Association for Computing Machinery
Timely Topics for IT Professionals

About ACM TechNews

ACM TechNews is published every week on Monday, Wednesday, and Friday.


ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either AutoChoice Advisor or ACM. To send comments, please write to technews@hq.acm.org.
Volume 6, Issue 637:  Wednesday, April 28, 2004

  • "Send Jobs to India? U.S. Companies Say It's Not Always Best"
    New York Times (04/28/04) P. A1; Porter, Eduardo

    Certain U.S. entrepreneurs and executives think that outsourcing IT jobs to India is not worth the lower labor costs when measured against productivity--and ironically, many of these execs are Indian-born. "[Work] that requires more creativity is more difficult to manage at a distance," observes Global Insight chief economist Nariman Behravesh. Bladelogic CEO Dev Ittycheria notes that offshoring IT tasks to India reaped three-to-one cost savings, but there was a six-to-one difference in productivity; Bladelogic CTO Vijay Manwani adds that there will be a migration of IT projects back to the United States once Indian offshoring's "hype cycle" dies down, and people realize that they have failed to reach their productivity targets. Behravesh explains that rules-based tasks are best suited for outsourcing, while more essential tasks will remain in the United States. U.S.-based Indian entrepreneurs attribute Indian workers' unsuitability for certain jobs to geography and business context disparities, not to their work ethic. U.S. programmers are more in tune with customers' needs, for example, and are better equipped to move beyond rules-based programming. Indeed, many Indian tech entrepreneurs who are attracted to the United States note that innovation is being spurred by the needs of U.S.-based businesses. Infosys Technologies VP Bassab Pradhan does not think Indian-trained workers suffer from a lack of creativity, but admits that how well tasks can be offshored greatly depends on physical proximity between the programmer and the final user; he predicts that technology production will be farmed out, while the creation of new technologies and business processes will remain domestic.
    Click Here to View Full Article
    (Access to this site is free; however, first-time visitors must register.)

  • "NETI to Examine Net's Strengths"
    Wired News (04/27/04); Delio, Michelle

    Georgia Tech researchers have embarked on a project to improve the speed and reliability of the Internet by collating data directly from tens of thousands of Internet users rather than tapping into router points along the Internet backbone. Electrical and computer engineering professor George Riley and graduate student Robby Simpson have created an open-source software application that collects average response time, average round-trip time, download times, connection times, number of data packets transmitted and received, and other network performance statistics. Riley says the collected data will allow the researchers to realistically simulate the behavior of Internet users. The NETI@home application must be downloaded by volunteers into their PCs, where it will gather network performance data and send it to a server based at Georgia Tech for analysis and dissemination to anyone else who thinks the information will be beneficial to their own Internet improvement initiatives; the data will also be made available to the general public on the NETI Web site. Unlike Berkeley's SETI@home project, which NETI@home is named after, the Georgia Tech program will gather information of a far more personal nature, although Riley and Simpson promise that volunteers' privacy will be upheld. "[NETI] is nearly painless from a performance point of view, and completely private if you opt to use our most restrictive privacy setting," insists Riley. Simpson says if enough volunteers download NETI on enough PCs with wide distribution, the collected data could be used to indicate the early spread of a malware epidemic, as well as its point of origin. In addition, NETI data could be employed to rate the best-performing and most secure ISPs, as well as the most insecure and worst-performing providers.
    Click Here to View Full Article

