A free online encyclopedia of internal network security issues was released Tuesday by network security provider Promisec, which includes popular Web-based applications among possible data-loss threats.

Internal threats may come from various sources such as usage of USB (Universal Serial Bus) memory sticks, programs like Skype, unwanted file types, and any services or applications that are not permissible or aren't covered by registered software licenses, according to Promisec, based in Rishon Letziyon, Israel.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Promisec hopes that the encyclopedia -- which lists and dates dozens of potential threats and ranks them on a five-part scale, ranging from "extremely critical" to "not critical" -- will help promote its marketing and sales efforts.

The newest applications that may pose threats -- such as EnterMyPC, Kismet and Wireshark -- are included and described with information on the manufacturer, systems affected, relevant links and date added. In addition, the site contains monthly charts showing how internal network risk trends have changed in the past year, an internal security tips and tricks section, articles on recent internal security incidents, an overview of internal threats, and other resources.

Today, the top five threats listed by the encyclopedia are MySpace, Skype, Tencent QQ, PacketTrap and Google Talk.

However, PacketTrap Networks has challenged Promisec over its inclusion on the list. The vulnerability in its pt360 software that the online encyclopedia lists was discovered by San Antonio network security auditing firm Digital Defense earlier this year. A patch was issued in February, according to the San Francisco maker of network monitoring tools.

Given that PacketTrap has registered about 80,000 downloads, by its count, since releasing the software, its vice president of marketing and corporate development, Anna Yen, said in an e-mail message that she considered it odd that her company could be considered a "top five" threat along with MySpace, Skype and Google. She added that only 106 users downloaded the version of the software that included the vulnerability.

The encyclopedia is part of the Promisec Risk Center, a resource for statistics highlighting significant internal network threats.

"This tool helps us make sense of internal threats and actually beg companies to draw comprehensive policies and action plans to deal with these threats," said Amir Kotler, Promisec CEO. "It is set to include thousands of terms and enable IT professionals to post feedback and comments."

Promisec's network security software aims to detect and eliminate internal threats, without using ActiveX or any other type of dissolvable agent, run-once technology that removes traces of itself. The company estimates that over 80 percent of attacks and corporate abuse originate internally. As an example, Kotler noted last year's data breach in Pfizer, where the data of about 15,700 existing and former employees were compromised when the spouse of an employee downloaded file-sharing software onto a company-issued laptop.

Ericsson and STMicroelectronics will form a joint venture to build semiconductors and platforms for mobile devices, the companies said Wednesday.

The 50/50 joint venture will build the guts of mobile devices for current 2G and 3G mobile networks, as well as faster, emerging technologies, namely LTE (Long-Term Evolution). The companies formed it to achieve scale, combining what they called complementary product lines, as well as supplier relationships with Nokia, Samsung Electronics, LG, Sharp, and Sony Ericsson Mobile Communications. It will supply those device makers with hardware, software, and support for delivering mass-market products.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

Ericsson is one of the world's largest providers of mobile network infrastructure. Its Ericsson Mobile Platforms division, created in 2001, supplies platforms for handsets and other mobile connectivity products, including data cards for PCs. Several years ago, Ericsson shifted its actual branded handset business to Sony Ericsson.

The planned company, as yet unnamed, would combine Ericsson Mobile Platforms with ST-NXP Wireless, which itself is a joint venture between STMicroelectronics and NXP Semiconductors. ST-NXP Wireless began operations on Aug. 2. In addition to developing chips and platforms for devices using everything from 2G to LTE networks, ST-NXP boasts a strong position in TD-SCDMA (Time-Division Synchronous Code-Division Multiple Access), a 3G technology developed in China that is being tested by China Mobile.

Ericsson President and CEO Carl-Henric Svanberg will be chairman of the new joint venture, while STMicroelectronics President and CEO Carlo Bozotti will be vice chairman. Each company will have four board seats. It will be based in Geneva and have approximately 8,000 employees. The deal is subject to standard regulatory approvals, the companies said.

Palm unveiled on Wednesday the Treo Pro, a keyboard-enabled smartphone that will contend for a piece of the mobile market against such superstar players as Apple, Google, and Linux OS.

What the Pro lacks in glitz and glamour ? it looks a lot like a RIM BlackBerry ? it makes up for by using a tried-and-true operating system, Windows Mobile 6.1. Windows Mobile boasts hundreds of thousands of developers, both corporate and third party, who are familiar and comfortable with the Windows platform.

?The Windows OS and device makers are enjoying expanded adoption in the enterprise,? said Gerry Purdy, vice president and chief mobile analyst at Frost & Sullivan.

Windows Mobile has sold 20 million units in the past year and still growing, said Purdy, who predicts Windows Mobile will increase its presence in the enterprise even more in 2009.

While the form factor may not be significantly new, said Pete Daily, Integrated Program Manager at Frost & Sullivan, the fact that it uses Exchange also means that the device should integrate seamlessly with other core enterprise applications like Microsoft Office. But Daily considers the $549 retail price a bit steep.??

?There are no carrier partners in the U.S., which is why there are no subsidies but that also means there is no distribution channel,? said Daily.

Without carrier support, business users will have to rely on their own IT departments; IT, in turn, will have to rely on Palm itself to provide enterprise-level support, something Michael Akamine, senior product manager at Palm said the company is prepared to do.

?We have a team of enterprise sales engagements and tech systems engineers that work with enterprise customers,? said Akamine.

In the United States, the tri-band Treo Pro will be sold unlocked, allowing users to choose any GSM operator by simply installing a new SIM chip. At this point, Palm does not have a CDMA version, which rules out companies using Sprint or Verizon.

Nevertheless, the Treo?s success may come more from the business market. An unlocked version will give IT departments that deploy GSM cell phones the flexibility to choose a device that works with the company?s short list of approved carriers.

The Microsoft partnership will also give IT Microsoft Direct Push Technology, a direct link to Microsoft Exchange Server 2003 SP2 or 2007 for e-mail, contacts, and calendars.

Palm will also leverage Microsoft System Center Mobile Device Manager 2008 for security such as enforced password use, remote lockdown, updates, and access to the corporate network.

In addition, according to Akamine, partnering with Microsoft gives IT managers the ability to keep all data inside their own NOC (network operating center) rather than going out to a third party for a piece of the infrastructure.?

Other Treo features include IEEE 802.11b/g Wi-Fi, a 400MHz Qualcomm processor, Bluetooth, IR, 256MB of storage, and 128MB of RAM.

But the Palm also gives Microsoft something they needed, according to Ken Dulaney, chief mobile analyst with Gartner.

?Microsoft has had a shortage of good hardware to compete against BlackBerry. They upgraded to 6.1, which is a competitive platform but lacked the hardware,? said Dulaney.

The Treo fixes that problem and smoothes out some of Microsoft?s traditional rough edges when it comes to installation and networking, Dulaney said.

The unit also has a 2-megapixel camera, a microSDHC expansion slot, and USB.

The Treo measures 2.36 inches wide by 4.49 inches long and 0.53 inch deep, and it weighs 4.69 ounces. Units will ship in the fall.

Databases are evolving faster than ever, becoming more fluid to keep pace with an online world that's becoming virtualized at every level.

In many ways, the database as we know it is disappearing into a virtualization fabric of its own. In this emerging paradigm, data will not physically reside anywhere in particular. Instead, it will be transparently persisted, in a growing range of physical and logical formats, to an abstract, seamless grid of interconnected memory and disk resources; and delivered with subsecond delay to consuming applications.

[ Stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

Real-time is the most exciting new frontier in business intelligence, and virtualization will facilitate low-latency analytics more powerfully than traditional approaches. Database virtualization will enable real-time business intelligence through a policy-driven, latency-agile, distributed-caching memory grid that permeates an infrastructure at all levels.

As this new approach takes hold, it will provide a convergence architecture for diverse approaches to real-time business intelligence, such as trickle-feed extract transform load (ETL), changed-data capture (CDC), event-stream processing and data federation. Traditionally deployed as stovepipe infrastructures, these approaches will become alternative integration patterns in a virtualized information fabric for real-time business intelligence.

The convergence of real-time business-intelligence approaches onto a unified, in-memory, distributed-caching infrastructure may take more than a decade to come to fruition because of the immaturity of the technology; lack of multivendor standards; and spotty, fragmented implementation of its enabling technologies among today's business-intelligence and data-warehouse vendors. However, all signs point to its inevitability.

