The Software Freedom Law Center, which provides legal help to the free and open-source software community, has released a detailed document that describes how users and vendors can ensure they are in compliance with the open-source GNU General Public License (GPL) .

Initially, GPL compliance was enforced through informal means, such as bulletin board discussions, but as Linux's profile grew in ensuing years, enforcement efforts became more organized and ultimately entered the courts, the report notes.

It need not go that far, according to authors Bradley Kuhn, Aaron Williamson, and Karen Sandler.

"We have found that most violations stem from a few common mistakes that can be, for the most part, easily avoided," they wrote. "We hope to educate the community of commercial distributors, redistributors, and resellers on how to avoid violations in the first place, and to respond adequately and appropriately when a violation occurs."

Among the lengthy report's tips is a caution not to rely on "build gurus."

"Too many software projects rely on only one or a very few team members who know how to build and assemble the final released product," it states. "Such knowledge centralization not only creates engineering redundancy issues, but it also endangers GPL compliance, which requires you to provide build scripts."

Companies should also closely watch their software purchases to ensure they are compliant with the GPL, according to the report.

"The companies we contact about GPL violations often respond with: 'We didn't know there was GPL'd stuff in there,'" it states. "Integration of third-party proprietary software typically requires a formal arrangement and management/legal oversight before the developers incorporate the software. By contrast, your developers often obtain and integrate FOSS without intervention. The ease of acquisition, however, does not mean the oversight is any less necessary."

Nokia confirmed Thursday its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications.

But the company is evasive on whether it paid ¬20,000 ($29,500) to researcher Adam Gowdiak of Security Explorations, who wanted payment for the six-month effort spent finding the flaws.

[ Read the related story on how researcher Adam Gowdiak found critical bugs in Nokia phones. ]

Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.

Nokia has a complete copy of Gowdiak's research, said Mark Durrant of Nokia's corporate communications.

The mobile giant's position could rekindle the debate among security professionals on whether voluntary research should be rewarded by vendors whose products are affected.

Vendors typically steer clear of paying researchers for vulnerability information and alternatively encourage what they term is "responsible disclosure," or a discrete notification before vulnerability information is made public. Vendors also don't want to be at the mercy of vulnerability hunters, who could threaten to turn information on a flaw over to hackers.

"It would be very easy for there to be an idea that you can hold companies to ransom," Durrant said. "The reality is he [Gowdiak] has done a significant amount of research, and clearly it's understandable he wants to find a way to monetize that."

Gowdiak, a researcher in Poland, said earlier this month he had found problems with Java 2 Micro Edition, (J2ME) an application framework for mobile devices, as well as the Series 40 OS. Nokia claims Series 40 is the mostly widely used mobile device platform.

Gowdiak has done research on the Java Virtual Machine and wrote on his Web site that he worked at one time for its developer, Sun Microsystems.

While details on the vulnerabilities are limited, Gowdiak has said an attack could be mounted by sending maliciously crafted messages to a particular phone number.

Nokia said some of its Series 40 products are vulnerable to an attack that could result in the secret installation of applications. The company said it has also found earlier versions of J2ME could allow privilege escalation or access to phone functions that should be restricted.

"Our testing has been concentrating on products that might have both of the claims present," according to a Nokia statement.

Nokia said it isn't aware of attacks against Series 40 devices, and the problems do not represent a "significant risk." Durrant said that conclusion is based on the fact the vulnerabilities are not yet public and it is difficult to execute an attack using the flaws.

"This requires deep technical skill," Durrant said. "This isn't something someone in a garage is going to be able to sort out in an afternoon. He's [Gowdiak's] clearly a smart guy."

Gowdiak said he provided Sun and Nokia on Aug. 7 with one- to two-page summaries of the vulnerabilities he found. Sun has indicated it will soon issue patches.

Gowdiak won't say if Sun paid for the full research. But Sun's intent to patch shows the company was able use the information that "we gave to them for free," he said.

"It wasn't that we tried to demand money from Sun and Nokia," Gowdiak said. "We didn't try to blackmail them."

Dell has reached a three-year deal with Salesforce to use the latter's Force.com development platform to build software for its "entire global workforce," according to Salesforce CEO Marc Benioff.

The deal is the largest ever for Salesforce, Benioff said during the company's earnings call on Wednesday, according to a transcript. He did not disclose the financial terms.

[ Learn more about Force.com in the related story "Salesforce.com promotes development in the cloud." ]

The two companies had an existing relationship. Dell's IdeaStorm.com Web site is based on Salesforce's Ideas application, and the computer maker also uses the Salesforce automation system for its global sales team, Benioff said.

"We also have been working with some of their key software providers to port some of the applications that they have internally natively onto Force.com for them to use," Benioff said. "And all of that together, suddenly we were one of their key technology vendors and it really gave them the ability to sign what we call an enterprise license agreement with us."

Benioff did not specify whether the deal means Dell is replacing its entire internal tooling environment with Force.com, or merely intends to build applications for deployment enterprisewide.

Dell could not immediately be reached for comment Thursday.

"Having a big hitter commit to developing on Force.com is really important," said 451 Group analyst China Martens. "Previously, those committing have tended to be SaaS SMB players like Centive or Xactly or midmarket, on-premise apps vendors looking to get SaaSy quickly, like Coda."

In the past, Dell has "talked proudly about not needing to rely on a third-party vendor's ERP, but creating its own apps," Martens added. "So I wonder if that might be a possibility, as well as the ability to tailor Salesforce CRM more to the needs of its sales reps."

A sizable customer like Dell could also help serve as a real-life test bed for Force.com development, Martens said.

Also on the earnings call, Benioff cited statistics about Force.com's overall uptake. The service now has 100,000 registered developers, about double that of a year ago, and Force.com has been used to develop more than 80,000 custom applications, he said.

In addition, Benioff discussed how Salesforce plans to help its developers work with other cloud computing platforms from the likes of Google and Amazon.

"You are going to see us offering our customers natively Google App engine and other cloud computing paradigms directly from our [application programming interfaces]," he said. "You see it already where some of our ISVs build the majority of their application in Force.com but maybe will reach out to [Amazon], reach out to Google App Engine or others. We're going to collapse that access into our API to make it as easy as possible for them."

Amazon has rolled out a persistent storage feature for its EC2 Elastic Compute Cloud, which should allow developers to use its hosted computing services for a much broader range of applications.

The feature, called Elastic Block Store, allows developers to create a storage volume of between 1GB and 1TB and attach it to "instances" of applications running in Amazon's cloud. Developers can then detach the storage volume and use it later for other application instances and back it up to Amazon's S3 storage service if they need more durability.

[ For an in-depth look at competing cloud computing offerings check out "Cloud versus cloud: A guided tour of Amazon, Google, AppNexus, and GoGrid." ]

Without EBS, the storage volume is tied to a particular instance and the data lost when the job is terminated, Amazon said. EBS had been in closed beta testing for several months and was made widely available Thursday.

Right Scale, a company that provides tools and services for EC2 users, described EBS as "a Storage Area Network in the cloud." It said it will open EC2 to new usage scenarios, including allowing developers to take traditional relational database applications and move them to the Amazon cloud.

"What does EBS enable? In short: traditional processing on large datasets and reliable storage for many servers," Right Scale said in a blog posting.

Besides database applications, Amazon said EBS is suitable for "many other applications that require running a file system or access to raw block-level storage." It said multiple storage volumes can be attached to the same application instance, and developers can create "point in time snapshots" of volumes if they are backed up to S3.

EBS is priced at $0.10 per allocated gigabyte per month, plus $0.10 per 1 million I/O requests made to a volume. So, a 100GB Web site database averaging 100 I/O requests per second would cost $36 per month, Amazon said.

The company has been working hard to attract more businesses to its cloud services, but recent outages haven't helped its cause. The S3 storage service was down for several hours last month, for example, which left some customers that depend on the service stranded.

Just because you can do something, that doesn't mean you should. That old truism goes double for computers. But some PC geeks are so fanatical about performance, so doggedly determined to push their hardware to extremes, that they'll go to ridiculous lengths to wring a few more clock cycles out of their components or add a little more cool factor to their rig.

This article is dedicated to all those insane, irrational enthusiasts who defy all reason and common sense in the pursuit of PC glory. We've tried and tested five risky upgrades that no sane user should ever try. Don't get us wrong -- these upgrades deliver genuine benefits. But they aren't for the faint of heart, as each is either time-consuming, expensive, or dangerous to your hardware. If you like to walk on the wild side, though, grab your screwdriver and follow along.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

Replace Your Laptop's LCD ScreenWant better screen resolution, or maybe a glossy display instead of a matte one? Subbing in a new LCD panel for your old one is a bit extreme, but doable. This upgrade is one of the trickiest and most time-consuming laptop surgeries you can perform, with little guarantee that the new screen will work as it should. Still, if you do your homework in advance and select the right hardware for your machine, the payoff can be spectacular.