  • "Where Are You Now?"
    Boston Globe (04/26/04) P. C1; Bray, Hiawatha

    Google's proposed Gmail service has generated tremendous discussion about people's lives recorded digitally, accessible to business, government, and potentially criminals. Computer experts note that worries about privacy in the digital age are nothing new, and that many other online services store customer information and transaction histories: But the sheer size of Google's offering frightens people; the service would provide 1 GB of storage, enough to store a lifetime of text email messages. Moreover, Google has said the emails will be analyzed in order to contextualize advertisements, but will not be used to create a personal profile or read by human operators. Google co-founder Sergey Brin says Gmail was originally drawn up for his own use, since he wanted an easier way to manage his own 5 GB inbox; though he saw the benefits, Brin admits that he did not anticipate the public outcry over the proposed service. Privacy International in London has launched legal action to suspend the proposed service in 17 government jurisdictions, including in the European Union where the group says Gmail violates privacy protections. Center for Democracy and Technology associate director Ari Schwartz says the Gmail announcement has brought public attention to their cause, which is greater privacy protection for digitally stored information. Unlike paper documents stored in one's home, online information is an easier target for law enforcement, he says; investigators need to demonstrate a probable crime in order to search email less than 180 days old, but only need to assert a crime in order to search email after that point. Experts point to other online services that are popular largely because they enhance their services with personal information, including the online travel site Expedia and Amazon.com, which records book and product interests. People are also increasingly using online services for financial management and tax filing.
    Click Here to View Full Article

  • "Darpa Looks Past Ethernet, IP Nets"
    EE Times (04/26/04); Merritt, Rick

    The Defense Advanced Research Projects Agency (DARPA) is moving past Ethernet and Internet Protocol in its vision of cheap, low-power, ad hoc mesh networks that are five orders of magnitude more efficient than 802.11 networks in the enterprise space. To this end, DARPA is contributing at least four significant programs, including the development of connectionless networks through the use of new physical layer chips and protocols that could facilitate a 300 percent reduction in energy needs for communications; an investigation of networks that can tolerate delays based on NASA research; and the creation of systems capable of automatic real-time scanning of airwaves for available spectrum in which to erect or demolish ad hoc networks. DARPA's Preston Marshall said that this last project "opens up hundreds of megahertz of new spectrum without new licensing," adding that DARPA is a participant in the FCC's cognitive radio program. Marshall's support of DARPA's vision at the recent Wireless Ventures conference was in sharp contrast to projections that even cellular nets will eventually be overtaken by Wi-Fi nets in the race to capture the consumer broadband market. Marshall says such networks are too inefficient for transmitting small data portions. DARPA envisions a peer-to-peer network for "edge-driven computing" that does not rely on packets or predefined client/server topologies with ensured end-to-end connections, but rather forwards data on a hop-by-hop basis across a distributed network of autonomous nodes using newer, more efficient and reliable frameworks.
    Click Here to View Full Article

  • "Is Programming Dead?"
    silicon.com (04/23/04); Collins, Jon

    Model-driven architecture (MDA) is the next big evolutionary step in programming, now that software has standards for application definition such as the Unified Modeling Language and application architectures such as .Net and J2EE. Over the past decades, programming had advanced incrementally as software was ported from platform to platform; MDA would make that laborious and unproductive task unnecessary, allowing programmers to focus on more important aspects, such as business logic. Several vendors are already touting tools that will allow companies to model applications and use code generating tools, including Borland and IBM's Rational unit. This type of capability will force better designed applications, since irresponsible development groups will not have an excuse for not finishing specifications and designs upfront. Smaller vendors such as Quovadx and Select Business Solutions in the United Kingdom already tout MDA solutions that promise to automate the majority of code production. In the future, MDA can expect stiff resistance from some sectors who will correctly point out the need for expert programmers to create high-throughput code; but if automatic code generation tools can fill in the majority of application code with tolerable performance, then MDA will certainly benefit companies. In addition, MDA promises to incorporate functions many programmers are unfamiliar with, such as standardized event logging for autonomic computing. The big picture view is that application vendors will be responsible for specifying functional components while customers will use MDA to put those components together without having to worry about programming gruntwork, writes Quocirca analyst Jon Collins.
    Click Here to View Full Article

  • "U. of I. Opens Door to Future for Technology"
    Chicago Sun Times (04/26/04); Wolinsky, Howard

