Apple's announcement of an iPhone Software Development Kit will empower developers to plug gaps in the iPhone's functionality. But for those who have been developing iPhone software via the unauthorized process called jailbreaking, the announcement raises questions about whether the thriving underground iPhone development market will continue or wither away into a small collection of carrier-unlocking hacks.

Although Apple CEO Steve Jobs suggested in May 2007 that Apple was working on a rich development environment , when the iPhone was first unveiled, the only opportunity for third-party developers was in the realm of Web-based applications accessed through the phone's Safari browser. Four months later, Jobs acknowledged that Apple would allow the development of native iPhone applications .

For the first year of the iPhone's existence, those who have wanted to create or run native iPhone software have been reliant upon the work of hackers who have managed to bypass the iPhone's software barriers. "Jailbreaking" an iPhone gives access to all of the phone's underpinnings, which are similar to the underpinnings of Mac OS X. Once programmers had access inside the iPhone, they quickly began assembling a set of tools that would allow them to create iPhone applications.

Those third-party apps brought in additional functionality that Apple didn't build into the phone's software itself. The programs ranged from the obvious omissions -- instant messaging clients and a to-do program -- to those with more limited appeal, such as an app to help you remember where you parked .

With most new releases of the iPhone software, Apple plugged the holes that the hackers had used to gain access to the iPhone's software. The back-and-forth between Apple and the hackers at times resembles a breakneck ping-pong match, with each Apple release followed in short order by the discovery of a new hole allowing the jailbreak to continue.

But now that Apple has take the wraps off its own development and distribution plans -- complete with their own set of restrictions and limitations -- the future of jailbreaking has been thrown into question. Why, with an Apple-approved and easy-to-use distribution method, would anyone continue to go through the bother of jailbreaking their phone?

Where the money isWhen asked why he robbed banks, notorious thief Willie Sutton was said to have replied, "Because that's where the money is." The same might be applied to Apple's iPhone application distribution plans. While there is nothing to prevent those developing apps for jailbroken phones from charging for their software, it's certainly an uphill climb to convince the average user to fork over money for a program that requires them to hack their phone.

"Many developers will undoubtedly switch to the Apple distribution system in order to make money," said Cody Overcash, co-founder of ModMyiFone.com , a site that tracks applications for jailbroken iPhones. Overcash expressed hope that some developers might adopt a two-pronged approach, making applications available in both Apple-approved and jailbroken flavors.

Overcash also suggested that open-source developers would be more likely to remain on the jailbroken track. "There is the age old battle between closed-source software for money and open-source software for free," he said. "One is about making money, the other is about sharing and learning from one another to build upon each other and make something great."

"I think we will see many of the current apps pulled from free distribution and put into the iTunes Store for pay," said Nate True , one of the hackers who contributed to the efforts to jailbreak the iPhone. True suggested that some developers might opt to also take advantage of jailbreaking in order to beta-test their products, but admitted that "the vast majority of developers will move to the SDK." (Apple will also give developers the option of releasing their software on the iPhone's new App Store for free.)

Apple's way or the highway

Under Apple's iPhone software-distribution plan, only programs submitted by Apple-approved developers and approved by Apple will appear on the iPhone App Store. It is Apple's role as the gatekeeper of all third-party iPhone software that most concerns existing members of the iPhone hacking community.

"I would much rather be able to put whatever I want on my phone," said True. Overcash cited programs that allow users to customize, or "skin," the iPhone's interface, as an example of a type of functionality that isn't covered by Apple's development kit and therefore won't be a part of the official iPhone economy.

The added bureaucracy that Apple is likely to bring also has Overcash concerned. "Getting your [program] approved and passed through the Apple system and finally onto distribution via App Store (assuming an app makes it through initial approval) will be time intensive," he said. Overcash contrasted that with the jailbreak system, which he called "quicker and more flexible."

Such bureaucracy, however, is balanced out with the legitimacy that only Apple can offer.

"It sounds like Apple is going to provide a powerful SDK and distribution channel," said Ken Aspeslagh, iPhone specialist at software and accessory developer Ecamm Network .

Paul Kafasis, CEO of software developer Rogue Amoeba , suggested the Apple's approval may have a chilling effect on the jailbreak process: "I think it will slow things down as people can do more with the proper channels." And, he added, when it comes to the end user, simplicity rules. "I think fewer people will be willing to jailbreak their own phones now," Kafasis said.

