You can't miss the slogan--it's plastered everywhere. "Twice as fast. Half the price." Just this morning, in fact, Apple posted a bunch of new ads that repeatedly drive the point home about the 3G wireless speeds of the iPhone 3G as surely as if we were all strapped to that chair from A Clockwork Orange.

While there's been no end to the dispute over the true cost of the iPhone 3G when you factor in the monthly service charges you'll be handing over to AT&T (along with your firstborn child), less attention has been given to actual wireless data speeds of the iPhone 3Gs versus the original iPhone. Our fearless leader, Jason Snell, did run some speed tests in the course of reviewing the iPhone 3G , we wanted to look a little further into the matter and find out if the iPhone 3G really twice is as fast as its predecessor.

[ Read Tom Yager's review of the iPhone 3G and its over-the-air capabilities | See InfoWorld's guide on how to make the new iPhone work in your business | Analysis: Why iPhone 2.0 won't rule the enterprise roost  ]

The answer? I'll have to say definitely maybe, if you can excuse the reference to the recent Ryan Reynolds weeper. We were spurred to action by an e-mail from reader Jeff F. of the great Metro-Boston realm, who said the speeds he was getting on his iPhone 3G were a mere shadow of those that AT&T and Apple were touting; he also pointed us to a MacRumors forum thread of people having similar problems. So, we decided to do a little informal testing of our own.

Since I too reside in the Bay State, I fired up my black 16GB iPhone 3G and set to work running speed tests. The results were ... intriguing, and also, to some extent, explanatory. Those of you who listened to our recent Macworld Podcast roundtable on the iPhone 3G may recall that I was the lone defender of the EDGE network, as well as the one who was least impressed by the 3G's much-ballyhooed speed increase.

Turns out there's a reason for that: while AT&T's 3G network has very good coverage in the Metro-Boston area, according to the company's coverage map, the network itself appears to suffer from what you might call "general listlessness." In fact, at times, it's (unbelievably) downright slower than the EDGE network, if my test results are accurate.

After reporting my findings to the Justice League that is Macworld's crack editorial team, my colleague Jon Seff was gracious enough to spend the time to perform the same tests from Macworld's offices in San Francisco.

This is where the results get even more bizarro. While San Francisco's 3G network is apparently about 1.6 times faster than Boston's 3G network, Boston's EDGE speeds are about twice as fast as San Francisco's. So while the difference between Boston's 3G and EDGE networks does seem pretty close to the 2x number that Apple is touting (on average, anyway), San Francisco sees much better results, to the tune of 6.5 times faster.

It's also interesting to note from our tests is that in both Boston and San Francisco, EDGE speeds were fairly consistent, while 3G speeds seemed to show more fluctuation between individual tests.

Of course, there are any number of caveats here: despite the fact that I ran three tests per network from i.dslr.net, iNetworkTest, and TestMyiPhone.com, as well as using iNetwork Test's native iPhone application, my phone is but a single data point, as is Jon's (and we each tested only at one time and one location). Geo-location will clearly show you that we're not even in the same neighborhood as real scientific results.

Apple's iPhone drew criticism when first released because of tepid enterprise business support. Small businesses felt the pain of iPhone envy more sharply than their enterprise counterparts because of the high up-front cost of the first iPhone and the back-end support requirements for high-end e-mail and communication servers.

But the second generation of iPhones, the new 3G version, answers almost all these issues. Costs are down to below what many people pay for other smart phones. Integration to existing e-mail servers is faster and easier. Yet those back-end servers still require heavy investment up front and technical support later, especially when loading up a new Microsoft Exchange 2007 server.

[ Read Tom Yager's review of the iPhone 3G and its over-the-air capabilities | See InfoWorld's guide on how to make the new iPhone work in your business | Analysis: Why iPhone 2.0 won't rule the enterprise roost  ]

Let's talk about two options for the small business iPhone users who are eager to get full smart phone and mobile computing advantages from their new shiny faced toy, er, iPhone. Neither option includes Microsoft Exchange, saving money and time while supporting the miracle of communication (at least according to Apple).

Jeffrey Bernstein is the president of Digital Desktop Consulting in Los Angeles, a firm with ties to the entertainment business. As such, Bernstein is a long-time Macintosh user and advocate, and supports many customer offices filled with Macintosh systems. Bringing iPhone support to his clients was not an option but a demand.

"We're hands-on and act like an outsourced IT department for our customers," Bernstein says. "Many are the unsung heroes in media, like graphics designers or flash programmers whose work you see on every TV show and many Web sites." Most companies he supports employ 10 to 60 people, and Digital Desktop Consulting provides services ranging from occasional visits for new installations to complete support of all office and production computing.

How does Bernstein support iPhones for his customers? By using MailServer from Kerio Technologies. MailServer provides all the messaging features of Exchange for less money and requires fewer add-ons for security and messaging support. In addition, MailServer software runs on Windows, Linux, or Apple servers. Bernstein has installed 30 or so systems and provides constant remote management for about 10 of them.

"Many of our customers are moving to the iPhone from Palms and BlackBerries," Bernstein says. "BlackBerry support requires the Blackberry Exchange Server, and iPhones avoid that extra cost. Plus, most of my customers use Macs, so they're more comfortable with the look of the iPhone."

Kerio's MailServer includes over the air synchronization, push e-mail, push tasks, and push calendaring. Another nice feature is "remote wipe" that allows a network administrator to delete all information from a lost iPhone. "Three of my customers lost their phones last week," Bernstein says.

Bernstein was the first Mac reseller to sign up with Kerio. Early on, he called them regularly pushing for changes and new features, but hasn't made those calls for the last two years. "My customers appreciate the stability, ease of use, and support for multiple platforms. Kerio actually has feature parity, which a lot of others don't."

Another option for iPhone support is a hosted mail provider. There are scores of companies that provide Microsoft Exchange support, now including Microsoft (and it is promising to add more hosted options in the future). Well, scores understates the number of options a bit. Searching on "iphone exchange hosting service" turned up 346,000 listings.

With those numbers, picking an Exchange host to pay along with the higher AT&T rates on the iPhone 3G becomes an almost overwhelming choice. I suggest you leverage as many features as possible of your new iPhone, and get as many other advantages as you can.

A hosted collaboration service I've talked about before, HyperOffice, added iPhone support to its Exchange hosting service, but it added an extra twist. Since the iPhone can run applications, HyperOffice supports shared document storage and collaboration. If you can stand the iPhone keyboard, you can work on shared documents from the same source as your e-mail hosting.

The iPhone's browser support over 3G turns the Apple version of a smart phone into a real work phone with support from services like HyperOffice. Quite a switch from all the anti-business complaints Apple heard for the initial iPhone release, isn't it?