    This week will mark the formal declaration of the University of Illinois at Champaign-Urbana's Thomas H. Siebel Center for Computer Science, a 225,000-square-foot facility that is essentially a huge computer where students and faculty connect with a network comprised of computers, personal digital assistants, telephones, closed-circuit TV cameras, and infrastructure. The network's functions will be determined as students and faculty produce software and new applications, while professor Dan Roth says the facility will learn about users and their habits rather than be programmed to do a series of operations. Mark Snir, head of U. of I.'s Department of Computer Science, says he wants the center to make students, faculty, and staff more interactive, as well as give something back to the community. The center hosts Gaia software, a ubiquitous computer program that runs the center's rooms as a computer, adjusting room temperature and lighting, opening blinds, and tracking resources. Professor Roy Campbell says, "With Gaia, the virtual world comes to you." Professor Brian Bailey says research at the center is also being spurred by privacy concerns, and the computer science department is developing interfaces and systems that would allow people to specify which video cameras can monitor them, if any. Professor Tim Wentling of the Educational Technology Research Lab believes eFuzion software created by students Patrick Bristow and David Pan is just one example of the kind of technology the Siebel Center might focus on: The software allows students to capture video of whole lectures or just sections of a lecture and peruse them at their own convenience. The Center was partly set up with a $32 million contribution from its namesake, a former U. of I. student and Siebel Systems founder.
    Click Here to View Full Article

  • "Expert: Gaps Still Pain Bluetooth Security"
    CNet (04/22/04); Lemos, Robert

    Bluetooth 1.2 has a glitch that leaves it unsecured in some circumstances, Ollie Whitehouse, a researcher for @Stake, told attendees at the recent CanSecWest security conference. Whitehouse said the way Bluetooth deals with the personal identification number (PIN) used to protect data can be hacked with special hardware, allowing PINs to be captured when they are initially transmitted between Bluetooth-enabled devices. The information can then be used to listen to cell phone calls, capture personal data, or create fake signals from one device to another. Bluetooth has had other security problems, such as Bluesnarfing--information stealing--and cell phone maker Nokia says it will provide an update to fix that flaw. Whitehouse says Bluetooth's security track record is poor, and notes that there may be up to 40 million devices in use that have Bluetooth 1.2 or earlier versions. He says, "We have already had three revisions of the specification out there. I think this attack could be effective for the next three years." The latest possible attack, however, is not easy, and requires roughly $15,000 in specialized hardware. Whitehouse suggested using long PINs and not initially connecting Bluetooth devices in public places. For example, using the hardware specified, a PIN with 10 digits would take weeks to crack while a PIN with just six digits would be compromised in less than 10 seconds. Whitehouse also noted that any Bluetooth-enabled device can be tracked by another specially-equipped Bluetooth device from as much as a kilometer away.
    Click Here to View Full Article

  • "Opening Opera to the Digital World"
    IST Results (04/26/04)

    The OpenDrama project funded by Information Society Technologies seeks to digitally replicate the experience of an opera performance via an integrated media player platform that can be used for entertainment and learning. The OpenDrama service, which will be available on broadband Internet, DVD, and interactive television, will include musical streaming with graphical plot visualization, a score and libretto displayed in real time, three-dimensional virtual staging, and access to background frame and karaoke. "Developing a new media player from scratch would have been too costly within the scope of the project, so we used existing players in different ways, creating a system that can transmit multiple multimedia objects simultaneously," notes project director Gabriele Scali, who adds that the technology's educational potential should be very popular among schools. The platform's users will be able to compare different opera performances in detail and have access to historical and educational data. Professional authors, meanwhile, could use the platform as a toolkit to produce rich multimedia objects. Among the challenges OpenDrama's developers faced was finding a new methodology for recording opera: "We had to separate all the channels, and make the orchestra and singers all perform and be recorded separately, which was something very unusual for most," Scali explains. So that an opera's plot can be captured and displayed to users, the developers created a new XML language. The consortium that developed OpenDrama, which included nine companies and research institutes in four countries, thinks the technology could be applied to other stage-based arts, music concerts, TV dramas, and even books and novels.
    Click Here to View Full Article

  • "Student Develops Innovative Software"
    Oregon Daily Emerald (04/26/04); Neuman, Steven