According to replacement-LCD supplier ScreenTek, upgrading a screen can, unfortunately, be a matter of trial and error. Whether a higher-resolution screen will work on your notebook depends on many factors, including the laptop's video card, cable, and firmware. And of course, the new display must fit in the space available.

Before you purchase a replacement, it's a good idea to talk with a sales rep at ScreenTek or a similar LCD reseller to see what screens are available for your notebook.

To replace the LCD on our Dell E1505, we first had to remove the laptop's hinge cover and keyboard, by taking out screws from the bottom and rear of the machine; then we had to unplug the antenna and video cables from the motherboard. Those steps allowed us to remove the LCD assembly from the laptop's main body. Taking off the small rubber bumpers on the front of the screen revealed screws beneath. We removed the screws and then pried the bezel away from the screen, gaining access to the bare LCD beneath. We had to work slowly: It's easy to snap the plastic on the bezel during this part of the disassembly.

Brackets on each side of the LCD hold it in place. After removing the screws and unplugging the cables, we finally took out the bare LCD and replaced it with the new one. Then we simply reversed the disassembly process to put everything back together properly.

Prior to reassembly, plug the cables in and boot the machine up to ensure that it's working correctly. If you don't get a picture, check that the cables are properly seated, and try again. If it still doesn't work, your notebook simply may not support that display resolution.

(If this risky upgrade is too nuts for your blood, check out five way easier laptop upgrades . Or, for more-concrete performance benefits, upgrade your laptop's CPU or graphics card.)

Lap Your CPUOverclocking your CPU isn't particularly crazy. With a bit of care and common sense, anyone can squeeze a little extra speed out of their processor. But if you want to push your hardware to illogical extremes, you'll have to get your hands dirty. And that means lapping your CPU.

Lapping is a fancy word that machinists use for sanding. In this case, you'll be sanding the metal plate that sits on top of the CPU. This plate, known as an integrated heatspreader, serves not only to keep you from crushing your CPU core when installing a heat-sink-and-fan combination but also to transfer heat away from the processor. Sanding it to a flat finish ensures that it makes optimal contact with the heat sink.

But since the heatspreader's surface already comes machine-lapped from the factory, why repeat the process at home and risk destroying a perfectly good CPU? A reckless disregard for safe computing is one answer. But if you were to look at your processor through a microscope, you might be surprised at what you'd find. Though the surface may appear smooth and flat to the naked eye, your CPU's heatspreader actually contains many microscopic nicks, depressions, and other flaws that prevent it from making the best possible contact with your CPU cooler.

Thermal pads and pastes help fill in those imperfections, but only by lapping your processor to an ultrasmooth finish can you be assured of whisking away the most heat. Of course, you'll also be whisking away your warranty, but unless you're one of those sane people who run their processors at stock speed, you've already voided it anyway.

What You'll NeedYou can find the coarser varieties of sandpaper at any local hardware store or supercenter; but for 1000-grit and finer sheets, you'll likely have to visit an auto-parts dealer. Look for variety packs to save on costs, and don't fret if you can't find full sheets--you need just about a foot of vertical space to work with.

Set Up Your WorkspaceLay down the pane of glass so that you have a completely flat, supersmooth surface to work on. A level kitchen table will also suffice, but so long as you're going to risk destroying a $100+ processor, will you really miss another $5 for a sheet of glass should something go wrong and your endeavor become an epic fail?

Grab a full sheet of 400-grit sandpaper and cut it in half, and then secure one of the pieces vertically to your work surface by placing masking tape around all four sides. Now might also be a good time to call your mother if you haven't talked with her for months. The resulting good karma might later make the difference between a cooler-running processor and one that refuses to boot.

Prep Your ProcessorBecause you'll be removing layers of nickel and copper from the heatspreader, you want to protect the CPU's circuitry from getting all gunked up. We're not just being OCD here; mixing metal flakes with internal circuits is not only a sure way to fry your processor, but it can also destroy your motherboard. To keep that from happening, take four strips of masking tape and butt each one up against the raised part of the heatspreader, folding the excess underneath the CPU. This will prevent any flakes from sneaking under the heatspreader (where the CPU core sits exposed) or dirtying up the contact points on the bottom as sand and metal start to fly.

Void Your Warranty!Now you're at the point of no return. Place your processor on the sandpaper and gently guide it in long, straight strokes. Don't apply any pressure, and after 50 full strokes rotate the chip clockwise and repeat the process until you've completed a 360-degree rotation. Give both the sandpaper and the CPU a few blasts of compressed air, and then clean the heatspreader with a cotton swab and rubbing alcohol. Keep doing this until you've removed the nickel layer, then move on to the next-finer grit of sandpaper and start over. Do another 50 strokes in each direction, and so on.

Once you get to the 1000-grit sandpaper, your processor should be flat but not shiny. This matters because if you ruin your processor doing this trick, you'll be left with little more than an expensive keychain--and who wants a dull-looking keychain? Use the finer grits to obtain a reflective surface, cross your fingers, and then install the CPU in your system as you normally would. Don't forget the thermal paste!

By doing this mod, we were able to reduce the load temperatures on our Intel Core 2 Duo E8400 processor by 7 degrees Celsius, which will allow for some pretty hard-core overclocking, though not all gains will be that significant. If you're willing to roll the dice a second time, repeat the above process on your heat sink's base for an even better potential payout.

Push Your RAM to Its LimitWhen it comes to overclocking, the processor and graphics card typically end up hogging the spotlight. Cooling manufacturers have crafted hundreds of different heat sinks designed to give obsessive PC enthusiasts an edge in pushing components well past their rated specs. Even case designers have jumped into the act, with special cooling ducts and other contraptions aimed at keeping the CPU and GPU chilly. That leaves RAM as the redheaded stepchild in the hardware family, but because we love all our components equally (and because we're just a little nuts), we're going to show you how to make those modules scream.

Enter the BIOSYou may be tempted to use a software-based overclocking utility to tinker with your system, but for hard-core tweakers the BIOS offers far greater control over a wider variety of settings. To get into your machine's BIOS, press the Delete key during the first seconds of boot-up. Depending on your motherboard or system vendor, you may be prompted to press a different key, such as F2 or Esc. Consult your manual if necessary, but you'll need to deduct 100 geek-cred points from your overall score.

Not all motherboard makers use the same type of BIOS, and even different models from the same vendor can vary. But one thing almost all have in common is that the overclocking settings, if offered, are typically clumped together under one menu. Look for labels such as MB Intelligent Tweaker (Gigabyte), Extreme Tweaker (Asus), Cell Menu (MSI), or other similar terms.

Eliminate BottlenecksAs you increase your RAM's frequency, your CPU will ramp up in speed too. This can cause you to run into an overclocking wall prematurely, even though your RAM has room to spare. To prevent that from happening, locate the CPU Ratio Setting in your BIOS and drop your CPU's multiplier down at least two whole numbers, preferably as far as your motherboard allows. Using an Intel Core 2 Duo E8400, dropping the multiplier down from x9 to x6 decreases the CPU's clock speed from 3.0 GHz to 2.0 GHz, giving you plenty of headroom to play with as your push your RAM to absurd heights.

Next you'll want to relax your memory timing. If the latency settings are grayed out, change the DRAM Timing Control (or other similarly labeled item) from Auto to Manual. For DDR2, loosen the CAS Latency Time (TCL), RAS to CAS Delay (TRCD), RAS Precharge (TRP), Precharge delay (TRAS), and Command Rate (CMD) to 6/6/6/18/2T respectively, and for DDR3 set the same settings to 10/10/10/28/2T. Refer to your motherboard manual if you can't find these settings in your BIOS, and deduct another 100 points from your geek-cred score.

Cool It and Juice It!Once you've eliminated bottlenecks and pushed your RAM's frequency as high as it can go, the real craziness begins. Increasing your RAM's voltage can give it more headroom--give it too much, however, and your modules will give up the ghost in return. Consider 2.4V and 2.2V the respective red zones for DDR2 and DDR3. To keep from involving the fire department, invest in an active-cooling product such as Corsair's Memory Airflow Fan; or if you really want to push the envelope, pick up a water block for your RAM and integrate it into your water-cooling loop.

Once you've taken your RAM to the bleeding edge and survived, slap your PC's case back together and crank it up. If nothing melts or starts to smoke, you're solid.

Strip Your PC NakedMost computer users (you know, the sane ones) will never open their PC's case. A few may take the initiative to upgrade their video card or add an extra hard drive--and if you're reading this, you've likely done at least that much. But some seriously hard-core PC freaks spend about as much time tweaking their hardware as they do using it. For obsessive upgraders like them, normal desktop enclosures simply don't cut it. In this section we'll explain how to join the ranks of the truly insane enthusiasts by moving your rig into an open-air test bench.

