ACM TechNews is published every week on Monday, Wednesday, and Friday.
ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.
To send comments, please write to firstname.lastname@example.org.
Volume 5, Issue 483: Wednesday, April 16, 2003
- "Tune Out, Turn Off, Drop Offline"
Wired News (04/15/03); Philipkoski, Kristen
Although minorities, the elderly, the handicapped, and persons in low income brackets account for most of the people who are not online, a new study from the Pew Internet and American Life Project estimates that 17 percent of Americans are Internet "dropouts" who stopped going online because they were intimidated or frustrated by technical problems. Some people are making the online transition "in fits and starts," according to report author Amanda Lenhart. She explains that "They try it, then they dont like it, or they get knocked off and spend a year trying to come back online." Some 80 million surveyed American adults say they do not go online, but 20 percent of this number have access to the Internet and simply refuse to go online, or ask family members to go online for them. The study finds that approximately 27 percent of Americans have never tried to use the Internet, nor are they regularly exposed to people who do, and these people say they are socially or psychologically discouraged from going online. Nearly three-quarters of America's disabled population stay offline, and 28 percent cite their disability as the chief reason why. Economics remains the biggest roadblock to Internet access, according to experts: Most people who earn a living through low-wage service jobs--janitors, retail clerks, and hotel housekeepers, for example--are too busy trying to make ends meet to be bothered with going online, notes East Bay Alliance for a Sustainable Economy co-director Amaha Kassa. Lenhart says that comparing the percentage of people coming online with the percentage of Internet dropouts shows that the growth of the Internet population has plateaued.
- "Will Patents Kill IT Innovation?"
NewsFactor Network (04/15/03); Brockmeier, Joe
One of the most vocal critics of the U.S. Patent and Trademark Office is open-source consultant Bruce Perens, who says that allowances to patent "anything under the sun that is made by man," as decreed by the Supreme Court in 1980, could become a serious detriment to IT. "In such a young field as computer science, patents do tremendous harm by blocking the major mechanism of innovation--building on the ideas of others," he explains. Perens notes that companies that cannot afford the litigation costs of a patent infringement suit are especially vulnerable, while the free and open-source software movement could be seriously hindered if patents are integrated with industry standards. Software patents are the biggest sore point for the IT industry--Perens questions whether such patents should be allowed to exist in the first place, and observes that the United States stands out for being a poor implementer of such patents. Chuck Mulloy of Intel says that IT companies are concerned with the acquisition of patents by companies or individuals for the sake of generating revenue rather than spurring innovation. Resolving the patent problem is a tough proposition, because many experts are skeptical that such a problem exists, or disagree on the nature of the problem. "We'd like some legislation for patent reform that says if you're going to assert a patent, you should be using it...to be able to enjoin the production of products, seek fees or whatever," Mulloy explains. Perens says patent reforms stand a greater chance of being passed if lobbyists can make free software "ubiquitous in the world economy."
- "Cutting the Cord"
Boston Globe (04/14/03); Dodge, John
An increasing number of American homes have multiple PCs connected by wireless networks as users seek to share broadband Internet connections and files between machines. International Data (IDC) says the number of such homes has doubled in the last two years and will double again this year, up from over 3 million wireless homes. Wireless networks are more convenient and cheaper than wired networks in many cases, such as when mobility or many connected machines are involved. Forrester Research also says a main driver for wireless setups is the ability to share printers, scanners, and other peripheral devices. By June, a faster and backwards-compatible 802.11g standard should be ratified by the Institute of Electrical and Electronics Engineers, which governs 802.11 technology. While that new protocol will allow 54 MB to be transferred per second, PC Magazine Labs director Craig Ellison suggests that some new homes should build in even faster wired networks for future use. Such backbones would be able to shuttle video and other media between connected devices, including home entertainment components and PCs. Already products such as Sony's RoomLink and Hewlett-Packard's Media Receiver bridge the gap between 802.11b wireless signals and the various connections on the back of TVs and home audio systems. IDC analyst Danielle Levitas says that most people sharing media between such devices today burn CDs on their PC to play elsewhere, creating the so-called "sneaker net;" yet as wireless networking technology advances, IDC estimates that 33 million American homes will have wireless networks by 2007.
