At least those of us who are fans of professional baseball have the playoffs to take our minds off the grim news this week (at least that's the case for fans of the teams that are winning). The U.S. financial system meltdown smacked world markets and set off a whole lot of worry, which tended to overshadow all the other news.

1. The IT worker's Wall Street meltdown worry list and bailout roundup: It seems we've all had more questions than answers in recent weeks about the U.S. financial crisis and slumping global economy. Which financial institutions will melt down next? What will be the effect on the IT industry? Is our money safe? What about our jobs? Answers to such questions as well as a roundup of related news, including numerous stories regarding the likely fallout for IT, can be found at this story link.

[ Special report: IT and the financial crisis ]

2. Microsoft will float cloud OS this month: Microsoft will debut its secretive "Cloud OS" project led by Ray Ozzie at its Professional Developers Conference later this month. Developers will see the APIs (application programming interfaces) and services that are part of the cloud-based application platform, which is code-named Red Dog.

3. AMD says Shanghai won't be another Barcelona: AMD's quad-core Barcelona has not exactly had a smooth ride. First, it was repeatedly delayed. Then, once it finally did hit the market, it suffered a recall when a bug was found in the chip's cache memory -- an error that cost AMD six months. While Barcelona floudered, AMD's chief rival, Intel, seized the opportunity to pick up market share. Well, AMD says the Barcelona errors won't be repeated with its successor, Shanghai, thanks to an overhauled testing process.

4. Apple drops iPhone NDA: Apple took some serious lumps last week when it was revealed that iPhone developers are subject to an unusually strict NDA that essentially banned them from discussing the development process. Naturally, developers didn't take too kindly to this discovery and voiced their opinions to Apple, which responded this week by lifting the controversial sections of the NDA, though it is not yet clear what, if anything, will replace those clauses.

5. Vendors fixing bug that could crash Internet systems: Patches are being developed for a set of security flaws that could be exploited to easily knock servers offline. Technical details of the flaws have not been publicly released, but experts who uncovered them have said the vulnerabilities can knock offline Windows, Linux, firewalls and embedded systems using a denial-of-service attack. In other security news ...

6. Researcher finds evidence of massive site compromise: Criminal gangs have obtained administrative log-in credentials for more than -- sit down -- 200,000 Web sites and have launched attacks from those domains using a hacker exploit kit, according to Ian Amit, director of security research at Aladdin Knowledge Systems. He infiltrated a server of a customer of Neosploit, a hacker tool kit used to carry out exploits on browsers and Web software, and discovered that several hacker groups have contributed to an enormous pool of usernames and passwords for sites.

7. For Microsoft shops, Silverlight 2.0 trumps Flash: Silverlight 2.0 will be released within the next few weeks and is expected to provide developers and Web designers with the first serious alternative to Adobe's popular Flash technology for creating rich Internet applications. While Flash will continue to have plenty of support and has the advantage of being an established, much-used technology, more developers and designers will be drawn to Silverlight with the new release.

8. Security researcher reveals iPhone design flaws: Security researcher Aviv Raff detailed two security problems with Apple's popular handheld. Both flaws are related to the iPhone's e-mail application, prompting Raff to recommend against using the app. Raff said he notified Apple of these issues two months ago and decided to go public after seeing three iPhone updates come and go without addressing the problems.

9. Google proposes $4.4 trillion clean energy plan: Google doesn't have enough on its corporate plate -- the company now aims to decrease U.S. dependence on fossil fuels and push the move to alternative forms of energy as part of a -- gasp! -- $4.4 trillion plan it says will lead to enormous financial savings by 2030 and cut carbon dioxide emissions by 48 percent. Clean Energy 2030 is meant to spur debate about environmental issues, according to Google. "With a new Administration and Congress -- and multiple energy-related imperatives -- this is an opportune, perhaps unprecedented, moment to move from plan to action," the company said.

10. Nokia takes aim at Apple with touch-screen phone: Nokia showed off its first touch-screen phone, the 5800 Xpress Music, which will be released by the end of the year. The phone looks a lot like an iPhone and is expected to offer competition for the popular Apple smartphones. Nokia's touch-screen phone runs on Symbian's Series 60 OS, which the Finnish company said it has modified so that it's more user-friendly.

The U.S. House of Representatives has voted to extend a research and development tax credit to U.S. businesses as part of its approval of a giant bailout of the U.S. mortgage industry.

The House on Friday voted 263-171 to pass an amended Emergency Economic Stabilization Act after rejecting the bill earlier this week. President George Bush also signed the $700 billion bailout plan Friday.

[ For earlier developments in the passage of this credit, see "Update: R&D tax credit stalled." ]

The bill included a two-year extension of a research and development tax credit for U.S. businesses that expired at the end of 2007. Several tech companies, including Microsoft and Texas Instruments, had called on Congress to extend the tax credit, saying it helps U.S. businesses invest in R&D and keeps R&D workers in the country.

The R&D Tax Coalition, representing the tech, manufacturing, chemical, pharmaceutical, and other industries, praised Congress for extending the tax credit.

"In today's challenging economic environment, R&D is a critical catalyst for American innovation, economic growth, and job creation," the coalition said in a statement. "The R&D tax credit motivates U.S.-based companies to keep cutting-edge research projects in the United States while funding high-wage and high-skilled jobs for American R&D workers across diverse industries such as manufacturing, information technology, biotech, agriculture, aerospace and others."

The U.S. Senate had passed the R&D extension in late September as part of a different bill, but the tax credit was added to the bailout bill in recent days.

The tax credit can cover up to 20 percent of qualified R&D spending. It has expired 13 times since 1981 despite calls by tech, pharmaceutical, and manufacturing groups to make the tax credit permanent.

Lawmakers have resisted making the tax break permanent largely because of its price tag of about $7 billion a year. Some critics have called the tax credit a government subsidy for large businesses.

Several tech companies and trade groups also praised Congress for passing the larger bailout bill. "Congressional passage of the financial recovery package is a critically important step to bringing back economic stability in the U.S. and around the globe," Brad Smith, Microsoft's senior vice president and general counsel, said in a statement. "This crisis affects more than just the U.S. financial sector, it affects every corner of the world economy, and todays vote will help re-instill confidence around the globe."

Microsoft will provide hardware partners with media to let their customers downgrade from Windows Vista to Windows XP for six months longer than it originally planned, the company confirmed Friday.

The move comes even as Microsoft has just launched a $300 million marketing and advertising campaign to encourage people to buy Windows Vista. The company is also prepping Windows 7, the next client version of the OS, for release in the next 12 to 18 months.

[ Pick up tips for avoiding Vista and follow the trail of developments in InfoWorld's "Save Windows XP" campaign. ]

Microsoft will give OS disks to OEMs and system builders so customers that purchase Windows Vista Ultimate and Business editions can downgrade to XP Professional if they so choose until July 31, 2009, Microsoft said through its public relations firm.

Previously, Microsoft planned to provide the XP recovery disks to partners until Jan. 31, 2009, although there is no deadline for downgrade rights, the company said. If a customer wants to downgrade from Vista to XP after the new deadline, they can contact Microsoft for a disk, the company said.

A published report revealed Microsoft's extension of the XP media deadline early Friday, citing an OEM source.

Microsoft predicted that Vista, which was released on Jan. 31, 2007, and took more than five years to develop, would be the most successful launch of its Windows client OS. However, Vista has been riddled with glitches and bad publicity, and many businesses and consumers still prefer XP.

Microsoft this week stopped supporting Deepfish, its mobile browser research project that was an example of the company's software-plus-services strategy.

The Deepfish browser displayed Web pages on Windows Mobile phones just like they look on a PC and then let users zoom in and out of parts of the page they were interested in examining closer. The browser worked in conjunction with Microsoft servers that delivered the Web pages to the phones.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

Microsoft first announced that it was working on the project in 2007 but started developing the browser the previous year. "Mobile browsing is now advancing to the point where mobile devices rival the desktop -- which is what we wanted to see," according to a blog post on the Live Labs site announcing that Microsoft was retiring the service.