    University of Oregon senior Anna Cavender was named North America's 2004 Outstanding Female Undergraduate in Computer Science and Engineering by the Computing Research Association for her work on EyeDraw, a computer program co-created with recent graduate Rob Hoselton. EyeDraw was designed primarily as a tool that movement-disabled children can use to express themselves and refine their creative talent through drawing. The software uses an eye tracker positioned beneath the computer monitor to recognize and analyze the user's eye movements, allowing users to draw pictures without their hands. Cavender notes that these drawings can be made free of scribbling, which is attributed to previous eye trackers' inability to distinguish between intentional drawing and simple gazing. "We're taking data from the eye tracker into the [EyeDraw] program in the form of x-y coordinates, and manipulating that data to optically draw pictures," notes Cavender. "We use smoothing algorithms so that the jerky nature of eye movements doesn't appear on the screen." Cavender and Hoselton carried out the research for the software in the University of Oregon's cognitive modeling and eye-tracking lab.
    Click Here to View Full Article

  • "I.B.M. Joins Stanford to Find Uses for Electron Spin"
    New York Times (04/26/04) P. C3; Feder, Barnaby

    IBM and Stanford University have set up a collaborative spintronics research project dubbed SpinApps. The effort will involve roughly 20 researchers from both IBM's Almaden Research Center in San Jose and Stanford's nearby Palo Alto campus. The goal will be more innovative uses of spintronics, or electron spin utilized in electronic computing functions. Normal electronics involves only voltage and current, but does not take into account the spin of the electron. The co-directors are former IBM research and current Stanford physicist Shoucheng Zhang, Stanford materials science expert James Harris, and IBM Research leader Stuart Parkin. Parkin led IBM's development of a spintronics hard drive, which has revolutionized data storage. Zhang is currently working on spin currents, which entails allowing a spin state to pass from electron to electron without generating resistance and thus losing energy. If such a technology were made practical, it would have great importance for chip interconnections. Spintronics is being investigated as a way to advance electronics as existing semiconductor designs reach their physical limits. For IBM, SpinApps represents a renewed emphasis on basic physical science research and an opportunity to work with a major university.
    Click Here to View Full Article
    (Access to this site is free; however, first-time visitors must register.)

  • "World Wide Web Consortium Publishes First Public Working Draft of Web Services Choreography Description Language 1.0"
    World Wide Web Consortium (04/27/04)

    The first draft of Web Services Choreography Description Language (WS-CDL) version 1.0 will enable sustained and secure peer-to-peer e-business transactions over the Web. Released by the World Wide Web Consortium (W3C), WS-CDL will serve as a modeling tool developers can use to view the entire Web services sequence, not just the start and end points; the description language also provides an important context, or "rules of engagement," for end point languages such as Java and BPEL. The W3C says the new specification will allow organizations faster and less expensive Web services deployments, since WS-CDL eliminates the need for custom-coding between applications and ensures the services will perform according to business requirements. Solid mathematical expertise underlies WS-CDL's ability to prevent deadlocks, where processes stall while waiting for each other, and livelocks, where processes get stuck in recurring loops; interference from unauthorized sources, or leaks, are also prevented using sophisticated mathematical theory, so as to improve Web services security. The W3C WS-CDL working group brought in several experts in pi calculus, which uses algebra to model mobile physical and virtual systems. With the publishing of the WS-CDL first draft, the effort will move into the full development stage where early implementations are sought. The working group is also soliciting comment on the draft from the Web development community, and discussion can be found on the public-ws-chor@w3c.org mailing list. WS-CDL is based on XML and conforms to standard Web architecture as well as Web services protocols SOAP version 1.2 and WSDL 2.0.
    Click Here to View Full Article

  • "Robots Readied to Take on Search-and-Rescue Duties"
    EE Times (04/27/04); Johnson, R. Colin