- "Cyberattacks With Offline Damage"
New York Times (04/14/03) P. C4; Schwartz, John
Aviel D. Rubin of Johns Hopkins University's Information Security Institute recently presented a paper suggesting that a cyberspace-based attack can have real-world ramifications, and is relatively simple to carry out. All that is needed are tools published by certain search engines--Google, for instance--that can automate large-scale searches and enable malicious hackers to sign up victims to receive catalogs from hundreds of thousands of Web sites. Such an attack would not only swamp the target with hundreds of pounds of mail each day, but would cripple the post office that must deal with this deluge. Security expert Bruce Schneier calls such a scenario the offline equivalent of a distributed denial of service attack. Such an event took place last year, when spammer Alan Ralsky bragged to a newspaper that he made his fortune by sending unsolicited commercial email to vast numbers of people; when published online, his admission spurred readers to sign Ralsky up for thousands of catalogs and brochures, but Rubin indicates that such an attack could be carried out by a single individual. Rubin's report suggests that terrorists could use such an attack to divert attention away from a much more damaging assault, such as sneaking in anthrax-laced mail under the post office's radar. Rubin also noted in an interview that maintenance requests, service calls, and package pickups could also be automated in the same fashion. He said he published his report with a clear conscience, because the means and the vulnerabilities to carry out such an attack already exist, and to allow such assaults to take place without warning people about it would be negligent. However, Sue Brennan of the Postal Service insists that "The concepts in [Rubin's] document...appear to be systematically flawed with regard to the controls our major mailers would have in place to prevent such an event from occurring."
- "Quest for Power, Speed Drive the Latest Technologies"
Boston Globe (04/14/03); Bray, Hiawatha
Wireless technologies will soon allow people to be almost completely free of copper strands. Bandwidth barriers have prevented technologists from using wireless technology to transfer information such as live video, but those obstacles are falling with the advent of 802.11g and ultrawideband devices. Hewlett-Packard recently released a digital media receiver that allows people to stream music and digital images from their PC to TV and hi-fi stereo systems. Because the device uses just normal 11 Mbps Wi-Fi speeds, the system is unable to transmit video. Wired hardware already allows PCs to play TV and cable broadcasts. Soon, 54 Mbps 802.11g technology will allow PC-based video to go the other way and be played on home entertainment systems. Snapstream Media is working with Prismiq to make a wireless PC-to-TV set-top box, and with Broadq to convert the Sony PlayStation 2 into a wireless video receiver. Other firms are developing devices based on ultrawideband technology, which carries enough data for wireless high-definition video and surround sound transmissions. Already approved by the FCC last year, ultrawideband flouts spectrum allocations, broadcasting across wide swaths of spectrum; because it uses low levels of power to avoid interfering with other wireless devices, ultrawideband reaches only about 30 feet.
Click Here to View Full Article
- "Research Shows Hazards in Tiny Particles"
New York Times (04/14/03) P. C8; Feder, Barnaby J.
A new study by Dr. Vyvyan Howard of the University of Liverpool concludes that nanoscale materials are likely to constitute a health risk--especially to laborers manufacturing such materials--because their small size makes them easy to inhale, ingest, or absorb through the skin. Dr. Howard's report was commissioned by the ETC Group, an organization that is vehemently opposed to rapid nanotechnology development, and which will publish his findings today. Nanoscale materials are highly valued because of their flexibility, electrical properties, and transparency, which are unique at such small dimensions. Such materials are already common in products such as sunblock, tennis balls, and computer displays. ETC believes that a moratorium on nanotech product production should be declared until more knowledge is gathered on the technology's potential health hazards--a measure that the business community strongly opposes. "People who worry excessively underestimate the number of natural materials that size that have surrounded us for years," contends Greg Blonder of the Morgenthaler venture capital firm. "It requires the usual good care but I don't see any new or unique threat." Nanotech companies add that a moratorium would trigger a wave of overseas nanotech development outsourcing.