Bleeding Edge vs. Bleeding FingersOpen test benches--usually made from a few pieces of glued-together acrylic--provide several advantages over the boring old PC enclosures you're accustomed to seeing. Having quick and easy access to components becomes a necessity for extreme tweakers who push their systems to the limit through overclocking, as well as for users who constantly swap out parts. Also, placing the system in an open-air environment can greatly improve its operating temperatures and increase performance by allowing more overclocking headroom.

The risks that come with a test-bench setup are potentially disastrous. Since all of the hardware is exposed, the possibility of physical damage to your computer -- and serious injury to you -- increases exponentially. Let's face it, accidents happen. And moving from a normal, enclosed case to an open test bench is a little like stepping out of an amored car, stripping down to your skivvies, and hopping on a motorcycle. The margin for error decreases to nil. Curious children or pets should not be allowed to venture near the computer and its naked parts.

Choose Your WeaponSo you think you're ready to enter the world of the extreme PC modder? Luckily, you have a couple of good ways to set up an open-air test bench. If you have the time and the tools, you can build your own custom tech station with dimensions and features that fit your needs, using any old materials you have lying around; for ideas, see how one determined modder did it . For people who want to get in on the action quickly, a couple of well-designed test benches such as the HSPC Tech Station or the Danger Den Torture Rack are available for purchase. We recommend the Torture Rack for its sexy acrylic design and its ability to house water-cooling loops right out of the box.

Location, Location, LocationNow that you have a killer tech station sitting on your desk, component placement is vital to achieve superior results. Set the motherboard on the top level for easiest availability. You can install gigantic CPU heat sinks without the hassle of removing the motherboard or working in an enclosed case. You can position additional fans quickly to help cool down the system during your grueling overclocking sessions. Place all other parts, such as the power supply and hard drives, out of the way on the lower level since you won't access them much.

Max It OutUsing a system installed on a test bench can be dangerous, but the benefits can definitely offset the risks involved as long as the computer remains in a controlled environment. With this setup, you can tweak to your heart's desire and overclock until you've squeezed every last clock cycle from your PC.

Run a River Through ItWater cooling has long been an efficient method of cooling PC components, but most users are hesitant to take the plunge for several reasons. Some point to the insanely obvious hazards of introducing water to electronic components. Even more find the total cost of a water-cooling system a little nuts.

Just as in a car, water-cooling your PC is more effective than air-cooling it, since the continuous flow of cooled liquid can absorb and dissipate heat more rapidly than can air alone. PC liquid-cooling setups consist of a pump, a radiator, and some hoses that carry water to various heat-exchanger blocks, which mount atop your hottest system components. Cool water pumps in from the radiator and then flows across the hot blocks, carrying the heat back to the radiator, which releases the heat into the air outside your computer.

Here's how you can choose the best liquid-cooling components and create your very own water-cooled monster.

Pick Your PartsThe best liquid-cooling parts are not all made by one company. Stay away from complete kits, since you can piece together a better-performing loop for the same cost. When shopping for water-cooling gear, check out Petra's Tech Shop, Jab-tech, and Performance-PCs.com.

Here is a list of the essential parts you will need to complete your own extreme liquid-cooled PC project:

Cleanliness Is Absolute GodlinessThe very first thing you should do after receiving your parts is to flush the radiator with distilled water. Chemicals used in the manufacturing process will leave a residue in the radiator, and you need to clean them out thoroughly before you install the radiator. Pour distilled water into the radiator until it's half full, shake it several times, and then pour out the liquid. Repeat this step until you've gone through 2 gallons of distilled water. It's also a good idea to flush the water blocks.

Loop the LoopWhen setting up your cooling loop, one rule you absolutely must follow is to install the reservoir or t-line immediately adjacent to the pump so that the water flows directly from the reservoir or t-line into the pump. This arrangement provides a steady supply of coolant to the pump and helps sustain performance. It also reduces the possibility of running the pump while it's dry, which would cause the pump to fail. The order of the rest of the components doesn't matter, so use the shortest amount of tubing possible to maintain a consistent flow of fluid through the loop.

I recommend setting up the loop outside of your case and performing a leak test. This trial will help reduce the chance of having water splash on your PC components right off the bat, and it will give you a better idea of where to tighten fittings and clamps. Place your loop on some paper towels and run the pump for a few hours to see if any problems arise.

Install It AllFinally, you can install your loop inside the case and perform another leak test. Make sure no power runs to your motherboard yet. Place some paper towels underneath the blocks and the clamps, as that is where a leak would occur. Let the pump run for a full day and make sure that everything is dry. Once you are in the clear, fire up your PC and enjoy its chilly performance.

PC World is an InfoWorld affiliate.

Embarcadero Technologies next week plans to unveil next-generation CodeGear rapid application development (RAD) tools for Windows, featuring support for Microsoft's Silverlight technology for media and rich Internet applications

The announcement capitalizes on Embarcadero's May acquisition of the former Borland software development tools unit. It covers the Delphi 2009 and C++ Builder 2009 releases, geared to ISVs and workgroup client/server development. The tools can be used for building packaged software for resale and distribution, graphical workstation applications, and client/server workgroup database applications.

A highlight is Visual Component Library (VCL) support for the Web, for building AJAX and Silverlight-enabled intranet and line-of-business applications. Silverlight capabilities are specifically designed for line-of-business intranet applications, according to an Embarcadero representative.

The two products are the first Embarcadero offerings that bring together CodeGear and Embarcadero's DatabaseGear functionality into a single offering, via the new Architect edition of the products. Included in the Architect products are ER/Studio Developer Edition for designing and building database applications.

Also featured in the two products is Unicode support for all language versions of Windows. Enhanced localization tools make it easier to translate applications for specific local opportunities, Embarcadero said. Other enhancements include advancements to the Delphi and C++ languages. These include programming features such as generics for Delphi and C++0x language capabilities. The two features enable developers to write more efficient, reusable code, Embarcadero said.

A multi-tier DataSnap architecture lets developers use RAD for developing high-performance database middleware applications, Embarcadero said.? These applications can be connected with thin, full-featured clients that reside on a native or Web platform.

Also included in both products are:

-- VCL components, including Microsoft Office-style ribbon controls and the ability to build UIs for Windows XP and Vista desktop applications simultaneously.

-- Updated dbExpress support for CodeGear InterBase and Blackfish SQL, Oracle, Microsoft SQL Server, MySQL, and other databases.?

Prices for the two products, which are available immediately, begin at $399 for the Professional edition for ISVs.? An Enterprise edition for line-of-business departments and workgroups also is available, in addition to the Architect edition.

Users also can purchase the two products bundled together.

Most anti-piracy solutions try to prevent software from being "cracked" or source code from being plagiarized. Take Microsoft's controverisal WGA (Windows Genuine Advantage), which was renamed Software Protection Platform and was part of a scheme that included a "kill switch" that rendered copies of Windows Vista inert if users failed to enter a legitimate, unique license number.

WGA, however, was prone to malfunction and still vulnerable to cracks, prompting Microsoft to soften its antipiracy tactics with the release of Vista Service Pack 1.

A Waltham, Mass. startup thinks it has a better way. V.i. Laboratories  has high hopes for its new CodeArmor Intelligence product, which, rather than trying to prevent unauthorized use of software, collects data on how and where it is used, and then stealthily sends it back to the software's maker, said Victor DeMarines, Vice President of products at V.i.

The company is targeting makers of high-end software such as product lifecycle management (PLM) and CAD applications, used by large-scale manufacturers, and Electronic Design Automation (EDA) software, which is used by chip and electronics makers. Though not broad interest and often difficult to run without consulting and integration work, such niche software is still pirated, with new releases typically available within 30 days, DeMarines said.

Chenxi Wang, an analyst at Forrester, confirms the problem. "PLM apps are routinely cracked and pirated. So are many other high-value, niche applications," she said in an e-mail. "I've talked to a software vendor who manufactures geology mapping software for oil drilling ...[and] every version of their software has been cracked and pirated."

With CodeArmor Intelligence, ISVs (independent software vendors) can now effectively turn pirated or non-paid-for software into a form of trialware or sales lead, DeMarines said. "It could be a lead to a VAR [value-added reseller], who could go in and say, 'It's great you're using this software, but you need to pay up,'" he said. Rather than siccing the BSA or the SIIA and their lawyers on offenders, "these can be business opportunities for vendors, depending on how they approach it."

V.i., whose founders' previous security startups were sold to Symantec and EMC's Documentum, is one of a handful of anti-piracy vendors.

Arxan Defense Systems has the strongest technology "but is not as user friendly" as other vendors, such as PreEmptive Solutions and CloakWare, said Wang. For now, V.i. stands out as "the only one with an intelligence gathering tool."