    The National Science Foundation is investing $2.6 million over five years in an effort to develop cooperative robots that can carry out search-and-rescue duties with minimal human assistance. The project involves the participation of the University of Minnesota, which is focusing on the hardware; the California Institute of Technology, which is working on the software component; and the University of Pennsylvania, whose concentration is robotic vision and control theory for omnidirectional cameras and team coordination. Under the direction of Nikos Papanikolopoulos, Minnesota's Distributed Robotics Lab designed two tubular, ruggedized robots built from off-the-shelf parts: The Scout unit includes video cameras, a pyroelectric sensor, light detectors, infrared range finders, a mechanical "foot" that provides limited movement via rolling, and a wireless frequency-hopping, signal-encrypting transceiver. The more advanced MegaScout, which can open doors or move Scouts away from obstacles with a manipulator arm, monitors communications among the Scouts and coordinates their actions, as well as transmits data back to human controllers and keeps in touch with other MegaScouts. The project's goal is to make multiple robots capable of searching sites for survivors, mapping out a damaged area, and carrying out other orders from emergency workers. Enabling a single operator to control swarms of robots involves collaborative sensing, distributed exploration and mapping, and reliable team coordination software, as well as an effective robot-operator communication methodology. Besides locating survivors, the robots could be employed to gather and analyze air samples for toxicity, and outline maps marked with notable objects.
    Click Here to View Full Article

  • "Security From the Inside Out"
    Tech Update (04/21/04); Farber, Dan

    Cybersecurity experts are coming up with multilayered approaches to protect enterprises against attack, using a combination of patching, firewalls, intrusion detection systems, antivirus software, deep packet inspection, and access controls. However, application-level attacks go around network-based protections, and detection and antivirus patches alone cannot keep up with worms and viruses. Most security solutions start outside a network and build perimeters across it, but Fortify Software offers an automated inside-out, root-cause solution that removes vulnerabilities as part of the software development process. Fortify CTO Roger Thornton says programmers need to be on the front lines of defending enterprise IT. Systems can be made more secure during development not only through improved code quality, but also the elimination of vulnerabilities such as stack buffer overflows, format string errors, SQL injection exploits, and unconditionals. Thorton says programmers do not generally think about vulnerabilities when writing code, and his company's approach uses static analysis of code to find flaws. This requires a more flexible system that adjusts to attackers' vulnerability probing and allows programmers to build new libraries. Fortify's software rules are sourced through the security establishment, research community, and Fortify's internal team. The company's source code analysis suite includes a software security manager, a developer toolkit, and a source code analysis server, and Fortify is also working on a real-time monitoring application to detect attacks and automatically respond. Fortify's products are intended for larger enterprises.
    Click Here to View Full Article

  • "Mobile Industry Embroiled in Domain Debate"
    America's Network (04/15/04) Vol. 108, No. 6, P. 8; Gohring, Nancy

    A coalition of companies in the mobile communications industry have applied to ICANN to start a new Internet domain name for mobile services. If granted approval, the group, which includes Microsoft, Hewlett-Packard, and Nokia, plans to form a company that will manage the registry, which will be officially named by ICANN, and the new domain could become available by late 2005. The coalition expects that a separate mobile domain name will improve the quality of Internet content accessed through mobile devices. Experts say the effort highlights the inability of users to effectively access Web sites through their mobile devices and the failure of translation tools to create mobile-specific content. David Rivas, chief technology officer of Sun Microsystems' consumer and mobile systems group, "Right now there is no good indicator for content designed for mobile devices. This provides an indicator for users." However, while some believe a new domain could give Web developers the incentive to produce more wireless-friendly content, others say there is no evidence that suggests a specific domain will result in these improvements. They also note that past experience shows it can be difficult to get content providers to adopt new domains. Those in favor of the new domain also say it will enable them to create a new IP address system for mobile users that would allow customers and operators to access devices remotely. For this system to operate successfully, however, the Internet DNS system would have to be altered to assign new IP addresses in real time for mobile devices that change location, instead of two days.
    Click Here to View Full Article