True and Overcash don't see the SDK and jailbreaking as mutually exclusive, however. "I see Apple's SDK as a tool that can only improve on what has been accomplished on jailbroken phones," said Overcash.

And True said that the two approaches will be able to co-habitate. "Jailbreaks are designed to leave the rest of the phone functioning properly, and the SDK is one of those functions that will likely be preserved," he said.

The politics of unlocking

Apple has already used its status as the arbiter of iPhone applications to say that certain things will not be allowed on App Store. When asked point blank at the iPhone SDK event whether Apple would allow an application that would enable users to unlock the iPhone for use on mobile phone carriers other than those with which Apple has deals, Steve Jobs gave an unequivocal "no."

The popularity of unlocking iPhones is difficult to ignore. It's been estimated that as many as a million iPhones are currently in use in countries where Apple does not yet offer the device for sale, and anecdotal reports of unlocked iPhone sightings have come in from countries as close as Canada and as far as China . Apple executives have acknowledged that unlocking is widespread; CFO Peter Oppenheimer quipped at an investment conference earlier this month that it was easier to name countries where the phone wasn't being unlocked than those where it was.

"People who need their phones unlocked still have to run unauthorized software," said Nate True. As a result, True said that jailbreaking the iPhone will continue. "As long as there are iPhone unlockers, there will be jailbreaks, and any mechanisms Apple puts into the iPhone to stop jailbreakers will thus be broken," he said.

"People want to choose the carriers they use in the countries they live in," said ModMyiFone.com's Overcash. "Until the point where the iPhone is free from the carriers it's sold on and available for purchase unlocked, for use in 'non-approved' countries, unlocking will not stop."

Meet the new boss, same as the old boss

And, indeed, if recent events are any indication, the hacking will continue. One group has already announced that they've hacked a beta version of the iPhone 2.0 firmware to allow not only jailbreaking but unlocking as well. The team claims that their solution, which involves creating custom firmware, will be difficult for Apple to patch.

It appears that, for now, the ping-pong match is far from over.

A blossoming Web attack, first reported by security researcher Dancho Danchev earlier this month, has expanded to hit more than a million Web pages, including many well-known sites.

"The number and importance of the sites has increased," wrote Danchev in a Friday blog posting where he reported that trusted Web sites such as USAToday.com, Target.com, and Walmart.com have been hit with the attack.

The criminals behind this have not actually hacked into servers, but they are taking advantage of Web programming errors to inject malicious code into search results pages created by the Web sites' internal search engines.

Here's how an attack would work: The attacker searches for popular keywords, such as "Paris Hilton," on the Web site's internal search engine. But instead of conducting a normal search, the bad guy tacks an HTML command to the end of his search. This command that opens up an invisible iframe window in the victim's browser that then redirects it to a malicious Web site, which then tries to install fake antispyware or a version of the Zlob Trojan Horse malware on the victim's PC.

In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.

"Malicious parties are actively poisoning these sites' search query caching feature to position the keywords among the top ten search results, thereby infecting anyone coming across them," said Danchev, in an instant-message interview.

He believes that more than 1 million Web pages have been infected using this technique.

"The more keywords they submit with [malicious] script, the more pages with popular keywords the high page ranked sites would cache," he said. This increases the chance that someone will see the search results hosted on the reputable site and click on the malicious page.

The Web sites that have been hit with this attack could fix the problem by doing a better job of checking the search queries on their internal search engines to make sure that there is no malicious code in them, Danchev said.

Hackers are increasingly looking for ways to install their code on trusted Web sites. In recent weeks, security vendors have found hundreds of thousands of Web pages affected by this and other similar attacks.

The security researcher who walked away with $10,000 Thursday by hacking a MacBook Air in less than two minutes said he chose to attack Apple Inc. 's operating system for one simple reason.

"It was the easiest one of the three," said Charlie Miller , a principal analyst with Independent Security Evaluators (ISE), a Baltimore-based security consultancy. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X ."

On Thursday afternoon, Miller breached a MacBook Air , one of three laptops up for grabs in the "PWN 2 OWN" hacker challenge at CanSecWest, a security conference that wraps up today in Vancouver, B.C. For his efforts, he was got the computer and a $10,000 cash prize.