Mobile browsing has indeed progressed. Slow mobile data rates once demanded that content providers develop custom sites that would load quickly for mobile users. While content providers continue to create such mobile specific sites, increasing mobile data rates allow a better browsing experience even for standard Web sites designed for the PC. Apple's iPhone browser, for example, has won praise for delivering standard Web sites in a very usable manner.

Other companies continue to develop new technologies to improve mobile browsing. Opera's Opera Mini, for example, employs servers to strip down the size of some Web sites for quicker loading on mobile phones.

Mozilla has also long experimented with mobile browsers and is developing a mobile version of Firefox called Fennec.

Microsoft didn't say how many people used Deepfish. However, the blog post about its discontinuation was posted in mid-August but appears to have received little notice until a news site wrote about it recently, perhaps an indication that not many people were using it.

In the blog posting, Microsoft said that the feedback it received from people who tried Deepfish would influence future projects.

The only thing that seems clear today is that the United States is in a recession and possibly a bad one. No one is certain what will happen next. Events are changing almost by the hour. How much help will a federal bailout deliver to the nation's financial system, which has been hard-hit by the downturn? Will more financial institutions collapse, and how far down will the stock market go? Will you have a job?

What follows is a summary, in the form of an FAQ, about what we know so far about the impact of this crisis on one of the most important of areas in tech, namely, your job.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

If you lose your job will you find a new one? It's obviously not going to be easy. The Corporate Executive Board in Washington surveyed 50 CIOs, and nearly 25 percent said they have imposed a hiring freeze, and half said they are cutting spending on consultants and contractors.

Many of the resumes arriving in human resources departments will list financial services experience. This industry accounts for 20 percent of global IT spending, says research firm IDC. And it is shedding jobs by the thousands, 103,000 jobs overall this year, according to outplacement firm Challenger, Gray & Christmas.

But some skills will always do well in this market. SAP techs are in demand. Financial services may shed midlevel IT managers, but Mary Price, a manager in the technology division of Russell Reynolds Associates Inc., a New York-based executive recruiter, said she expects increasing demand for people in this sector who can integrate platforms and improve risk management systems.

Relocating may help. Unemployment may be 6.1 percent nationally, but in Northern Virginia, where there are large numbers of private sector tech jobs serving the federal government, unemployment is 3.6 percent, up from 2.4 percent a year ago. Check with recruiters. Jill Herrin, president and CEO of JDResources, an IT recruiting firm in Memphis said last week that demand for IT talent "is extremely high."

How long will the recession last? Let's defer to Warren Buffett for the big picture answer. On PBS's Charlie Rose show Tuesday (transcript), the billionaire investor said: "I don't want to hold out false hopes that the -- by some magic moment, that things will turn around in a couple months because they wouldn't, Charlie. I mean, and it's a big mistake to try and mislead people. ... I don't know whether it will be six months or whether it'll be two years."

Gartner and Forrester Research believe IT spending won't drift into negative territory. IT has outperformed the economy generally, so it's probably reasonable to forecast that. Both analyst firms are looking for improvement by the second half of next year. IDC doesn't believe that IT growth rates will drop to zero or below as they did in 2002 after the dot.com bust. "The worst we would expect for 2009 is a 1 percent drop in the U.S. and 0.5 percent drop worldwide in IT, less in telecommunications," IDC said. More on these forecasts later.

Will I be outsourced? The harsh reality is this: A database administrator can cost $90,000 annually, but companies that go offshore can pay $20 or less an hour to have that admin's work done remotely. Offshore outsourcing consultants expect offshoring to increase. A wild card will be the election. Eugene Kublanov, CEO of NeoIT, an outsourcing management consulting group in San Ramon, Calif., said the next president, especially if he is a Democrat, could put in tax incentives to encourage companies to keep jobs here.

But companies that treat IT employees as expendable face a serious downside, as Dale Frantz, CIO at Auto Warehousing Co., recently explained: "The 'churn and burn' approach to hiring and careers in IT has been very destructive, I think, and some of the sad states of current software and system solutions available in our industry reflect that."

Will I get fired? There's a good chance, if this catches you by surprise. ... The same credit tightening that is closing car dealerships, dry cleaning businesses, and restaurants may now be aiming at that niche software vendor that just happens to supply your mission-critical software.

What do you do if a critical vendor says he can't cover payroll? Users should double-check their software escrow arrangements, which usually involve putting the source code in the hands of a third party that provides escrow services.

"The bottom line is that you need to make sure that you can get a hold of the source code if that company goes under and ensure that it is the correct version and is valid," said Randy Roth, a partner at Corporate Contracts, an Urbandale, Iowa, contract negotiations firm.

What can I do to avoid getting laid off? What analysts and surveys all seem to agree on is that companies will be deferring new IT projects and cutting where they can until the economic questions are resolved. It stands to reason that stepping up with ideas for savings and learning some new skills, especially virtualization, will be a plus in any organization.

Ken Brill, executive director of the Uptime Institute, has advice about where to start: As many as 15 percent of the servers in any datacenter are "comatose," and not doing anything useful. Killing those servers as well as server buying with an eye on energy savings can cut thousands of dollars in costs. Companies that virtualize can typically consolidate five physical servers into one, and not having to build a new datacenter can save millions of dollars.

"Maybe in this downturn efficiency will become more important," Brill said.

Computerworld is an InfoWorld affiliate.

If your company has traveling employees, bandwidth-hogging applications, a need for speed, or just a desire to keep pace with technology, you're probably thinking about moving to an 802.11n-based wireless networking infrastructure, at least at the network's perimeter.

It's inevitable, experts say, and the numbers bear it out. ABI Research, an Oyster Bay, N.Y., market research firm, finds that while 802.11n has only a 2.3 percent penetration rate in North America today, that number will grow exponentially, reaching 19 percent by next year. In large part, that's because the technology is mature, costs have decreased, and it has the flexibility that wireless can't compete with, says Stan Schatt, vice president and research director for wireless connectivity at ABI Research.

[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Although the standard isn't fully approved -- it's expected to be available by 3Q '09 at the latest -- it's finished, for all intents and purposes, she says, and most major vendors have 802.11n products ready to go.

With products already available and companies hungry for the throughput and flexibility 802.11n will provide, the only decisions left involve how to choose and implement the technology most effectively and efficiently.

The first step is performing a thorough site survey, evaluating your current technology infrastructure and future needs.

"Now is the time to spend the money and time to look at your needs," says Lisa A. Phifer, vice president of Core Competence, a Chester Springs, Pa., network and security consultancy. "You have an opportunity to start with a clean slate with a brand-new set of products and do it right the first time. You'll spend less money in the long run."

Once you know what you need, the next step is choosing a product and a vendor, which is more difficult than it may seem. There are major differences in terms of robustness, capacity, flexibility, and manageability.

"You have to consider everything. For example, what if your controller goes down? Some access points are capable of going into independent mode and some aren't," says Schatt. "And there are significant differences in antenna technology; some companies like Motorola and Ruckus have put a lot of effort into their antennae to accentuate the advantage of the MIMO (multiple input/multiple output), while others haven't."

Don't be afraid to ask vendors the tough questions, especially about features that are important but don't get much airtime in Web sites and collateral, adds Michael Fineran, a principal at dBrn Associates, a consultancy in Hewlett Neck, N.Y.

For example, few vendors mention how many transmit chains their products provide. That's important, because while 802.11n provides the ability to send multiple signals at the same time in the same frequency band, two chains would provide twice the transmission capacity of one chain. "That's not something they tell you, so you have to ask," Fineran says.

Another important factor is maximum transmission rate. Although all vendors quote one, they often don't say whether it's 20MHz or 40MHz. It's an important consideration, he adds, because that determines the bandwidth and the number of available channels.

There also is a major difference in the type of management software different vendors provide, and depending on your needs, it could drive your decision.

"Some have really good site survey tools or planning tools, while others will have really good interfaces to external management systems. Still others can manage multiple vendor environments or widely distributed geographical environments," says Craig Mathias, a principal at Farpoint Group, an Ashland, Mass.-based consultancy.