  • "Coming--Programmable Matter"
    Computerworld (04/26/04) Vol. 32, No. 17, P. 26; Thibodeau, Patrick

    The National Institute of Standards and Technology (NIST) is just one of the research entities pursuing programmable matter--the manipulation of molecules, atoms, and subatomic particles into memories, logic circuits, and even entire computer systems. Programmable matter is based on the notion that software can be physically defined as a configuration of molecules, atoms, and electrons whose basic properties can be adjusted by moving the matter. A NIST lab is creating "photons on demand" with a quantum dot in the hopes that such a breakthrough can be applied to quantum cryptography. "Our strategy has been to make some very simple chemical systems that self-assemble and then essentially electrically download complexity into those afterward," explains Philip Keukes of Hewlett-Packard, which has created a nanoscale, programmable electrochemical cell that functions as a computer memory small enough to be incorporated into a piece of paper. Other potential uses for the device include a drug delivery system and technology embedded in everyday objects. Such "smart matter" systems are so named because they are capable of computation and can reconfigure their shape. Scientists envision the possibility of using smart matter to make aircraft and seacraft surfaces that can shape-shift in much the same way that a dolphin can change the microstructure of its skin when swimming. Meanwhile, Galileo Shipyards CTO and author Wil McCarthy believes a time may come when houses will feature arrays of programmable quantum dots in conductive material, but a huge stumbling block is the technical challenge of coaxing nanoscale elements to interact with current applications and silicon-based systems.
    Click Here to View Full Article

  • "Technological Networks and the Spread of Computer Viruses"
    Science (04/23/04) Vol. 304, No. 5670, P. 527; Balthrop, Justin; Forrest, Stephanie; Newman, J.

    By studying how computer virus outbreaks relate to technological networks, effective vaccination measures can be developed and deployed. Many technological networks targeted by viruses are not scale-free, and are therefore unlikely to be effectively protected by targeted vaccination. In addition, network topology is not always homogenous, is often influenced by how viruses are written, and can be changed by virus writers to subvert specific control strategies. Four particular networks and the attack strategies they are vulnerable to are outlined: A network of potential connections between machines via the Internet Protocol; a network of shared administrator accounts for desktop computers; an email address book network; and a network of email messages exchanged between users. Targeted vaccinations may be effective for the latter two networks, which boast more continuous distributions. Among the control strategies that are unaffected by network topology changes and do not need managers to know a virus epidemic's modus operandi is throttling, in which a virus is slowed down to the point that it can be cured by conventional measures by restricting the number of new links a computer can make to other computers in a given time period. The technique can also lower the amount of traffic produced as a result of the infection. Throttling reaches its highest level of effectiveness when the malware generates traffic at a dramatically higher rate than regular network communications, write Justin Balthrop and Stephanie Forrest at the University of New Mexico's Department of Computer Science, HP Laboratories' Matthew M. Williamson, and M. E. J. Newman at the University of Michigan's Department of Physics and Center for the Study of Complex Systems.

  • "Where The Opportunity Is"
    InformationWeek (04/26/04) No. 986, P. 45; Murphy, Chris

    CIOs, tech company execs, and computer science educators can offer no single strategy for how IT professionals can become more valuable to a company and thus avoid being outsourced--but they have established the characteristics of an indispensable worker: Such a person will be more specialized and more knowledgeable about enterprise customers, as well as looked up to by non-IT staff; the employee will further his education and have a deeper understanding of the workings of business technology and the operations of its integrated components; he will have to deal with international competitors and co-workers, and will boast more longevity within the organization or industry; and finally, the employee will earn less money upon graduating than he would when he decided to pursue a computer science major. A common recommendation of IT leaders is for workers to verse themselves in the business and industry--General Motors CIO Ralph Szygenda believes an employee must "move to the middle" by balancing technical competence with business knowledge, and make a long-term commitment to the enterprise. He and CDW CIO Jon Stevens agree that professionals must constantly build new skills, although exactly what skills U.S. firms will value highly is debatable. Hewitt Associates CIO Len Tenner maintains that "high tech" workers whose expertise includes security, complex networking, architecture, and support for complex databases will continue to be prize employees, while IBM's Michael Liebow believes Web services, service-oriented architectures, and business-process modeling will be indispensable skills for the IT pro. Many execs predict that IT will erase the borders between traditional IT and other fields, and think that IT personnel who do not work with outsourcers and offshore co-workers will be left in the lurch. Tenner believes that traditional IT workers may find the job market smaller because of globalization, skill commoditization, and increased efficiency, but he is confident that high-quality IT innovators will always have a secure job.
    Click Here to View Full Article