- "Tiny Bubbles Are Key to Liquid-Cooled System for Future Computers"
Newswise (04/11/03); Venere, Emil
The heat output of microprocessor chips is expected to increase by a factor of four within three years, necessitating the development of new cooling systems that are far more efficient than fan and heat-sink technology currently in use, according to Purdue University International Electronic Cooling Alliance director Issam Mudawar. A Purdue research team led by Mudawar has created a pumpless liquid-cooling device whose efficiency is based on a surprising discovery: The bubbles generated by the liquid flowing through the system's microchannels are smaller than expected and do not inhibit circulation. Furthermore, reducing the microchannels' diameter produces even smaller bubbles, thus boosting the system's efficiency. Bubbles rise to the top of the microchannels, where a fan cools them and causes them to condense back into liquid. The system requires no pump because the liquid is distributed in a self-supporting flow in a closed loop that disperses the chip's heat. Purdue scientists estimate that the system is 5.7 percent more efficient at heat removal than current miniature pumpless liquid-cooling systems. "Now that we have a system that we know will work, we are going to test different geometries that will be beneficial to industry," Mudawar explains. The U.S. Department of Energy funded the Purdue team's research, which was detailed in the March issue of IEEE Transactions on Components and Packaging Technologies.
- "Apple Patches Flaws in Mac OS X"
Boston.internet.com (04/11/03); Naraine, Ryan
Apple Computer has issued an updated version of its Mac OS X operating system in order to address seven major security flaws that @Stake alerted the company to. Accompanying Apple's advice that users upgrade to Mac OS X 10.2.5 was a notification that previous iterations were beset with a information disclosure hole in OpenSSL that intruders can exploit to get hold of the pre-master secret and identify the keys used during SSL/TLS sessions. The upgrade also patches an exceptional handling error in the Apache Server that can enable hackers to launch denial of service (DoS) attacks by sending multiple HTTP requests. DoS attacks could also be used to exploit two new vulnerabilities in DirectoryServices, @Stake warned. Other security flaws that the patch addresses are found in MAC OS X's Sendmail and Samba applications. Secunia ranked these vulnerabilities as "extremely critical," with the Sendmail hole especially troubling because it could allow an intruder to commandeer an insecure Sendmail server. Apple noted that the new version is enhanced with Bluetooth support for Nokia 7650 and P800 phones and disc burning support for several devices. Mac OS X 10.2.5 reportedly offers improved selection of character encoding for messages sent in certain foreign languages, as well as more reliable AppleEvents traffic between software running in the Classic environment and native Mac OS X.
- "Are Privacy Expectations Changing?"
IDG News Service (04/11/03); Pruitt, Scarlet
Scarlet Pruitt writes that the prevailing mood at ACM's annual Computers, Freedom, and Privacy (CFP) conference appeared to be one of calm resignation rather than enthusiastic opposition to proposed and enacted legislation and initiatives that collectively represent a grave threat to Americans' civil liberties. Barbara Simons, co-chair of ACM's U.S. Public Policy Committee (USACM), set the tone at the conference by asking how many attendees had their driver's licenses photocopied at check-in and how many balked at this policy; the former far outweighed the latter. Pruitt notes that many people would dismiss such privacy invasions as minor compared with larger efforts such as the Patriot Act and the Total Information Awareness project. However, Canadian Privacy Commissioner George Radwanski warned attendees not to discount such developments. "In the end these incremental threats [to our privacy] are what we should fear most," he insisted. Radwanski added that privacy limitations and surveillance measures that would have been deemed unacceptable by the Western world just a few years ago are now meriting serious consideration because of international conflicts, and cautioned that such edicts would probably never be rolled back. Heather MacDonald of the conservative Manhattan Institute think tank characterized opposition to such measures as a "knee-jerk" reaction, and said that the government appears to be the only entity with the dedication to even try to increase the security of American citizens.
For more information about USACM, visit http://www.acm.org/usacm.