The MacBook Air was running the most current version of Mac OS X, 10.5.2 with all the latest security patches applied. The other two computers, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10 and a Fujitsu U810 notebook running Windows Vista Ultimate SP1, were also up-to-date and fully patched.

"We sat down about three weeks ago and decided we wanted to throw our hats into the ring," said Miller, referring to himself and ISE colleagues. "It took us a couple of days to find something, then the rest of the week to work up an exploit and test it.

"It took us maybe a week altogether," Miller said.

Because Miller was bound by a non-disclosure agreement with 3Com's TippingPoint , the security company that ponied up PWN To OWN's cash prizes, he was unable to share details of the vulnerability. He did confirm, however, that he had exploited a bug in Safari 3.1, the current version of Apple's browser.

The PWN To OWN challenge actually started Wednesday, but the rules for that first day required researchers to break into one of laptops using a remote code-execution exploit of a zero-day. At stake: the laptop and $20,000. Only one researcher stepped up that day, however, and was unsuccessful.

Yesterday, the computers' exposure to attack was expanded by allowing hackers to go after any client-side applications installed by default, including Web browsers. Contestants were also allowed to replicate the common tactic of duping a user into following a link in an e-mail or visiting a malicious Web site. In Miller's case, he had set up a malicious Web site; the URL to that site was typed into Safari's address bar.

"I've had a change of heart," said Miller today. "I used to think server-side vulnerabilities were easier to exploit, but now I almost think it's easier to exploit the client side. Think about a browser. There's a million things it has to do. It has to handle images and video and audio and ... that's where the danger is these days."

Miller, formerly with the National Security Agency, may be best known as one of the first to hack Apple's iPhone last summer. In August 2007, he also blasted Apple for its sluggish updating of the open-source components it uses in its operating system, calling the practice "negligent."

At the time, Miller said he had found at least one critical vulnerability that had been patched in WebKit, the open-source code that powers Safari's engine, but integrated into Apple's browser. When pressed whether the vulnerability he used yesterday to snap up the $10,000 was a similar bug, he sidestepped the question. "The version of WebKit Safari was using [before 3.1] was very very old, but when they switched to 3.1, it's now pretty much up-to-date."

Apple updated Safari to version 3.1 two weeks ago, patching 10 vulnerabilities in the Mac OS X edition, most of them cross-site scripting bugs.

"[Mac OS X] security is better than it was three or four months ago," said Miller when asked to characterize Apple's current security status. "...We were equally capable of finding [a vulnerability] in Windows if we had to," he said.

TippingPoint, which acquired the vulnerability for its Zero Day Initiative (ZDI) bug-bounty program, said yesterday that it has reported the Safari flaw to Apple. "Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability," TippingPoint said in a statement on its company blog .

Apple has released Mac Pro EFI Firmware Update 1.3 . The software is available for download through the Software Update system preference and directly from Apple's Web site.

The software is intended specifically for Mac Pros manufactured in early 2008. It updates the Extensible Firmware Interface (EFI) code installed on these systems. Once the firmware has been updated, the Mac Pro's BootROM version should be MP31.006C.B05, according to Apple.

Apple said the update "fixes several issues to improve the stability" of Mac Pro (Early 2008) models.

It is intended specifically for 2008 Mac Pro models. Users of older Mac Pro systems should not apply this update.

Ingres is looking to make life easier for developers with a couple of announcements. It has teamed up with enterprise content management company Alfresco to produce an integrated software bundle allowing users to have a simple way to implement ECM and a database at the same time. Ingres has also announced a bundle that will enable developers to create Java applications using the Eclipse Foundation's open-source development framework.

"There's nothing fundamentally new here," said Deb Woods, Ingres' vice president of product marketing. "But what we have done is made it easier for developers to use existing components: It just takes three clicks," she said. "What we're offering is an end-to-end total solution for ECM developers. They don't have to use a proprietary database, they can use an open-source database that has full enterprise characteristics."

She admitted that there were other open-source options available for Alfresco developers but said that Ingres offered a range of features for enterprises, including point-in-time restart, backward compatibility, and the availability of 24/7 support.

