Not all of this week's news involved global financial turmoil: while IT budgets are being cut and AMD is breaking itself up, a security tool was released for Firefox that prevents "clickjacking" and Microsoft said that Windows 7 will fix issues in Vista's user account control feature.

1. Economic malaise hits IT industry : Disappointing earnings from some IT companies, fewer initial public offerings, lowered earnings forecasts -- all are part of the grim global economic outlook. On the bright side, though, IBM reported this week that its net income rose 20 percent in its third quarter and maintained its profits will be strong for the full fiscal year.

[ Video: Catch up on the latest tech news with the World Tech Update ]

2. AMD to spin off chip fabs to raise funds : Advanced Micro Devices is splitting into two companies, with one designing chips and the other making them. The company also said that two investment funds owned by the Abu Dhabi government will provide capital to AMD and help it compete better with Intel. The news was hailed by analysts, investors, customers and employees as a way to strengthen AMD, particularly in the harsh economic climate.

[ Related: Rival Intel has launched an investigation into AMD's spinoff plans | Intel may be worried because analysts think the split could help AMD make up market share quickly ]

3. Firefox extension blocks dangerous Web attack : An update of a free security tool for Firefox blocks "clickjacking," one of the most dangerous and vexing problems on the Internet. Clickjacking happens when a Web user clicks on an invisible, malicious link without knowing it. The tool, called NoScript, now includes ClearClick, which can tell if a Web page contains a hidden, embedded element. Users of NoScript who click on such links will be asked if they really want to do that.

4. Microsoft to improve Vista's problematic UAC in Windows 7 : Microsoft is tweaking the user account control feature in its Windows client OS and admits that what was meant to be a security feature in Vista has been a hassle for users. The idea behind UAC in Vista is to give primary PC users more control of applications and settings, but it hasn't quite worked out that way. "What we've learned is that we only got part of the way there in Vista and some folks think we accomplished the opposite," said a blog post attributed to Ben Fathi, Microsoft corporate vice president of development in the Windows Core Operating System Division.

5. Microsoft elaborates on Oslo : Microsoft shed some more light on its Oslo vision for model-based software development this week, detailing the "M" declarative modeling language and the Domain Specific Languages concept that are integral to the overall Oslo package. The company also offered reassurances to developers thattheir role is not being minimized by this raising of the level of abstraction.

6. Apple to hold special notebook event on Oct. 14 : Apple sent out an invitation to reporters to attend an event next Tuesday, saying that "the spotlight turns to notebooks." We assume this means that new Macbooks will be out in time for the all-important holiday shopping season.

7. For a promising IT career, go east, young techie : The IT job market had tightened up even before global financial turmoil gave us all a whack, but opportunities are more plentiful in China, India and Russia, according to analysis of growth trends. Working in such countries also can be good for the old resume. "IT is going global. The IT profession is going global. Developing product for markets all over the world is something you have to learn how to do. Overseas work is a huge enhancer for IT professionals," said Rob McGovern, CEO of JobFox, an international IT employment agency.

8. Mono 2.0 lets .Net apps run on Linux: Considered a major upgrade, the open-source Mono 2.0 runtime leverages Microsoft's .Net Framework 2.0 programming model, letting developers build desktop and server applications using Microsoft-based environments and deploy them across multiple platforms, including Windows, Linux, and Mac OSX. By bringing apps beyond Windows, Mono will help developers reach a larger audience.

9. 11 Microsoft security updates due next week : There will be no rest for weary systems administrators next week -- Microsoft expects to roll out 11 security updates, with four of them rated critical. The monthly patchathon will apply to bugs in Windows Active Directory, Internet Explorer, Excel and the Microsoft Host Integration Server. Besides the critical patches, six others will be rated important and one will be moderate.

10. NASA: Messenger sends back never-before-seen Mercury images : NASA's Messenger spacecraft transmitted images of Mercury to scientist this week, proving them with data about parts of that planet that have never been seen before. The Mariner 10 mission in the 1970s identified the Kuiper crater on Mercury, the planet nearest the sun, and an image of the crater was among the first to be relayed to NASA. Messenger took hundreds of photos of Mercury as it got within 125 miles (201 kilometers) of the planet's surface.