CodeArmor Intelligence code is integrated into an application in such a way that it is indistinguishable from the application code to scanners and other tools, used by pirates to remove license mechanisms, DeMarines said. "It's not easy to flag or reverse engineer our code. It's different in each implementation," he said.

Most pirates and most crackers are in run-and-gun mode, as pirate prestige -- and dollars -- are gained by the number of "warez" they upload to BitTorrent or sell via a shadow market, DeMarines said. "They only want to do as much work as they need to. Meanwhile, our technology lies dormant during that initial crack cycle," he said. It remains inactive until software is installed and used a certain number of times by the end user; a number that the ISV can specify.

But Wang points out that if detected, CodeArmor Intelligence would be "pretty easy to stop." "All the pirates have to do is identify the port or the gateway server and put a firewall rule or a network filtering rule to block that communication," she said. While most pirates are "lazy ... this is an arms race," she said. "Once they find out the intelligence tool is preventing them from getting pirated revenue, then the pirates will do something about it."

Still, Wang thinks that CodeArmor Intelligence's data can give ISVs the leverage to help turn a pirating company, if approached correctly, into a paying end-user, and ultimately a loyal customer. While the hyperbole around so-called cloud computing has many declaring the end of client software, DeMarines said that won't happen for a long time with the CPU and graphics-intensive PLM and CAD apps that V.i. is targeting.

An increasing number of hosted Web applications are adding client runtimes based on Java and .Net to add offline modes or extra features. ISVs may also wish to track such code, to track and prevent tampering with those runtimes, he said. One example is online gambling company that is using V.i.'s software to ensure the client runtimes its 30 million users run are not modified so that some users give themselves better odds, DeMarines said.

Computerworld is an InfoWorld affiliate.

Intel plans to launch its six-core Xeon server processor next month, with the extra cores and a larger cache giving the chip a performance advantage over the company's existing quad-core chips.

Code-named Dunnington, the six-core Xeon processor is designed for servers that have four or more processors. Manufactured using a 45-nanometer production process, the chip should be the last new model based on Intel's Penryn processor design before the release of the company's first Nehalem chips in a few months' time.

Speaking at the Intel Developer Forum in San Francisco this week, Pat Gelsinger, senior vice president and general manager of Intel's Digital Enterprise Group, promised users will see big performance gains from Dunnington.

Unlike quad-core chips used in personal computers, where few applications are designed to tap the power of multi-core processors, commonly used server applications should make full use of the six-core Dunnington chip's power.

"Here, things like virtualization and Web services and cloud computing come into play, and all of these uses have no problem keeping two, four, six or more cores busy," said Dean McCarron, president of Mercury Research, an analyst firm that tracks the microprocessor market.

"This is the area we'll likely see Dunnington make the most impact," he said.

The 45-nanometer production process used to make Dunnington makes possible many of the performance advances over Intel's current chips, which are made using the company's older 65-nanometer process.

"A better process enables higher transistor counts, larger caches and more cores. Ultimately the cores will impact performance more, but the larger caches will help as well," McCarron said.

Dunnington packs significantly more cache than its predecessor. The new chips will have 3MB of level 2 cache for each processor core, as well as a shared 16MB level 3 cache. By comparison, the Xeon 7300 chips have from 1MB to 2MB of level 2 cache per core, and no level 3 cache.

The larger level 2 cache and addition of a level 3 cache -- already a feature on Advanced Micro Device's quad-core server chips -- allows more data to be stored close to the processor cores, speeding up access to this information and boosting overall performance.

"Going from four to six cores will see close to the 50 percent improvement -- linear scaling -- with a little slowdown due to I/O contention," McCarron said.

The I/O bottleneck in Dunnington stems from the use of older bus technology. Unlike AMD's chips, Intel's server chips use an external memory controller and older bus technology that limits the amount of data that can be pushed through. While the large level 3 cache and 1,066MHz bus speed help minimize this effect, the bottleneck remains and will not be fully addressed until the release of Nehalem server chips for multiprocessor systems next year.

Nehalem, which is also made using a 45-nanometer process technology, incorporates an on-chip memory controller and a new bus technology that should bring a further boost in performance.

Intel on Wednesday confirmed that its Atom chips will be used in an upcoming handheld computer from OQO, a significant design win for the chip maker.

The handheld computer that includes Intel's Atom chip could be the new OQO device shown off by Intel executives on stage at the Intel Developer Forum being held in San Francisco. The model bears resemblance to OQO's current handheld computer, Model 02, which uses Via's C7-M low-power processor and includes 1GB of RAM.

[ See the related story OQO shows off handheld computer based on Atom. ]

OQO has received accolades for the Model 02 design, which can deliver full PC performance in a tiny footprint. The computer weighs only 1 pound (0.45 kilograms).

The new OQO handheld will include Atom Z-series processors built for mobile Internet devices, said Pankaj Kedia, director of global ecosystem programs for mobile Internet devices at Intel. The Z-series single-core processors run between 800MHz and 1.86GHz. Intel also makes a version of the Atom processor for low-cost laptops and desktops.

This is a big design win for Intel, which has already shipped its Atom chips in MIDs from vendors including Aigo, Sharp, and Lenovo. The win means Intel could take a major customer away from rival Via, with which it competes in the mobile and low-cost PC space. The battle could intensify when Via starts shipping its next-generation Nano processor, which will compete with Atom.

The future of OQO's Via-based product line was not immediately clear.

After a snapshot of the new OQO handheld with an Atom chip surfaced on UMPC Portal, a mobile-computing blog, rumors swirled that the mobile PC maker would use the chip in a future device. However, OQO's CEO Dennis Moore dodged the rumor, saying the device was just a prototype, not a product announcement.

Though OQO has not officially launched the handheld computer, Kedia said the OQO device at IDF implies availability on a certain date. Kedia indicated OQO was expressing future preference for Intel processors, but didn't comment on whether OQO devices would shift to Intel for its current products, including Model 02.

"You will find them move from Via to Atom over the foreseeable future," Kedia said.

An OQO official did not immediately respond to request for comment.

Asustek Computer has turned back the clock to use Intel microprocessors first launched in 2004 in its latest Eee PC netbooks, in part due to a shortage of Intel's Atom chips.

Asustek also turned to Intel's older Celeron M 353 chip because it costs less than the Atom, and Asustek's new Eee PCs are being aimed at price-sensitive developing nations, an Asustek executive said.

[ For more on products in the hot mini-notebook category, check out our hands-on looks at Asus' Eee PC 901 and 1000, the Cloudbook Max netbook, Elitegroup's G10IL mini-laptop, MSI's Wind low-cost laptop, Giga-byte's M912X mini-laptop, and Acer's Aspire one. ]

"There's a serious shortage of Atom microprocessors," said the executive, who declined to be named because she is not authorized to speak with the press. "We're focusing our Atom supply on the Eee PC 901, 1000, and 1000H models."

The products she referred to are higher end netbooks, slightly more expensive than the newer 904HD and 1000HD, which use the Celeron chips.

Asustek could have turned to rival microprocessors such as Via Technologies' Nano, but it did not because Asustek traditionally uses Intel products, she said.

The decision to use Celerons shows that the shortage of Atom products is affecting product design decisions. The Celerons would also have been quite inexpensive to procure due to their age. Microprocessor prices go down over time as products with better technology take over.

An Intel representative said the company doesn't sell Celeron M processors for netbooks these days, but that the chips are available.

The world's biggest chip maker expects to have the Atom supply issue resolved by the end of the third quarter, he said.

During a conference call last month, Intel CEO Paul Otellini attributed the Atom shortage to problems in the chip supply chain as well as strong demand for the processors. Intel has increased its production plans for the chips every 40 days since last November due to strong demand, not just for netbooks, but also for embedded and consumer electronics, he said.

(Sumner Lemon in Singapore contributed to this story)

A free online encyclopedia of internal network security issues was released Tuesday by network security provider Promisec, which includes popular Web-based applications among possible data-loss threats.

Internal threats may come from various sources such as usage of USB (Universal Serial Bus) memory sticks, programs like Skype, unwanted file types, and any services or applications that are not permissible or aren't covered by registered software licenses, according to Promisec, based in Rishon Letziyon, Israel.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Promisec hopes that the encyclopedia -- which lists and dates dozens of potential threats and ranks them on a five-part scale, ranging from "extremely critical" to "not critical" -- will help promote its marketing and sales efforts.

The newest applications that may pose threats -- such as EnterMyPC, Kismet and Wireshark -- are included and described with information on the manufacturer, systems affected, relevant links and date added. In addition, the site contains monthly charts showing how internal network risk trends have changed in the past year, an internal security tips and tricks section, articles on recent internal security incidents, an overview of internal threats, and other resources.

Today, the top five threats listed by the encyclopedia are MySpace, Skype, Tencent QQ, PacketTrap and Google Talk.