Case in point: Microsoft , though not necessarily the most visionary vendor of real-time solutions, has recently ramped up its support for real-time business intelligence in its SQL Server product platform. Even more important, it has begun to discuss plans to make in-memory distributed caching, often known as "information fabric," the centerpiece middleware approach of its evolving business-intelligence and data-warehouse strategy.

For starters, Microsoft recently released its long-awaited SQL Server 2008 to manufacturing. Among this release's many enhancements is a new CDC module and proactive caching in its online analytical processing (OLAP) engine. CDC is a best practice for traditional real-time business intelligence, because, by enabling continuous loading of database updates from transaction redo logs, it minimizes the performance impact on source platforms' transactional workloads. Proactive caching is an important capability in the front-end data mart because it speeds response on user queries against aggregate data.

Also, Microsoft recently went public with plans to develop a next-generation, in-memory distributed-caching middleware code-named "Project Velocity." Though the vendor hasn't indicated when or how this new technology will find its way into shipping products, it's almost certain it will be integrated into future versions of SQL Server. Within Project Velocity, Microsoft is playing a bit of competitor catch-up, considering that Oracle already has a well-developed in-memory, distributed-caching technology called Coherence, which it acquired more than a year ago from Tangosol. Likewise, pure-plays, such as GigaSpaces, Gemstone Systems, and ScaleOut Software have similar data-virtualization offerings.

Furthermore, Microsoft recently announced plans to acquire data-warehouse-appliance pure-play DATAllegro and to move that grid-enabled solution over to a pure Microsoft data-warehouse stack that includes SQL Server, its query optimization tools and data-integration middleware. Though Microsoft cannot discuss any road-map details until after the deal closes, it's highly likely it will leverage DATAllegro's sophisticated massively parallel processing, dynamic task-brokering and federated deployment features in future releases of its databases, including the on-demand version of SQL Server. In addition, it doesn't take much imagination to see a big role for in-memory distributed caching, à la Project Velocity in Microsoft's future road map for appliance-based business-intelligence/data-warehouse solutions. Going even further, it's not inconceivable that, while plugging SQL Server into DATAllegro's platform (and removing the current Ingres open source database), Microsoft may tweak the underlying storage engine to support more business-intelligence-optimized logical and physical schemas.

Microsoft, however, isn't saying much about its platform road map for real-time business-intelligence/data-warehousing, because it probably hasn't worked out a coherent plan that combines these diverse elements. To be fair, neither has Oracle -- or, indeed, any other business-intelligence/data-warehouse vendor that has strong real-time features or plans. No vendor in the business-intelligence/data-warehouse arena has defined a coherent road map yet that converges its diverse real-time middleware approaches into a unified in-memory, distributed-caching approach.

Likewise, no vendor has clearly spelled out its approach for supporting the full range of physical and logical data-persistence models across its real-time information fabrics. Nevertheless, it's quite clear that the business-intelligence/data-warehouse industry is moving toward a new paradigm wherein the optimal data-persistence model will be provisioned automatically to each node based on its deployment role -- and in which data will be written to whatever blend of virtualized memory and disk best suits applications' real-time requirements.

For example, dimensional and column-based approaches are optimized to the front-end OLAP tier of data marts, where they support high-performance queries against large, aggregate tables. By contrast, relational and row-based approaches are suited best to the mid-tier of enterprise data-warehouse hubs, where they facilitate the speedy administration of complex hierarchies across multiple subject-area domains. Other persistence approaches -- such as inverted indexing -- may be suited to back-end staging nodes, where they can support efficient ETL, profiling and storage of complex data types before they are loaded into enterprise data-warehouse hubs.

For sure, all this virtualized data infrastructure will live in the "cloud," in a managed-service environment and within organizations' existing, premises-based business-intelligence/data-warehouse environments. It would be ridiculous, however, to imagine this evolution will take place overnight. Even if solution vendors suddenly converged on a common information-fabric framework -- which is highly doubtful -- enterprises have too much invested in their current data environments to justify migrating them to a virtualized architecture overnight.

Old data-warehouse platforms linger on generation after generation, solid and trusty, albeit increasingly crusty and musty. They won't get virtualized out of existence anytime soon, even as the new generation steals their oxygen. Old databases will expire only when someone migrates their precious data to a new environment, then physically pulls the plug, putting them out of their misery.

IBM is investing US$300 million to build 13 new data centers that will help customers around the world recover from disaster by storing their data remotely in a cloud-based storage model .

The data centers, to be built this year, will be spread worldwide in locations including Hong Kong, Tokyo, Paris, London, Beijing, Poland, Italy, New Jersey, Germany, Brazil, India and South Africa.

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

Stemming from IBM's acquisition of Arsenal Digital Solutions , IBM is calling the new facilities Business Resilience service delivery centers.

"The massive infrastructure expansion is the largest of its kind and will permit IBM clients to access services that support business continuity for the first time from a cloud computing environment," IBM states in an announcement released Wednesday. "Using the service delivery platform, clients will be able to take advantage of cloud computing capabilities by storing their business data in IBM's data protection vaults. ... Once the information is protected, customers will be able to immediately recover that information by restoring and retrieving it from a center directly to the client's business or to an alternative worksite recovery area in the event of a disaster."

IBM announced its acquisition of Arsenal last December. At the time of the acquisition, Arsenal's online storage-backup service was handling more than 20 petabytes of customer information in 67 data centers spread across five continents. (Compare storage products .)

Arsenal's data protection technology has now been integrated with IBM's rack-mounted storage appliances, each of which can store multiple terabytes. Wednesday's announcement is the latest in a long line of cloud computing initiatives for IBM. In a separate project announced just a few weeks ago, IBM said it is spending $360 million on a single cloud-computing data center in North Carolina . 

Palm's decision to sell an unlocked Treo Pro, its newest smartphone aimed squarely at enterprise customers, could either be the start of a new trend or a sign that the struggling company may face even harder times to come, one analyst said.

In a break from tradition in the U.S. mobile phone market, Palm on Wednesday introduced the Treo Pro and said it will sell the smartphone unlocked. That means it won't be marketed, sold, and subsidized by an operator.

[ Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

"It may be the beginning of a trend, but it may also be a bad sign," said Bill Hughes, an analyst with In-Stat. While he said he had no reason to think this is the case, there is a chance that Palm couldn't find an operator interested in picking it up.

In Europe, O2 and Vodafone will sell the Treo Pro, which will also be available unlocked. Unlike in the United States, it's common in Europe for people to be able to easily buy unlocked phones. Telstra will sell it in Australia.

The Treo Pro, which runs Windows Mobile and includes Wi-Fi and GPS, will become available later this year on Palm's online store as well as from other Internet sites, retailers, and enterprise resellers.

While there are reasons that some enterprises might be interested in buying unlocked devices, Palm might struggle to sell the new Treo to individuals without the help of operators. In a recent survey of technology users, Hughes found that 85 percent of them bought their phones in an authorized retail store, such as an operator shop or a store like RadioShack that has deals with operators to sell phones.

But buying unlocked phones can allow an enterprise buyer to better negotiate with mobile operators, Hughes noted. That's because typically operators factor in the cost of handset subsidies when selling airtime to enterprises.

In theory, having unlocked phones could also allow an enterprise to negotiate a better deal from a competitive mobile operator and easily switch to that operator by simply providing users with a new SIM card to insert in their phone. However, in the United States that's not a major benefit, given that operators use multiple incompatible technologies. The Treo Pro runs on the third-generation technology used by T-Mobile, an operator not typically favored by enterprise users, and AT&T.

Operators do already sell unlocked phones to enterprises, but they don't typically widely publicize the option, Hughes said.

The Treo Pro doesn't come cheap: It will cost $549. It's difficult to compare that price to other popular phones because most, like the iPhone, require a multiyear service contract with an operator in the United States. In Europe, Vodafone Italia sells the 8GB iPhone 3G without a contract for ¬500 ($734).

The Treo Pro is an attractive device that in some ways resembles the iPhone; it's one of the first phones to come out of Palm since Jon Rubinstein, a former Apple engineer who contributed to the creation of the iPod, joined the company. It features a solid black case on the back with rounded edges. It has a full Qwerty keyboard and touch screen.

Tom Clement has reinvented his career before. In 1984, he realized working in technology would suit him better than his job as a litigator in Texas. "I came home one day from work, and I was used to being really tense," he says. "But that day, my secretary's recorder had broke. I'd taken it apart, put it back together, and somehow, it worked. I was whistling and in a good mood because of it, and my girlfriend heard me and said,'Tom, maybe you were made for a different line of work.'"

After moving to California and taking a night class at University of California at Berkeley in C-Programming, he put his law ambitions aside and took a job at a C-compiler company, taking pieces of code and translating it into a language that could work on Motorola hardware.