A new Forrester Research study that polled more than 200 SAP customers found widespread discontent over the vendor's recent decision to shift customers to a pricier Enterprise Support offering, and also provides tips on how customers can mitigate the increased cost.

SAP announced in July that Enterprise Support would replace its basic and premium support options. Enterprise Support costs 22 percent of a customer's license fees, compared to 17 percent for basic support. The additional costs will be phased in over the next few years, and new charges won't begin until Jan. 1.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

But Forrester clients voiced a number of common gripes.

Eighty-five percent of the clients interviewed described minimal utilization of the Basic Support offering. "The average customer claims to connect with SAP fewer than six times a year -- the equivalent of buying a comprehensive but expensive insurance policy and rarely utilizing it," the report states.

Customers also complained to Forrester about the time it takes SAP to meet requests for new features.

"Customers believe that the maintenance dollars paid to SAP should go to filling in key functionality gaps in the software. However, there are a plethora of examples where key functionality requested two to four years ago by multiple customers in the same or different industries were not delivered in SAP R/3 4.7, let alone available in SAP ERP 6.0," the report states.

Clients "want to know how much of their support dollars really go back into reinvestment versus profit margins," it adds.

SAP has cited a number of reasons for its decision, such as greater complexity in customer environments, and argues that Enterprise Support provides a higher level of benefits for customers -- points the Forrester report does not dispute.

To mitigate the increased cost of maintenance, customers should seek steeper discounts on licensing deals, according to Forrester.

Another tactic would be to create a long-term "SAP containment strategy," which could include taking a look at other vendors. "Many SAP clients with whom we spoke have begun the process of evaluating Oracle Siebel, Salesforce.com and others for customer relationship management as well as Siperian, Initiate Systems and IBM for master data management."

Customers also should consider third-party options for support. While one company, Rimini Street, has announced plans to provide such support, it has not yet begun doing so, and even when it does will focus on only SAP's R/3 products.

The Forrester report's results stand in contrast to SAP's past contention that while customers may not like to pay more money, they understand the value of the new service.

An SAP spokesman was given a copy of the report on Friday, but did not immediately provide comment on its findings.

The collective sigh of relief when Apple lifted the iPhone NDA, which had prevented developers from discussing iPhone programming, came not just from developers, but also from educators, authors, and publishers. With the NDA gone, iPhone-related books can be published, and conferences can be much more detailed, leading to better education.

Publishers and authors who had books written were forced to shelve them because publishing the material would have broken the guidelines of the NDA. However, with the NDA removed, users can expect to see an abundance of information hitting the market, targeting everyone from developers to end-users.

[ Special report: IT's guide to the iPhone ]

"It was huge having the NDA lifted," said Bill Dudney, trainer and co-author of the upcoming book "iPhone SDK Development" (Pragmatic Bookshelf, 2008).

Like many other authors, Dudney had a book written about the iPhone, but couldn't publish the book without breaking the NDA. Now, Dudney -- along with countless others -- can bring his product to market. (A quick search for  iPhone books on Amazon.com shows a number of titles available for pre-order.)

An abundance of books on the market isn't the only benefit we can expect to see. Conferences will now feature better sessions because speakers and trainers will be able to speak freely about what it takes to make a good iPhone application.

iPhoneDevCamp organizer and co-chair of O'Reilly's iPhoneLive conference, Raven Zachary said he is excited about what this means for future conferences. Zachary said they have tentatively added an introduction to iPhone development session at the upcoming conference, which is something they couldn't have done before Apple lifted the NDA.

In previous conferences, speakers would have to talk about Mac development tools and try to relate them to the iPhone, without speaking about the iPhone -- a tough task.

The NDA stifled growth in the development community simply because new developers had a limited amount of resources to seek help. Now, Dudney said, trainers can speak freely and actually help attendees with questions they have about developing for the iPhone. With new developers come new applications and innovation, which only helps the platform.