People ask me if I'm using an iPhone. Nope. Apple hasn't given me one, and I didn't expect them to. But I'm not even considering an iPhone until the QWERTY keyboard runs in landscape mode so I can use two thumbs. Now it runs in portrait mode forcing me to use one finger. Way too slow, and not at all cool.

Microsoft CEO Steve Ballmer sought to justify to financial analysts the losses from the company's online services group and to defend plans for increasing investment in the group.

Ballmer stepped in to speak for Kevin Johnson on Thursday at the company's annual financial analysts meeting. Johnson has been president of the Platforms and Services division, and his plans to leave the company to serve as CEO of Juniper Networks became public on Wednesday.

"I wanted to make sure that people making announcements in our online business were actually going to be here in three weeks," Ballmer joked. "We wish Kevin the best at his new assignment at Juniper."

Johnson has been head of Microsoft's online business, which recently reported a $488 million loss in operating income for the fourth quarter, more than double the $210 million operating loss the division saw last year.

That loss is insignificant when examined in light of the division's potential, Ballmer argued. "This year our [online services business] loss was about 5 percent of our operating income, and yet the amount of economic value we might create ... is 40, 50, even 60 percent or more of our total economic value," he said.

The amount of investment that Microsoft plans to plow into online services is relatively small from an overall company standpoint and will offer a real opportunity to grow the company's market value, he said. "I think it's a very good risk return," he said.

It's unclear even to Ballmer how long the company might have to continue this level of investment in online services. "How long is that going to go on? I'm not sure. But we're going to need to continue to invest until we get greater scale in this business," he said.

Ballmer spoke briefly about the company's discussions, currently on hold, with Yahoo, but seemed to take pains to exclude Yahoo from a short list of companies capable of innovating search. "Google and Microsoft are really the only two companies that can do this," he said, after describing the need for changes in the search market. "This category is ripe for innovation," he said.

Beyond search and advertising, Ballmer also argued that the shift to online services will help Microsoft's enterprise business. As Microsoft begins selling hosted offerings to businesses, it has the opportunity to offer support and service level agreements, for a price. "We see the overall pool of opportunity increasing," he said.

Microsoft has been chasing Google's significant lead in the search business and trying to catch up to other enterprise vendors that are shifting to offering services rather than software.

If you think that a desktop PC has to be big, noisy and expensive -- think again. Linutop shows that it pays to seriously diminish your size expectations with its tiny, energy-efficient Linux-based PC.

Smaller than a CD drive and selling for $440, the Linutop 2 is powered by a 500-MHz AMD Geode LX800 processor. The system comes with 512MB of system memory and 1GB of flash memory storage, of which 400MB is available for use. Without a fan, it is eerily quiet to use, but the system keeps its cool.

Minimalist in the extreme, the Linutop 2 doesn't come with Wi-Fi, Bluetooth, or an optical drive. There's room to add a 2.5-in. hard drive inside, but the only item that's really meant to be upgraded is system memory; it can hold up to 1GB. The whole thing weighs just 1.25 pounds, allowing you to do something that few other PCs can: Velcro it to the back of a LCD monitor or, with Linutop's $55 adapter, screw it in place.

Don't expect anything more than basic connections. The system comes with four USB ports; microphone, headphone and line-out ports; a wired Ethernet networking port; and an external monitor port. Although the Linutop 2's graphics have neither dedicated video memory nor 3-D acceleration, the system is fine for general use and can accommodate displays up to 1,920-by-1,440 pixel resolution.

The Linutop 2 worked well with a 19-in. Dell LCD screen, and I was able to connect it to a projector, external hard drive, memory key, DVD, printer and USB hub. I also tried it successfully with two sets of wired keyboards/mice and a set of wireless ones as well.

On the downside, the system only works with three Wi-Fi devices: Linksys' Compact Wireless-G USB Adapter (model WUSB54GC), Netgear's RangeMax Wireless USB 2.0 Adapter (model WPN-111) and the TP-LINK TL-WN321G Wireless USB Adapter.

Software is Linutop 2's strongest suit. It comes with Ubuntu Linux 8.04 (a.k.a. Hardy Heron), Open Office 2.4 and enough utilities to work well out of the box. In five minutes, I was nosing around the Web, playing YouTube videos, listening to Internet radio and viewing Adobe Acrobat files. Plus, the system can use and save in Microsoft Office .doc,.xls,.ppt, and other popular formats.

In two weeks of daily use, the system worked remarkably well, showing that less can be more. I could open and use as many as five applications at a time. The system was able to open an image-rich PDF file with charts and complicated formatting in 15.2 seconds -- 20 percent faster than it took me to open the same file with a Windows XP-based Dell Optiplex 740 PC that was twice as expensive.

For those watching the bottom line (and who isn't, these days?) the Linutop 2 consumes only 11.9 watts, about the power draw of a child's night light and one-fifth that of my Dell desktop. In other words, over the course of a year of general business or personal use, it would probably cost less than $4 in electricity, saving you about $15 a year.

Shipped from Paris, the Linutop 2 costs $440 plus $40 for delivery and arrives in about a week. Linutop 2 will never be a performance PC for video editing, CAD or gaming, but is perfect for most office and personal uses that don't require Windows software. Neither too big, nor too small, Linutop 2 is just right.

Brian Nadel is a freelance writer based near New York and is the former editor in chief of Mobile Computing & Communications magazine. A 25-year veteran of technology journalism, his work has appeared in Popular Science, PC Magazine, and Fortune.

The SOAP stack for Web services was branded a failure this week by Tim Bray, a Sun Microsystems technologist and co-inventor of XML, who hailed the REST (Representational State Transfer) mechanism as a SOAP alternative.

"The SOAP stack is generally regarded as an embarrassing failure these days," said Bray, who is Sun director of Web technologies, in an interview Wednesday afternoon at the O'Reilly Open Source Convention (OSCON) in Portland, Ore. "REST does what [the SOAP stack] was trying to do in a much more viable, elegant, cheap, affordable way except that we've got no tooling around it yet."

REST can be used for integration, enabling, for example, PHP Web front ends to talk to a Java manufacturing system, said Bray.

Tools to help developers work with REST are coming from companies such as Sun, Microsoft and Oracle, said Bray. These tools would make it easier to create REST services and test them, he said.

SOAP and the attendant set of WS-*? (ws star) specifications for security, messaging, and other capabilities certainly have had their detractors. Some, including Ruby on Rails founder David Heinemeier Hansson, have called these specifications "ws death star" -- a takeoff on the enemy home base in the "Star Wars" movies.

Analysts at ZapThink, who have specialized in technologies such as Web services and SOA, sharply disagreed with Bray.

"Tim Bray is a REST proponent and he'll say what he needs to, to bash SOAP and promote REST. SOAP is alive and well. There's no widespread movement away from SOAP. If you can find evidence of that [apart from Tim Bray], let me know," said Ronald Schmelzer, ZapThink senior analyst.