[ Learn more about SaaS and cloud computing in  InfoWorld's special report. Or if your tech job has moved overseas, find out if you can can you move with it in  InfoWorld's guide. ]

Today, Clement, a journeyman in software development, might be facing a bigger career test: the movement of software to the Web and the effect it will have on developers like himself and the thousands of IT support and maintenance pros taking care of traditional software at small and large enterprises across all industries.

Software as a service (SaaS), one flavor of today's hot buzzword, cloud computing, refers to applications that users access over the Web and which live on physical servers hosted by the software vendors or a third party, not servers owned and cared for by an in-house IT department.

"I've got some learning to do in my 50s," Clement says. "Now, I need to know more about Web 2.0 and Java programming. While I know I can, I still have that fear of, 'will I be able to do it?'"

Clement, now senior developer at Serena Software, in some ways is already adapting, as his company has begun building SaaS applications along side its traditional software. And sure, developers have been through big transitions in computing before, most notably the move from mainframe computers to the PC era.

The IT industry is now preparing for a new round of upheaval as a result of SaaS adoption of offerings from the likes of Google (with its Google Apps) and Salesforce.com that let users run applications via the Internet. Zoho, a SaaS vendor that does most of its development work in India, has also sold a plethora of applications, including in staple, Microsoft-dominated areas like word processing, spreadsheets, and presentations.

SaaS adoption by enterprises has been aggressive. A report in May conducted by Kelton research found that 73 percent of large companies saying they would adopt SaaS or plan to adopt it in the next 18 months.

Coupled with the consumerization of IT -- the idea that people at their jobs expect applications at work to look like the Web technologies they use at home such as Facebook and Google -- many IT professionals will be forced to rethink their skill sets and what value they bring to their companies, says Jeffrey Kaplan, president of THINKstrategies, a consultancy that helps companies adopt SaaS applications.

"Unfortunately, most developers have built enterprise applications to meet their current systems environment and the end-user was very secondary," Kaplan says. "Now, the end-user experience is the driving factor, because end-users determine whether or not the application is considered successful."

In addition, maintenance veterans -- the guys who handle the plumbing of IT -- will see their job options start to recede. That reality can be both a challenge and an opportunity for the IT industry, says Peter Coffee, Director of Force.com, the platform provided by Salesforce.com for developers building SaaS-based apps.

"If you're in the ecosystem of working on staple, on-premise software, you can take care of feeding and watering those systems," Coffee says. "But those low value tasks no longer need to be done and you won't cover the IT equivalent of infantry. You want to be the IT equivalent of special forces."

Those special forces might include building new features on top of SaaS apps that fit a company's specific needs, or managing the relationships a company has between two or more SaaS vendors who both provide technology to the same company, making sure the systems talk well with one another, says Ken Venner, senior VP and CIO of corporate services at Broadcom.

"Working with vendors will really become ever more critical," Venner says. "One of the skills that will start to reduce is core infrastructure skills."

The post-modern IT departmentToday, most large companies use a mix of both traditional apps that they host with servers on premise and some that they let the Salesforce.coms of the world host offsite. But the idea of a plug and play IT department isn't a dream. Tim Davis, CIO of Popeyes Chicken, a national fast food chain based in Atlanta, Ga., only has six IT people and not one server on premise.

Not all of his apps are SaaS-based. A SaaS vendor, by his definition, is a company that provides the software over the Web, hosts it, and charges a subscription fee (generally per user per month). Popeyes owns the licenses for some of its software, and worked out a contract with IBM to host and support the servers for those apps.

But that contract, which includes IBM's hosting of Popeyes' e-mail system (Microsoft Exchange), will expire in 2009. Microsoft recently released a SaaS version of Exchange for a mere $10 per user per year. When Popeyes' contract with IBM expires, Davis admits he could pursue more SaaS options as it would likely cost him less money that outsourcing to Big Blue.

So if there are no servers and the like, what does his IT department do?

"Three [people] are dedicated towards making sure the restaurants have whatever technology they need," he says. "The rest are project managers and manage our relationships with vendors."

Developers adaptMost people who spend their lives in technology know that adaptation is necessary to job survival. Nobody can keep up with the pace of technology innovation entirely; the best you can do is stay ahead of the curve enough to remain viable.

For developers, that'll mean embracing new programming languages and open Web standards when creating their enterprise software. But making the transition doesn't have to be terribly difficult, says Force.com's Coffee. "If you currently develop in Java or.Net, and you understand enough about databases, the language of ours is very readable," he says.

For IT support people who handle enterprise infrastructure and back-end support, future roles might include working in the datacenter of a SaaS vendor, or helping ensure that a company can integrate various SaaS apps, says Fred Luddy, president and CEO of Service-Now, an IT service management company that runs on a SaaS model.

"Integration will be the main challenge," he says. "IT will be at a higher level."

While Serena Software's Clement knows he has some learning to do, he knows enough to be prepared for changes in software development. "My experience has always been that programming is programming," he says. "The language is sort of a detail. There's this sea change in the computing world right now. The environment is changing, and while I have fears, there's nothing more thrilling than working on something that will be relevant for the future."

CIO.com is an InfoWorld affiiliate.

The Americas' SAP Users' Group (ASUG) this week held the first in a series of Web seminars on SAP's enterprise-level support service, which recently became mandatory for all customers, leading to cost increases over time for many.

SAP's move prompted some outrage from user group leaders and customers, with a common refrain being whether mid-sized companies with less complicated environments needed the additional support.

[ Read the related stories on how SAP customers were forced to move to pricier support and how SAP users warned: Support debate isn't over. ]

The enterprise support offering will replace the standard and premium support options. Customers at those support levels will start seeing some enterprise support benefits now but no price increases until Jan. 1. SAP will phase in the additional costs gradually until 2012, eventually reaching the enterprise support level of 22 percent of maintenance base, compared to 17 percent for standard support.

SAP has contended that customer environments are becoming increasingly complex, and the service's additional benefits could provide efficiencies and cost savings.

An SAP spokesman said the Web sessions had been planned before users voiced skepticism over the enterprise support offering's value.

The initial seminar, held Tuesday, was hosted by an SAP marketing official and provided an overview of the enterprise support offering, focusing on how it can aid "innovation and protection of investment in SAP," according to an ASUG statement.

The next one is scheduled for Sept. 24 and will discuss enterprise support features such as continuous quality checks and around-the-clock root cause analysis. Additional sessions are scheduled for Oct. 16 and Nov. 12.

ASUG representatives could not immediately be reached for comment Wednesday.

One industry observer said the Webcasts represent a natural progression of the debate over SAP's move.

"There's definitely a broad consensus among our clients that there may need to be some concessions on SAP's piece, but it's also important to understand what value they may receive. That's a fair discussion," said Forrester Research analyst Ray Wang.

Marc Songini, an analyst with Nucleus Research, said he has heard mixed reactions from users toward enterprise support: "Some are definitely not enthused about a forced march and not thrilled about the level of service they're already getting. The flip side is some customers don't mind this hike because they're going to get every penny out of it."

Meanwhile, SAP customers are weighing the prospect of third-party support from providers such as Rimini Street, which is preparing to launch such a service next year.

The story was updated on Aug. 20, 2008.

Let's start with a little quiz. I say, "Big, bloated, and full of errors." What do you say? Right, "Windows Registry." One more: "Messing with it is risky." If you guessed the Registry again, you pass. While fooling around with your Windows Registry does involve some risk, cleaning it out can have an impact on your PC's overall performance.

The Windows Registry is an essential system file that houses a massive collection of details about your computer -- where programs are stored, which helper programs (known as DLLs) are shared among your various applications, listings of all your Start-menu shortcuts, and pointers to the programs that fire up when you click on an icon. And that's just the beginning.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Practically everything you do in Windows is recorded somewhere in the Registry. For instance, the URL for this article probably has an entry now. The paths to the last dozen or so images or documents you opened are there, too, as are the details of the programs you most recently installed or uninstalled.

Here's the problem: If you pry open the Registry, you'll probably find it about as cluttered as a teenager's bedroom. That's because Windows doesn't efficiently clean up after itself as it goes about its daily business. It constantly creates new entries, but seldom -- if ever -- removes them after they're no longer needed.

Compounding that problem are applications that are too inept to uninstall all of the Registry entries they create; far too often, program upgrades and installers leave unneeded pointers in the Registry. So the Registry becomes bloated with unnecessary entries, slowing down your system.