Sometimes, the management tools that come with the system might not be enough, but the rest of the product might fit your needs. In that case, consider augmenting with third-party tools, such as wireless LAN assurance tools from companies like AirMagnet and AeroPeak that verify that the network is actually doing what you think it's doing, Mathias advises. Third-party tools also are recommended for intrusion detection of wireless networks.

Implementing an 802.11n network also means shoring up your security infrastructure. For example, few wireless intrusion detection systems today detect 802.11n, because they were designed for 802.11a, b, and g. That means organizations installing 802.11n have to upgrade those systems immediately to detect N-based networks, to better monitor for rogue access points and ad hoc networks.

The next step is readying your existing wired network to work with 802.11n. Consider power sources carefully, Fineran says, because whereas other network access points run over Power over Ethernet (PoE), saving money, most 11n access points today don't. That's slowly changing; Siemens now has an N access point running on standard PoE and others are on the way, but check carefully, he advises.

Also consider capacity. Most access points today are connected on a 100MB Ethernet connection, but 802.11n runs faster than that, which means your existing access points will probably have to be upgraded to 802.11g Ethernet connections. Without a doubt, you'll probably be upgrading portions of your network to Gigabit Ethernet or even 2G Ethernet in some cases, Schatt says.

And when it comes to your migration strategy, don't forget the laptops.

"Part of the growth of 802.11 is predicated on how quickly companies upgrade their laptops, and when they upgrade, they won't have N automatically installed on their laptops," Schatt says. "That means they may have to buy some external adapters in the meantime, which CIOs hate to do because they are hard to keep track of and break easily."

If issues like reliability and speed are an issue with your current network, or if you have specific issues with 2.4GHz interference, it's probably worth biting the bullet and upgrading your network to 802.11n today. Similarly, if your network is running mainly productivity applications and you have sufficient bandwidth, or if your infrastructure changes would be extremely expensive, it's fine to wait; the technology will only get better and cheaper, says Schatt.

It's also reasonable to upgrade to 802.11n in a piecemeal fashion. In fact, it can often be the best move.

"If you can identify specific segments of your network that need what 802.11n offers, like a bandwidth-intensive video application, you can identify those specific network segments so you only have to upgrade part of it today," Schatt says. "That can make a lot of sense, both economically and for the business."

CIO.com is an InfoWorld affiliate.

Several criminal gangs have acquired administrative log-in credentials for more than 200,000 Web sites -- including the one used by the U.S. Postal Service -- and have used the compromised domains to attack unsuspecting users' PCs with a notorious hacker exploit kit, a researcher said today.

More than a month ago Ian Amit, director of security research at Aladdin Knowledge Systems, found and infiltrated a server belonging to a long-time customer of Neosploit, a hacker toolkit used by cybercriminals to launch exploits against browsers and popular Web software such as Apple's QuickTime or Adobe Systems' Adobe Reader.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

On that server, Amit uncovered logs showing that two or three hacker gangs had contributed to a massive pool of Web site usernames and passwords. "We have counted more than 208,000 unique site credentials on the server," said Amit, "and over 80,000 had been modified with malicious content."

The site credentials were not the end, but only the means. The 80,000 modified sites were used as attack launch pads: Each served up exploit code provided by the Neosploit kit to any visitor running a Windows system that had not been fully patched.

By examining the server logs, Amit was able to identify the sites whose log-ins had been compromised. He is now working with law enforcement agencies in both the U.S. and overseas, as well as with organizations like US-CERT, to tell site operators they need to change their administrative passwords, purge the malicious code, and secure their sites.

The only compromised site he would name was the U.S. Postal Service's at www.usps.gov . That site, and others, have been cleaned of the code that calls Neosploit down on unsuspecting visitors. Also on the list were sites for governments and Fortune 500 companies, universities, and other businesses, including several unnamed weapons manufacturers. More than half the affected sites belong to European companies and organizations.

Other evidence that Amit gathered ranged from the way the criminals processed the site log-ins to the number of IP addresses authorized to access the credentials.

"The server-based application that validated the credentials and then modified the sites was completely automated," said Amit. "Access to that application was restricted to about six or seven IP addresses, [so] it's clear that that access was intended only for the use of the criminals using the server." Based on the number of IP addresses and their distribution, he estimated that two or three separate groups were involved.

More than half of the site credentials -- approximately 107,000 -- had been validated by the cybercrooks' custom application as providing administrative access to the sites.

The groups apparently pooled resources, with site log-in information contributed by multiple users. Amit was not, however, able to determine how the criminals came to the site credentials in the first place. It's possible, he said, that the log-ins were purchased from others, or harvested by a botnet dedicated to the job.

But even with such clues, Amit isn't confident that authorities might be able to identify the hackers: "As much as I'd like to optimistic, I'm not fooling myself. They're using a software-as-a-service model, and it will be hard to track down all of them." However, he acknowledged that authorities had "a few solid leads" on who's responsible for the server, which may lead to the hackers. The server, for instance, was relocated since last week from Argentina, and is now being hosted in the United States.

"We've exposed the back-end infrastructure of the organization," Amit said. "We've been chasing bugs for a couple of decades now and we need a different approach. That's what we have here. Now we know more about their M.O. and their business model.

"I hope that this will help both law enforcement and security researchers stay ahead of the game," he said.

Computerworld is an InfoWorld affiliate.

Internet infrastructure vendors are working on patches for a set of security flaws that could help hackers knock servers offline with very little effort.

The security community has been buzzing about the bugs since Tuesday, when security researcher Robert Hansen discussed the problem on his blog.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Technical details on the vulnerabilities have not been released, but the security experts who discovered the problem, Robert Lee and Jack Louis of security vendor Outpost24, say that they can knock Windows, Linux, embedded systems and even firewalls offline with what's known as a DoS attack. The flaws lie in the TCP/IP software used by these systems to send data over the Internet.

Lee and Louis first discussed the problem last week at a conference in Amsterdam, and many of the affected vendors are now working on patching the issue with help from the Finnish national Computer Emergency Response Team, said Lee, who spent most of Wednesday and Thursday explaining the issue.

"The vendors who are capable and responsible for creating solutions are in the loop," said Lee, Outpost24's chief security officer. "The public message here is 'Chill out, the people who need to be involved are involved.'"

He could not say how long it would take to fix the problem.

In a statement, Microsoft said it was investigating the matter and that it was "unaware of any attacks trying to use the claimed vulnerability or of customer impact."

But according to Hansen, if attacks did appear, they could be bad. That's because they can be launched with very little bandwidth and because machines targeted would often remain disabled even after the DOS attack has stopped.

"This appears not to be a single bug, but in fact at least five, and maybe as many as 30 different potential problems," Hansen, the CEO of SecTheory, wrote on his blog. "They just haven't dug far enough into it to really know how bad it can get. The results range from complete shutdown of the vulnerable machine, to dropping legitimate traffic."

Lee and Louis are set to discuss the flaws two weeks from now at the T2 conference in Helsinki, but they will not release additional details if the flaws remain unpatched, Lee said.

Arbor Networks Chief Security Officer Danny McPherson said that while talking about the flaw without revealing the technical details may generate buzz for Lee and Louis' conference presentation, it provides little value to users. "These partial disclosures really do little more than trigger a slew of skepticism," he said via instant message.

Microsoft will unveil at the end of the month its "Cloud OS," the secretive Ray Ozzie project that provides a virtual Windows operating system platform for the rapid development, deployment, and maintenance of Internet services and applications.

Microsoft will unveil details later this month at its PDC (Professional Developers Conference) and show developers the APIs and plumbing services provided by a utility computing platform code-named Red Dog.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

In essence, it is an application development and execution platform that lives on the Internet. Red Dog is similar to Amazon's EC2 (Elastic Computer Cloud) and Google's App Engine, both cloud-based application platforms.

Microsoft also plans to detail the next version of its .Net Framework and improvements to its Web application server that will make it a platform for hosting composite and Web 2.0 applications.

With Red Dog, developers write their applications to take advantage of cloud operating system services much like they do to exploit services on desktop and server operating systems.