Emma McGrattan, senior vice president of engineering at Ingres endorsed that approach. "What has been happening is that developers start work on an open-source database and move over to Oracle; now they can start on Ingres and end on Ingres."

Woods said that last year the company had identified three key areas that it wanted to grow: business intelligence, application development, and content management. The company added BI to its Icebreaker product last year and the Alfresco and Eclipse deals are the next strands.

The company's Eclipse bundle, Ingres Café (Consolidated Application Foundation for Eclipse) has been developed as an open-source community contributed project led by Samrat Dhillon, a graduate student at Carleton University, Ottawa, Canada.

Ingres Cafe bundles the Eclipse IDE, Ingres DBMS, Apache Tomcat, Hibernate, and JSF libraries into a single package. Ingres Cafe includes a version of the Eclipse Framework and will include the Ingres Eclipse DTP (Data Tools Platform) plug-in which was designed with developer productivity in mind, incorporating rich functionality of the tool while maintaining a consistent way of working.

McGrattan, who's also a board member of Eclipse, said that Cafe would help reduce labor costs with no acquisition costs up front. "It will be particularly appealing to systems integrators," she said.

The security of the most widely used standard in the world for transmitting mobile phone calls is dangerously flawed, putting privacy and data at risk, two researchers warned at the Black Hat conference in Europe on Friday.

Researchers David Hulton and Steve Muller showed at Black Hat in the U.S. last month how it was possible to break the encryption on a GSM (Global System for Mobile Communications) call in about 30 minutes using relatively inexpensive off-the-shelf equipment and software tools. The hack means they could listen in on phone calls from distances of up to 20 miles (32 kilometers) or farther away.

They're still refining their technique , which involves cracking the A5/1 stream cipher, an algorithm used to encrypt conversations. In about another month, they'll be able to crack about 95 percent of the traffic on GSM networks in 30 minutes or faster with more advanced hardware.

Their research has been motivated in part by the absence of a more secure encryption method despite years of warnings about GSM.

"Ultimately, we are hoping that the mobile operators actually initiate a move to secure their networks," Muller said. "They've had about 10 years, and they haven't done it. In my opinion, there is only one language that they speak: that's called revenue. As soon as they lose the revenue, they will actually change."

Since 1991 when GSM networks debuted, the integrity of their security has declined as researchers probed. In 1998, the A5/1 and the A5/2, a weaker stream cipher, were broken.

Commercial interception equipment is available now to eavesdrop on calls, which can cost up to $1 million. Hulton and Muller were game for a challenge and wanted to do it more cheaply.

For around $700, they bought a Universal Software Radio Peripheral, which can pick up any kind of frequency up to 3GHz. They modified the software to pick up GSM signals broadcast from base stations. They compared those with signals picked up by a Nokia 3310 phone, which had a software feature that allowed for a revealing peek inside how GSM works.

Hulton and Muller studied how a GSM phone authenticates with a base station and sets up an encrypted call. They then built a machine with lots of memory that uses Field-Programmable Gate Arrays, high-powered hardware used for intensive calculations, in order to crack the call's encryption.

And now they're planning to commercialize the technique, although Hulton said they will vet buyers. He said they haven't had any feedback from operators on their research.

Muller warned that faster attacks on GSM will likely emerge, making it more imperative that the mobile industry finds a solution.

"We started [this project] because everyone said we couldn't do it," Muller said. "Attacks will always get better, they'll never get worse."

Conferences this week put the spotlight on security news with a MacBook Air being hacked in two minutes during a competition and research finding that Microsoft patches holes faster than Apple. Otherwise, H-1B visas were back in the news, word seeped out that Microsoft is planning software to compete with Google Docs and Google Apps, and Motorola announced -- finally! -- that it will divide into two separate companies.

1. Microsoft prepares 'Albany' to compete with Google : Microsoft's "Albany" project is combining Office, Office Live Workspace, Windows Live OneCare, and the Windows Live service suite in an effort to take a shot at Google Docs and Google Apps hosted productivity suites, according to sources. The secret project is expected to lead to a software package that will be available in stores. Microsoft is tapping select testers to give the Project Albany beta a whirl with the initial test focus on a unified installer for the software package, the sources said. Microsoft would confirm only that it has sent out beta invites for a product with the code-name Albany, but otherwise mum's the word.