"It's ironic as well that he's incorrect about the lack of REST tooling. JackBe, Corizon, and others support REST," said Jason Bloomberg, a managing partner at ZapThink.

Bray also cited a need for more and better testing frameworks for REST-oriented protocols and frameworks.

During a keynote presentation at OSCON on Friday, Bray will talk about the "language inflection point," in which various languages such as Perl, Python, and Ruby have been gathering momentum at the expense of the established Java and .Net platforms.

"Up until two years ago, if you were a serious programmer you wrote code in either Java or .Net," Bray said. "[Now], there are all these options that people are looking at and it's really an inflection point."

The Sun-driven Java platform is accommodating scripting languages such as Ruby and Python on the Java platform, Bray noted. Sun has been enabling these to work on the Java Virtual Machine.

"The Java language is not what the cool kids are choosing to use these days," said Bray.

Still, Java will stay around, he said. "The Java language isn't going away. It's the world's most popular programming language," Bray said.

"I think that like it or not, we're stuck with a multilanguage future," he stressed.

Proprietary software vendors, movie companies, and the music industry aren't the only businesses that don't like pirates stealing, copying, and reselling their CDs and DVDs. It turns out that pirated software can also hurt the open-source community.

When stolen proprietary software is used by consumers, that's a lost opportunity for open source software makers to get their own software onto the computer hard drives of new users.

[ Track the latest trends in open source with InfoWorld's Open Sources blog. ]

So says Louis Suarez-Potts, the community manager at Sun Microsystems for the OpenOffice.org open source project, who discussed the phenomenon here at the 10th annual O'Reilly Open Source Convention.

"Piracy hurts open source because open source asks people to help give back and contribute code, but they say 'why should I help? I have Microsoft Office for free,'" Suarez-Potts said.

Around the world, he said, many national governments are realizing that this hurts them, too, because their citizens are then consumers of stolen technology rather than active participants in open-source communities that can help people gain technology skills that benefit workforces and nations.

By cracking down on software piracy, nations around the globe are starting to see that they can help themselves dramatically by encouraging innovation and creativity -- as well as job growth and richer economies -- through open source development, he said.

"China wants to create workers who can do this and create and sustain wealth," rather than just sell pirated software that doesn't improve the lives of the country's people, Suarez-Potts said. "We will all benefit if they are creating interesting things."

Other nations, including India, are making similar discoveries, he said. "They really quite clearly see that they should have their own intellectual ecosystems. China is now embracing open source and is asking how they can work with the international communities; likewise in India and Latin America."

In a report last week , the Washington-based software trade association, the Business Software Alliance (BSA) , found that six U.S. states -- California, Florida, Illinois, New York, Ohio, and Texas -- make up $3.93 billion in pirated software losses in the U.S., or almost half of the $8.04 billion in national losses to software vendors from pirated software last year.

The BSA also conducts annual studies of piracy in countries around the world ( download PDF ).

The latest version of the OpenOffice suite, Version 3.0, is currently in its second beta version but is expected to be released in final Version 3.0 form by early fall, Suarez-Potts said, nothing that so far the beta version is generating about two million downloads each week.

Computerworld is an InfoWorld affiliate.

Intel on Wednesday said it is developing more than 15 system-on-chips based on the x86 core used in Intel's Atom chip, which can be found in mobile Internet devices and low-cost laptops.

By using the Atom core, the company is trying to increase performance and drop power consumption on the new chips, said Gadi Singer, vice president of Intel's mobility group, at a press event in San Francisco.

Information and entertainment centers in cars, for example, will be much richer and demand higher-bandwidth connections to the Internet, so chips need to deliver better performance-per-watt, Singer said. The new chips will include subsystems to accelerate applications for video decoding and security.

Intel has already said it is working on an Atom successor codenamed Moorestown, due for release in 2009-2010 timeframe. The platform includes an SOC code-named Lincroft, based on a 45-nanometer Atom core.

The company also has chips based on the Atom core under development for set-top boxes, including Canmore, which will be released later this year, and Sodaville, due for launch next year.

Although the power-efficient design fits well in mobile devices, Intel enters as a challenger, not an incumbent, said Nathan Brookwood, an analyst at Insight 64. ARM is the market leader in the mobile space.

"The issue for Intel is whether can they begin to exploit the ubiquity of ... software environments and technical expertise surrounding x86 to start chipping away at ARM," Brookwood said.

Many other architectures, including PowerPC, used by Freescale and Motorola, and MIPS (million instructions per second), used by Broadcom, are strong players in this market, Brookwood said. The PowerPC architecture has a strong presence in the telecommunication and automotive space, Brookwood said.

Although Intel has been a player in the embedded space for 30 years, in the past it has seen platform and compatibility problems, Doug Davis, vice president of Intel's digital enterprise group.

Intel's earlier XScale chips, built using ARM's core, affected its ability to lead with its own architecture, Davis said. The company ultimately sold the handheld processor unit to Marvell Technology for $600 million in 2006.

By building Intel architecture in the new chips, Intel will deliver compatibility and the standardize software for use across multiple devices, Davis said.

The company also announced eight system-on-chips for set-top boxes on Wednesday. The EP80579 chips, made using the Pentium M core, runs between 600MHz and 1.2GHz, integrates a memory controller, and consumes between 11 watts to 21 watts of power. The Pentium M architecture was used to develop the chips as the design was available during chip development, Davis said. Going forward, all system-on-chips will be designed using the Atom processor core.

Microsoft has built its massive software business by watching other companies take the lead in emerging technology markets and then following fast with competitive products that eventually become dominant once those markets begin to pay out.

The company did it against IBM during the birth of the PC, Netscape during the browser wars, and is currently making a strong showing against Sony and Nintendo in the game-console market.

However, Microsoft's inability so far to capitalize on online advertising and services and its inability to make any headway against Google shows that, despite its huge cash reserves, this strategy may no longer be effective.

On Wednesday in an unexpected move, Microsoft reorganized its Platform and Services division, which oversees its Online Services Business (OSB) and its lucrative Windows OS business, into two groups to separate its distinct online brands. It also announced the departure of the president of the group, Kevin Johnson, who is reportedly leaving the company to join Juniper Networks.

Both the new organizations -- one that oversees its online advertising and search properties and another that runs Windows Live services and Windows OS -- will report directly to Steve Ballmer.

This move shows the CEO taking firm control of a part of Microsoft's business that has been searching for an identity since the company launched Windows Live services in late 2005 -- in part as a complement to its MSN and search businesses and in part as a rebranding of previous online efforts.

"For the past two years, I've been totally confused about [the difference between] Windows Live, MSN and Windows," said Charlene Li, an independent technology industry analyst. "The messaging and product features don't pull together."