However, PacketTrap Networks has challenged Promisec over its inclusion on the list. The vulnerability in its pt360 software that the online encyclopedia lists was discovered by San Antonio network security auditing firm Digital Defense earlier this year. A patch was issued in February, according to the San Francisco maker of network monitoring tools.

Given that PacketTrap has registered about 80,000 downloads, by its count, since releasing the software, its vice president of marketing and corporate development, Anna Yen, said in an e-mail message that she considered it odd that her company could be considered a "top five" threat along with MySpace, Skype and Google. She added that only 106 users downloaded the version of the software that included the vulnerability.

The encyclopedia is part of the Promisec Risk Center, a resource for statistics highlighting significant internal network threats.

"This tool helps us make sense of internal threats and actually beg companies to draw comprehensive policies and action plans to deal with these threats," said Amir Kotler, Promisec CEO. "It is set to include thousands of terms and enable IT professionals to post feedback and comments."

Promisec's network security software aims to detect and eliminate internal threats, without using ActiveX or any other type of dissolvable agent, run-once technology that removes traces of itself. The company estimates that over 80 percent of attacks and corporate abuse originate internally. As an example, Kotler noted last year's data breach in Pfizer, where the data of about 15,700 existing and former employees were compromised when the spouse of an employee downloaded file-sharing software onto a company-issued laptop.

Ericsson and STMicroelectronics will form a joint venture to build semiconductors and platforms for mobile devices, the companies said Wednesday.

The 50/50 joint venture will build the guts of mobile devices for current 2G and 3G mobile networks, as well as faster, emerging technologies, namely LTE (Long-Term Evolution). The companies formed it to achieve scale, combining what they called complementary product lines, as well as supplier relationships with Nokia, Samsung Electronics, LG, Sharp, and Sony Ericsson Mobile Communications. It will supply those device makers with hardware, software, and support for delivering mass-market products.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

Ericsson is one of the world's largest providers of mobile network infrastructure. Its Ericsson Mobile Platforms division, created in 2001, supplies platforms for handsets and other mobile connectivity products, including data cards for PCs. Several years ago, Ericsson shifted its actual branded handset business to Sony Ericsson.

The planned company, as yet unnamed, would combine Ericsson Mobile Platforms with ST-NXP Wireless, which itself is a joint venture between STMicroelectronics and NXP Semiconductors. ST-NXP Wireless began operations on Aug. 2. In addition to developing chips and platforms for devices using everything from 2G to LTE networks, ST-NXP boasts a strong position in TD-SCDMA (Time-Division Synchronous Code-Division Multiple Access), a 3G technology developed in China that is being tested by China Mobile.

Ericsson President and CEO Carl-Henric Svanberg will be chairman of the new joint venture, while STMicroelectronics President and CEO Carlo Bozotti will be vice chairman. Each company will have four board seats. It will be based in Geneva and have approximately 8,000 employees. The deal is subject to standard regulatory approvals, the companies said.

Palm unveiled on Wednesday the Treo Pro, a keyboard-enabled smartphone that will contend for a piece of the mobile market against such superstar players as Apple, Google, and Linux OS.

What the Pro lacks in glitz and glamour ? it looks a lot like a RIM BlackBerry ? it makes up for by using a tried-and-true operating system, Windows Mobile 6.1. Windows Mobile boasts hundreds of thousands of developers, both corporate and third party, who are familiar and comfortable with the Windows platform.

?The Windows OS and device makers are enjoying expanded adoption in the enterprise,? said Gerry Purdy, vice president and chief mobile analyst at Frost & Sullivan.

Windows Mobile has sold 20 million units in the past year and still growing, said Purdy, who predicts Windows Mobile will increase its presence in the enterprise even more in 2009.

While the form factor may not be significantly new, said Pete Daily, Integrated Program Manager at Frost & Sullivan, the fact that it uses Exchange also means that the device should integrate seamlessly with other core enterprise applications like Microsoft Office. But Daily considers the $549 retail price a bit steep.??

?There are no carrier partners in the U.S., which is why there are no subsidies but that also means there is no distribution channel,? said Daily.

Without carrier support, business users will have to rely on their own IT departments; IT, in turn, will have to rely on Palm itself to provide enterprise-level support, something Michael Akamine, senior product manager at Palm said the company is prepared to do.

?We have a team of enterprise sales engagements and tech systems engineers that work with enterprise customers,? said Akamine.

In the United States, the tri-band Treo Pro will be sold unlocked, allowing users to choose any GSM operator by simply installing a new SIM chip. At this point, Palm does not have a CDMA version, which rules out companies using Sprint or Verizon.

Nevertheless, the Treo?s success may come more from the business market. An unlocked version will give IT departments that deploy GSM cell phones the flexibility to choose a device that works with the company?s short list of approved carriers.

The Microsoft partnership will also give IT Microsoft Direct Push Technology, a direct link to Microsoft Exchange Server 2003 SP2 or 2007 for e-mail, contacts, and calendars.

Palm will also leverage Microsoft System Center Mobile Device Manager 2008 for security such as enforced password use, remote lockdown, updates, and access to the corporate network.

In addition, according to Akamine, partnering with Microsoft gives IT managers the ability to keep all data inside their own NOC (network operating center) rather than going out to a third party for a piece of the infrastructure.?

Other Treo features include IEEE 802.11b/g Wi-Fi, a 400MHz Qualcomm processor, Bluetooth, IR, 256MB of storage, and 128MB of RAM.

But the Palm also gives Microsoft something they needed, according to Ken Dulaney, chief mobile analyst with Gartner.

?Microsoft has had a shortage of good hardware to compete against BlackBerry. They upgraded to 6.1, which is a competitive platform but lacked the hardware,? said Dulaney.

The Treo fixes that problem and smoothes out some of Microsoft?s traditional rough edges when it comes to installation and networking, Dulaney said.

The unit also has a 2-megapixel camera, a microSDHC expansion slot, and USB.

The Treo measures 2.36 inches wide by 4.49 inches long and 0.53 inch deep, and it weighs 4.69 ounces. Units will ship in the fall.

Databases are evolving faster than ever, becoming more fluid to keep pace with an online world that's becoming virtualized at every level.

In many ways, the database as we know it is disappearing into a virtualization fabric of its own. In this emerging paradigm, data will not physically reside anywhere in particular. Instead, it will be transparently persisted, in a growing range of physical and logical formats, to an abstract, seamless grid of interconnected memory and disk resources; and delivered with subsecond delay to consuming applications.

[ Stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

Real-time is the most exciting new frontier in business intelligence, and virtualization will facilitate low-latency analytics more powerfully than traditional approaches. Database virtualization will enable real-time business intelligence through a policy-driven, latency-agile, distributed-caching memory grid that permeates an infrastructure at all levels.

As this new approach takes hold, it will provide a convergence architecture for diverse approaches to real-time business intelligence, such as trickle-feed extract transform load (ETL), changed-data capture (CDC), event-stream processing and data federation. Traditionally deployed as stovepipe infrastructures, these approaches will become alternative integration patterns in a virtualized information fabric for real-time business intelligence.

The convergence of real-time business-intelligence approaches onto a unified, in-memory, distributed-caching infrastructure may take more than a decade to come to fruition because of the immaturity of the technology; lack of multivendor standards; and spotty, fragmented implementation of its enabling technologies among today's business-intelligence and data-warehouse vendors. However, all signs point to its inevitability.

Case in point: Microsoft , though not necessarily the most visionary vendor of real-time solutions, has recently ramped up its support for real-time business intelligence in its SQL Server product platform. Even more important, it has begun to discuss plans to make in-memory distributed caching, often known as "information fabric," the centerpiece middleware approach of its evolving business-intelligence and data-warehouse strategy.

For starters, Microsoft recently released its long-awaited SQL Server 2008 to manufacturing. Among this release's many enhancements is a new CDC module and proactive caching in its online analytical processing (OLAP) engine. CDC is a best practice for traditional real-time business intelligence, because, by enabling continuous loading of database updates from transaction redo logs, it minimizes the performance impact on source platforms' transactional workloads. Proactive caching is an important capability in the front-end data mart because it speeds response on user queries against aggregate data.

Also, Microsoft recently went public with plans to develop a next-generation, in-memory distributed-caching middleware code-named "Project Velocity." Though the vendor hasn't indicated when or how this new technology will find its way into shipping products, it's almost certain it will be integrated into future versions of SQL Server. Within Project Velocity, Microsoft is playing a bit of competitor catch-up, considering that Oracle already has a well-developed in-memory, distributed-caching technology called Coherence, which it acquired more than a year ago from Tangosol. Likewise, pure-plays, such as GigaSpaces, Gemstone Systems, and ScaleOut Software have similar data-virtualization offerings.