  • "Making Government Accessible--Online"
    Federal Computer Week (04/19/04) Vol. 18, No. 11, P. 21; Michael, Sara

    Section 508 of the Rehabilitation Act requires e-government services to be available to all citizens, including those with disabilities, but this is a tall order for many initiatives, even those with close-to-full accessibility. SSB Technologies' Chris Henderson explains that achieving 100 percent Section 508 compliance requires a coordinated effort for more commitment to the issue, adding that the results of a survey of top e-government projects his firm conducted with Federal Computer Week show that more training or aid from industry accessibility experts is necessary. Among the provisions that are difficult to satisfy is supplying text equivalents for images and other nontextual content, and including labels that indicate what data should be entered in each field of an electronic form. Detecting such problems is what Section 508 tools are designed to do, but experts note that the results of automatic testing may diverge when certain tools are employed. Martin Kwapinski, content manager for the General Services Administration's FirstGov Web portal, reports that code inconsistencies picked up by Section 508 tools do not necessarily mean that a page will be inaccessible to disabled users. On the other hand, the Office of Personnel Management's (OPM) GoLearn.gov initiative received high marks on the SSB survey because managers decided early in the development process to team up with other federal agencies and industry, and worked with the Justice Department's accessibility officials to create a best practices document and collaborated with a committee to ascertain how best to assess on-site courseware, according to the OPM's Larry Mercier. Close industry collaboration helped relay needs, and the managers refused to accept any product that offered less than full accessibility. "We'd like to make sure the community of practice for Section 508 is championed by the initiatives such as ourselves, because we have such a wide grasp and we are effecting the change of government," says Jeff Pon, acting project manager for the E-Training initiative. Many leading e-government efforts should not overlook the importance of human testing.
    Click Here to View Full Article

  • "Dire Straits"
    Information Security (04/04) Vol. 7, No. 4, P. 36; McGraw, Gary; Hoglund, Greg

    Software's future evolution will unfold according to the emergence of seven major trends: The elimination of bloated operating systems; the development of components and objects; the advent of mobile code; the normalization of distributed computation; a shift in payment models; the spread of embedded systems; and the widespread adoption of wireless networks. These trends will cultivate new business opportunities, but will also worsen the primary factors responsible for the insecurity of software--complexity, extensibility, and connectivity. As complex OSes disappear thanks to the emergence of encapsulation models such as virtual machines (VMs), so too will attackers' ability to exploit the OS by going after a deeply integrated app. Component-based software will allow applications to be built as needed, but new software exploits could be fostered by the advent of networked-enabled everyday devices with embedded systems. The emergence of mobile code carries a high degree of concern for security exploits, and all code is expected to become mobile as networking becomes more pervasive; language-based security models will grow in importance, and assaults against these measures will take place in the wild. As distributed computation is normalized and logically distributed systems make the transition to geographically distributed systems, several sub-trends are expected to unfold: An increase in security issues as distributed systems start to depend on the network for communications between components, and regular man-in-the-middle and timing attacks. Paying for software functionality on an as-needed basis promises to turn computing into a utility, but leaves digital content open to theft, a problem that may have no technical solution. The proliferation of embedded systems into handhelds that are notoriously insecure represents a good opportunity for exploiters, and the mass adoption of wireless systems will erase the physical boundaries of network segments, triggering more security concerns as wireless components are incorporated into more business-critical apps.
    Click Here to View Full Article