Registry Cleaners: Boon or Boondoggle?The big question is whether a Registry cleaner will speed up your PC, making it boot more quickly and run faster. The answer? I can say, emphatically and unequivocally, uh, maybe. That's right, a big, fat perhaps -- because everything depends on the condition of your Registry.

To find out which Registry cleaner catches the most errors, is the safest and easiest to use, and (just as important) creates the fewest hassles, I tested five of the most popular Registry cleaners and defraggers. Many came recommended by PC World readers. I examined two free products (Advanced Windows Care and RegSeeker) and three commercial ones (jv16 PowerTools, Registry First Aid, and RegSupreme). After all that testing, my Registry is squeaky clean -- the absolute envy of my PC World colleagues.

I tried each tool on my messy production PC using Windows XP SP3, on a pristine Fujitsu Lifebook T-Series laptop running Vista, and on an old ThinkPad laptop. I ran the Registry scan and repair module of each application, rebooted the system, and watched for problems -- and I also tried to determine whether the system seemed friskier. After each test, I restored each system to its original state of disarray with Acronis TrueImage. (Read a review of Acronis True Image Home 11 and download the demo.)

Top 10 Registry dos (and don'ts)Messing with the Registry -- and doing so incorrectly -- can destroy Windows, send your PC to computer heaven, and cause you great distress. I'm not kidding. Here are my 10 tips to keep your system here on Earth -- and to keep yourself anxiety-free.

1. The utmost protection from Registry hassles, or any computing disaster, is to have a current backup. I really mean it. As in, you ought to do one now while you're thinking about it. For a thorough tutorial, read "How to Prevent a Data Disaster" or "Fifteen Backup Programs to Safeguard Your Data." And if you don't have one, grab a backup tool from our Downloads library.

2. In most other programs that walk you through with wizards, it's no big deal if you don't pay attention and you merely keep clicking the Next button. That isn't the case with Registry cleaners. I strongly encourage you to stay alert and read whatever the cleaning tool has to say.

3. Before you open the Registry cleaner, use ERUNT (The Emergency Recovery Utility NT) to back up the Registry. Sure, I know, it's redundant, since the Registry cleaner will back up any changes it makes. But I like an extra level of security. You will, too, if something goes awry.

4. When you begin scanning, make sure not to have any applications running; if possible, it's also smart to unload any tools running in your system tray. That's because open apps are constantly making Registry changes, and you want the Registry cleaner to do its work with no interference.

5. After the scan, the program will let you remove -- or in some cases, repair -- the Registry errors. If you're given the option, set the Registry cleaner to remove errors only at the safest and least-intrusive level. (You can scan with more-aggressive settings later on.) Even at that, you might see 1,000 or even 2,000 "safe" entries that need cleaning. For instance, Registry First Aid found 2,161 problems on my production system, of which about 1,900 it deemed safe to alter.

Whatever you do, never choose an autoclean option, such as the one in RegSeeker. Ever. They are not to be trusted.

6. Choosing which of the errors to remove or repair can give you a migraine. When I inspect a list of potential entries to remove, I scan for things that look familiar. For example, in my lists I saw almost 100 Registry entries left over from a package of Dell drivers I had uninstalled months ago, and one Registry cleaner spotted invalid paths to dozens of entries for MP3 files that I had moved to a new location. Both of those catches were accurate, and gave me the sense that the program's removal suggestions were on target.

After a couple of days, if your PC doesn't do anything weird, try another scan, this time allowing the Registry cleaner to work more aggressively.

You must, however, examine entries marked with "Caution," "Extreme Caution," or some other indicator of risk very carefully. I'm still not kidding. Unless you're an advanced user and can clearly identify the scope of the entry, leave it alone. The reason is that, even if the cleaner offers an option to restore a deleted Registry entry, restoring might not be possible if the DLL entry you just deleted is essential for your system to boot.

7. Once you give the tool the go-ahead and it starts removing Registry entries, walk away from your PC. Play with the dog, have some coffee, or watch TV. This is for safety purposes: If you're fiddling with the PC -- moving the mouse, deleting desktop shortcuts, whatever -- you're making changes to the Registry while a Registry cleaner is working. Not a good idea.

8. If you discover a problem (for instance, maybe Excel no longer launches), don't panic. And don't do anything aside from using the Registry cleaner's restore feature, which ensures that only the changes the program just made are reversed. That will probably fix the problem. If not, the next step is to restore the Registry with ERUNT, the tool I mentioned in step 3. As a last resort, restore your PC with a backup program -- which you certainly have, right?

9. You needn't perform a Registry scan more than once a month or so, especially if you don't often make changes to your PC. Scanning more frequently won't hurt anything, but you're unlikely to see a significant performance boost.

10. Are you a techno-fanatic who needs the Registry to be squeaky clean, with absolutely no stray entries and trimmed of all fat? There's no harm in using multiple freebie Registry cleaners -- provided you use them one at a time. You might also want to select a Registry cleaner (such as jv16 PowerTools or Registry First Aid) that includes a defragger, or choose a free defragger such as Auslogics Registry Defrag.

Registry cleaners: How they faredIf you're like me and you constantly add and remove programs, move files around, and fiddle with I-don't-know-if-this-will-work freeware, I'm confident a Registry scrubbing will help you, if only a little bit. It did for me, though the change wasn't earth-shattering. I used a stopwatch with my desktop system, and after a cleaning I saw 10 seconds shaved off its boot time. I also noticed that Microsoft Word and an image editor loaded a little faster.

On the other hand, I didn't see a smidgen of improvement on my laptop. That's because on that machine I use the same five programs, rarely install new applications, and mostly check e-mail and browse the Internet. So scanning the Registry showed fewer than 50 problems, and cleaning didn't make any difference.

None of the cleaners managed to fix a gnarly problem I was having with spoolsv.exe. (Spoolsv.exe occasionally holds up other programs from loading on my PC.)

Your mileage, undoubtedly, will vary, and you won't know how effective a Registry cleaner is until you give it a whirl. But if nothing else, these programs will at least give you the feeling that you're taking care of your computer.

In each of the following reviews, you'll read my curmudgeonly impressions of how the Registry cleaners performed. I focused on their ease of use, the number of errors they found, and whether they introduced any hazards, such as no automatic backups.

Some of the tools I tested wanted a permanent spot in my system tray; it's not necessary, though, and when a program tried doing it, I found the option to disable the setting. And except for Registry First Aid, none of the products would repair faulty entries, but instead just deleted entries that were no longer valid.

Registry First AidRegistry First Aid is eager to help you fix and compact your Registry -- and it does a terrific job, too. Of all the programs I tried, this one inspired the most confidence, both from a safety perspective and in the way it handled Registry problems. The interface is clean and easy to navigate, and the program includes a Registry defragger, a Registry searching tool, and a built-in automatic backup module. Registry First Aid supports all versions of Windows.

The only drawback is that the program costs $28; the trial version lets you see everything the program does, and is fully diagnostic, but fixes only 14 entries at a time. I'm hoping that won't dissuade you from trying Registry First Aid.

Registry First Aid found 2,161 faulty entries in a 20-minute scan, a high number that may be explained by the program's relatively liberal definition of what constitutes a faulty entry. I was comfortable with the way it listed problems, either by category (such as invalid file or DLL, invalid path, or unused software entries) or by safety level. All of the entry issues that were safe to fix were automatically checkmarked, and I liked having to check the ones labeled "Caution" or "Extreme Caution" manually.

Most problems that Registry First Aid found were marked "Delete the entry," but some had other choices. I could cut the invalid substring or, in some cases, repair the entry. Unfortunately, the program's Help function wasn't too helpful, so I opted to use the default.

While the program was scanning, I was able to examine each listing, check or uncheck it, or open the specific entry in the Registry.

A great feature, and one worth the price of admission: With one click, most of the problem entries popped open my browser and conducted a Google search on that Registry key. Very cool, and ideal for determining whether a risky entry should be removed.

One quibble: I wasn't happy that the tool attempted to find a home in my system tray, unnecessarily adding clutter just to check for new versions. I disabled it in the settings.

RegSupremeRegSupreme, only $13, is definitely a basic, no-frills tool. It includes a Registry cleaner as well as a Registry compactor, and is essentially a scaled-down version of its bigger sibling, jv16 PowerTools (see below).

In RegSupreme you get only two levels of error detection -- safe and aggressive -- as opposed to four in jv16 PowerTools. And the program has almost no extras; the only one of value offers a way to search for specific keywords in the Registry (say, "RealPlayer"). On the other hand, the inexpensive RegSupreme has a built-in backup tool and gets the job done. So if you like jv16 PowerTools but you don't need the extra functions -- and you want to save some money -- RegSupreme could be perfect for you. Like jv16 PowerTools, RegSupreme supports every version of Windows and comes with a full-featured, 30-day trial.