Perhaps not coincidentally, a week after lifting the NDA, Apple announced the iPhone Tech Talk World Tour, a series of free tech talks about the iPhone for developers. Topics include an introduction to Objective-C and Cocoa Touch, how to integrate the iPhone into an IT environment, submitting your app to the App Store, and iPhone game development

The end result for iPhone users should be a better choice of applications as developers continue to push the envelope of innovation.

MSI is continuing its assault on the Eee PC by launching the Wind U120.

[ For more on products in the hot mini-notebook category, check out our hands-on looks at Asus' Eee PC 901 and 1000, the Cloudbook Max netbook, Elitegroup's G10IL mini-laptop, MSI's Wind low-cost laptop, Giga-byte's M912X mini-laptop, HP's Mini-Note netbook, and Acer's Aspire one. ]

The U120 will feature similar specs to its predecessor, the Wind U100, which is powered by an Intel Atom processor. Customers will be able to choose between a 120GB hard-disk drive or a 40GB solid-state drive. The U120 also includes 802.11n Wi-Fi connectivity and a built-in 3G modem.

It is expected to be priced around £350 ($595) and available by December.

Shedding more light on its Oslo vision for model-based software development, Microsoft this week elaborated on plans to preview Oslo technologies, offering code names and citing the company's DSL (Domain Specific Languages) concept as a lynchpin of the platform.

A Community Technology Preview of Oslo is due at the Microsoft Professional Developers Conference in Los Angeles on October 27. Featured in the CTP will be a declarative modeling language now being identified by the code name "M," as well as software modeling tool code-named "Quadrant.

A repository for integration between models also will be part of the CTP. User feedback on the CTP will help determine the overall road map for Oslo technologies, said Robert Wahbe, Microsoft corporate vice president of the company's Connected Systems Division, during an interview this week.

With Oslo, Microsoft seeks to provide another layer of abstraction for developers and make development easier; models become the applications. Business analysts also could make changes to models. For example, an analyst could change an application that requires two managers' approvals for lunch expenses exceeding $100 to requiring these approvals for a $50 lunch, Wahbe said.?

"It's easier in many cases to look at a model and see what it's trying to do rather than look at hundreds of thousands of lines of code," Wahbe said.

With the M language, ISVs and developers could build textual DSLs, he said. A DSL enables a developer to write down intent in a way that is close to how a developer is thinking about a problem, Wahbe said. M also can be used to build data models.

"The idea of DSLs has been around. What we're trying to do with Oslo is make it easier for mainstream developers to use models in general," Wahbe said. Microsoft, as an ISV itself, will use DSLs for building domains for activities like workflow and databases.

"[The] notion is that M is excellent at building these DSLs in an easy way," Wahbe said. "In turn, once you have that DSL, what it does is it lets you produce something that the platform can execute directly."

A model is translated to XAML, which can be executed by the platform. Oslo also can work with multiple runtimes from platforms like Java if developers customize the Oslo tools.

Quadrant, meanwhile, provides a way to author models visually. "The way to think about it is M lets you build textual DSLs and Quadrant lets you build visual DSLs," Wahbe said.

Oslo will be featured as part of the Visual Studio product family; the company has not yet announced which version would include Oslo. While Oslo at first glance might appear to be minimizing the role of the developer by raising the level of abstraction, Microsoft believes it is just a natural step in the evolution of software development that does not put developers' jobs at risk, Wahbe said.

"Developers can deliver higher-quality applications faster," he said.

With Oslo, Microsoft has "definitely raised the bar," said analyst Nick Gall, vice president of the enterprise architecture team at Gartner.

"The Oslo approach to modeling is a refreshing new approach. That said, it is ambitious," Gall said.

"Any attempt to do really do model-driven architecture is ambitious. We've been trying to do executable models for 25-plus years, and all to date have failed," such as with CASE (Computer Aided Software Engineering) and Object Modeling Group efforts, said Gall.

Microsoft is attacking the two core issues of modeling: translating from models into executable code and the functional aspect of an application, in which functional models must accommodate nonfunctional aspects of an application such as security and systems management, Gall said. Microsoft has not yet completed the integration with nonfunctional models, he said.