Furthermore, Microsoft recently announced plans to acquire data-warehouse-appliance pure-play DATAllegro and to move that grid-enabled solution over to a pure Microsoft data-warehouse stack that includes SQL Server, its query optimization tools and data-integration middleware. Though Microsoft cannot discuss any road-map details until after the deal closes, it's highly likely it will leverage DATAllegro's sophisticated massively parallel processing, dynamic task-brokering and federated deployment features in future releases of its databases, including the on-demand version of SQL Server. In addition, it doesn't take much imagination to see a big role for in-memory distributed caching, à la Project Velocity in Microsoft's future road map for appliance-based business-intelligence/data-warehouse solutions. Going even further, it's not inconceivable that, while plugging SQL Server into DATAllegro's platform (and removing the current Ingres open source database), Microsoft may tweak the underlying storage engine to support more business-intelligence-optimized logical and physical schemas.

Microsoft, however, isn't saying much about its platform road map for real-time business-intelligence/data-warehousing, because it probably hasn't worked out a coherent plan that combines these diverse elements. To be fair, neither has Oracle -- or, indeed, any other business-intelligence/data-warehouse vendor that has strong real-time features or plans. No vendor in the business-intelligence/data-warehouse arena has defined a coherent road map yet that converges its diverse real-time middleware approaches into a unified in-memory, distributed-caching approach.

Likewise, no vendor has clearly spelled out its approach for supporting the full range of physical and logical data-persistence models across its real-time information fabrics. Nevertheless, it's quite clear that the business-intelligence/data-warehouse industry is moving toward a new paradigm wherein the optimal data-persistence model will be provisioned automatically to each node based on its deployment role -- and in which data will be written to whatever blend of virtualized memory and disk best suits applications' real-time requirements.

For example, dimensional and column-based approaches are optimized to the front-end OLAP tier of data marts, where they support high-performance queries against large, aggregate tables. By contrast, relational and row-based approaches are suited best to the mid-tier of enterprise data-warehouse hubs, where they facilitate the speedy administration of complex hierarchies across multiple subject-area domains. Other persistence approaches -- such as inverted indexing -- may be suited to back-end staging nodes, where they can support efficient ETL, profiling and storage of complex data types before they are loaded into enterprise data-warehouse hubs.

For sure, all this virtualized data infrastructure will live in the "cloud," in a managed-service environment and within organizations' existing, premises-based business-intelligence/data-warehouse environments. It would be ridiculous, however, to imagine this evolution will take place overnight. Even if solution vendors suddenly converged on a common information-fabric framework -- which is highly doubtful -- enterprises have too much invested in their current data environments to justify migrating them to a virtualized architecture overnight.

Old data-warehouse platforms linger on generation after generation, solid and trusty, albeit increasingly crusty and musty. They won't get virtualized out of existence anytime soon, even as the new generation steals their oxygen. Old databases will expire only when someone migrates their precious data to a new environment, then physically pulls the plug, putting them out of their misery.

IBM is investing US$300 million to build 13 new data centers that will help customers around the world recover from disaster by storing their data remotely in a cloud-based storage model .

The data centers, to be built this year, will be spread worldwide in locations including Hong Kong, Tokyo, Paris, London, Beijing, Poland, Italy, New Jersey, Germany, Brazil, India and South Africa.

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

Stemming from IBM's acquisition of Arsenal Digital Solutions , IBM is calling the new facilities Business Resilience service delivery centers.

"The massive infrastructure expansion is the largest of its kind and will permit IBM clients to access services that support business continuity for the first time from a cloud computing environment," IBM states in an announcement released Wednesday. "Using the service delivery platform, clients will be able to take advantage of cloud computing capabilities by storing their business data in IBM's data protection vaults. ... Once the information is protected, customers will be able to immediately recover that information by restoring and retrieving it from a center directly to the client's business or to an alternative worksite recovery area in the event of a disaster."

IBM announced its acquisition of Arsenal last December. At the time of the acquisition, Arsenal's online storage-backup service was handling more than 20 petabytes of customer information in 67 data centers spread across five continents. (Compare storage products .)

Arsenal's data protection technology has now been integrated with IBM's rack-mounted storage appliances, each of which can store multiple terabytes. Wednesday's announcement is the latest in a long line of cloud computing initiatives for IBM. In a separate project announced just a few weeks ago, IBM said it is spending $360 million on a single cloud-computing data center in North Carolina . 

Palm's decision to sell an unlocked Treo Pro, its newest smartphone aimed squarely at enterprise customers, could either be the start of a new trend or a sign that the struggling company may face even harder times to come, one analyst said.

In a break from tradition in the U.S. mobile phone market, Palm on Wednesday introduced the Treo Pro and said it will sell the smartphone unlocked. That means it won't be marketed, sold, and subsidized by an operator.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

"It may be the beginning of a trend, but it may also be a bad sign," said Bill Hughes, an analyst with In-Stat. While he said he had no reason to think this is the case, there is a chance that Palm couldn't find an operator interested in picking it up.

In Europe, O2 and Vodafone will sell the Treo Pro, which will also be available unlocked. Unlike in the United States, it's common in Europe for people to be able to easily buy unlocked phones. Telstra will sell it in Australia.

The Treo Pro, which runs Windows Mobile and includes Wi-Fi and GPS, will become available later this year on Palm's online store as well as from other Internet sites, retailers, and enterprise resellers.

While there are reasons that some enterprises might be interested in buying unlocked devices, Palm might struggle to sell the new Treo to individuals without the help of operators. In a recent survey of technology users, Hughes found that 85 percent of them bought their phones in an authorized retail store, such as an operator shop or a store like RadioShack that has deals with operators to sell phones.

But buying unlocked phones can allow an enterprise buyer to better negotiate with mobile operators, Hughes noted. That's because typically operators factor in the cost of handset subsidies when selling airtime to enterprises.

In theory, having unlocked phones could also allow an enterprise to negotiate a better deal from a competitive mobile operator and easily switch to that operator by simply providing users with a new SIM card to insert in their phone. However, in the United States that's not a major benefit, given that operators use multiple incompatible technologies. The Treo Pro runs on the third-generation technology used by T-Mobile, an operator not typically favored by enterprise users, and AT&T.

Operators do already sell unlocked phones to enterprises, but they don't typically widely publicize the option, Hughes said.

The Treo Pro doesn't come cheap: It will cost $549. It's difficult to compare that price to other popular phones because most, like the iPhone, require a multiyear service contract with an operator in the United States. In Europe, Vodafone Italia sells the 8GB iPhone 3G without a contract for ¬500 ($734).

The Treo Pro is an attractive device that in some ways resembles the iPhone; it's one of the first phones to come out of Palm since Jon Rubinstein, a former Apple engineer who contributed to the creation of the iPod, joined the company. It features a solid black case on the back with rounded edges. It has a full Qwerty keyboard and touch screen.

Tom Clement has reinvented his career before. In 1984, he realized working in technology would suit him better than his job as a litigator in Texas. "I came home one day from work, and I was used to being really tense," he says. "But that day, my secretary's recorder had broke. I'd taken it apart, put it back together, and somehow, it worked. I was whistling and in a good mood because of it, and my girlfriend heard me and said,'Tom, maybe you were made for a different line of work.'"

After moving to California and taking a night class at University of California at Berkeley in C-Programming, he put his law ambitions aside and took a job at a C-compiler company, taking pieces of code and translating it into a language that could work on Motorola hardware.

[ Learn more about SaaS and cloud computing in  InfoWorld's special report. Or if your tech job has moved overseas, find out if you can can you move with it in  InfoWorld's guide. ]

Today, Clement, a journeyman in software development, might be facing a bigger career test: the movement of software to the Web and the effect it will have on developers like himself and the thousands of IT support and maintenance pros taking care of traditional software at small and large enterprises across all industries.

Software as a service (SaaS), one flavor of today's hot buzzword, cloud computing, refers to applications that users access over the Web and which live on physical servers hosted by the software vendors or a third party, not servers owned and cared for by an in-house IT department.

"I've got some learning to do in my 50s," Clement says. "Now, I need to know more about Web 2.0 and Java programming. While I know I can, I still have that fear of, 'will I be able to do it?'"

Clement, now senior developer at Serena Software, in some ways is already adapting, as his company has begun building SaaS applications along side its traditional software. And sure, developers have been through big transitions in computing before, most notably the move from mainframe computers to the PC era.

The IT industry is now preparing for a new round of upheaval as a result of SaaS adoption of offerings from the likes of Google (with its Google Apps) and Salesforce.com that let users run applications via the Internet. Zoho, a SaaS vendor that does most of its development work in India, has also sold a plethora of applications, including in staple, Microsoft-dominated areas like word processing, spreadsheets, and presentations.

SaaS adoption by enterprises has been aggressive. A report in May conducted by Kelton research found that 73 percent of large companies saying they would adopt SaaS or plan to adopt it in the next 18 months.