She said splitting up businesses is "a good thing" for the company because it will help clarify Microsoft's online strategy. "You start seeing some differentiation between what Windows Live brand stands for and what online services is trying to do," Li said.

The move to divide its online brands follows the news last week on a financial conference call that Microsoft would invest "hundreds of millions of dollars" in OSB in light of its failure to close a deal to purchase Yahoo or at least its search business. OSB has operated at a loss for years and has shown only meager signs of life despite Microsoft's best attempts to revive it.

For Microsoft's fiscal 2008, OSB showed a year-over-year revenue gain of 32 percent, from $2.44 billion in 2007 to $3.21 billion in 2008. For the year, however, OSB lost $1.23 billion in operating income; a nearly 100 percent increase over the $617 million loss in operating income in fiscal 2007.

Last Thursday, Microsoft Chief Financial Officer Chris Liddell sketched out some vague plans for Microsoft's investment, which mainly will go into its search business to bolster online advertising revenue.

However, published reports say Microsoft's biggest shareholders aren't convinced that the company's financial bet will yield much of a return. Microsoft is hosting its annual meeting for financial analysts in Redmond, Washington, Thursday, and likely will shed more light on how it plans to revive OSB with the restructuring and with its renewed investment in the group.

Analysts will certainly be looking for some serious clarity on this topic, especially since Microsoft has been throwing money at online services for years.

"Microsoft's execution online has been poor," said Matt Rosoff, an analyst with Directions on Microsoft. "They've never had a runaway success with a product line ... nothing that has dominated the market or changed the game."

To be fair, the online advertising game -- which some analysts estimate will represent about a US$50 billion revenue opportunity in the U.S. alone in the next few years -- is far from over, he said.

Rosoff noted that Microsoft only really began going after Google in earnest three years ago when it launched MSN Search, which was overhauled and rebranded Windows Live Search, and then simply Live Search shortly thereafter.

Microsoft takes a "10-year view of things," he said, noting that Microsoft made more than $60 billion in revenue last year, and the business continues to grow. The company has the "luxury of looking at this as a very long-term business," he said.

"If any other company had thrown this much money away online, they wouldn't be in business right now," Rosoff said. But because of its cash balance and the strength of its business, Microsoft "can invest a lot of money in it without having to worry about the short-term."

Still, Microsoft is facing vulnerability in areas that have been a lock for the company for many years. For example, many attribute Apple's modest growth in computer sales to negative publicity surrounding its Windows Vista PC OS. While the Windows client OS is still a cash cow and is in no real danger of obsolescence, Apple's success shows there are new chinks in the Microsoft armor.

The popularity of the iPod and iPhone may be showing Windows customers that there are credible alternatives, said Greg Sterling, principal analyst for Sterling Market Intelligence.

This so-called "halo effect," combined with Apple's aggressive advertising campaign that exploited problems users had with Vista early on, proves to PC users that they don't have to settle for what may be perceived as a subpar OS if they don't want to, he said.

"To the extent that people are less fearful of using alternative systems -- that gives them a sense they can stray from Microsoft products and still be OK," Sterling said. The growth of Google's search engine and other online services and applications also provides people with alternatives to Microsoft, he added.

This perception could hurt Microsoft in other markets it's attempting to dominate -- such as the one for virtualization software -- even if the company has the cash to play the waiting game.

Microsoft is chasing VMware in virtualization. To combat its giant competitor, VMware said on Tuesday that it would offer a free version of its basic hypervisor product -- similar to the Hyper-V product Microsoft now offers in its Windows Server OS.

If history is any indication, Microsoft should eventually be able to overtake VMware, especially since its hypervisor is tied to such a successful operating system.

But even Paul Maritz, VMware's new CEO and a former Microsoft executive, pointed out on a VMware conference call Tuesday that Microsoft is not completely invincible, especially when another company already has a substantial lead in a market.

Indeed, Sterling said, "I think there is clearly a perception in the market that Microsoft is not the invincible juggernaut it was."

Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet.

The attack code was released Wednesday by developers of the Metasploit hacking toolkit.

[ Read the related story on how details of a major Internet flaw were posted by accident. And learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed the latest DNS server patches.

Attackers could also use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. "What makes this whole thing really scary is that from an end-user perspective they may not notice anything," he said.

The bug was first disclosed by IOActive researcher Dan Kaminsky earlier this month, but technical details of the flaw were leaked onto the Internet earlier this week, making the Metasploit code possible. Kaminsky had worked for several months with major providers of DNS software such as Microsoft, Cisco and the Internet Systems Consortium (ISC) to develop a fix for the problem. The corporate users and Internet service providers who are the major users of DNS servers have had since July 8 to patch the flaw, but many have not yet installed the fix on all DNS servers.

The attack is a variation on what's known as a cache poisoning attack. It has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker tricks the DNS software into believing that legitimate domains, such as idg.com, map to malicious IP addresses.

In Kaminsky's attack a cache poisoning attempt also includes what is known as "Additional Resource Record" data. By adding this data, the attack becomes much more powerful, security experts say.

An attacker could launch such an attack against an ISP's (Internet Service Provider) domain name servers and then redirect them to malicious servers. By poisoning the domain name record for www.citibank.com, for example, the attackers could redirect the ISP's users to a malicious phishing server every time they tried to visit the banking site with their Web browser.

On Monday, security company Matasano accidentally posted details of the flaw on its Web site. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network.

"Most people have not patched yet," said ISC President Paul Vixie in an e-mail interview earlier this week. "That's a gigantic problem for the world."

Metasploit's code looks "very real," and uses techniques that were not previously documented said Amit Klein, chief technology officer with Trusteer.

It will probably be used in attacks, he predicted. "Now that the exploit is out there, combined with the fact that not all DNS servers were upgraded... attackers should be able to poison the cache of some ISPs," he wrote in an e-mail interview. "The thing is -- we may never know about such attacks, if the attackers... work carefully and cover their tracks properly."

The high-profile troubles on the city of San Francisco's computer network continue, despite a dramatic jailhouse intervention by the city's mayor this week.

While the city has regained control of the five devices at the heart of its FiberWAN network, which carries data between city government buildings, administrators are still locked out of the city's VoIP system and local LANs within the Sheriff's Department and the Recreation & Park Department. Assistant District Attorney Conrad Del Rosario revealed the ongoing problems Wednesday at a bail hearing for Terry Childs, the former network administrator with the city's Department of Telecommunications and Information Services (DTIS) who is accused of holding the city's networks hostage for the past 10 days.

[ Read InfoWorld's scoop on "Why San Francisco's network admin went rogue" | Paul Venezia has technical analysis of the city's case against Childs ]

During that time, the networks have functioned normally, but IT staffers have been unable to make administrative changes to some of the city's critical routers and switches.

Childs' attorney, Erin Crane, had moved for a reduction in the $5 million bail set in the case. San Francisco Superior Court Judge Lucy McCabe denied that motion Wednesday.