Microsoft CEO Steve Ballmer told IT managers at a meeting in London last week that the official name and details of something he called "cloud OS" would see their debut at PDC.

Ozzie and his cloud infrastructure services team at Microsoft have quietly been working for the past few years on what has come to be known as the Red Dog project.

The platform, according to Ballmer, will be in simple terms Windows Server for the cloud and will provide such functions as scaling and server management. He told the IT managers the first version will work with Microsoft's data center but future versions could be used in other datacenters.

"If you are a developer writing an application on the Microsoft platform, what is new that you will be able to do or to use that you can't do today -- those are the questions that should be answered at PDC," says Matt Rosoff, an analyst with the independent research firm Directions on Microsoft.

Ozzie said in July the services platform, as he called it at the time, would provide users with "a new kind of system designed for massive scale-outs, running on large redundant arrays of inexpensive commodity servers in the cloud."

For software on the back end, he said, programs would be spread out across hundreds or even thousands of PCs running in a cloud-based datacenter that appears like one datacenter to the programmer but is actually spread around the world.

And he added there would be opportunities "at the platform level, opportunities at the application level, and also opportunities at the integrated solution level."

PDC will focus on opportunities those levels present to developers.

Ozzie talked about a "programming model [that] was leverageable so that you had common aspects of that programming model when a developer was writing code in the enterprise or in the cloud."

How much of this platform Microsoft plans to reveal at PDC is unknown, but clearly Microsoft will show some of its cards.

Ozzie has said that fiscal year 2009, which began last week for Microsoft, would round out his story with some "significant announcements, significant efforts that have been under way now that represent the investments we've been making for the past couple of years."

Red Hat on Thursday released a Linux software stack for compute-intensive IT environments that it said costs less than Microsoft's price for its comparable Windows offering.

Red Hat charges a subscription of $249 per node, or server, per year for Red Hat HPC Solution, a new offering that combines Red Hat Enterprise Linux with Platform Open Cluster Stack 5, clustering software it has licensed from Platform Computing.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Red Hat HPC Solution also includes device drivers, a cluster installer, cluster-management tools, a resource and application monitor, interconnect support, and a job scheduler. The yearly subscription also includes ongoing technical support, bug fixes, and any future software updates, said product marketing manager Gerry Riveros.

Comparably, Microsoft's Windows HPC Server 2008, which also combines the OS with components needed for clustering and managing the HPC environment, costs a one-time fee of $475 per node, which on the surface seems less expensive than Red Hat's offering.

However, to get maintenance and software updates, Microsoft requires that enterprise customers purchase an Enterprise Assurance (EA) maintenance agreement for three years. Though Microsoft will not disclose publicly what those agreements cost, those familiar with them said they typically cost about 25 to 29 percent of the price of the product.

Factoring in the cost of the EA, the cost of one Windows HPC 2008 Server over three years would be more than $800, while a comparable HPC offering from Red Hat is about $750.

Through its public relations firm, Microsoft on Thursday declined to provide estimates about how much Windows HPC Server 2008 will cost over three years for customers beyond the per-node pricing, saying that information will be available on its Web site on Nov. 1.

Customers who require HPC environments perform tasks such as data modeling or complex, computer-generated simulation that require complex computational power.

Before Thursday, Red Hat offered only a version of Red Hat Enterprise Linux for HPC environments; customers have to assemble other components of the software needed to build a full-scale HPC environment themselves, Riveros said.

He acknowledged that pressure from Microsoft in the HPC market inspired the company to sell an all-in-one offering for a competitive price. Customers, too, asked Red Hat to combine the components with the OS to make for easier deployment and management, he said.

"We wanted to remove the chief roadblocks, the whole hassle of trying to put it together themselves," Riveros said.

Linux is the OS most used for HPC environments and has been dominant in the market for some time. However, over the past several years, Microsoft -- a relative newcomer to the space -- has stepped up its efforts because the company wants people to use Windows in that market.

Last month, Microsoft released to manufacturing Windows HPC Server 2008 as a complete bundle for deploying and managing high-performance clusters at what it claims is a competitive price. Microsoft and Cray also last month unveiled a $25,000 personal supercomputer, the Cray CX1, that they said will give people an HPC environment at their desktop.

Mozilla Messaging has taken the unusual step of turning back the development clock, and will rename an impending beta of Thunderbird 3.0 as a third alpha build, according to one of its developers.

Rather than dub the forthcoming version of Thunderbird 3.0 as Beta 1, which was the plan, Mozilla Messaging will instead call it Alpha 3, said Dan Mosedale, a former Firefox programmer who joined the e-mail offshoot in January.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Among Mozilla's reasons for renaming the preview, said Mosedale, was a fear of potentially negative reviews. "Calling something a beta is likely to trigger a bunch of extra press attention that we're not yet in a position to deal with," said Mosedale in an entry to his blog on Tuesday. "Some number [of] reviews will be inappropriately pre-judging [Thunderbird 3.0] based on its current state. In the best case, this would be a distraction."

Thunderbird 3.0, an open source e-mail client that's the primary project of Mozilla Messaging, has been available in alpha for several months. According to a tentative schedule, Beta 1 was to enter "code freeze" at the end of September, with Beta 2 following in November and the first release candidate in late January.

That schedule will now have to be changed to retool Beta 1 as Alpha 3, and recast Beta 2 as Beta 1.

Mosedale listed other reasons for reverting to alpha status. "We ended up not landing a bunch of stuff for this [Beta 1] milestone that we had initially hoped to," he said. "[And] there is still a lot of highly user-visible feature work left to do." Among the latter, he called out an overhaul of the e-mail client's tabs, additional work on viewing messages, and calendar integration.

After acknowledging that the work so far was not up to typical beta standards, Mosedale said it would be a mistake to tag the impending release with such a label. "The confluence of these things together makes us think that we'll do better to ship this as an alpha and not call down the extra attention that a beta will bring just yet."

Mozilla Messaging grew out of a call last year by Mozilla Corp.'s then- CEO Mitchell Baker to ditch Thunderbird to focus on Firefox, the company's big breadwinner. In July 2007, Baker said that Thunderbird should be cut loose "to determine its own destiny."

Last September, Mozilla seeded the new venture with $3 million in startup funds and tapped David Ascher to lead the venture.

Thunderbird 3.0 Alpha 2, code-named Shredder, can be downloaded in versions for Windows, Mac OS X and Linux from Mozilla Messaging's site.

Computerworld is an InfoWorld affiliate.

IT spending is faring better than the overall economy, and the sector "will avoid a recession in 2008," says Gartner. But in a report sent to clients this week, the analyst firm says it believes IT budgets will show "very low year-over-year growth rates until business growth significantly improves."

Gartner and Forrester Research do not see tech spending traveling into negative territory, but the words "slow" and "slowdown" are used often enough in their reports to get the message across about what's ahead. Forrester released its forecast last week.

[ Learn how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report.  ]

But Gartner is nonetheless advising clients to hedge a little and not assume that the economy won't improve next year. It's recommending that IT managers prepare two budgets: one budget "based on guidelines and directions of senior executives," as well as a "growth budget for 2009 in the event that healthier economic growth rates begin to return next year."

Gartner said overall U.S. economic growth and IT growth were moving at two different speeds and the tech industry may be "even more resilient than we had originally imagined."

In the Gartner report, analysts Ken McGee and Mark McDonald cite government data, results of a survey of about 1,000 CIOs, and recent quarterly reports from top vendors to reaffirm an assessment made earlier this year that IT spending won't turn negative. Tech stocks have taken a beating on Wall Street but have recovered some this week.

Gartner notes in the report that after the last recession, U.S. IT budgets grew slowly. But it said that "executives should not blindly follow history and automatically cut IT costs in 2009 until they are certain that IT's current counter economic trend-performance isn't being contributed to, in part, by their competitors."

In a Sept. 24 report, Forrester said technology purchases were stronger in the first half of 2008 than its projections, but that it was cautious nonetheless. "The U.S. recession and the resulting tech market slowdown have only been delayed, not cancelled," the report says.