Oslo integrates with existing applications, according to Microsoft. It brings together a connected view of models and builds on existing investments on top of the Microsoft platform. Microsoft also is working with ISVs on solutions built using Oslo, including line-of-business applications and DSLs, the company said.

The U.S. government is soliciting input on a way to make the Internet's addressing system less susceptible to tampering by hackers.

Under the idea, records in the DNS root zone would be cryptographically signed using DNSSEC (Domain Name and Addressing System Security Extensions), a set of protocols that allows DNS records to carry a digital signature.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The U.S. Department of Commerce is asking for comments through Nov. 24 on how DNSSEC could best be deployed.

The root zone is the master list of where computers can go to look up an address in a particular domain such as ".com." The DNS translates Web site names, such as www.idg.com into a numerical IP address, which is used by computers to find a Web site.

But several security problems within the DNS make it possible for hackers to supply a different IP address for a Web site. It means a user thinks she is viewing "www.idg.com" but actually is on a phishing site.

The most serious of these DNS vulnerabilities was revealed in July by security researcher Dan Kaminsky. Nearly all DNS software is vulnerable to the attack. Major vendors have deployed temporary patches but are working on a more permanent fix.

Security experts for years have advocated the adoption of DNSSEC, but implementation has been patchy. The U.S. government has said it will use DNSSEC for its ".gov" domain. Other ccTLDs (country-code Top-Level Domains) operators in Sweden (.se), Brazil (.br), Puerto Rico (.pr), and Bulgaria (.bg), are also using DNSSEC. The operator of the ".org" TLD has also committed to the system, according to the U.S. Department of Commerce.

But to get the full benefits of DNSSEC requires domain name registrars, domain name registries, ISPs, and others to upgrade their software. Users' systems would also have to be configured to verify digital signatures.

"DNSSEC signed root zone would represent one of most significant changes to the DNS infrastructure since it was created," according to a notice issued by the U.S. Department of Commerce in the Federal Register, a daily digest of U.S. government notices.

Implementing DNSSEC would also introduce new steps in how changes to the root zone are published. As it stands now, TLD operators send changes to the Internet Assigned Numbers Authority, which is part of the Internet Corporation for Assigned Names and Numbers. ICANN then sends the changes to the U.S. National Telecommunications and Information Administration, which is part of the U.S. Department of Commerce. After approval, VeriSign -- a commercial company -- modifies the root file and sends it to the operators of the 13 root servers around the world.

The heavy involvement of the U.S. government, as well as the interests of VeriSign, in how the Internet's addressing system is administered has drawn criticism that the process is too U.S.-centric.

And there appears to be a battle brewing over which entity will manage the cryptographic keys required to sign the root zone file.

ICANN has submitted a proposal advocating it should hold the keys. ICANN said it is a nonprofit, transparent organization that is "not subject to market-based profit and loss considerations."

VeriSign countered in its proposal that it should be able to hold one kind of key necessary for the signing process, and the other kind should be split among other entities.

Amazon's AWS cloud computing subsidiary will institute a new tiered pricing structure for its hosted storage service that includes price cuts for high-volume customers.

Simple Storage Service (S3) has reached a level of usage, holding 29 billion objects and handling 70,000 requests per second, that allows AWS to bring down its rates, the company said Thursday.

The new tiered pricing structure will kick in on Nov. 1. Customers aren't required to enter into contracts or commit to minimum fees, since S3 and other AWS services are billed per usage.

S3 is currently being used by companies of all sizes for a variety of tasks, including data backup and archiving, Web site content hosting, and file sharing, according to AWS. Types of IT professionals who use S3 include developers of Web applications, storage managers, and data warehousing administrators, said Alyssa Henry, S3 general manager.

"With scale, as we get larger, we're able to aggregate the usage of all our customers and get volume discounts from our suppliers and pass on these savings along to our customers," she said.

Currently in the United States, AWS charges a flat fee for S3 of $0.15 per gigabyte per month of storage used. The upcoming four-tier structure will keep the price the same for the first 50TB of storage, but lower it to $0.14 per gigabyte per month for a customer's next 50TB of storage. The price then drops to $0.13 per gigabyte per month for the next 400TB of storage and to $0.12 per gigabyte per month for storage beyond 500TB.