Childs' defense has portrayed him as a capable engineer, surrounded by incompetent management, who simply didn't trust anyone with the administrative passwords to the five network devices at the heart of the FiberWAN. On Monday, Childs had a secret meeting with San Francisco Mayor Gavin Newsom where Childs turned over the passwords.

Del Rosario argued against any reduction of bail, noting that Childs handed over the passwords only after a scheduled July 19 power outage at the city's One Market Street datacenter failed to take down the FiberWAN. Because Childs did not store network configuration files on the routers' hard drives, a power outage would wipe this information out of memory, disabling the network until it was reconfigured, he said.

The assistant DA said it was "extremely suspicious" that Childs only communicated with the mayor after the network did not go out of service.

In court filings, prosecutors say they do not know where these critical router configuration files are located.

As the city's principal network engineer, Childs worked on about 1,100 networking devices throughout the city, Del Rosario said. Even with the FiberWAN passwords, there are still questions about the rest of these systems. "We do not know whether we have control of these devices," he said.

Crane said that her client was the victim of jealous co-workers who were upset because his good work made them look bad. "I think the entire thing is specious," she told the judge. "This is a DTIS management problem."

This is not Childs' first time in criminal court. He also served four years in Kansas prison on aggravated robbery and aggravated burglary charges, prosecutors said. Those charges stem from an incident that occurred when Childs was 16 years old, Crane said.

The court also ordered Childs to stay away from several of his former co-workers, including Jeana Pieralde, the DTIS director of security who was allegedly so afraid of Childs that she locked herself in a room in the data center, and his former supervisor Herb Tong, whom Childs felt was undermining his work at the department.

Prosecutors say that police found bullets when they searched his Pittsburg, California, home on July 13.

In a brief appearance before reporters after the hearing, Crane said that she and Childs were "deeply disappointed that bail had not been reduced."

Childs' next scheduled court date is a Sept. 24 pretrial hearing.

Intel is readying a second release of the Moblin open-source platform for mobile computing, with plans set for an alpha-level version in a few weeks, an Intel official said at the O'Reilly Open Source Convention (OSCON) in Portland, Ore. on Wednesday.

Moblin is a project for mobile Linux that is centered on a range of devices, with Intel eyeing Moblin for its Atom processor for mobile systems. "Our focus as a company right now is on the Atom platform, but I'm sure other people in the community will drive it [in] other directions," said Dirk Hohndel, chief Linux and open-source technologist at Intel.

Intel is putting together the software stack for Moblin 2, featuring a forking off of Fedora and the Gnome mobile stack. "We're going to open this up to the public," Hohndel said. "I want to see the community that really takes this project and runs with it and makes it their project."

Hohndel stressed that Intel was firmly in the open-source camp. "Open source is something that we believe really helps change the game," Hohndel said.

Also at the conference Wednesday, O'Reilly Media CEO Tim O'Reilly brought up two MySQL dignitaries from Sun Microsystems to quiz them on how things were going since Sun acquired the open-source database company earlier this year. The two MySQL officials, Michael Widenius and Brian Aker, waxed positive about the merger.

"It's actually been really rewarding," Aker said.

"Sun has given use more free hands to do what we want to do," said Widenius.

Commenting on Sun's switch from a proprietary to open-source software company, Aker did note that there are inevitable tensions when engineers have to go public with their code.

Aker also called Microsoft "irrelevant." Additionally, he said he wanted a new iPhone but hoped that Google gets its Android systems out fast enough that it works well enough that he could use it.

An audience member asked why the open-source world can not do anything as "insanely great" as iPhone. O'Reilly cited potential developments in that direction, such as Android and Openmoko.

One of the hot topics on the VMware Forums lately has been about the advisability of using virtual firewalls within the VMware Virtual Infrastructure. The main question is whether it's a good idea.

The general answer is yes; they work well enough for most experts to recommend them. However, the more specific answer depends solely on how you have set up your physical and virtual networks and the purpose of the virtual firewall.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Is your purpose to protect all VMs attached to a virtual switch from other VMs on the same virtual switch? You can achieve this with a virtual firewall only if you use portgroups and firewall between different portgroups.

Is your purpose to protect all VMs attached to a virtual switch from other VMs on different virtual switches? You can achieve that by having a virtual firewall between the protected virtual switch and up to three other virtual switches. Why three? There is a limitation on the number of virtual NICs available to a VM.

Is your purpose to firewall a DMZ attached to the outside world from the inside world? This is also achievable with a virtual firewall, however it requires multiple physical NICs attached to different pSwitches or VLANs within your physical network. It also applies the principle of vSwitch to vSwitch protection.

The other big question is which virtual firewall to use? There are several contenders: Smoothwall, m0n0wall, and a host of others. There is also the possibility of using the software from a hardware firewall within a VM, but that depends on the vendor and whether or not the OS they use within the hardware firewall can be virtualized, there is support to do this, and some form of instructions to do this.

The Smoothwall folks for example sell a hardware appliance as well as provide an installable image for a Virtual Machine.

The main concern about using a virtual firewall is to ensure isolation of those items to be protected with proper virtual and physical network layout.

The other concern is that unless you make some low level modifications VMs attached to a vSwitch that is not, itself, attached to a physical NIC cannot participate in VMotion or the ability to move VMs from virtualization server to virtualization server without powering them down.

This last item may dissuade people from using virtual firewalls but it will not stop me. I use them and recommend them as a solution to an often tricky problem that requires them. However, due diligence with your network layout is absolutely required.

Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers," Pearson Education (2008.) He recently left Hewlett-Packard , where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.

A year after creating an online open-source software development community to take on SourceForge.net and other rivals, the development team at Ubuntu Linux will be the first to admit that they still have a long way to go to achieve the popularity of their competitors.

Ubuntu's beta community, called Launchpad, debuted last July and has seen a huge increase in the number of open source projects under development, from 1,500 projects at the start to about 7,000 today.

[ Read what Ubuntu founder Mark Shuttleworth recently had to say about developing a Linux desktop to rival Apple. ]

While that's a sizable increase, it still pales compared to the number of open source projects hosted on its more popular and well-known rival, SourceForge.net, where about 150,000 open source projects are availabe today.

For users, Launchpad offers an open source software hosting and development collaboration Web site similar to SourceForge.net, but there's one big difference according to Ubuntu -- code and other resources posted on the site can be shared back and forth across all the open source projects that are underway there.

That, said project manager Christian Reis, makes Launchpad a more collaborative environment for projects that could eventually refine the way open source software is developed.

Reis, known in the open source community as "kiko," talked about the scheduled debut next week of the new Version 2.0 of Launchpad yesterday at the 10th annual O'Reilly Open Source Convention . The new version will be announced next week by Canonical, the commercial sponsor of Ubuntu Linux.