- "Homeland Security Needs More Tech Funds"
IDG News Service (04/11/03); Gross, Grant; Wenzel, Elsa
Charles McQueary of the Department of Homeland Security presented a request for a 43 percent annual budget increase to cover various technology initiatives to Congress on April 10. The projects that the department aims to fund through the expanded budget include biological, chemical, and nuclear threat countermeasures, as well as the development of border security technologies such as fingerprint or iris scanners. The proposed Homeland Security Advanced Research Projects Agency, which uses the Defense Advanced Research Projects Agency as a template, would receive roughly $350 million of the Homeland Security Department's requested 2004 budget of $803 million. Privacy proponents have sharply criticized the proposed agency for supporting projects such as the Total Information Awareness program. McQueary told senators at a hearing of the Senate Appropriations Committee's Subcommittee on Homeland Security that the Homeland Security Department will collaborate with both federal agencies and private vendors to develop new security technologies, and noted that his office will determine whether such projects can be deployed with existing systems or will require the establishment of new initiatives. He also said he plans to bring existing federal agencies and research labs into the fold, and set up academic "centers of excellence" where new technologies can be developed. Subcommittee Chairman Sen. Thad Cochran (R-Miss.) inquired how McQueary would review the inevitable deluge of requests to invest in security technologies, to which McQueary replied that he would refer them to the Technology Support Working Group. Sen. Robert Byrd (D-W. Va.) advised McQueary to develop performance standards for his office so Congress can ensure that funding is being invested wisely.
- "Honeypots Get Stickier for Hackers"
CNet (04/11/03); Lemos, Robert
Speaking at the CanSecWest security show, Honeynet Project founder Lance Spitzner announced changes to his group's open-source honeypot technology that will hopefully make it more palatable to security companies and other businesses. The revisions, which will be disclosed in a paper to be published online on April 14, will make it more difficult for network intruders to detect honeypots and make honeypot management easier. The Honeynet Project has tweaked the honeypot's Linux operating system so that it can mimic attackers' encrypted commands back to the administrator. "Even if you don't have encryption on your system, the bad guys will install it for you," noted Spitzner. Furthermore, intruders will be unable to launch attacks using the honeypot as a platform, while the honeypot will be able to disguise itself as anything from a single system to a large network thanks to software that can feign responses to frequently used mapping software. Honeypots will be able to be managed and reviewed via a graphical user interface through the forthcoming Honey Inspector utility, while a bootable CD-ROM that simplifies honeypot installation is expected to be issued in three to six months. Honeypots are designed to eliminate false positives that complicate the management of intrusion-detection systems, as well as draw attention away from genuine threats. They also allow administrators to identify unknown threats and exploits before they become a serious problem.
- "Military Fashioning High-Tech Combat Suits"
United Press International (04/11/03); Haskell, David D.
The Army's Soldier Systems Center is the focus of research to build more sophisticated yet comfortable uniforms, body armor, and other protective systems for troops to wear on the battlefield, and the center's Maurice N. Larrivee attributes much of the current excitement in his field to nanotechnology and smart textiles. Such breakthroughs allow minute electronics to be weaved into textiles without significantly increasing weight or bulk, and should enable the materials to automatically react to external stimuli or to carry out preprogrammed responses. Larrivee foresees innovations such as self-repairing suits and interactive flame retardant uniforms coming from such research. His laboratory is also developing uniforms featuring battery-powered undershirts that supply heat and ventilation, as well as voice-controlled weapons worn on the wrist. Larrivee adds that Navy SEALs are currently using wet suits enhanced with an interactive polymer that keeps them warm in cold water and maximizes comfort in warm environments. The Soldier Systems Center's fire-resistant uniform initiative involves embedding uniforms with smart inner and outer layers, with the outer layer moving toward the flame and possibly dispensing a protective foam while the inner layer keeps heat away from the wearer's body by creating space between the fabric and the skin. Larrivee says ground combat troops will eventually be outfitted with flame retardant uniforms because urban fighting will be a more common strategy in future combat. He predicts that, "The soldier of the future, about 10 to 15 years from now, is going to be as lethal as an army tank."
Click Here to View Full Article
- "Open-Source Team Fights Buffer Overflows"
CNet (04/11/03); Lemos, Robert
The OpenBSD project will release new security features next month that virtually eliminate the threat of "buffer overflow" attacks, which have been the bane of computer security professionals for decades. Speaking at the recent CanSecWest conference, OpenBSD project leader Theo de Raadt said the lock-down was pretty tight on future buffer overflow errors, but software security being what it is, he could never say they had been eliminated absolutely for the Unix variant. Some experts were incredulous about the claims because they said software always has bugs. In a buffer overflow attack, hackers send enough data to crash an application, then sneak an executable program or illicit memory address into the vulnerable system. The new technique randomizes the stack location so that hackers cannot depend on a known layout. In addition, a little tag in the memory structure detects whether addresses have been modified or not, lessening the chance hackers can use a legitimate program as an attack launch pad. Another feature that will not be ready for six months longer is the separation of memory into writable and executable portions so that hackers cannot write and execute code in the same page; this feature was crafted especially for popular 32-bit processors and required the group to decide how to divide memory for those chips. The buffer overflow project was instigated by a Defense Advanced Research Projects Agency grant, though de Raadt says that money did not cover all the work.