[ Video: Review the week in IT news with the World Tech Update ]

2. Black Hat: Who patches security holes faster, Microsoft or Apple? : Apple's witty advertisements that take jabs at Microsoft, suggesting Apple products are more secure, might not square with reality, according to research released at Black Hat. Swiss Federal Institute of Technology researchers found that Microsoft outpaces Apple when it comes to issuing patches. The researchers looked at what are called zero-day patches, those that are made available the day a vulnerability becomes publicly known, examining medium- and high-risk bugs for the past six years. "Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," researcher Stefan Frei said. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple."

3. Motorola to split in two and Nokia and Samsung winners in Motorola split : In this week's installment of the news we've all been expecting, Motorola is splitting into two companies, one that will make mobile devices and the other network infrastructure. The plan needs regulatory approval, but assuming that happens, the division will take place next year. According to analysts, the distraction of all of that spells good news for Nokia and Samsung, which could continue to make inroads on Motorola's tumbling market share.

4. Utilities explore energy-saving incentives for IT : Representatives of 19 North American utility companies met to consider how to cut IT energy consumption with incentives including rebates. Led by Pacific Gas & Electric, the meeting in San Francisco was said to be the first for North American utilities specifically targeting IT. Datacenters were an obvious topic of discussion, but desktop PCs and other equipment were also considered.

[ InfoWorld's Ted Samson has discussed a federal government program to help datacenter operators cut energy waste and costs and also highlighted the return-on-investment that green IT can provide ]

5. Gone in 2 minutes: Mac gets hacked first in contest : Researcher Charlie Miller made a cool 10 grand and won a MacBook Air after hacking into the laptop in two minutes at the CanSecWest security conference. Miller has mad skills when it comes to hacking Apple products -- last year he was one of the first researchers to hack an iPhone. He had to sign an agreement at the competition this week that he wouldn't discuss details of the bug he exploited to break into the MacBook Air until contest sponsor TippingPoint filled Apple in. Within hours of the contest on Thursday, Apple engineers were working on a patch.

6. H1-B backers seek White House help for foreign students : Supporters of changes in H-1B visas took their pleas to the Bush administration after not making progress with Congress. They're asking for a time extension so that foreign graduates of U.S. universities can remain in the country on student visas for 29 months instead of the year now allowed. The proposal wouldn't boost the government cap on H-1B visas issued every year to skilled non-U.S. workers, but it would give students extra time to earn the degrees needed to qualify for such visas.

7. Universities build open-source enterprise applications : A group of U.S. universities is building big, mission-critical enterprise applications that have been the territory of SAP, Oracle, and Microsoft. And they're using an open-source software model for their work. A financial management application, Kuali Financial System, is the first application they've produced, and it's available under a variant of the Apache 2.0 license. First deployment was to Strathmore University, a small school in Nairobi, Kenya, which estimates that it cut deployment costs in half by going with the open-source software over commercial software.

8. Analyst: Money will fuel mobile spying programs : Financial gain from selling spying tools is expected to lure more sophisticated programmers to that dark side, according to Jamo Niemela, a senior antivirus researcher at F-Secure in Finland. He spoke at the Black Hat conference in Amsterdam this week, predicting that the path for spying programs for mobile phones will follow that of malware and PCs. Hackers sell tools that are easy to use to less-savvy hackers instead of doing the PC hacking work themselves. Researchers are led to believe from anecdotal evidence that companies are trying to cope with mobile spyware on phones. "There have been certain cases of corporate customers asking very detailed questions about spy tools and not mentioning why they need the information," Niemela said.

9. Sun ships servers open to attack : Whoops! Sun shipped servers in the Sparc Enterprise T5120 and T5220 lines with unsafe configurations in disk images that could enable remote attackers to take over the servers. The company issued a security alert Feb. 12, but it wasn't picked up by third-party security vendors until this week. The Sun advisory told customers how to figure out if they had one of the buggy servers and what to do to lock down affected machines, but didn't offer much in the way of details beyond that.