On other development sites, he said, "there's not a lot of communication between" open source projects. "Launchpad, as part of it's core strategy, seeks to encourage sharing. This is where we think it makes a big difference for us."

The biggest open source development project on Launchpad is Ubuntu Linux itself, he said, including management of packages, bug tracking and foreign language translations.

And while the number of projects hosted on Launchpad has grown, Ubuntu has learned a lesson in the project's first year. That lesson, he said, is that "it's very difficult to break new ground" in the project development arena because of the entrenched nature of SourceForge.net's community. Most of Ubuntu's efforts so far have been by word of mouth, but that's a slow process.

Other large-scale open source projects are also coming aboard the Launchpad community. MySQL began using Launchpad about a month ago for its development, he said.

With Launchpad, developers don't need to get prior permission to contribute code or create a new direction in a project, unlike traditional open source software development models. Project leaders still ultimately have final say on what does and doesn't make it into the final code, but individual developers have more leeway in trying new ideas and getting feedback from others.

Here, developers can put up projects or code and "people discover it," he said.

By including Ubuntu in the pool, the development of many other related open source applications can also be found on Launchpad, including projects involving Mozilla Firefox, GNOME, KDE, and others. "You really have to understand how much Ubuntu is a magnet for other open source applications," he said.

"Launchpad is about lowering the barrier for participation so that anybody in the community can come in and add a translation or make a new version of your source code or help you manage your bugs," he said. "We're mating the idea of facilitating collaboration between projects. It's the next generation of project hosting."

Unveiled last July, the Launchpad Personal Package Archive service provides a new way for developers to build and publish packages of their code, documentation, artwork, themes and other contributions to free software.

It's been a busy month for Ubuntu Linux. Several weeks ago, Ubuntu announced that for the first time, a retail boxed version of the operating system will be sold to consumers with support for $19.99 at Best Buy stores.

Computerworld is an InfoWorld affiliate.

Oracle Wednesday unveiled a suite of access management tools including a new server that provides controls to fine-tune user privileges.

The Oracle Access Management Suite is a bundle of software the company has collected from the acquisitions of Oblix, Bharosa, and BEA. The suite provides users with a range of authentication and authorization technologies to support Web application single sign-on (SSO), strong authentication, fraud protection and cross enterprise federation and SSO. ( Compare identity management platforms. ) 

In addition, Oracle released what it calls the Entitlements Server, which is a rebranding of the former BEA AquaLogic Enterprise Security software. The server relies on policies and user attributes such as title or location to craft sophisticated access controls around any network resource including documents.

The Entitlements Server supports Extensible Access Control Markup Language ( XACML ) for policy interoperability.

The other servers in the suite are the Adaptive Access Manager for strong authentication and fraud protection, Access Manager for Web SSO, and Identity Federation for cross domain access controls.

Oracle will continue to sell the pieces separately.

The suite also integrates with middleware including Oracle Fusion, Oracle applications, Office SharePoint Server, IBM WebSphere and BEA Weblogic.

Oracle officials say they have done integration and certification around the products to ensure that they work together, but clearly the company has work ahead of it to mold the four pieces into a cohesive unit.

"It is relatively easy to put together a strategy and vision for all of this, but the engineering work is going to be significant for them," says Gerry Gebel, an analyst with the Burton Group. But Gebel says the move toward entitlement management is a good one for Oracle, which has been buying up companies to gain its foothold in the identity market.

"The entitlement management market is one that is really immature," Gebel says. "But Oracle has one of the better products and they are in a good position."

The Entitlements Server, Access Manager and Identity Federation are all deployed behind the firewall, while the Adaptive Access Manager installs as a proxy protecting the Web infrastructure. The servers can be integrated with corporate directories that support the Lightweight Directory Access Protocol.

"The thing we saw over the last two to three years was that customers were piecing all these elements together as they built a comprehensive strategy," says Amit Jasuja, vice president for identity management at Oracle. "They were dealing with all the integration, certification, patching."

Jasuja says Oracle expects the new suite to compete with offerings from IBM, Sun, and CA.

The Oracle Access Management Suite is priced at $45 per internal user and $12 per external user.

Network World is an InfoWorld affiliate.

The iPhone 3G may have a lock on the Sexiest Gadget Alive title for 2008, but in the frumpy and boring world of things that matter to enterprise IT managers, it's no pinup.

Despite Apple's improvements upon the previous iPhone, primarily through its licensing of Microsoft's ActiveSync technology, the 3G and its iPhone 2.0 software remain less competent and less tested than its BlackBerry and Windows Mobile counterparts.

[ For more on bringing the iPhone into the office, read "How to make the new iPhone work at work." ]

"From an IT support standpoint, you want a hardened device, something you can fire and forget," said Todd Christy, president and CTO of Pyxis Mobile, a smartphone application maker. "I think the iPhone is cool, but it isn't there from an enterprise standpoint."

"It's a great product but has a ways to go," said a senior IT official at a large U.S. business who, after evaluating the iPhone 3G, chose not to deploy it, citing weaknesses in configuring, securing and supporting the iPhone up to enterprise standards.

"A year after Apple comes out with a consumer device, these kinds of enterprise things are not going to happen magically," said the official, who declined to be identified.

So on exactly what tracks does the iPhone still lag?

1) Manageability and security

When it comes to employees' smartphones, IT managers may seem like the worst kind of control freak. And for good reason -- nothing is as easily lost or stolen as a smartphone, along with its corporate data.

RIM's ability to ease IT managers' worries has been key to the BlackBerry's success. It introduced device management software, BlackBerry Enterprise Server, at the same time it launched the device itself back in 1999. Today BES, as it is affectionately called, lets IT managers enforce more than 200 security and other IT policies, as well as create their own.

Microsoft is attempting to challenge BES' dominance. Earlier this year, it released System Center Mobile Device Manager. SCMDM, as it is often abbreviated, gives IT managers 125 built-in policies for managing Windows Mobile 6.1 phones, as well as the ability to create their own.

SCMDM's biggest strength may be its integration with the popular Active Directory technology, which lets IT managers reuse their carefully tweaked set of employee privileges and access rights with little extra work.

Jonas Gyllensvaan, CEO of mobile management software vendor Conceivium Inc., expects SCMDM to "make big inroads by the end of the year."

For IT managers not on SCMDM, their experience remains firmly in the second tier, with 45 policies available to them via Microsoft Exchange 2007 SP1's ActiveSync. Policies include numerous ways to manage passwords, control whether phones and storage cards must be encrypted, and turn on or off the phone's camera, consumer e-mail account, or text messaging.

"That's still very robust, and a lot more than what the average IT person in the mid-market or enterprise needs," said Scott Gode, vice-president of marketing and product management for Azaleos, a provider of outsourced Exchange server management.