RegSeekerRegSeeker is free, and alongside a Registry cleaner it has a handful of other Registry-focused utilities. The tools include a keyword finder; a utility to examine installed application Registry entries, assorted histories (for instance, Internet Explorer and Start-menu items), and Startup entries; and a tool to tweak about 24 XP settings.

This Registry cleaner is confusing because its interface sports a strangely labeled "OK!" button that doesn't really give you a sense of what the program will do next. On the same screen, the app presents a dangerous option: Auto Clean, which I encourage you to avoid. The screen provides little help or guidance, though RegSeeker warns that to back up the Registry, you must make sure to check the "Backup before deletion" option, another oddly labeled feature. The program has no automatic restore function, either; you'll need to find the saved .reg file yourself and click on it to restore your Registry.

On my production PC, RegSeeker picked up 1108 problems. Unfortunately, the program offered no assistance in determining which of the errors needed deleting; it also didn't provide categories, such as invalid path or shared DLL, in order to help me decide whether items were safe to delete. RegSeeker isn't for novices. It supports Windows 2000, XP, and Vista.

Advanced WindowsCare PersonalAdvanced WindowsCare is a freebie and comes with other tools besides a Registry cleaner. For instance, it claims to deter and remove spyware, optimize your PC, manage your Startup items, and remove junk files. I focused only on the tool's Registry skills, and didn't try any of those other components.

Though Advanced WindowsCare found 323 Registry issues, about the same number as jv16 PowerTools picked up, its presentation of the scanning results was pitiful. Unlike other tools that supplied detailed information about each problem, a choice of fixes, or a way to open the Registry to see the actual entry, Advanced WindowsCare just showed me a list. The program uses a minimalist approach: Each item sports a cautionary orange or red symbol (with no legend), the Registry key location and value, and an error description (obsolete software key or missing MUI reference, for instance). And rather than providing a built-in backup module, Advanced WindowsCare simply offered a menu item that brought me to Windows System Restore.

One more issue: You'll need to pay attention when you install Advanced WindowsCare's free scanner -- unless you clear the check boxes, the fool thing will automatically add the Yahoo Toolbar to your system and make Yahoo your Web browser's home page. Not good.

The program supports Windows 2000, XP, and Vista, but I'd recommend it only to advanced users.

jv16 PowerToolsFor $30, you can pick up a copy of jv16 PowerTools (a more-complete sibling to the streamlined RegSupreme). In addition to a Registry cleaner and compactor, it has other tools that will tell you all you ever wanted to know about the Registry -- but you probably wouldn't use most of them. Among the tools are utilities to manage the Registry, find and replace entries, monitor Registry changes, take a snapshot, and get Registry stats. The collection contains other modules, too, including file finders and cleaners, duplicate finders, and an assortment of system management tools, such as a startup manager and a history cleaner. jv16 PowerTools supports every version of Windows and comes with a full-featured, 30-day trial.

In its aggressive mode, the Registry cleaner in jv16 PowerTools found 392 Registry problems; in its normal mode, it detected 298 problems. The program gave me two ways to fix the problems. The first option was to back up the Registry and let jv16 make all the changes it wanted to -- a choice I wasn't happy with and wouldn't use. On the other hand, when I chose the "Custom fix" alternative, the program forced me to look at each problem one at a time. Other apps, such as Registry First Aid, list all the items and let you select specific entries by checking the boxes beside them, which is much easier. I also wished that the program showed the severity of each problem so that I'd know which ones were important, but it didn't.

jv16 PowerTools' Registry Cleaner component includes a slider bar for you to decide how aggressively you want the tool to scan -- safe, normal, aggressive, or very aggressive. After the scan, a report shows a graph with the number of errors, from high to low. The feature is interesting but not terribly valuable, since it doesn't offer any details about how it's identifying the problems.

A nice touch, however, is that the opening series of screens provides helpful tips to use the program -- I recommend you read them thoroughly.

One final note: Keeping your system free of unwanted applications with a good uninstaller utility will help eliminate the need for a dedicated Registry cleaner. For a program that's proficient at removing applications, read "Revo: The King of Uninstallers"; you can download Revo from our library.

PC World is an InfoWorld affiliate.

Apple CEO Steve Jobs has promised repair for a little publicized by widely suffered bug in which a user's iPhone applications won't properly launch.

In a short e-mail, Jobs is claimed to have promised a fix is under development and will be rectified within a software update that's scheduled to ship in September

[ Check out InfoWorld's special report on Apple's recent launch of the iPhone 3G and iPhone 2.0. ]

"This is a known iPhone bug that is being fixed in the next software update in September," says the sparse note from Jobs.

A report suggests the bug means users have seen third-party App Store applications freeze their iPhone when they attempt to use the apps; alternatively, such apps briefly launch and then quite to the home screen. Default applications are not affected.

It appears this fault is in the way iTunes is monitoring its App Store purchases. "One member of Apple's forums has been told by a support agent that his iTunes account was apparently "split into two separate accounts," confusing the iPhone when it attempts to load an app. Some users note experiencing the problem chiefly with on-iPhone downloads rather than through iTunes," the report claims.

Macworld U.K. is an InfoWorld affiliate.

Developers of Android, the Linux mobile platform spearheaded by Google, are asking security experts for input.

The latest software development kit for Android was released earlier this week and plans are for the 1.0 version of the operating system to be shipped on mobile phones later this year .

[ See the related story Android SDK update arrives from Google at last. ]

Security is a priority. "As you may expect, building and maintaining a secure mobile platform is a difficult task," wrote the Android Security Team.

"While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable," the team wrote, in a message on the Android security announcements section of the Google Groups site.

The invitation means the Android platform will likely get a thorough review from developers outside the Android Open Handset Alliance, a consortium of companies contributing to the platform's development.

Proponents of the open-source development model -- where code can be analyzed by anyone -- argue it results in more secure and stable products in contrast to proprietary software, where the master code is a closely guarded secret by software companies.

The Android Security Team wrote that it hopes security analysts will privately forward bugs since the operating system will eventually be deployed on many different devices that will "require a large amount of coordination to patch."

Mobile devices have not been afflicted by malicious software to the extent of desktop OSes, but experts have said they expect that to change.

Symbian's Series 60 OS was targeted in 2005 by Comwar, a worm that spread via Bluetooth and MMS (multimedia messaging service).

In 2006, researchers found the first for-profit mobile malware, called Redbrowser. When activated, the malware sent SMS (short message service) messages to a phone number that charges around $6 per message.

It targeted devices running the J2ME (Java 2 Mobile Edition) software, which is included on some 1 billion devices from vendors such as Nokia, Motorola and Research in Motion.

Mozilla said today that it was preparing to offer Firefox 3.0 to users still running older versions of the open-source browser, and might trigger the update within the next week.

Firefox 3.0.1, the most-up-to-date version, will be offered to users running 2.0.0.16, the latest edition of Mozilla's 2006 browser line, in the near future, said Mike Beltzner, the director of Firefox. He would not set a date, however.

[ Read the related InfoWorld Test Center review: Firefox 3 comes out sizzling. ]

"There are a couple of precursors to us making the offer," said Beltzner. "One is we want to make the offer in the native language of the build that you're running, and we're having text localized and translated now."

Notes from Mozilla's weekly status meeting yesterday hinted that it would be soon. "[We're] refocusing efforts on delivering a Firefox 2->3 major update within the next week," the summary read. Beltzner said Mozilla might have a better idea of a timeline within a few days.

When Firefox users receive the update offer, they will be able to choose between accepting the update, postponing it 24 hours or declining it. The latter, however, doesn't necessarily mean the offer won't be repeated down the road. "We reserve the right to make the offer again," Beltzner said, adding that the offer would not reappear for at least several weeks.

"We're pretty committed to user choice, but we're also pretty ardent that Firefox 3.0 is a good product," said Beltzner, explaining why Mozilla won't take'No' for an answer.

Unlike Microsoft, which usually crafts blocking tools that let companies bar a major update, including a new version of Internet Explorer, from reaching their machines, Mozilla takes a more hands-off approach. "You can decline the update [when it's offered] if you if don't want it," said Beltzner. "We think that's the best approach." Mozilla doesn't offer similar blocking tools, Beltzner acknowledged.

Most users should see the update offer within a few days of Mozilla pulling the trigger, Beltzner said. As with past major updates, the offer will be made to a limited number of users at the onset, he said. "We'll start and make sure the mirror network is not overloaded.