Coupled with the consumerization of IT -- the idea that people at their jobs expect applications at work to look like the Web technologies they use at home such as Facebook and Google -- many IT professionals will be forced to rethink their skill sets and what value they bring to their companies, says Jeffrey Kaplan, president of THINKstrategies, a consultancy that helps companies adopt SaaS applications.

"Unfortunately, most developers have built enterprise applications to meet their current systems environment and the end-user was very secondary," Kaplan says. "Now, the end-user experience is the driving factor, because end-users determine whether or not the application is considered successful."

In addition, maintenance veterans -- the guys who handle the plumbing of IT -- will see their job options start to recede. That reality can be both a challenge and an opportunity for the IT industry, says Peter Coffee, Director of Force.com, the platform provided by Salesforce.com for developers building SaaS-based apps.

"If you're in the ecosystem of working on staple, on-premise software, you can take care of feeding and watering those systems," Coffee says. "But those low value tasks no longer need to be done and you won't cover the IT equivalent of infantry. You want to be the IT equivalent of special forces."

Those special forces might include building new features on top of SaaS apps that fit a company's specific needs, or managing the relationships a company has between two or more SaaS vendors who both provide technology to the same company, making sure the systems talk well with one another, says Ken Venner, senior VP and CIO of corporate services at Broadcom.

"Working with vendors will really become ever more critical," Venner says. "One of the skills that will start to reduce is core infrastructure skills."

The post-modern IT departmentToday, most large companies use a mix of both traditional apps that they host with servers on premise and some that they let the Salesforce.coms of the world host offsite. But the idea of a plug and play IT department isn't a dream. Tim Davis, CIO of Popeyes Chicken, a national fast food chain based in Atlanta, Ga., only has six IT people and not one server on premise.

Not all of his apps are SaaS-based. A SaaS vendor, by his definition, is a company that provides the software over the Web, hosts it, and charges a subscription fee (generally per user per month). Popeyes owns the licenses for some of its software, and worked out a contract with IBM to host and support the servers for those apps.

But that contract, which includes IBM's hosting of Popeyes' e-mail system (Microsoft Exchange), will expire in 2009. Microsoft recently released a SaaS version of Exchange for a mere $10 per user per year. When Popeyes' contract with IBM expires, Davis admits he could pursue more SaaS options as it would likely cost him less money that outsourcing to Big Blue.

So if there are no servers and the like, what does his IT department do?

"Three [people] are dedicated towards making sure the restaurants have whatever technology they need," he says. "The rest are project managers and manage our relationships with vendors."

Developers adaptMost people who spend their lives in technology know that adaptation is necessary to job survival. Nobody can keep up with the pace of technology innovation entirely; the best you can do is stay ahead of the curve enough to remain viable.

For developers, that'll mean embracing new programming languages and open Web standards when creating their enterprise software. But making the transition doesn't have to be terribly difficult, says Force.com's Coffee. "If you currently develop in Java or.Net, and you understand enough about databases, the language of ours is very readable," he says.

For IT support people who handle enterprise infrastructure and back-end support, future roles might include working in the datacenter of a SaaS vendor, or helping ensure that a company can integrate various SaaS apps, says Fred Luddy, president and CEO of Service-Now, an IT service management company that runs on a SaaS model.

"Integration will be the main challenge," he says. "IT will be at a higher level."

While Serena Software's Clement knows he has some learning to do, he knows enough to be prepared for changes in software development. "My experience has always been that programming is programming," he says. "The language is sort of a detail. There's this sea change in the computing world right now. The environment is changing, and while I have fears, there's nothing more thrilling than working on something that will be relevant for the future."

CIO.com is an InfoWorld affiiliate.

The Americas' SAP Users' Group (ASUG) this week held the first in a series of Web seminars on SAP's enterprise-level support service, which recently became mandatory for all customers, leading to cost increases over time for many.

SAP's move prompted some outrage from user group leaders and customers, with a common refrain being whether mid-sized companies with less complicated environments needed the additional support.

[ Read the related stories on how SAP customers were forced to move to pricier support and how SAP users warned: Support debate isn't over. ]

The enterprise support offering will replace the standard and premium support options. Customers at those support levels will start seeing some enterprise support benefits now but no price increases until Jan. 1. SAP will phase in the additional costs gradually until 2012, eventually reaching the enterprise support level of 22 percent of maintenance base, compared to 17 percent for standard support.

SAP has contended that customer environments are becoming increasingly complex, and the service's additional benefits could provide efficiencies and cost savings.

An SAP spokesman said the Web sessions had been planned before users voiced skepticism over the enterprise support offering's value.

The initial seminar, held Tuesday, was hosted by an SAP marketing official and provided an overview of the enterprise support offering, focusing on how it can aid "innovation and protection of investment in SAP," according to an ASUG statement.

The next one is scheduled for Sept. 24 and will discuss enterprise support features such as continuous quality checks and around-the-clock root cause analysis. Additional sessions are scheduled for Oct. 16 and Nov. 12.

ASUG representatives could not immediately be reached for comment Wednesday.

One industry observer said the Webcasts represent a natural progression of the debate over SAP's move.

"There's definitely a broad consensus among our clients that there may need to be some concessions on SAP's piece, but it's also important to understand what value they may receive. That's a fair discussion," said Forrester Research analyst Ray Wang.

Marc Songini, an analyst with Nucleus Research, said he has heard mixed reactions from users toward enterprise support: "Some are definitely not enthused about a forced march and not thrilled about the level of service they're already getting. The flip side is some customers don't mind this hike because they're going to get every penny out of it."

Meanwhile, SAP customers are weighing the prospect of third-party support from providers such as Rimini Street, which is preparing to launch such a service next year.

The story was updated on Aug. 20, 2008.

Let's start with a little quiz. I say, "Big, bloated, and full of errors." What do you say? Right, "Windows Registry." One more: "Messing with it is risky." If you guessed the Registry again, you pass. While fooling around with your Windows Registry does involve some risk, cleaning it out can have an impact on your PC's overall performance.

The Windows Registry is an essential system file that houses a massive collection of details about your computer -- where programs are stored, which helper programs (known as DLLs) are shared among your various applications, listings of all your Start-menu shortcuts, and pointers to the programs that fire up when you click on an icon. And that's just the beginning.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Practically everything you do in Windows is recorded somewhere in the Registry. For instance, the URL for this article probably has an entry now. The paths to the last dozen or so images or documents you opened are there, too, as are the details of the programs you most recently installed or uninstalled.

Here's the problem: If you pry open the Registry, you'll probably find it about as cluttered as a teenager's bedroom. That's because Windows doesn't efficiently clean up after itself as it goes about its daily business. It constantly creates new entries, but seldom -- if ever -- removes them after they're no longer needed.

Compounding that problem are applications that are too inept to uninstall all of the Registry entries they create; far too often, program upgrades and installers leave unneeded pointers in the Registry. So the Registry becomes bloated with unnecessary entries, slowing down your system.

Registry Cleaners: Boon or Boondoggle?The big question is whether a Registry cleaner will speed up your PC, making it boot more quickly and run faster. The answer? I can say, emphatically and unequivocally, uh, maybe. That's right, a big, fat perhaps -- because everything depends on the condition of your Registry.

To find out which Registry cleaner catches the most errors, is the safest and easiest to use, and (just as important) creates the fewest hassles, I tested five of the most popular Registry cleaners and defraggers. Many came recommended by PC World readers. I examined two free products (Advanced Windows Care and RegSeeker) and three commercial ones (jv16 PowerTools, Registry First Aid, and RegSupreme). After all that testing, my Registry is squeaky clean -- the absolute envy of my PC World colleagues.

I tried each tool on my messy production PC using Windows XP SP3, on a pristine Fujitsu Lifebook T-Series laptop running Vista, and on an old ThinkPad laptop. I ran the Registry scan and repair module of each application, rebooted the system, and watched for problems -- and I also tried to determine whether the system seemed friskier. After each test, I restored each system to its original state of disarray with Acronis TrueImage. (Read a review of Acronis True Image Home 11 and download the demo.)

Top 10 Registry dos (and don'ts)Messing with the Registry -- and doing so incorrectly -- can destroy Windows, send your PC to computer heaven, and cause you great distress. I'm not kidding. Here are my 10 tips to keep your system here on Earth -- and to keep yourself anxiety-free.

1. The utmost protection from Registry hassles, or any computing disaster, is to have a current backup. I really mean it. As in, you ought to do one now while you're thinking about it. For a thorough tutorial, read "How to Prevent a Data Disaster" or "Fifteen Backup Programs to Safeguard Your Data." And if you don't have one, grab a backup tool from our Downloads library.

2. In most other programs that walk you through with wizards, it's no big deal if you don't pay attention and you merely keep clicking the Next button. That isn't the case with Registry cleaners. I strongly encourage you to stay alert and read whatever the cleaning tool has to say.