The iPhone 3G uses the same ActiveSync technology in Exchange 2007 SP1, but experts place the iPhone in a third tier. "The Windows Mobile implementation of ActiveSync is, from an IT admin point of view, far superior," said Ahmed Datoo, vice-president of product marketing for mobile software maker Zenprise Inc.

Why? Because many ActiveSync features are missing. Those features include the ability to limit users from downloading some or all third-party software, the ability to turn off expensive international data roaming, and the ability to natively encrypt data on the iPhone or its storage card.

The lack of native encryption is the iPhone's "one failing," said Glenn Edens, an independent mobile consultant, who is otherwise bullish on the iPhone 3G. "Remote wipe helps but is not good enough."

Without encryption, the District of Columbia, which is testing the iPhone 3G now, would only deploy the iPhone 3G by keeping key applications and data off the device, said Vivek Kundra, CTO of the governmental body.

At least one ISV, SplashData, has already come up with a third-party encryption app. But as David Gewirtz, an e-mail security expert, put it, "everybody prefers stuff from the manufacturer."

The dearth of built-in management features is in contrast with the iPhone's many built-in consumer features, such as its 2-megapixel camera, its music and video player and fast Web browser. These all create more potential security and compliance problems and ways for the device to be misused.

For instance, employees goofing off by downloading TV programs from iTunes can "interfere with other users trying to run critical applications across the same wireless LAN network," said David Messina, vice-president of marketing for network management software maker, Xangati Inc. "Think about environments like hospitals, where WLANs are critical to patient care."

For sure, Apple won't stand still. But for now, its enterprise manageability is "enough for it to gain a beachhead, but not enough long-term for Apple to get the market share it wants," Gode said.

2) Network and deployment

The iPhone has one advantage over RIM: All messages and updates are routed directly from server to smartphone and vice-versa.

Syncing with a BlackBerry, meanwhile, requires updates to be sent to RIM's Canadian network operations center, outside of a corporate firewall. That NOC has been prone to failure in the past year, frustrating BlackBerry users.

So score one for the iPhone -- and Windows Mobile, for that matter -- versus RIM. However, application and patch deployment is another matter.

Most consumers will add applications to their iPhone via the iTunes client, which connects to the Web-based AppStore controlled by Apple.

That setup is unacceptable to most companies, who generally prefer a larger degree of control over what, which and how applications are added to employee smartphones.

There are two alternatives , one existing now and one slated for the future. The first is enabling the setup of an'ad hoc' restricted list of iPhone users who are allowed to download a given app via AppStore. Ad hoc distribution is available today, though there are many reports of problems. Moreover, it doesn't scale past 100 users, making it suitable only for smaller firms or workgroups.

The other is letting companies essentially run their own mini-version of AppStore on their own servers so they can oversee which apps are served up to the copies of iTunes running on employees' PCs. Employees connecting their iPhones via cable to their desktop or laptop computer then automatically receive applications uploaded to their devices.

There are several problems. For productivity reasons, many companies don't want to allow employees to install iTunes on their work PCs. Moreover, relying on employees to sync their iPhone with their PC is slower and less reliable than directly pushing out apps, updates or patches wirelessly, which both BlackBerry and Windows Mobile allow.

Finally, Apple hasn't said when enterprise deployment will be available. Some observers don't think it will arrive until the middle of next year.

Rob Woodbridge, CEO of Rove Mobile, a maker of systems management software for smartphones, thinks Apple at that time needs to bring out a full-fledged solution along the lines of BES or Microsoft's SCMDM, one that enables IT folk to install more policies and apps wirelessly.

"That's what they need to do if they really want to sell into the enterprise," he said.

3) Technical support

Big companies are used to getting the white-glove treatment for the big bucks they spend. Is Apple, which has little enterprise presence, up to providing that? What about AT&T?

Not according to the unnamed IT official, who said multiple, escalating levels of support -- widely available for BlackBerry and Windows Mobile users -- didn't appear to be an option today.

"Would we even have an Apple account management team to support us? Probably not," the official said.

Others, such as Ahmed Datoo, vice-president of product marketing for mobile software maker Zenprise, say reports of'bricked' iPhone 3Gs and unavailable MobileMe services earlier this month don't build confidence, either.

As a result, says Xangati's Messina, companies wanting to deploy iPhones on a wide scale need to resign themselves to beefing up their own in-house support.

"The iPhone is going to be a mobile enterprise device in the same vein as a laptop. If there are issues with it, the help desk is going to have to be involved," Messina said.

4) Application ecosystem

Having 500 applications available at the iPhone 3G's launch was impressive. And no doubt that number will grow, fast. But the fact remains that there more than 18,000 applications available for Windows Mobile at public Web storefronts such as Handango.com.

And while the BlackBerry platform remains difficult for developers, there are still nearly 4,000 BlackBerry apps at Handango.com, along with thousands more custom business apps.

Of course, many business apps have already been ported over to the Web. For these, no porting is needed -- iPhone users can simply fire up Safari. But many applications still run better as clients. And some of those ISVs, such as Rove Mobile, say they are in no hurry to port their products over to the iPhone.

5) Cost and carrier choice

The iPhone 3G may only cost $199, but its true cost over the life of a typical two-year contract with AT&T is at least $2,000 (including voice plan, unlimited data plan and $5/month for 200 text messages). Pricey for a consumer toy, but comparable to a BlackBerry or Windows Mobile smartphone.

Rather, the true cost for an enterprise switching to the iPhone comes from the substantial investments in money, time and personnel those firms have already made in BlackBerry devices, multi-year contracts, BES servers, and the like.

And there is the matter of Apple's preference to sign a single carrier in each market for the iPhone, in contrast to the multi-carrier availability of BlackBerries and Windows Mobile phones. The District of Columbia's Kundra says the biggest hurdle to deploying the iPhone widely is AT&T's spotty geographical coverage.

Their surveys said...

Only 1 out of 25 senior wireless executives queried by Immobile.org for a poll earlier this month expect both corporate IT admins and employees to embrace the iPhone. Three out of four expect the iPhone to make few inroads and for Research In Motion, the maker of the BlackBerry, to maintain or strengthen its lead.

Another survey, by investment bank Goldman Sachs, found that 17 percent of 100 Fortune 1000 CIOs polled plan to buy an iPhone, though the Wall Street Journal, which reported the survey, opined that the figure "strikes us as pretty high." The survey also did not ask those CIOs how many iPhones they plan to buy -- a key point.

"I think companies will start to put the iPhone on their approved list, but I don't see many making it their standard-issue device," said Gyllensvaan.

The lust created by the iPhone 3G could even help end up helping its competitors. Rove's Woodbridge thinks that IT managers may try to steer employees demanding an iPhone 3G to sexed-up BlackBerries such as the upcoming Bold and Thunder models, or to touchscreen-based Windows Mobile phones such as the HTC Touch Diamond.