10. Red Hat: Open source benefits from U.S. unpopularity : Speaking at the Open Source Business Conference held in San Francisco this week, Red Hat CEO Jim Whitehurst claimed that the negative opinion of the U.S. found abroad has actually been a boost to open-source companies. "I never thought I would say this but actually, being very unpopular in the world, as frankly the U.S. is these days, is a huge benefit to open source," Whitehurst said. Outside the United States, open source is seen from a public policy perspective as a fundamental good, and people are resentful of sending billions of dollars back to the U.S. in "intellectual property taxes," so they turn to open-source software in order to operate without the shackles of U.S. intellectual property law.

[ Check out InfoWorld's open-source roundtable discussion ]

Ballots are rolling in for the final ballot to decide whether the International Organization for Standardization (ISO) adopts a file format based on Microsoft's Office Open XML (OOXML) as an international standard. Countries previously against adoption or abstaining, such as the Czech Republic, Denmark, and Finland, are now voting in favor.

In the ballot, due to close on Saturday, 87 national standards bodies will have a chance to vote on adoption of OOXML as an international standard for office documents.

ISO already has one standard for office documents, OpenDocument Format (ODF), which has the backing of many of Microsoft's rivals, including IBM and Sun Microsystems. ODF is the native document format in a number of applications, including Sun's StarOffice, IBM's Lotus Symphony, and the open source application OpenOffice.org.

That corporate rivalry has made for an often-acrimonious voting process, as the technical committees advising national standards bodies typically include representatives from many of these companies.

ISO held a first ballot on adoption of OOXML last September, but the format failed to win approval from enough countries. ISO rules require that standards bodies voting against adoption of a draft standard give technical reasons for their disapproval. ISO then organizes a meeting to improve the draft in light of those comments, after which the countries that took part in the original vote have a month to examine the revised draft and decide whether to change their vote.

For OOXML, the ballot resolution meeting took place in Geneva at the end of February, and standards bodies have until Saturday to inform ISO if they wish to change their vote.

To become a standard, OOXML requires approval from three-quarters of all countries voting, and approval from two-thirds of "participating" or "P-member" countries. In September, it missed both targets, with 74 percent support overall and just 53 percent among the more powerful P-members.

Some countries have been swayed by the changes made to the draft.

Denmark announced Friday that it will now vote in favor, rather than against, while the Czech Republic announced a similar decision earlier in the week. Both are P-members.

Cuba, on the other hand, announced that it is now against, while Kenya, a P-member, has decided to abstain.

Finland, another P-member, is also now in favor. The national standards body SFS abstained in September, but changed its vote on Thursday after a five-hour meeting.

The debate was heated, said Juha Vartiainen, a technical adviser at SFS, with around 40 experts taking part in the discussion.

"There was strong opposition, but not so strong as last time," he said.

The tradition at SFS meetings is to reach a consensus rather than to vote on matters such as this, he said.

"We didn't fully reach it, but after five hours the chair made the decision," he said.

While Finnish software company representatives at the meeting remained entrenched in their positions, representatives of central and local government, who also have a voice, were persuaded that the Geneva meeting had improved the draft standard enough to approve it.

"It was mainly government bodies and communities that are for it, that was the big change," said Vartiainen.

(Additional reporting by Brenda Zulu in Lusaka, Zambia, and Rebecca Wanjiku in Nairobi, Kenya.)

Representatives from 19 North American utility companies met in San Francisco on Thursday to explore ways of cutting IT energy consumption by offering rebates and other incentives.

The effort has been led by Pacific Gas & Electric (PG&E), which serves much of the San Francisco Bay Area and Silicon Valley, areas replete with technology companies and datacenters that have some of the greatest need to reduce energy consumption.

Thursday's meeting marked the first time utility representatives from across North America have met to discuss how to implement such incentive programs, which focus largely on datacenters but also include desktop PCs and other equipment.

Following a brief lull after the dot-com bubble, energy consumption at datacenters has been surging again, particularly at colocation facilities that provide capacity for other companies, said Mark Bramfitt, PG&E's principal program manager of customer energy efficiency.

He estimated the current total demand from data centers in the PG&E region is 400 to 500 megawatts at any given moment. That has increased by between 50 and 75 megawatts in just the past 18 months, he said, driven partly by new colocation facilities.

"We had tremendous growth in datacenter capacity in the dot-com boom that never got filled. I can tell you that that capacity is now full to the gills, and they are asking us for more power," he said.