The last time Mozilla pushed out a major upgrade through Firefox's built-in update mechanism was June 2007, when it offered Firefox 2.0 to users still running its predecessor, Firefox 1.5. The several-month delay between Firefox's 2.0's 2006 debut and the mid-summer offer the next year was largely due to the time it took to craft patches to Firefox 1.5, so that it could handle the automatic update.

Mozilla extended support for Firefox 1.5 beyond an earlier-announced deadline precisely to account for one final fix in late May that enabled the auto update.

The delay led to questions from users, Beltzner said. "One thing we heard from users was whether there was a problem with Firefox 2.0" when the upgrade wasn't triggered soon after the new version went final, he added. Offering Firefox 3.0 "sooner, relative to its release," became an important goal, he said.

"People are generally ready for Firefox 3.0," Beltzner said. "There's been a good buzz around it, and for people who have gotten Firefox 2.0, it's been a while since they've had a major update."

According to the most recent data available from Web metrics vendor Net Applications Inc., Firefox owned 19.2 percent of browser market share at the end of July. Firefox 2.0 users currently outnumber those running version 3.0 by better than 2-to-1.

Mozilla will discontinue support for Firefox 2.0 in mid-December 2008.

Computerworld is an InfoWorld affiliate.

Intel's next-generation platform for laptops will provide more visually stunning graphics and better power management features, the company said on Tuesday.

The company's next mobile platform, code-named Calpella, will be released in 2009. It is a follow-up to Intel's Centrino 2 mobile platform released last month, Intel officials said at the Intel Developer Forum in San Francisco.

[ Find out more about new business laptops that support  the recently launched Centrino 2. And stay ahead of all the advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

Calpella will include chips based on Intel's upcoming Nehalem microarchitecture, which is expected to reach consumers in the second half of 2009. Packing two and four cores, Nehalem-based laptop chips will be an upgrade from Intel's current Core 2 chips, which are used in notebooks and desktops. Nehalem cuts bottlenecks from the Core microarchitecture to deliver better system speed and performance-per-watt.

Intel is integrating the memory controller and graphics core into the CPU for Nehalem-based laptops, which should boost system and graphics performance, according to the company. That should also reduce the need of integrated graphics capabilities, though gamers may need a discrete graphics card for high-end graphics performance.

Calpella will also feature better manageability and security features for business and home users, said Dadi Perlmutter, executive vice president at Intel, during a speech. Perlmutter did not provide further details about the platform, saying the company would detail it as the release date comes closer.

The first Nehalem chips will reach high-end desktops, said Pat Gelsinger, senior vice president at Intel, during a speech at the IDF. Intel's first Nehalem chip has been branded Core i7 and will ship in the fourth quarter this year. The Nehalem-based server products, code-named Nehalem-EP, will go into production later this year, and will be followed up by another version, code-named Nehalem-EX, which will go into production in 2009.

With between two and eight cores, the speed of Nehalem chips will be enhanced with QuickPath Interconnect (QPI) technology, which integrates a memory controller and provides a faster pipe for chips and system components to communicate. Nehalem will support DDR3 memory and include shared 8MB of shared L3 cache for local cores to better execute threads. Each core will be able to execute two software threads simultaneously, so a server with eight processor cores could potentially run 16 threads simultaneously.

The new chips will also feature Turbo Mode technology, which improves power efficiency of the chips by disabling inactive cores to prevent power leakage.

"The key idea in power management is quite simple -- to shut things off when not in use," said Rajesh Kumar, an Intel fellow during a presentation at the forum.

This is an improvement from Intel's earlier power-saving technology, which wasn't efficient in dealing with power leakage from inactive cores, Kumar said. The Turbo Mode technology has been around for a decade but was hard to execute. It required the development of a whole new process technology to make the technology possible. Several sensors measure power in real time, and a new microcontroller has been included to work on power management, he said.

Processing power could also increase with the technology, Kumar said. All cores may not be needed to perform a given workload, so the technology reassigns power from inactive cores to boost performance of operational cores. The more power constrained you are, the more performance will increase, heye said.

Turbo Mode technology will be implemented in future chip architectures, Kumar said.

With its new JavaFX technology for rich Internet applications, Sun Microsystems hopes to leverage the strength of the Java development base and Java's ubiquitous presence on devices to make a strong run in a race in which it is a very late entrant.

Indeed, Sun will have its work cut out for it, taking on giants such as Adobe and Microsoft in the rich Internet development space. If this competition can be likened to a race between Olympic runners, it might be broadcast like this:

"In Lane 1, we have Adobe with its Flash and attendant Flex technologies, downloaded millions of times and popular on high-profile sites like YouTube."

"In Lane 2, it's AJAX (Asynchronous JavaScript and XML), the popular RIA technique used in countless Web sites."

"In Lane 3, its up-and-coming newcomer Silverlight, backed by software giant Microsoft and now being leveraged by NBC's prominent Olympics Web site."

"And in Lane 4, we have Sun's JavaFX used by Web properties such as - well, it's still in development."

It is from this set of circumstances that Sun intends to make JavaFX a player.?

"This isn't the type of market where only one technology is going to win," said Sun's Jacob Lehrbaum, senior product line manager for JavaFX. But Lehrbaum acknowledged the hill Sun must climb.

"Clearly, we do have to compete for developer mindshare," Lehrbaum said.

Developers and industry analyst Jeffrey Hammond think Sun has a shot, especially in the burgeoning market for applications running on mobile devices.

"I think Sun has the opportunity to catch up very quickly in that space," said Hammond, senior analyst at Forrester.

"I would say that the JavaFX platform looks very good. It has a lot of potential," said Andres Almiray, a software developer at Oracle and a blogger.?

"It probably should have been announced three, four, five years ago," Almiray said. "The good thing is that it's finally here."

An anonymous blogger identified only as "geekycoder" lauded the technology: "Technically, JavaFX enables me to leverage [the] Java skill set and Java technology that I am more comfortable with to deliver a compelling RIA solution. Because synergy between JavaFX and Java is excellent and the fact that JavaFX is built on the Java platform means that I can ensure that I have one of the best and supportive platforms to work in. In addition, JavaFX will enable me to be more productive in making it easier and quicker to create RIA solutions," for Web 2.0.

First revealed at the JavaOne conference in San Francisco in May 2007, JavaFX still is a work in progress. The official JavaFX Web page describes the project as "a powerful client technology for creating rich Internet applications with immersive media and content across the multiple screens of your life." It features the JavaFX Script scripting language for building rich Internet applications for desktop, mobile, TV and other consumer platforms.

"JavaFX Script, the language of JavaFX, doesn't replace Swing, the core Java GUI toolkit, but provides an alternative way of programming that hopefully will bring Java technology to the masses," according to geekycoder.

A preview version of a software development kit for JavaFX for desktop applications, supporting Windows and Macintosh, was released late last month. (InfoWorld has reviewed this SDK.) Further deliverables are planned. JavaFX for Desktop 1.0, featuring a profile for desktop and browser deployments and a general-release SDK, is due this fall. JavaFX for Mobile 1.0, adding mobile support, is planned for spring 2009 release. TV support also is planned.

The JavaFX runtime is to be distributed with the Java VM. Licensing plans for device manufacturers also are to be revealed next spring. When manufacturers license Java Micro Edition, they will get the JavaFX mobile runtime.

JavaFX offers plug-in capabilities similar to Flash and Silverlight but also has a standard runtime -- the Java Virtual Machine -- to run applications outside a browser, Lehrbaum said. Other plug-in technologies will enable developers to use existing tools such as NetBeans or design tools such as Adobe Photoshop or Illustrator with JavaFX.

With JavaFX, Sun looks to build on momentum including the presence of Java on more than 2 billion handsets. "JavaFX takes that momentum and the advantages we have with Java but makes it much easier to create rich interactive and immersive experiences," Lehrbaum said.

Java, he said, has had great capabilities but has been difficult to use. JavaFX Script offers a declarative scripting language for developers to build interfaces in the way that they think about them, Lehrbaum said. "It matches the way they think about interfaces in their head and is very intuitive," he said.

JavaFX also revives the notion of client-side applets, which had been envisioned as the big win for Java in the mid-1990s but Java instead emerged as a dominant server-side technology. Applets could be built for applications such as widgets for information access or a stock ticker.

The revival of applets will be enabled both by JavaFX and the upcoming Java Standard Edition SE 6 Update 10 release, due this month. "[The update] provides a much faster loading process for the applets," Lehrbaum said. Also with the update, developers can write a single version of an application and run it on the desktop or in a browser. JavaFX, meanwhile, makes it easier to build rich immersive experiences, he said.