3. Before you open the Registry cleaner, use ERUNT (The Emergency Recovery Utility NT) to back up the Registry. Sure, I know, it's redundant, since the Registry cleaner will back up any changes it makes. But I like an extra level of security. You will, too, if something goes awry.

4. When you begin scanning, make sure not to have any applications running; if possible, it's also smart to unload any tools running in your system tray. That's because open apps are constantly making Registry changes, and you want the Registry cleaner to do its work with no interference.

5. After the scan, the program will let you remove -- or in some cases, repair -- the Registry errors. If you're given the option, set the Registry cleaner to remove errors only at the safest and least-intrusive level. (You can scan with more-aggressive settings later on.) Even at that, you might see 1,000 or even 2,000 "safe" entries that need cleaning. For instance, Registry First Aid found 2,161 problems on my production system, of which about 1,900 it deemed safe to alter.

Whatever you do, never choose an autoclean option, such as the one in RegSeeker. Ever. They are not to be trusted.

6. Choosing which of the errors to remove or repair can give you a migraine. When I inspect a list of potential entries to remove, I scan for things that look familiar. For example, in my lists I saw almost 100 Registry entries left over from a package of Dell drivers I had uninstalled months ago, and one Registry cleaner spotted invalid paths to dozens of entries for MP3 files that I had moved to a new location. Both of those catches were accurate, and gave me the sense that the program's removal suggestions were on target.

After a couple of days, if your PC doesn't do anything weird, try another scan, this time allowing the Registry cleaner to work more aggressively.

You must, however, examine entries marked with "Caution," "Extreme Caution," or some other indicator of risk very carefully. I'm still not kidding. Unless you're an advanced user and can clearly identify the scope of the entry, leave it alone. The reason is that, even if the cleaner offers an option to restore a deleted Registry entry, restoring might not be possible if the DLL entry you just deleted is essential for your system to boot.

7. Once you give the tool the go-ahead and it starts removing Registry entries, walk away from your PC. Play with the dog, have some coffee, or watch TV. This is for safety purposes: If you're fiddling with the PC -- moving the mouse, deleting desktop shortcuts, whatever -- you're making changes to the Registry while a Registry cleaner is working. Not a good idea.

8. If you discover a problem (for instance, maybe Excel no longer launches), don't panic. And don't do anything aside from using the Registry cleaner's restore feature, which ensures that only the changes the program just made are reversed. That will probably fix the problem. If not, the next step is to restore the Registry with ERUNT, the tool I mentioned in step 3. As a last resort, restore your PC with a backup program -- which you certainly have, right?

9. You needn't perform a Registry scan more than once a month or so, especially if you don't often make changes to your PC. Scanning more frequently won't hurt anything, but you're unlikely to see a significant performance boost.

10. Are you a techno-fanatic who needs the Registry to be squeaky clean, with absolutely no stray entries and trimmed of all fat? There's no harm in using multiple freebie Registry cleaners -- provided you use them one at a time. You might also want to select a Registry cleaner (such as jv16 PowerTools or Registry First Aid) that includes a defragger, or choose a free defragger such as Auslogics Registry Defrag.

Registry cleaners: How they faredIf you're like me and you constantly add and remove programs, move files around, and fiddle with I-don't-know-if-this-will-work freeware, I'm confident a Registry scrubbing will help you, if only a little bit. It did for me, though the change wasn't earth-shattering. I used a stopwatch with my desktop system, and after a cleaning I saw 10 seconds shaved off its boot time. I also noticed that Microsoft Word and an image editor loaded a little faster.

On the other hand, I didn't see a smidgen of improvement on my laptop. That's because on that machine I use the same five programs, rarely install new applications, and mostly check e-mail and browse the Internet. So scanning the Registry showed fewer than 50 problems, and cleaning didn't make any difference.

None of the cleaners managed to fix a gnarly problem I was having with spoolsv.exe. (Spoolsv.exe occasionally holds up other programs from loading on my PC.)

Your mileage, undoubtedly, will vary, and you won't know how effective a Registry cleaner is until you give it a whirl. But if nothing else, these programs will at least give you the feeling that you're taking care of your computer.

In each of the following reviews, you'll read my curmudgeonly impressions of how the Registry cleaners performed. I focused on their ease of use, the number of errors they found, and whether they introduced any hazards, such as no automatic backups.

Some of the tools I tested wanted a permanent spot in my system tray; it's not necessary, though, and when a program tried doing it, I found the option to disable the setting. And except for Registry First Aid, none of the products would repair faulty entries, but instead just deleted entries that were no longer valid.

Registry First AidRegistry First Aid is eager to help you fix and compact your Registry -- and it does a terrific job, too. Of all the programs I tried, this one inspired the most confidence, both from a safety perspective and in the way it handled Registry problems. The interface is clean and easy to navigate, and the program includes a Registry defragger, a Registry searching tool, and a built-in automatic backup module. Registry First Aid supports all versions of Windows.

The only drawback is that the program costs $28; the trial version lets you see everything the program does, and is fully diagnostic, but fixes only 14 entries at a time. I'm hoping that won't dissuade you from trying Registry First Aid.

Registry First Aid found 2,161 faulty entries in a 20-minute scan, a high number that may be explained by the program's relatively liberal definition of what constitutes a faulty entry. I was comfortable with the way it listed problems, either by category (such as invalid file or DLL, invalid path, or unused software entries) or by safety level. All of the entry issues that were safe to fix were automatically checkmarked, and I liked having to check the ones labeled "Caution" or "Extreme Caution" manually.

Most problems that Registry First Aid found were marked "Delete the entry," but some had other choices. I could cut the invalid substring or, in some cases, repair the entry. Unfortunately, the program's Help function wasn't too helpful, so I opted to use the default.

While the program was scanning, I was able to examine each listing, check or uncheck it, or open the specific entry in the Registry.

A great feature, and one worth the price of admission: With one click, most of the problem entries popped open my browser and conducted a Google search on that Registry key. Very cool, and ideal for determining whether a risky entry should be removed.

One quibble: I wasn't happy that the tool attempted to find a home in my system tray, unnecessarily adding clutter just to check for new versions. I disabled it in the settings.

RegSupremeRegSupreme, only $13, is definitely a basic, no-frills tool. It includes a Registry cleaner as well as a Registry compactor, and is essentially a scaled-down version of its bigger sibling, jv16 PowerTools (see below).

In RegSupreme you get only two levels of error detection -- safe and aggressive -- as opposed to four in jv16 PowerTools. And the program has almost no extras; the only one of value offers a way to search for specific keywords in the Registry (say, "RealPlayer"). On the other hand, the inexpensive RegSupreme has a built-in backup tool and gets the job done. So if you like jv16 PowerTools but you don't need the extra functions -- and you want to save some money -- RegSupreme could be perfect for you. Like jv16 PowerTools, RegSupreme supports every version of Windows and comes with a full-featured, 30-day trial.

RegSeekerRegSeeker is free, and alongside a Registry cleaner it has a handful of other Registry-focused utilities. The tools include a keyword finder; a utility to examine installed application Registry entries, assorted histories (for instance, Internet Explorer and Start-menu items), and Startup entries; and a tool to tweak about 24 XP settings.

This Registry cleaner is confusing because its interface sports a strangely labeled "OK!" button that doesn't really give you a sense of what the program will do next. On the same screen, the app presents a dangerous option: Auto Clean, which I encourage you to avoid. The screen provides little help or guidance, though RegSeeker warns that to back up the Registry, you must make sure to check the "Backup before deletion" option, another oddly labeled feature. The program has no automatic restore function, either; you'll need to find the saved .reg file yourself and click on it to restore your Registry.

On my production PC, RegSeeker picked up 1108 problems. Unfortunately, the program offered no assistance in determining which of the errors needed deleting; it also didn't provide categories, such as invalid path or shared DLL, in order to help me decide whether items were safe to delete. RegSeeker isn't for novices. It supports Windows 2000, XP, and Vista.

Advanced WindowsCare PersonalAdvanced WindowsCare is a freebie and comes with other tools besides a Registry cleaner. For instance, it claims to deter and remove spyware, optimize your PC, manage your Startup items, and remove junk files. I focused only on the tool's Registry skills, and didn't try any of those other components.

Though Advanced WindowsCare found 323 Registry issues, about the same number as jv16 PowerTools picked up, its presentation of the scanning results was pitiful. Unlike other tools that supplied detailed information about each problem, a choice of fixes, or a way to open the Registry to see the actual entry, Advanced WindowsCare just showed me a list. The program uses a minimalist approach: Each item sports a cautionary orange or red symbol (with no legend), the Registry key location and value, and an error description (obsolete software key or missing MUI reference, for instance). And rather than providing a built-in backup module, Advanced WindowsCare simply offered a menu item that brought me to Windows System Restore.

One more issue: You'