A similar pricing structure will be implemented in Europe, with the difference that prices there are a bit higher overall.

In Europe, AWS currently charges a flat fee for S3 of $0.18 per gigabyte per month of storage used. As of Nov. 1, the price will remain the same for the first 50TB of storage, and drop to $0.17 per gigabyte per month for a customer's next 50TB of storage. The price falls further to $0.16 per gigabyte per month for the next 400TB of storage and to $0.15 per gigabyte per month for storage beyond 500TB.

The S3 data transfer costs were reduced recently and will remain at their current levels.

S3 is part of the AWS suite of generic computing, payment, billing, fulfillment, and Web search services that customers can tap into over the Internet -- the increasingly popular cloud computing model for delivery of software and IT infrastructure services.

Other AWS cloud computing services include Elastic Compute Cloud (EC2) for computing power, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Queue Service (Amazon SQS), Amazon Flexible Payments Service (Amazon FPS), and Amazon Mechanical Turk.

Apple issued invitations Thursday for an event next Tuesday on its Cupertino, Calif., campus that will tout laptops.

"The spotlight turns to notebooks," the invitation sent to reporters read. The only other information Apple provided was its 10 a.m. PDT kickoff and driving directions to the building where the company will hold the event.

[ Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

CEO Steve Jobs traditionally hosts such presentations.

Bloggers and others have been talking up an Oct. 14 event for weeks, while analysts have been expecting Apple to refresh its laptop line for much longer. After Apple focused on its iPod business during a Sept. 9 presentation in San Francisco, analysts predicted that the company would use a separate event to launch new notebooks or revamp existing models before the holiday selling season cranked up. Much of the speculation has focused on the prospect of a new design.

Rumors of lower-priced laptops from Apple picked up momentum late Wednesday when the new Inquisitr blog quoted an unnamed source who claimed that the company had already sent revised price lists to its retail stores. Those prices, said Inquisitr, start at $800, nearly $300 less than the current least-expensive MacBook notebook, which costs $1,099.

"Apple's never had to go into a lower-priced mode," said Ezra Gottheil, an analyst with Technology Business Research Inc. "They've never faced serious price pressure."

The worsening economic conditions, however, may have forced Apple's hand, added Gottheil. "I can see an Apple 'netbook,'" he said, referring to the smaller, lighter and lower-priced laptops that have begun to steal some market share from traditional-sized portables. "But I'd still expect [Apple's] to have a premium price."

If Inquisitr's $800 price point is on the mark, Gottheil's price premium would indeed be in place; netbooks from other vendors that run Microsoft's Windows or one of the open source Linux distributions cost hundreds of dollars less.

Gottheil also speculated that Apple might extend its multi-touch technology -- which debuted on the MacBook Air last January -- or perhaps add TV tuners to some of its laptops.

Wall Street analysts have been trying to parse Apple's intentions since July, when company executives used the phrase "future product transition" several times to explain why they were forecasting lower profit margins in the near future.

At the time, Gottheil pegged his bet on an overhaul of the laptop line as the only move that could hit Apple's bottom line like that. "For a refresh to affect the entire company's gross margin, the product must contribute a significant percentage of Apple's revenue," he said. "The single model with the greatest revenue is the MacBook, which we estimate generated $1.3 billion in sales in [the second quarter]."

Microsoft plans to improve the much-maligned UAC (user account control) feature in the next version of its Windows client OS, acknowledging that the new security feature it built into Windows Vista has caused unnecessary problems for users.

On the company's Engineering Windows 7 blog, Microsoft called UAC one of the "most controversial" features of Vista and said it will tweak UAC in Windows 7 so it works more closely with Microsoft's intended goal for the feature.

[ InfoWorld's Enterprise Desktop blogger Randall C. Kennedy says improvements like these are just milestones to nowhere for Windows 7 ]

Microsoft added UAC to Vista in an effort to improve the security of the system and give people who are the primary users of a PC more control of its applications and settings. However, UAC turned out to be more of a headache for many users than a benefit.