The programs being developed use different techniques to encourage efficient power use, with utilities offering to cover as much as 70 percent of the cost for companies that meet program requirements.

Seattle City Light will launch a program in the coming weeks that rewards companies for installing network-based software that manages PC power consumption. Such products cost between $11 and $25 per PC, and Seattle City Light will contribute $8 per PC, said Greg Whiting, manager for energy conservation. Vendors offering such products include Verdiem and 1E. Companies that take part in the program should get a return on their investments within 18 months, according to Whiting.

BC Hydro, which serves British Columbia, hopes to introduce its first datacenter initiative in the coming months. It will offer to pay up to 60 percent of the cost of implementing virtualization software to consolidate servers, said David Rogers, an IT adviser at BC Hydro Power Smart.

Besides reining in escalating demand for power, the utility companies have a financial incentive to offer such programs. "Our goal is to avoid the capital cost of building new power plants," Whiting said. "Encouraging companies to conserve power makes more sense than for us to keep spending to add marginal capacity."

PG&E's program, launched in 2006, also rewards companies for using server virtualization. The company has 60 customers in the program and has made payments so far to seven companies, said Randall Cole, senior project manager for PG&E's server virtualization incentives.

The number of utilities offering such programs is still low, however. No more than a dozen utilities offer incentive programs for IT today, Bramfitt said, out of perhaps 200 utilities in North America. Other utilities at Thursday's meeting were from Southern California, the Pacific Northwest, Texas, and New York.

One challenge is that utility companies are not IT experts, so one goal of the meeting was to educate them about energy usage in datacenters. "One of the companies in our region is Microsoft, and they probably know 50 times more about the technology than we do," Whiting said.

PG&E also had some teething problems. Some customers complained at first that it was too hard to calculate how much energy they would save, and therefore how much of a rebate they would be entitled to, so PG&E greatly simplified the formula, Cole said.

Interest among customers is high, according to Rogers. "I've visited 50 datacenter customers, and there's tremendous support for this program," he said.

Paul McGuckin, a Gartner research vice president who spoke at the event, said companies are interested in the programs for financial reasons and because they are "really frightened" about running out of datacenter capacity. Concerns about the environment are rarely mentioned, except for public relations purposes, he said.

A report last year from the Environmental Protection Agency said datacenters account for 1.5 percent of the total energy consumed in the U.S. "This may not sound like a lot, but the escalation is truly frightening," McGuckin said.

Most datacenters are run very inefficiently, he said. Some easy ways to conserve energy are to consolidate industry-standard servers, turn servers off when they are not in use, raise the temperature of data centers and, when possible, use natural air for cooling.

Joe Skorupa, another Gartner vice president, said networking equipment is often ignored but accounts for perhaps 10 percent of datacenter power consumption. Customers should explore high-density switches offered by several vendors, he said.

He advised against Gigabit Ethernet to the desktop, which he said consumes more power than lower-capacity Ethernet and is not required by most users. And he urged people to think twice about fancy VoIP (Voice over Internet Protocol) phones. "Eight-line color display VoIP phones suck up more power, and all anybody looks at is the last two numbers dialled," he said.

Programmers were urged to expand their horizons Thursday at TheServerSide Java Symposium in Las Vegas.

During a keynote presentation entitled, "Why the Next Five Years Will Be About Languages," Ted Neward, author of "Effective Enterprise Java," stressed new technologies, such as languages and DSLs (domain specific languages) for developers to try.

"We stand on the threshold of a renaissance in programming languages," Neward said.

He offered the following advice: Look at enhancements to languages, look at new languages being developed, and look to create new languages.

"Building your own DSL is much simpler than you might think, and it's worth it to spend a week, a weekend, some amount of time, even if it's off the clock, trying it out, playing with it." Neward said.

He also cited "a surge of interest in language as a concept." Neward listed new developments such as Microsoft's F# functional programming language; AspectJ, which provides aspect-oriented extensions to Java, and languages like Scala and Pizza.

"The language renaissance has already begun," Neward said.

Outside the Java world, Microsoft has more languages appearing on its Common Language Runtime, Neward said. "There's a ton of languages out there we can take advantage of," he said.

Neward also advised taking a look at new tools to meet such challenges as developing for multi-core chips.