Forrester projects a slowdown in tech purchases in the remainder of this year that will carry into the first half of 2009. But it has now raised its forecast in 2008 growth in the purchases of IT goods and services by business and government to 5.4 percent, compared with its May forecast of 3.4 percent. But it has lowered its projected growth rate of 10 percent for next year to 6.1 percent for 2009. Forrester notes that software and outsourcing are two strong areas.

The Forrester report's author, analyst Andrew Bartels, said with regard to financial firms, he expects 10 percent cuts at most in IT where firms have been acquired or merged. n the case of the bankrupt firms whose assets where purchased, the IT reductions could be as much as 20 to 30 percent, he said.

Computerworld is an InfoWorld affiliate.

Apple's iPhone has two design flaws that could pose potential security problems, according to a researcher.

The first one concerns the iPhone's e-mail application, which automatically downloads images within an e-mail, said Aviv Raff, a security researcher, on Thursday.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

That's problematic because the image will refer back to a server-side script when it is downloaded, indicating to the sender that the e-mail has been opened and the e-mail address is valid. The address can then be spammed.

E-mail applications usually are configured to block images from untrusted sources to prevent the problem, Raff said. He suggests that users avoid using the e-mail application or be careful when clicking on links in an e-mail that comes from an untrusted source.

The second design flaw is how the iPhone's e-mail application displays URLs. Messages can be shown in plain text or HTML. When in HTML mode, a user can get an e-mail where the text of the link is different than the actual link. The true link can be displayed by hovering over the text, and a pop-up window reveals the URL. But the problem is the pop-up window truncates the URL since there isn't enough space on the screen.

An attacker could create a Web site with a long subdomain in order to fool a user into thinking it's a legitimate site. In fact, a Web site designed to trick a person into revealing personal information, known as a phishing site, Raff said.

After the bad link is served up in the Safari Web browser, the user may still only see a fraction of the URL. If the address bar is clicked in mobile Safari, the cursor jumps to the end of the URL, so a person must scroll back to see the URL in its entirety, Raff wrote on his blog.

Neither Apple's mobile Safari nor the desktop version of the browser have a phishing filter.

Raff said he notified Apple more than two months ago about the design flaws. The company told Raff it was working on fixes but hadn't said when those fixes would be released.

Raff said he decided to go public with the information since Apple has since released at least three iPhone updates but hasn't addressed the issues.

"I think they put their own users at much more risk by not fixing this," Raff said in an interview. "At least now the users who read this will know to be careful. It's only a matter of time until the bad guys will find this anyway."

Apple couldn't immediately be reached for comment.

A Trend Micro security product manager has recommended people not to buy anti-virus products, including his own. But there is a method to his madness, he assures.

David Peterson, consumer segment director for Trend Micro's ANZ business, said only a handful of the top 10 security threats these days are viruses, with downloaders, Trojans, keyloggers, and phishing scams filling up the list.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

As such, he believes stand-alone AV software is best suited for infrequent users of the Internet such as dial-up users or those who want protection from nasties on USB keys.

"There is a niche for it, but there are also people outside that niche who are buying it."

He said stand-alone AV products are there because the market demands it. "I wish they wouldn't. I don't recommend buying anti-virus products," he said, referring to Trend Micro's and its competitor's products.

What is important is complete protection. "You are better off get Internet security suites," he said.

Peterson has support.

"Trend is correct," said Neil MacDonald, vice president and Gartner Fellow.

"Stand-alone AV is no longer sufficient for protecting end points; however, this does not mean that signature-based mechanisms don't provide value. They just don't provide the value they used to and the vendors haven't adjusted pricing models to reflect the diminished effectiveness of stand-alone AV," he said.

"The ideal end-point security product is an end-point security platform that provides organizations with a variety of styles of protection for end points -- firewalls, AV, anti-spyware, application control, device control, behavioral monitoring, and so on," MacDonald said. This enables organizations to pick and choose the styles of protection appropriate to the endpoint -- which will likely be different combination for desktops, laptops, and servers. Even among severs this will vary by role. "AV is just component of the end-point security platform."

Trend Micro joins a swag of security companies to release security suites this month. It claims Trend Micro PC-cillin Internet Security Pro 2009 is significantly faster than last year's effort. Others released in September include BitDefender Total Security 2009 and BullGuard Internet Security 8.5.

Computerworld Australia is an InfoWorld affiliate.

According to a recent estimate from Verizon, 90 percent of successful exploits these days involve vulnerabilities for which a patch has been available for six months or longer.

"For the overwhelming majority of attacks exploiting known vulnerabilities, the patch had been available for months prior to the breach," Verizon says on page 15 of its 2008 Data Breach Investigations Report. "Also worthy of mention is that no breaches were caused by exploits of vulnerabilities patched within a month or less of the attack."

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

This strongly suggests that a patch-deployment strategy focusing on coverage and consistency is far more effective at preventing data breaches than "fire drills" attempting to patch particular systems as soon as patches are released, the report says.

The bad guys know a lot of companies are slow to patch, and so they continue to cook up exploits for the older vulnerabilities, experts say. In fact, security experts say, worms like Blaster and Sasser -- launched four to five years ago against vulnerabilities for which patches were made available around the same period -- are still in wide circulation today.

"You might have 99 out of 100 machines fully patched, but all it takes is one machine missing one patch," says Eric Schultze, chief technology officer for Shavlik Technologies, a Roseville, Minn., maker of patch management software. "The administrator has to patch 100 percent of things, whereas the hacker only has to hope that only 99 percent got patched."

The problem isn't necessarily one of laziness. One of the problems, Schultze says, is hidden machines.

"There are some percentage of machines the company simply doesn't know it has," Schultze says. "It could be a rogue server sitting under someone's desk, it could be a virtual machine up and running no one knows exists. If you don't know a machine exists, it's probably not going to get patched."

That means, according to Ben Rothke, senior security consultant for BT Professional Services, that "you've got zero day threats and you're working behind the clock."

However there's a big difference between taking, say, two weeks to patch a system because you're testing the patch and the six months in the Verizon report.

The first step in patch management, then, is inventory management. You need a complete inventory of all the systems on your network. In all but the smallest companies, that usually requires an inventory program that can examine what's actually on the network and give you a comprehensive report.

Beyond inventory, the next step is having a process to install and manage patches, backed by the appropriate software.

"There's no shortage of software tools that can do the job," says Rothke. "It comes down to having processes in place to deal with all that."

CSO Online is an InfoWorld affiliate.

The IT staff at the U.S. House of Representatives is taking emergency steps in an effort to handle a fourfold increase in the amount of e-mail that has come in via the House's Web site since Sunday, when the text of the proposed Wall Street bailout bill was posted online.

The crush of e-mails from constituents about the proposed $700 billion bailout clogged the servers hosting the House.gov Web site, making it inaccessible for lengthy periods of time on Monday, when the House voted down the bill and triggered a massive sell-off in the stock market.

[ Learn how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

On Tuesday, the House Office of the Chief Administrative Officer, which provides operations and technical support to a community of 10,000 House members and staffers, implemented a stopgap traffic management measure that seems to have eased the congestion somewhat, said CAO spokesman Jeff Ventura.

In hopes of further improving the site's performance, the CAO Wednesday was testing what, based on Ventura's description, appears to be load balancing technology from a network management vendor. If the tests prove successful, the technology will be deployed on a permanent basis, he said, while declining to identify the involved vendor.

When the House.gov site was checked by Computerworld Wednesday morning, it was accessible but only after a delay, and it appeared to be responding slowly overall. Parts of the site seemed to be functioning Wednesday afternoon. But the links from the home page to individual representatives and committees, as well as the "Find Your Representative" and "Write Your Representative" applications, were still sluggish or completely unresponsive.

Ventura said the congestion crisis began on Sunday, after the details of the proposed bailout bill were posted on the Web page of the House Committee on Financial Services. Almost immediately, there was a huge spike in traffic on the House site from people wanting to read the text of the bill. Much of that likely resulted from the fact that the House was scheduled to vote on the proposal the very next day. "The timeline was so abbreviated until Congress voted on that bill that we had a surge of people who wanted to read it and download it," Ventura said.