"UAC was created with the intention of putting you in control of your system, reducing cost of ownership over time, and improving the software ecosystem," according to the post, which is attributed to Ben Fathi, corporate vice president of development for Microsoft's Windows Core Operating System Division. "What we've learned is that we only got part of the way there in Vista and some folks think we accomplished the opposite."

UAC prevents users without administrative privileges from making unauthorized changes to a PC. But because of how it was set up in Vista, it can prevent even authorized users on the network from being able to access applications and features they should normally have access to.

UAC does this through a series of screen prompts that ask the user to verify privileges, and it may require a user to type in a password to perform a task. Vista users reported that these prompts would interrupt a user's normal workflow, even during some mundane tasks, unless a user is set as Local Administrator. UAC prompts became so problematic that competitor Apple even spoofed them in a television commercial.

Microsoft said that in Windows 7, it will work to reduce UAC's "unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified," according to Fathi's blog post. It also plans to make the prompts "more informative" so that users can make better choices about how to proceed once prompted, and will provide "better and more obvious control" over UAC in Windows 7.

Microsoft is taking into consideration user feedback and the effect UAC has already had on third-party software to make changes to UAC in Windows 7, according to the blog.

Vista users said the reason the UAC prompts were so frequent and misguided is because many third-party Windows applications that predated Vista weren't developed to work with UAC's "Standard User" designation. Because of this, applications would default to requiring Local Administrator rights and prompt people who used the Standard User setting if they wanted to perform functions deemed as administrative tasks.

Third parties already are making changes to software that runs on Windows to accommodate UAC's Standard User designation, something Fathi said in his post is a good thing.

"UAC has resulted in a radical reduction in the number of applications that unnecessarily require admin privileges," he wrote, saying this "improves the overall quality of software and reduces the risks inherent in software on a machine which requires full administrative access to the system."

Microsoft is no stranger to dealing with flack over UAC. The company even called it one of Vista's "misunderstood" features in a paper it published on its Web site in May that tried to explain how best to work with certain Vista features Microsoft felt were barriers to people adopting the OS.

Windows 7 is the next major update to the Windows client OS and is expected to be released late next year or in early 2010. Microsoft plans to give developers an early look at Windows 7 at its Professional Developers Conference in Los Angeles next month.

Next week will be a busy one for system administrators as Microsoft is planning to ship 11 security updates -- four of them rated critical -- for its products.

The patches will include fixes for critical security bugs in Windows Active Directory, Internet Explorer, Excel, and the Microsoft Host Integration Server, which integrates Windows computers with IBM mainframes, Microsoft said Thursday in a note on the patches.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The critical Active Directory bug affects Microsoft Windows 2000 Server, but not other versions of Windows, Microsoft said. The Excel bug affects both Windows and Mac OS X versions of the product.

There will also be six less-critical updates, rated "important," by Microsoft, for Windows, and a "moderate" patch for Office. All of these updates are expected around 10 a.m. Pacific time on Tuesday.

Despite the large number of patches, Microsoft hopes that customers will be a little more secure than usual next week. That's because the October Patch Tuesday will mark the debut of two Microsoft security initiatives: the Microsoft Active Protections Program (MAPP) and something called the Exploitability Index.

The MAPP program gives security vendors an edge on writing protection against new attacks by offering them an early peek at the bugs that Microsoft will be patching each month. The program is designed to help Microsoft's security partners avoid a mad scramble as they figure out how attackers might exploit the latest Microsoft flaws. October marks the first time that companies have been given this early information.

The Exploitability Index should make it easier for customers to decide which patches to install first by giving Windows users a better idea of which bugs Microsoft finds most worrying. The index, which will be published with Microsoft's security bulletins next week, will separate the flaws that will simply cause a system crash from more serious bugs that could be used to give attackers control of a victim's machine.

The vulnerabilities listed in Microsoft's bulletins will be rated as "Consistent Exploit Code Likely," "Inconsistent Exploit Code Likely," or "Functioning Exploit Code Unlikely."