- "'Please Step to the Side, Sir'"
Salon.com (04/10/03); Manjoo, Farhad
In response to a Freedom of Information Act request filed by the Electronic Privacy Information Center (EPIC), the Transportation Security Administration (TSA) released documents last month confirming that there is indeed a federal "no-fly" list of people who are to be refused air transport, as well as a "selectee list" of people who are required to be more thoroughly searched prior to boarding a plane. These documents, along with complaints from people charging that they were misidentified as criminal types and either searched or denied passage, indicates that the system is flawed. To remedy the situation, the TSA is developing a new version of the computer-assisted passenger prescreening system (CAPPS II), which will rate travelers at check-in by first consulting commercial databases to verify their names, addresses, birth dates, and telephone numbers, and then checking law enforcement databases to see if they are registered on a watch list or have suspicious behavioral patterns. When the check is complete, passengers will be assigned color codes that determine whether they should be allowed aboard, subjected to further security checks, or denied plane access and possibly turned over to the police. Heather Rosenker of the TSA claims that civil liberties will be considered throughout the development of CAPPS II, and refutes assumptions attributed to the media. She assures that a traveler's credit rating will not be taken into account, nor will their "name, religion, ethnicity or physical appearance." Unfortunately, critics contend that inaccurate commercial credit data could lead to false positives, while MIT grad students Aaron Strauss and Samidh Chakrabarti conducted a study concluding that terrorists could use the original CAPPS' open scrutiny to thwart both it and CAPPS II. They argue that a much more effective solution would be to randomly screen a group of travelers.
Click Here to View Full Article
- "Indian Software Industry Worried by Arrests, Protectionism"
EE Times (04/10/03); Krishnadas, K.C.
Recent international arrests and U.S. legislation are cause for concern throughout the Indian software industry, which is interpreting such incidents as a sign of fear among other nations that Indian engineers are encroaching on their job markets. In December, Polaris Software Lab Chairman Arun Jain and a fellow executive were arrested and held for a week by Indonesian police while in Jakarta to settle a dispute with a local bank. A large number of software engineers, including several Indians, were detained by Malaysian authorities on March 9 for supposedly violating visa regulations; their passports were vandalized and none of the detainees was allowed to contact friends or Indian diplomats. The Malaysian government officially apologized last week and promised that action would be taken against the policemen involved in the incident. I-Flex Solutions' Dutch subsidiary CEO Senthil Kumar was arrested in the Netherlands on March 26, as were 12 visiting Indian engineers who allegedly possessed invalid work permits. Meanwhile, New Jersey, Washington, and other U.S. states are considering bills that would restrict the offshore outsourcing of software development projects by government agencies. The tremendous international success of India's software exporting segment has fostered concern among other nations, particularly those suffering from unemployment, that Indian software engineers will take even more jobs away from citizens. "India is becoming a powerhouse of software competencies globally and some countries' attitude require a change," declared Jain.