Bad as the increased traffic itself was, what really made things worse was that many of the people who came to the site tried to send e-mails to legislators using the embedded "Write Your Representative" program. That application "was never meant to handle the enormous load" of messages it began receiving on Sunday, Ventura said, adding that the app's performance "was so degraded that combined with the traffic, it started to clog our entire system."

That caused a massive backup in access, and would-be users were completely locked out of the site by Monday afternoon. "The alarm bells started ringing on Sunday night," Ventura said. "Monday afternoon, it got worse. It snowballed. Monday was absolutely awful."

According to Ventura, the situation was exacerbated by the fact that advocacy groups around the country were dumping large quantities of e-mails from citizens directly into the "Write Your Representative" application.

After an emergency meeting of IT staffers on Monday night, the CAO Tuesday began regulating the flow of e-mails coming from the application as a temporary solution to the problem. "We basically put a traffic cop inside the application," Ventura said. "We only let so many people use the application at a time. When traffic peaked, we shut it off and gave people a sort of digital busy signal."

The work-around may not have been the optimal way to resolve the congestion problem, but it helped to mitigate the immediate crisis and restore accessibility to the Web site, Ventura said. He added that the traffic and performance problems don't appear to have affected the delivery of e-mails to legislators from people who were able to successfully get into the "Write Your Representative" application and fill out the message form.

The traffic on the House.gov site this week has reached unprecedented levels, Ventura noted. "The 9/11 Commission report caused a spike in traffic to the point where we noticed degradation," but not to the extent of what the site has seen since Sunday, he said.

Computerworld is an InfoWorld affiliate.

Enterprises can now buy a networking appliance from Cisco Systems that runs basic Windows Server 2008 functions, a product designed for use in branch offices, Cisco and Microsoft announced Wednesday.

The companies said in February that they were working on a way for enterprises to run Windows Server 2008 services locally at a branch office on Cisco's Wide Area Application Services (WAAS) networking appliance. The alternative for many companies is either to use a full Windows Server at every branch, which could be overkill, or run all functionality centrally, which could result in slow performance for branch workers.

[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]

With the new product, called Windows Server on WAAS, branch offices can host services locally including Active Directory, Microsoft Print Services, Microsoft Domain Name System Server and Microsoft Dynamic Host Configuration Protocol Server. That can improve performance for branch workers and reduce costs related to wide area network connectivity and branch systems management. An IT administrator can remotely manage the Windows Server functions using Microsoft System Center.

Cisco used embedded virtualization technology in its appliance to enable Windows Server 2008 to run on it.

Some companies that had early access to the product describe their experiences on a Web site set up by Microsoft and Cisco. Farm Credit Services of Mid-America had 180 Windows Servers companywide, including one in nearly every branch, said Jim Curtis, director of infrastructure. His goal with Windows Server on WAAS is to move most of the branch servers to the company's data center to make better use of a small infrastructure support staff.

He currently runs Active Directory centrally, but once the appliance setup is complete he could move Active Directory to the branches as a read-only function, improving log-in times for workers and mitigating potential security issues, he said.

The product is one example of Cisco and Microsoft working together while they also compete in other markets, such as unified communications.

Pricing for Windows Server on WAAS starts at $10,000, including the hardware and the software license. Other configurations with more storage are also available.

Hewlett-Packard will buy LeftHand Networks for $360 million to fill in its storage virtualization and iSCSI lines with products for medium-size companies and remote offices and branches.

The Boulder, Colo., company was an early developer of SANs built around iSCSI (Internet Small Computer System Interface). It sells software that runs on existing storage and industry-standard server platforms. It was founded in 1999. The purchase agreement, announced Wednesday, is expected to close in HP's fiscal 2009 first quarter, which will end in January.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

SANs and storage virtualization help enterprises centralize their storage capacity and allocate it as needed, potentially cutting costs and energy consumption. LeftHand will help HP extend its virtualization offerings to the midmarket, the companies said in a news release. Among the features of LeftHand's products are data replication for backup and disaster recovery, and an "intelligent cloning technology" that can reduce the amount of required disk space by as much as 97 percent, the companies said.

LeftHand's products already work with many of HP's, including Proliant servers, BladeSystem platforms, ProCurve networks, and Insight Control management software. In addition, the company has an OEM deal in which it sells software pre-loaded on HP ProLiant DL320s computing-plus-storage servers, with integration work done at HP's factories, according to Lee Johns, director of marketing for entry storage at HP.

LeftHand has 215 employees, and its products are distributed by more than 500 resellers and distributors around the world. With about 3,000 customers, its products are installed at more than 11,000 sites, the companies said.

In addition to an ideal set of products for midsize enterprises, LeftHand will bring HP software that the company can deploy in a wide range of platforms, including blade servers, Johns said. LeftHand offers more sophisticated capabilities than HP's MSA (Modular Storage Array) midrange systems, especially virtualization, he said.

For example, medium-size enterprises that are just getting involved in storage virtualization can do so without even buying new storage, using LeftHand's software to virtualize existing direct-attached storage. And with LeftHand's intelligent cloning, HP gets a more efficient way to deploy multiple virtual desktops, Johns said. HP will position the MSA line as a lower-end platform for enterprises that don't need the extra capabilities of LeftHand's software, he said. LeftHand's software also includes thin provisioning for allocating storage capacity that doesn't yet exist, he said.

The buyout gives HP a fresh set of products using an important technology, according to analyst Arun Taneja of Taneja Group.

"iSCSI is here, it's proving itself, and every storage company that wants to survive and thrive in the next decade has got to have a good iSCSI product," Taneja said. Among other things, iSCSI allows for quicker deployment and quicker provisioning of storage, he said. Although it's an upstart against the more established Fibre Channel, iSCSI will even make inroads into large enterprise datacenters, Taneja predicted.

While EMC and other vendors adapt their Fibre Channel gear to support iSCSI, less-established players such as LeftHand have been able to bring in newer software that's easier for customers to use, and that's a key selling point, he said.

Another thing that sets LeftHand apart is the ability to cluster its platforms so that each additional system increases both the resiliency and the performance of the cluster, Taneja said.

The current gloom on Wall Street may have formed a silver lining for HP, because it probably would have paid much more for LeftHand a year ago, Taneja said. Dell agreed to buy EqualLogic, another iSCSI star, for $1.4 billion last November.

Tiring of its mission to "organize the world's information," Google has set itself a new objective: save the planet.

The search giant unveiled a $4.4 trillion plan Wednesday to reduce the United States' dependency on fossil fuels and embrace alternative energy. The proposal would yield a net saving of $1 trillion by 2030 and slash U.S. carbon dioxide emissions by 48 percent, according to Google, which said it had been busy "crunching the numbers."

The plan involves weaning the United States off of coal for producing its electricity and turning to wind, solar, and geothermal power instead. It would also cut oil use in cars by 40 percent and use electricity for personal transportation. Google said its goal in announcing the plan, called Clean Energy 2030, was to stimulate debate.

"With a new Administration and Congress -- and multiple energy-related imperatives -- this is an opportune, perhaps unprecedented, moment to move from plan to action," the company said.

It's the latest and perhaps most ambitious attempt by Google to shape public policy. The company has already weighed in on issues like worker immigration, intellectual property law, and net neutrality. Energy is further from its expertise, but Google has been hiring experts to help with the task, including the lead author of the proposal, Jeffery Greenblatt, a former scientist with the Environmental Defense Fund.

CEO Eric Schmidt was to present the proposal in San Francisco on Wednesday evening. Google also described the plan in a blog posting and in more depth on its Wikipedia-like Knol Web site.

It deals primarily with two areas: electricity production and personal vehicles. The basics look like this:

Reduce energy use today: Naturally for Google, it starts with computers. Datacenters and personal computers both can be operated much more efficiently, by unplugging PCs when they are not in use, for example. Building codes can be more aggressive, and "smart meters" in homes that give real-time pricing should encourage people to use less power. Pacific Gas & Electric is already installing such meters in Northern California.