An early user of JavaFX said Java SE 6 Update 10 and JavaFX solve deployment issues for Java. The update, said Jim Weaver, president of Java trainer jMentor, enables a Java or JavaFX application to begin executing before the entire Java Runtime Environment has been downloaded.

Weaver described JavaFX and the update as a "one-two punch." The update enables rich client Java to become a reality, Weaver said. JavaFX Script, meanwhile, provides a simple scripting language, he said.

JavaFX compiles down to byte code and runs anywhere the JVM runs. "You can use any Java classes within JavaFX," said Weaver. "You can leverage your Java skills with JavaFX."

Jumpstarting Java on the desktop is a key goal of JavaFX. Java on a desktop did not gather the momentum Sun had hoped for, Lehrbaum said. Also, JavaFX basically makes it easier for developers to create the applications they want so they don't have to consider another technology," such as Flash, Lehrbaum said.

"The platform promises a lot of new APIs and new abstractions to make the harder things simpler and the simpler things very easy," Almiray said. For example, APIs and libraries would take care of responsibilities such as establishing the correct order of a drawing on the screen, he said. Almiray anticipates success for JavaFX particularly in the mobile arena, saying it will be tough to compete with Flex in rich Internet applications.

JavaFX Script does offer some features not in Java such as data-binding into the language, Almiray said. But some Java features such as annotations, generics, and inner classes are lacking in JavaFX, he said.

Sun is being quiet about plans to make money off JavaFX. The company is looking at this issue and has not yet announced specific monetization plans, Lehrbaum said. Opportunities include commercial licensing and partnerships, he said.

JavaFX initially was proclaimed to be a fully open source effort. But Sun has backed away from that stance somewhat. A FAQ page on a Sun Web site was found this spring to have reported that tools such as the compiler, runtime engine, player and tools currently under development would not be open source.

The compiler, however, has been open-sourced as have parts of the graphics libraries and some tools. Sun plans to further discuss its open source strategy for JavaFX with the Desktop 1.0 release, Lehrbaum said.

Microsoft said Wednesday it would purchase up to $100 million in coupons for Suse Linux support from Novell, furthering a controversial 2006 partnership aimed at customers who run both Windows and Linux in their server environments.

Further investments will also be made to enhance the tools, support and training that Novell offers customers to provide better interoperability between Windows Server and Suse Linux Enterprise Server, the companies said.

[ Learn more about the details of Microsoft's original interoperability pact with Novell. ]

The companies called it an "incremental investment" that builds on the five-year interoperability pact they announced in November 2006. As part of the original deal, Microsoft purchased $240 million in Novell coupons to sell to its customers. Within 18 months of the deal about $157 million of the coupons had been redeemed, the companies said.

The alliance between Novell and Microsoft was an unusual and unexpected one that brought together a fierce opponent of open source with one of its leading advocates. The companies said at the time they were making the pact for the good of their customers, but observers also saw other motives.

For Microsoft, the deal was a recognition of the significant role that Linux plays in enterprises, but also provided a way to show the European Commission, which was hounding it at the time about anticompetitive practices, that it was open to working with the open-source community.

For Novell, the deal gave it an advantage over open-source leader Red Hat at a time when Novell was struggling financially. It allowed it to offer customers the advantage of better interoperability with Windows. Customers that have taken advantage of the deal include Wal-Mart, HSBC, Renault, Southwest Airlines, and BMW.

Microsoft and Novell have a joint laboratory in Cambridge, Massachusetts, which is dedicated to researching interoperability issues associated with virtualization, identity federation and systems management, among others.

Part of Novell's deal with Microsoft also provided customers using Suse Linux indemnity against intellectual property claims by Microsoft. That assurance raised the possibility that Microsoft would launch lawsuits against Linux vendors who refused to make similar agreements, as well as against their customers. The fears were fueled by Microsoft CEO Steve Ballmer's claims shortly after the deal was announced that Linux "uses our intellectual property."

Those comments and the agreement with Microsoft angered some of the open-source programmers who helped to develop Novell's software. The deal was seen as a tacit agreement from Novell that Microsoft holds patents on Linux, although Novell strongly refuted those claims.

The decision to invest further in the deal shows that customers have been taking advantage of the program and that some of the gloomy predictions made after the partnership was announced have not come true, said Laurent Lachal, a senior analyst who heads open-source research at Ovum.

Combined with its own restructuring efforts, the deal with Microsoft appears to have strengthened Novell against its main rival, Red Hat, in the enterprise Linux market.

"Novell has also done its own homework," Lachal said. "Part of its success is due to Microsoft helping it, but part of it is also due to Novell's own efforts."

Subscriptions for Novell's Suse Linux Enterprise server grew 38.6 percent between 2006 and 2007, compared to 20.9 percent for Red Hat, according to an IDC report from April.

Red Hat's market share during that period declined to 62.1 percent from 64.2 percent, in part due to Novell's success, the report said. Novell's server market share was 29 percent in 2007, up from 26.1 in 2006.

As even more businesses adopt Linux alongside Windows, Microsoft is now less likely to "launch a frontal attack against Linux" in court, Lachal said.

James Niccolai in London contributed to this report.

Intel Tuesday outlined the roadmap for its upcoming line of solid-state drives that will use flash-based solid-state memory to store data - and replace hard drives in some computers.

Dubbed the Intel High-Performance SATA Solid-State Drive product line, the data storage devices are aimed at mobile and desktop clients, as well as enterprise server, storage and workstation applications. The first products in the new line are slated to be available by mid-September.

[ Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

The announcement was made Tuesday at the company's Intel Developer Forum in San Francisco.

"This is a good move for Intel, and it's good for customers that Intel is making the move," said Dan Olds, principal analyst for the Gabriel Consulting Group. "It will speed development of solid-state drive (SSD) technology and drop the cost. Smaller PC manufacturers will be able to buy pre-integrated SSD drives that will seamlessly slide right into current laptop and desktop designs, which means no additional redesign or development cost."

Olds added that SSDs definitely have an advantage over traditional hard drives, but there are disadvantages as well.

"On the plus side, they are faster, smaller, and can take less power. They aren't mechanical and are thus more reliable than regular hard drives," he noted. "The downside is that currently they are more expensive. Over time, the price of SSDs will come down, but I believe most users will eventually have systems that utilize both SSDs and traditional hard drives. A decent sized SSD will give a speed boost, while the regular hard drive will store the bulk of the data."

The Intel X18-M and X25-M Mainstream SATA Solid-State Drives are geared for laptops and desktops. According to the company, the new drives, which are based on Intel's multi-level cell flash memory, save up to 30 minutes in battery life. They also are designed to improve the input/output bottleneck to the CPU.

The X18-M and the X25-M drives are expected to be available in 80GB and 160GB models. The 80GB drive is currently sampling with production slated within the next 30 days, according to Intel. The 160GB drive is expected to sample in the fourth quarter with production in the first quarter of 2009.

On the enterprise server, storage and workstation side, the Intel X25-E Extreme SATA is based on Intel's single-level cell NAND flash memory and is designed to maximize the input/output operations per second.

Intel X25-E Extreme drive is sampling in 32GB capacity with production expected in the next 90 days. Intel noted that the 64GB is expected to sample in the fourth quarter with production estimated for the first quarter of 2009.

While the company only has a 10 percent share of the search market with its Live Search technology, Microsoft has big plans to enhance its platform regardless of what happens with its now-dormant proposal to buy Yahoo.

At the Search Engine Strategies 2008 conference in San Jose, Calif. on Tuesday, Microsoft's Satya Nadella, vice president of the company?s search, portal, and advertising platform group, discussed the company's goals for search but did not want to talk about the company's Yahoo plan. That planned acquisition has not panned out. ?

"At this point we're focused on building our organic strategy," Nadella said when asked about Microsoft's current interest in Yahoo.

Nadella emphasized that search has become easy but there is room for improvement.

"The ability to talk to a search engine is perhaps the simplest it's ever been," Nadella said, adding that search has become a $15 billion market in the United States. More than 50 percent of search sessions are more than 30 minutes long, Nadella said.

The questions now are whether search will change and improve, he said. Nadella cited three trends affecting search: user intent and the ability to understand user intent better; content and context and the ability to understand these better and drive individual search experiences and, lastly, what is the frontier for advertising efficiency and yield for publishers.

"Those are the three things that I believe are going to cause search to change," Nadella said.

Search experiences could be more optimized, he said. Microsoft is doing work to understand search patterns, he said.

