a talking animated figure called "Phoebe" for novice Internet users. Osmani says Phoebe "interacts the entire way through the software. It can also read out Web pages and email and I though it would be really useful for the blind and young children."
(Access to this site is free; however, first-time visitors must register.)
- "Pervasive Computing Gets Organized"
Computerworld (01/13/03) Vol. 37, No. 2, P. 32; Thibodeau, Patrick
The National Institute of Standards and Technology (NIST) is working on pervasive computing protocols that would merge data from many different sensors, allowing completely different modes of interaction between computers and users. NIST computer scientist Vince Stanford says the idea of one user interacting with one computer needs to make way for a new paradigm where a user interacts with an array of connected computers via one interface, without a keyboard or mouse. NIST's Pervasive Computing Standards Working Group is developing a standard format for data that would let computers infer users' needs using lip-reading, speech recognition, and gaze-tracking systems. With an array of cameras and microphones in a conference room, for example, computers would be able to automatically pull up needed data for meeting attendees, without them having to explicitly request it. Stanford says existing technologies currently cannot work together because there are no data standards allowing the combination of products. NIST is also working out standards for supportive technologies such as Bluetooth and 802.11 wireless Ethernet. Those protocols currently interfere with one another on the 2.45 GHz radio spectrum. NIST also provides companies with benchmarks so they can test the quality of their products, such as speech recognition software. Foveal Systems of New Jersey is already working on a pervasive computing system for conference rooms that uses cameras to track and automatically record a presentation. Foveal owner Michael Bianchi says he needs standard data protocols in order to integrate microphone arrays into the system, which would then allow it to zero in on an audience member with a question.
Click Here to View Full Article
- "Process Power"
CIO (01/01/03) Vol. 16, No. 6, P. 102; LaMonica, Martin
Companies that wish to reduce their staff and maintain their productivity need efficient business processes, which is where business process management (BPM) software comes in. BPM's most compelling feature is its versatility: For example, Shell U.S. Tax Organization was tasked with halving its monthly financial reporting time while simultaneously supplying an audit trail, a chore complicated by heterogeneous systems. BPM software enabled Shell to manage enterprise application integration typical of many middleware products without a lot of coding, while its IT staff and financial analysts had more room to study business processes in detail. Former Tax Organization financial adviser John Antaki says the application made back Shell's $1 million investment in less than six months and increased the value of its $1 billion SAP investment. Analysts and vendors say a major advantage of BPM is its ability to forge a live connection between business models and production systems, which helps build smoother integration between business and IT. Gartner's David McCoy says that IT executives often face a choice between a best-of-breed BPM solution that has a strong link to third-party software, or a BPM product from an authoritative supplier that aligns with the company's existing structure. Over the past year, BPM and workflow standards such as Business Process Execution Language for Web Services (BPEL4WS) and business process modeling language (BPML) have been suggested in order to reduce CIOs' headaches in choosing the right applications, but analysts caution them to expect industry consolidation, and they doubt that a single standard encompassing all business process standards ploys will emerge anytime soon. BPM tools are arousing interest, but have yet to be widely adopted by end users and business analysts.
- "The Nanodrive Project"
Scientific American (01/03) Vol. 288, No. 1, P. 46; Vettiger, Peter; Binnig, Gerd
IBM's Millipede project is an attempt to create a "nanodrive" that will significantly boost data storage capacity beyond the limits of conventional silicon. The device, which has progressed to the prototype stage through trial and error, rapidly writes and reads data on a polymer medium using thousands of highly doped silicon cantilevers working in parallel. An interdisciplinary effort yielded ways to erase bits and control electrical current. The latter was achieved by placing a Schottky diode adjacent to each cantilever, while the latest Millipede prototype erases existing bits by heating the cantilever tip to 400 degrees Celsius and then forming another pit or "1" next to the previously indented pit, thus filling it in; a second erasure technique involves inserting the heated tip into the pit, which induces the polymer to spring back to its original shape. A more accurate method of detecting pits was developed when it was discovered that cantilevers preheated to 300 degrees Celsius lose a significant amount of electrical resistance when the tip falls into a pit. Further challenges ahead for IBM include making Millipede more durable, power efficient, and inexpensive to produce, as well as improving heat management. A third-generation Millipede prototype with 4,096 cantilevers was finished in the final months of 2002. The first Millipede products, which will most likely be postage stamp-sized memory cards for portable devices such as mobile phones and cameras, should debut by 2005.
- "A Grip on the Future"
Business 2.0 (01/03) Vol. 3, No. 12, P. 41; Koerner, Brendan
Immersion sells products that use haptic technology to impart tactile sensations to users as they interact with computer-generated environments. The primary driver of Immersion's growth has been computer gaming equipment manufacturers, but the company is hoping innovations such as the CyberForce glove will bring in even more revenues from industrial designers and, more importantly, drive-by-wire automotive technology developers. Haptic technology would enable drive-by-wire users to experience the physical feedback of road travel without any mechanical interaction, a breakthrough that would allow automotive designers to build roomier, more adaptable vehicles. Furthermore, the huge number of patents that Immersion owns could add up to billions in licensing fees. Immersion has made a head start in the drive-by-wire sector by forging partnerships with Siemens VDO Automotive and Alps. However, drive-by-wire systems are still in an early developmental stage, so for now Immersion CEO Victor Viegas is having the company focus on the medical industry; products catering to that particular niche include surgical training systems such as the AccuTouch Flexible Bronchoscopy simulator. Meanwhile, Immersion has partnered with BMW to supply haptic technology for the iDrive system featured in 7-Series luxury cars. BMW's iDrive electronically controls over 700 functions; Immersion's technology allows drivers to operate the functions without looking.