- "Holographic Data Storage: The Light Fantastic"
Nature (04/10/03); Haw, Mark
The promised advantages of holographic data storage include greater storage capacity, faster data retrieval, and new search methodologies; but it is only now that practical applications have begun to appear on the market, partly because of the emergence of digital video and difficulties with movie archival. Holographic storage development has proceeded at a slower pace than expected and has been restricted to academic institutions and small firms due to continuing storage capacity upgrades with magnetic-disk technology. One of the factors that has hampered holographic data storage is the limitations of photopolymers, although there have been breakthroughs that could mitigate such drawbacks. Most holographic systems are not viable for desktop applications because the polymerization reaction necessitates the use of a high-powered laser to read the light-and-dark pattern of overlapping data and reference waves; but researchers at Tokyo's University of Electro-Communications demonstrated in 2002 that the addition of a contrast-increasing substance could support less powerful reading lasers. Another problem is the thickness restriction of photopolymers, which inhibits higher data density, but Pavel Cheben of the Institute for Microstructural Sciences and Maria Calvo of Madrid's Universidad Complutense have described a tough holographic material embedded in silica glass that not only stores more data, but is highly durable. An even more desirable goal for some scientists is rewritable holographic memories, as demonstrated by former California Institute of Technology researcher Karsten Buse. Companies such as InPhase and Aprilis are marketing photopolymer-based holographic storage systems, with InPhase courting movie-industry companies to consider its products as a cheaper alternative to current movie archiving techniques. Perhaps the technology's biggest draw will be superior search capabilities, such as content-addressable searching and fuzzy searching.
- "ISOnews Co-Founder Does Time for DMCA Violation"
ICANNWatch (04/10/03); Mueller
ISOnews.com co-founder David Rocci has been sentenced to five months in prison for selling microchips that enabled Xbox computers to play bootlegs, back-up copies, and other unauthorized games. Rocci was sentenced as part of a plea deal in which he also forfeited his domain name. ISOnews.com now leads visitors to a U.S. government Web page. The Electronic Frontier Foundation's Fred von Lohmann says that Rocci's sentence is troubling because the device he was selling "may have uses that may not be infringing to copyright at all."
- "Open Source Versus Open Standards"
CNet (04/10/03); Schwartz, Jonathan
Open standards, open source, developer communities, and licensing models have all used the term "open," but users need to know exactly what the moniker means in each instance, according to Sun Microsystems' Jonathan Schwartz. Of the four groupings, open standards are perhaps the most important because they provide a basis for interoperable technology; companies using either open-source or proprietary technology can be sure they will be able to adapt in the future with open standards. Not all open-source software uses open standards. Open-source software has its source code published for others to view and modify, and examples include Linux, the Apache Web server, Gnome desktop, and Mozilla browser. The most powerful and effective open-source projects are those that leverage open standards as well because they increase IT interoperability in the marketplace. Licensing is another key aspect to consider when dealing with open-source software, and it is important to understand the uses and requirements of each model; adopting a portion of open-source code for an in-house application may require the publishing of that program's source code, for example. Finally, the inclusiveness of the developer community behind open-source software determines the richness and innovation available with that standard. Schwartz says the most critical aspect of open standards and open source is determining what companies or individuals are able to contribute to the development of that software, and the process that underlines development.
- "The Next Material World"
Industry Week (04/03) Vol. 252, No. 4, P. 41; Teresko, John
Materials and society's mastery over them determines the path a civilization follows, and most experts agree that nanotechnology is shepherding civilization toward a design age marked by radical shifts in materials and manufacturing processes. "As we continue developing [nanoscale] knowledge and tools, researchers will emulate nature by building materials from the bottom up instead of from the top down," asserts Zong Lin Wang of the Georgia Institute of Technology's Center for Nanoscience and Nanotechnology. Draper Fisher Jurvetson managing director Steve Jurvetson says the ground-up construction of complex products and materials will be better facilitated by self-assembling, self-replicating systems; his expectations include the assembly of "just about anything" for $1 per pound, and the incorporation of distributed intelligence within the manufacturing process. Illinois Partners principal Neil Kane believes patent strategy should come before basic research into nanotech's commercial feasibility, an important consideration in light of all the patents inundating the nanotech sector. Foley & Lardner partner Stephen B. Maebius adds that commercialization of nanotech inventions is impossible without adequate protection of intellectual property, and explains that "the patent application relating to an invention in nanotechnology [must] carefully consider all of the potential end uses so that they are adequately covered--an exercise which may draw upon expertise in several different fields." Robert Wilkins of Danfoss professes that nanotech will be the catalyst that rekindles corporate R&D, while Jurvetson attests that such a development is critical. Margaret Blohm of the Global Research Center notes that General Electric is following such a model, with nano additives being one of its earliest anticipated offerings. The National Science Foundation forecasts that the nanotech market will be worth $1 trillion by 2015.
Click Here to View Full Article