Electricity: The United States today produces half its electricity from coal, 20 percent each from natural gas and nuclear energy, and 1.5 percent from oil. The plan would replace coal and oil with primarily wind, solar, and geothermal energy (using heat from inside the earth). It calls for keeping electricity demand at today's level, which would lop 30 percent off the projected demand in 2030. Onshore and offshore wind would account for a further 29 percent of demand, solar 12 percent, and geothermal 15 percent. Nuclear, hydro, and natural gas would make up the rest.

Google acknowleged that solar energy is expensive today, but said the deserts in the southwest could be used for "concentrating solar power," which could "bring costs down fast." Geothermal energy is "the sleeping giant," according to Google.

Personal vehicles: The United States consumes 21 million barrels of liquid fuels per day, with 60 percent going into cars and other "light personal vehicles." The plan calls for incentives to increase electric and hybrid car sales to 100,000 in 2010 (annual U.S. car sales today are about 15 million), 3.7 million in 2020, and 22 million in 2030. It proposes boosting gas mileage for conventional vehicles to 45 miles per gallon, something experts say is plausible.

Economics: Google made several assumptions about costs and savings, including the costs of alternative energy equipment, such as the infrastructure for charging electric cars, and the savings from more efficient power sources. It assumed that gasoline will double in price to $8 per gallon by 2030, and accepted that fluctuations could add or remove billions in its calculations.

Jobs: It predicted that millions of jobs in construction, operations, and professional services would be created with the alternative energy industries, as well as more jobs in electric vehicle manufacture.

Google isn't the first to devise such a plan. It acknowleged that former Vice President Al Gore has come up with a more ambitious proposal. It remains to be seen now if Google's effort will stir the United States into action.

Fearful tech workers tiptoeing along the shaky alleys of Wall Street -- and fretting about losing their jobs -- should take a deep breath. Of the more than 100,000 job losses expected as a direct result of the financial crisis, only a tiny slice will likely be from the tech ranks, figures Sean O'Dowd, an analyst at market researcher Financial Insights.

As with any market consolidation, finance companies "will look for redundancies and overlap," O'Dowd says. For IT, that means management, not programmers, admins, and other line staff. "I think [layoffs] will come out of the IT management layer such as CIOs, so you're looking at hundreds [of layoffs], not necessarily thousands. Companies will continue to need a lot of the rank-and-file IT folks."

[ Learn how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. | Think it's time to go the startup route? Find out how to get hired at a hot startup or start your own high-tech business. ]

Greg Carr, CEO of consultancy McGat Enterprises and an IT finance veteran who now runs a Web site that helps IT finance professionals manage technology costs, says he recently talked to his 16 IT management-level advisors from Unisys, Wells Fargo, Deutsche Bank, and other firms, "and they are all nervous. ? My friend at EDS is looking for cover right now."

Although Wall Street firms' general pool of tech employees may be relatively safe for the moment, the tech vendors who supply them will see job cuts as their revenues fall.

And over time, there'll be a glut on the scale of the dot-com bust of IT finance pros looking for work, predicts John Estes, vice president of staffing firm Robert Half Technology. "We're advising our IT candidates, especially the ones really freaked out by this, to dust off their r?sum?s and be prepared to show accomplishments with tangible results" to potential employers, he says. Still, Robert Half Technology hasn't received a flood of calls from IT workers yet, he adds.

Death of the discretionary spend Estes, O'Dowd, and Carr agree that the biggest hit to IT finance pros will come to those working on discretionary projects. "There is a slow-up of IT projects, anything from VoIP to replacing legacy equipment," says Carr.

Capital markets firms have traditionally led in the adoption of new technologies, but given the uncertainty of the future, they've made an abrupt about-face. Financial Insights reports financial services firms put 22 percent of their IT budgets toward discretionary projects. "For institutions facing bankruptcy or being acquired, we see that spend being put on hold," O'Dowd says.

Or worse. Robert Half Technology provides tech workers to a systems integrator in the Northeast whose client is an insurance company. "They just put the brakes on a new project -- not postponed but cancelled," Estes says.

Assessing how much your job is at risk Generally speaking, tech workers in finance fall into four categories. Business-infrastructure folks handle everyday IT needs. Networking pros are focused mostly on connectivity and latency issues. Datacenter administrators must be skilled in heavy transaction volume, grid computing, and virtualization. And some IT workers and developers support proprietary trading activities.

The financial crisis will affect the last group the most in the near term. That's because the bulk of job losses from the likes of Bear Stearns, Lehman Brothers, Merrill Lynch, and others will come from shuttered lending units -- thus, IT folks solely supporting these lines of business may be at risk.

Coming from a position of strength The upside is that most of these at-risk financial IT workers have specialized financial skills that will continue to be in high demand from financial companies of all sizes on the prowl to pick up this talent. Such IT people have been eagerly courted, making the supply low; the financial crisis may give second- and third-tier companies a shot at this talent pool, and perhaps for less money than in the boom times. Such highly valued skills include working at the application level on algorithmic trading programming, complex event processing specific to a trading environment, order management, derivatives trading, and evaluation applications.

Although their skills are not easily transferable to other industries, "these are valuable jobs that you're not going to see going out the door," says O'Dowd. "Business analysts won't be going anywhere, either."

O'Dowd also predicts IT workers in business infrastructure, networking, and datacenters have at least a year of job security, as finance firms work through the heavy integration process caused by the current wave of consolidation. It'll take some time before these firms figure out their needs from here on out.

But after that, all bets are off. "Once they've evaluated their ongoing needs, you might see a spike in layoffs at lower-level IT positions," O'Dowd says. Still, O'Dowd contends such IT workers shouldn't have a problem finding work -- if not in finance, then in outside industries. "IT folks in the financial services industry deal with firms that demand the greatest amount of performance, scale, volume and speed," he says, "and they have the ability to see things in worst-case, stressed scenarios -- there may be a premium for folks like that."

That premium, though, may not be as rich as in the financial sector, warns Robert Half Technology's Estes. Salaries and benefits likely won't be the same.

Hardware vendors, which are just getting a first look at AMD's next-generation server chip, are giving the Shanghai processor an initial thumbs-up, analysts say.

AMD is hoping the new hardware can help it rebound from the struggles that bogged down the company after it delayed the release of the Barcelona chip. The eight-month delay, caused by a glitch in the processor, lost the company market share, as well as mind share, prior to Barcelona's ultimate release last spring.  

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

Since then, AMD has been trying to get back on its feet, put its financial troubles behind it, and get back in the game with archrival Intel.

An AMD spokesman confirmed Wednesday that the company has started shipping production-quality Shanghai chips to OEMs so that they can make final validations.

Industry analysts say that shipping the quad-core server processor -- the company's first 45-nanometer chip -- to OEMS for an early look-see is a very good sign for AMD. The new Shanghai chip was originally scheduled for release in the first quarter of 2009, but AMD has pushed the ship date ahead to the fourth quarter of this year.

Rob Enderle, an analyst at Enderle Group, said that when Barcelona was in the works, AMD executives were distracted by the chipmaker's acquisition of ATI Technologies during 2006. Now, with the acquisition settling in and new leadership at the helm of the AMD, the focus is back on processors.

"The combination of the higher level of focus and the less risk that they're taking is resulting in them beating their own date," said Enderle, noting that the Shanghai chips may be cast on a new 45nm die but architecturally are quite similar to Barcelona. "Right now, the OEMs seemed to be pretty happy with it. One, it's showing up ahead of schedule and it seems to be performing well against expectations. We're still at the front end of sampling, so we won't know how well it's performing for a few weeks yet but so far the OEMs like what they've seen," he added.

Dan Olds, principal analyst with the Gabriel Consulting Group, said an OEM told him that after an evaluation, it plans to use the chip in systems. "I think we're beyond the 'looking/evaluation' stage and into the 'let's build the systems that will use it' stage," he added. Olds noted that the vendor, which he declined to identify, plans to ship Shanghai-based systems as early as the fourth quarter of this year, but possibly in the first quarter of 2009.

While it's good for AMD to get Shanghai out on or ahead of schedule, it's also very good for the company to catch up to Intel in the 45nm race, noted Dean McCarron, an analyst at Mercury Research. Intel came out with its first 45nm processor family -- Penryn --  last November, a year before AMD's first 45nm chip.