He also cited a goal to understand user Internet experiences, analyze them, and come up with search behaviors and patterns. This information could be used to shape the search the experience and help publishers and advertisers looking to do targeted advertising.

Another search trend cited involves the growth of content, including the proliferation of multimedia images. Search engines also are expected to understand more about time and location. User intent and context must be understood by search providers, Nadella said.

Microsoft looks at what advertisers and publishers are saying about what they want from a search engine. Search providers can be expected to invest in capabilities such as correlation of offline and online capabilities, openness and correlation of display and search functionality. Black-box search engine ad systems will be opened up for more efficiency,

With its Microsoft Live Search technology, Microsoft wants to deliver the best search results, simplify key tasks, and innovate the business of search, according to Nadella. The company's acquisition of Powerset, which provides semantic search technology, fits in with its plans to improve relevance of searches in Live Search, Nadella said.

To simplify tasks, Microsoft plans to understand search patterns and build experiences that fit those patterns. "You can see that today in what we have done with image search what we have done with video search," Nadella said.

Microsoft also is looking to expose search capabilities in Windows properties such as MSN, he said. Nadella acknowledged Microsoft is a media company. "To say that we're not a media company would be hypocrisy," he said, adding that Microsoft's place in the media value chain is in search, portal and communication tools, not in providing content of its own.

An audience member interviewed after the presentation said he tried out Microsoft Live Search and found it was something different.

"Actually, I've been looking for a camera," said Otis Maxwell, a freelance copywriter. "I've not been successful in finding the right price and the right camera on Google," he said.

Maxwell said he then tried Live Search but still did not find the right camera. "I could see [Live Search] was different. The fact that it's different I think means it's going to have some potential," he said.

Microsoft at the event also cited its release of adCenter Add-in for Excel, which is a keyword research and optimization tool based in Excel that now is in a beta format. The company on Wednesday announced a public beta program for its AdCenter for Publishers technology, in which a Web publisher can leverage Microsoft Live Search to run ads on its site and share these ad revenues with Microsoft.?

A study this week has revealed just how slow is the rate of adoption for IPv6, the next version of the Internet's main communications protocol, and some experts say black markets where companies trade unused IP addresses may be only a few years away.

The report, from Arbor Networks, claims to be the most comprehensive study of IPv6 use to date. It includes few surprises for those who follow the area closely, but the results provide a sobering measure of how just slowly the technology has been adopted.

[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"At its peak, IPv6 represented less than one hundredth of 1 percent of Internet traffic" over the past year, Arbor Networks' Craig Labovitz wrote in a summary of the findings, adding wryly: "This is somewhat equivalent to the allowed parts of contaminants in drinking water."

Arbor said it put together the study over the past year, working with the University of Michigan and almost 100 ISPs and content providers, including a quarter of the biggest ISPs in the U.S. and Europe. It used commercial traffic probes to monitor about 2,400 peering and backbone routers and 278,000 customer and peering interfaces.

"We believe this is the largest study of IPv6 and Internet traffic in general to date (by several orders of magnitude)," Labovitz wrote.

IPv6 is the successor to the current version of the Internet's underlying protocol, IPv4. Its adoption is important because IPv4 can support only about 4 billion IP addresses and they are fast running out, while IPv6 will be able to support many trillions more (2 to the 128th power). It also offers advantages in security and network management.

Some experts say the supply of IPv4 addresses will run out in the next few years. Matthew Ford, a principal researcher with BT's Networks Research Centre in the United Kingdom, operates a Web site that counts down the days until IPv4 addresses are used up. As of Tuesday, it predicts that the central registry of addresses will be exhausted in 904 days.

Few people expect disaster to ensue. The Arbor report notes that IPv6 adoption is growing, albeit at a slow pace. Since July last year IPv6 traffic has grown by nearly a factor of five, to an average of 100Mbps per day. "Though not a landslide of adoption, it is still something," the report says.

What's more, there are already creative ways to get around the shortages, like using network address translators, or NATs, which essentially allow many computers to share the same IP address. There are also many addresses that were allocated to organizations and are not being used.

That's why some, including Labovitz, expect companies to trade unused addresses with each other, on a black market if the activity isn't officially sanctioned. "I think an IPv4 market is inevitable," he wrote.

BT's Ford said he wasn't surprised by the results, but he cautioned that the figures may not be completely accurate. Arbor acknowledged that it did not distinguish between native and tunneled IPv6 use, he noted, and the figures may also be skewed toward what's happening in the U.S., where many of Arbor Networks' customers are.

"The U.S. has historically been quite sluggish, and most IPv6 research and implementation has been in Europe and Asia," said Ford, who previously chaired the IPv6 Cluster of the European Commission.

Nevertheless, the adoption has clearly been slow and the study should be a further wake-up call that widespread adoption of IPv6 needs to begin quickly, Ford said.

"Two or three years ago you could make the argument that [the exhaustion of IPv4 addresses] is far enough away that we don't need to make the investment," he said. But given that widespread adoption will take about two years to implement, "now is the time for large ISPs and content providers to begin their migration."

Arbor Networks said money is the main reason for the delay. The U.S. Department of Commerce has estimated it will cost $25 billion for ISPs to upgrade to native IPv6. "This massive expense comes without the lure of additional revenue, since IPv6 offers diminishingly few incentives nor new competitive features to attract or upsell customers," Labovitz wrote.

Ford said enterprises may be among the earlier adopters because they can suffer the most from having to use IPv4.

"They can suffer problems through corporate mergers, because both parties might be using the same address space, or they find they have a lot of network address translators, which can make it challenging to deploy new applications. IPv6 helps both those problems," he said.

In addition, deploying IPv6 within the enterprise can be easier than it is for ISPs, which have to make more connections to outside networks.

"While it is easy to poke fun at predictions of the 'Imminent Collapse of the Internet', the eventual exhaustion of IPv4 allocations is real," the Arbor report states. "We need to do something. And IPv6 is our best bet."

A U.S. District Court judge on Tuesday dissolved a gag order against a trio of MIT students who said they found flaws in the Massachusetts transit authority's ticketing system.

Zack Anderson, Russell "RJ" Ryan, and Alessandro Chiesa had planned to present details of their findings at the Defcon hacker conference before a judge imposed the gag on Aug. 8 following a motion by the Massachusetts Bay Transportation Authority.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The students are being represented by the Electronic Frontier Foundation, a San Francisco organization that advocates for civil rights in the high-tech world.

EFF legal director Cindy Cohn argued Tuesday that the federal Computer Fraud and Abuse Act concerns the transmission of information to protected computers, not speech to other people, in this case the students' planned speech at Defcon.

In addition, the students have no intention of releasing "key" pieces of information that would allow others to hack the system, Cohn said.

MBTA attorney Ieuan-Gael Mahoney had asked for a five-month continuation of the restraining order, saying that was how long the MBTA has determined it will take for the organization and its vendor to fix vulnerabilities in the MBTA Charlie Ticket system.

Mahoney praised a security analysis the students had prepared for the agency, saying the information in it convinced them of the vulnerability.

But U.S. District Judge George O'Toole sided with Cohn following a roughly 90-minute hearing.

While the 10-day temporary restraining order was set to expire Tuesday, O'Toole said that under the law, weekends do not count, meaning it is still in effect until Friday.

FiveRuns and Morph Labs on Tuesday will announce they are partnering to provide free application performance testing for Ruby on Rails applications, with the goal of bolstering applications running in the cloud.

The companies will run the FiveRuns TuneUp application profiling tool on the Morph AppSpace platform-as-a-service offering for Web applications. Also part of the plan is FiveRuns Manage, for monitoring the performance and availability of Rails applications. Developers gain insight in application performance and can make decisions on code optimization via a managed hosting platform.

"Our goal is to provide a forum for focused collaboration to solve interesting and difficult performance problems. TuneUp gives developers deep visibility and relevant information to debug and improve the performance of their application and a community setting to collaborate with others to solve tough problems," said Steve Sanderson, vice president of development and Technology at FiveRuns, in a statement released by the company.

Morph uses virtual infrastructure to provide an environment for Web applications that can be provisioned and scaled.

Developers can subscribe to Morph AppSpace for free and select the version that integrates FiveRuns TuneUp. They also can participate in a secure group or open community to share performance information and advice.

FiveRuns Manage will be offered as a fee-based production option for Morp AppSpace and will enable monitoring of the health of applications within an AppSpace subscription. This integration between Manage and AppSpace is expected to be available in the fourth quarter of this year. FiveRuns Manage costs about $40 per managed server per month.