"AMD's processor technology is still lagging behind Intel's a little bit," said McCarron, who added that he's also heard positive reviews from two OEMs. "The key piece is having it be current enough that they're not missing the big volume part of the curve. It's certainly helping AMD to catch up. Shanghai helps improve AMD's position in the server market."

News of AMD's new processor comes amid talk that the chipmaker may be preparing to spin off its manufacturing operations into a separate company.

Last month, John Lau, senior semiconductor analyst and managing director of Jefferies & Co., told Computerworld that AMD is looking to spin off its fabrication plants into a separate company funded by a Middle East consortium. The company, according to Lau, will handle AMD's manufacturing but will also be free to build chips for other companies.

At the time, Lau predicted that AMD would announce the news on or around Sept. 15. That hasn't happened, but speculation about it still swirls around the industry.

Google's leadership on the Web stems partly from its powerful datacenters, which allow it to provide lightning-fast search results while keeping energy costs to a minimum. The company has been mostly secretive about what goes on inside these giant computing factories, but on Wednesday it offered a peek at what it has been able to achieve -- on the energy side at least.

Google has published results from internal studies showing that its datacenters are "the most efficient in the world," according to a blog post from Urs Hölzle, its senior vice president of operations. While some of what it does, like designing its own servers, isn't practical for most businesses, other tricks could be replicated by other companies, albeit for an upfront capital cost.

Its announcement coincides with a speech about energy that CEO Eric Schmidt is due to give Wednesday evening in San Francisco. Schmidt will argue that the U.S. can reduce its oil dependency by drilling for "natural and clean geothermal energy" and making a "bold move" into solar and wind power, according to the event's agenda.

Google uses a metric called PUE, or Power Usage Effectiveness, to measure its datacenter efficiency. It gives a ratio of the total power consumed by a datacenter to the power consumed by the IT equipment used in the facility. For example, a PUE of 2.0 indicates that for every watt that directly powers the IT equipment, an additional watt is used to cool and distribute power to that IT equipment.

In a report to the U.S. Congress in 2006, the Environmental Protection Agency estimated that the typical enterprise datacenter had a PUE of 2.0 or higher. It also forecast that by 2011, datacenters employing "state of the art" techniques like liquid cooling could reduce their PUEs to 1.2.

Google said Wednesday that it has achieved that PUE as the average across all of its datacenters, and that one of them operates with a PUE of 1.13. "Today we are operating what we believe to be the world's most efficient datacenters," Hölzle wrote.

That's no small claim given that many of its competitors are also experimenting with datacenter designs to improve efficiency. Microsoft has been packing servers into shipping containers, creating a closed environment that allows it to manage cooling more efficiently. The company said recently it had achieved a PUE of 1.3 in one of these containers. They are not widely in use yet, but Microsoft plans to put more than 200 of them at a new datacenter in Chicago.

Google starts its energy push with designing better servers, which typically waste a third of the energy they consume before any of it reaches the components. The company uses highly efficient power supplies for the servers and efficient voltage regulators on the motherboards. It said it also strips out components that it doesn't need, like graphics chips, and designs computers and server racks to use as little fan power as possible.

The company says it saves $30 and 500kWh per year for each server, and puts 300kg less carbon dioxide into the atmosphere.

For its datacenters, it focused on cooling, which can account for up to 70 percent of the overhead in energy use. It uses water evaporation to minimize the use of its chiller equipment, which is basically a large air conditioner for the datacenter. It showed a photograph of a large cooling tower in Oregon that it uses for water evaporation.

"With cooling towers, our datacenters spend most of their time running in a mode called 'free cooling.' This means the chillers are off. Free cooling isn't technically free, but it is really inexpensive and really efficient," the company said.

The company is also using recycled water for its cooling to relieve the strain on the environment. A data center it is building in Belgium will use only recycled water, pulled from a nearby canal and run through a filtration system. By 2010 it hopes that 80 percent of all the water it uses will be recycled.

"Sustainability is good for the environment, but it makes good business sense too," the company said. "Most of our work is focused on saving resources such as electricity and water, and more often than not, we find that these actions lead to reduced operating costs."

Bending to criticism from iPhone developers, Apple announced Wednesday it is dropping the NDA (non-disclosure agreement) for applications that have been released.

In a message posted to its developer site, Apple hinted that the move came in response to critics, who had blasted the company for continuing to muzzle developers long after they had wrapped up work on their software.

[ Fatal Exception blog: SDK shootout: Android vs. iPhone | Special report: IT's guide to the iPhone ]

Last week, some took Apple to the woodshed after reports surfaced that the company had told developers that the NDA applied to all communication, including rejection notices sent when applications were turned down by the App Store, the only official outlet for third-party iPhone programs.

"We have decided to drop the NDA) for released iPhone software," said Apple in the message. "We put the NDA in place because the iPhone OS includes many Apple inventions and innovations that we would like to protect, so that others don't steal our work. It has happened before."

But it acknowledged the recent negative publicity over its continued push for secrecy. "The NDA has created too much of a burden on developers, authors and others interested in helping further the iPhone's success, so we are dropping it for released software," Apple said. "Thanks to everyone who provided us constructive feedback on this matter."

Not everyone is free to speak, however. Apple reminded developers that the NDA remains in force for "unreleased software and features."

Nor did Apple specify whether the new relaxed rules will apply to iPhone applications that have been submitted, but then rejected, for inclusion in the App Store. Apple did not respond to a request for clarification Wednesday morning.

That may be an important point to developers who have had their work rejected, but then are unsure of how much, if anything, they can say about why Apple declined to sell their software.

A week ago, for example, Alex Sokirynsky, an iPhone developer whose Podcaster application had been rejected, pulled a blog post that had hammered Apple for shutting down his developer account. Sokirynsky had said Apple took "the coward's way out" by barring him from selling Podcaster using the Ad Hoc distribution channel as an end-around the rejection.

Some suspected that Sokirynsky yanked the post because of the NDA.

Sokirynsky had become a minor iPhone celebrity after Podcaster was rejected. When Apple denied him access to the App Store, Sokirynsky published Apple's reason. "Since Podcaster assists in the distribution of podcasts, it duplicates the functionality of the Podcast section of iTunes," Apple told him.

Other developers railed at Apple for that rationale. Fraser Speirs, for instance, said he was done with the iPhone, and called on Apple to publish clear rules for what it would accept, and to add a pre-approval procedure to the App Store application process.

Wednesday, however, Speirs and others applauded Apple's NDA decision. "Now that's the Apple I know and love," said Speirs in a Twitter message. "Next stop: pre-approval of app concepts and the future is golden."

Apple said Wednesday that it would send developers a revised NDA in about a week.

Ross Mayfield?, founder of Socialtext, unveiled this week version 3.0 of his company's enterprise wiki, which promises to make the corporate directory a social networking tool for the workplace.

Socialtext 3.0 adds Socialtext People and Socialtext Dashboard? to the stew plus enhancements to the Socialtext Workspace platform.

[ For more on wikis in the enterprise see Dos and don'ts for managing IT projects with wikis .]

Socialtext People connects user profiles to LDAP or Microsoft Active Directory systems, enabling users to search for and find experts who are outside of their current social network group. Users can also subscribe to the activities of these experts to remain current with their latest work.

Socialtext Dashboard integrates with Workspace to put ?alerts of colleague activities in a work-related context so that the recipient knows who is signaling and why.

Dashboard is customizable using the REST API?, which allows users to receive updates from enterprise business applications like SAP or Salesforce automatically. For example, if inventory is delivered to the warehouse, Dashboard can send an automated alert to the sales force that is awaiting news of that important event.

Dashboard also gives users a window into online conversations happening on the network.

Socialtext Workspace is a significant upgrade, according to company executives, with improved navigation tools, tighter integration with Dashboard and People.

Jeff Herz, vice president, technical product management at MKTG?, a marketing and communications company that uses the current version of Socialtext, said he is looking forward to version 3.0 because of the Peop