Computerworld is an InfoWorld affiliate.

Ubuntu Linux Founder Mark Shuttleworth urged development of a Linux desktop to rival what Apple has done in this space and aired a vision of software changing the world.

Shuttleworth, speaking at the O'Reilly Open Source Convention (OSCON) in Portland, Ore., on Tuesday evening, also urged development of a new revenue model to fund free software and set his sights on a services-based mechanism for this.? He also stressed the importance of interoperability with Windows.

Shuttleworth, of Canonical, emphasized development of the Linux desktop as well as mobile development.

"Can we go right past Apple in the user experience we deliver," Shuttleworth asked the audience. There is a profound challenge in the Linux desktop during the next two years to build this type of desktop.

"Certainly on the desktop experience we need to shoot beyond the Mac, but I think it's equally relevant [in] the mobile space," said Shuttleworth.

"The challenge for us is to figure out how to deliver something which is crisp and clean," without sacrificing the community process, he said.

An audience member mentioned issues that would emerge in developing an Apple-like desktop in the free software world.

"It would be hard to do from a free software point of view, I think, because so many people have so many different opinions," said Brad Cavanagh, data reduction software engineer at the Joint Astronomy Centre in Hilo, Hawaii.

"That's not to say you can't get good things out of open source. Obviously, you can but it?s going to be tough," Cavanagh.

Shuttleworth cited the need for newer business models, beyond advertising for free software.

"We had the Web for quite a long time before we figured out how [to do] ad-funded Web businesses," said Shuttleworth. But he said he did not see how advertising could fund Web-based applications and free software applications. He instead noted an emerging emphasis on services, calling services the engine for funding investments in free software.

"I think advertising works very well in the search case, but I don?t think it?s the sort of final solution in terms of business models to drive investment in free software," Shuttleworth said. "A more general view of services is required."

There will be tremendous innovation and experimentation with services, he said.

The free software world is in a quest for a complementary economic model. "When we look back at this era, we'll be looking at economics," as much as factors such as technology, Shuttleworth said.

Technology, he said, provides the opportunities to drive economic change, create wealth, and change society. "The way we run our lives today, software determines more and more of it," Shuttleworth said.

"In a very real sense, everything is becoming software," said Shuttleworth. "There have never been better opportunities to create wealth, better opportunities to change the world."

Recent wealth creators such as Google have been built on free software, Shuttleworth said. Free software, meanwhile, is "the ultimate form of disclosure" and serves as an engine for innovation.

"The question we should be asking the free software world is how can we stimulate that? How can we drive innovation faster," said Shuttleworth.

Shuttleworth also promoted the notion of cadence in free software releases. "The idea of establishing a regular rhythm or regular, predictable release schedule for free software is, I think, gaining prominence," and helps to stimulate the free software development process, he said.

Society, he said, needs a "pipeline of innovation."? A free software platform must be made accessible and architected for innovation, Shuttleworth said. The Firefox platform for instance, has been effectively made a platform for innovation through extensions and plug-ins, he said.

Linux, Shuttleworth said, must link up with Windows.? He stressed his belief that "Linux is the platform of the future. But I think it?s essential that we learn how to work with Windows."

Extensible software must work across both platforms, said Shuttleworth.

Shuttleworth also asked how free software changes the perception of software methodologies. He suggested extending agile programming. "If I look at the innovation story, the methodology story, the common thread on both of those to me is collaboration and participation," said Shuttleworth.

At Ubuntu, there is a goal of enabling people to make changes and build a community around changes, with nobody having to ask permission to participate.

A global glut of NAND flash memory chips, which store songs, photos, and other data in gadgets from iPods to digital cameras, will continue for at least the next few months because companies have been slow to rein in production, according to DRAMeXchange Technology.

The market researcher, which is based in the heartland of the global memory spot market in Taipei, predicts the NAND flash supply will grow 149 percent this year despite worsening prices for the chips. The problem is that chip makers such as Samsung Electronics, Hynix Semiconductor, and SanDisk's partner, Toshiba, have not moved fast enough to cut production.

The good news for users is that companies will be able to offer more NAND flash storage capacity for a lower price, or offer better deals on existing products such as flash memory cards and MP3 players. Low NAND flash prices could also spur companies to lower prices on hot products such as SSDs (solid state drives) in hopes of growing the market for the drives.

Prices of NAND flash memory dropped 20 percent on average in the month of June, DRAMeXchange said, and an upturn for the market may not be in the offing until as late as September.

The NAND flash market has been so bad that the creator of the chips, SanDisk, on Monday reported a surprise loss of $68 million for the second quarter. The company blamed the supply glut for its problems, pointing out that it sold a record amount of flash, 120 percent more than the same time last year, but that prices are down 55 percent compared to then.

SanDisk also said NAND flash prices may worsen in the third quarter. The company's Nasdaq-listed stock fell $4.31, or 24 percent, to end Tuesday at $13.62 as a result of its earnings news.

To counter the deteriorating market, SanDisk will delay the start of production at a new joint venture chip factory until April 2009 and put plans for another factory on hold until market conditions improve.

Credit Suisse analyst John Pitzer notes that SanDisk's plans to delay building new production lines are a positive for the NAND flash industry and rivals are likely to follow. SanDisk and partner Toshiba account for around a third of the global NAND flash supply, he said in a report.

The latest survey from security vendor McAfee has found that small to medium-size businesses wrongly conclude their revenue is too low to draw the attention of cybercriminals.

SMBs are in fact rich hunting ground for hackers, McAfee said. Although there may be less money or data to steal, the attacks are also less likely to gain the attention of law enforcement organizations such as the U.S. Federal Bureau of Investigation.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"Lots of small attacks add up to large amounts of revenue," according to the survey , which polled 500 companies in the U.S. and Canada. There are an estimated 7.4 million SMBs in North America.

McAfee's study this year focused on North America, whereas last year it surveyed 600 European SMBs. However, the conclusions of the two studies are similar. About 45 percent of North American businesses felt they did not have valuable data to steal. Last year, 58 percent of European businesses gave the same response.

In the U.S., 39 percent of businesses with up to 1,000 employees reported spending an hour or less a week on IT security. The figure is higher for Canadian businesses: 44 percent.

Part of the problem is that attention to security takes time, and SMBs have fewer resources. Many don't have an employee dedicated full-time to IT security. But McAfee argues that SMBs could face critical shutdowns in business as a result of weak security.

Every business retains employee data, which could be valuable, the survey said. Also, every business is hit with spam, which often is laden with malicious data-stealing programs.

McAfee said it expects hackers to increasingly go after VOIP (Voice over Internet Protocol) phone systems, virtual systems, as well as mobile devices. McAfee's advice: patch regularly, filter e-mail, and use antivirus software.

One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."

[ Read the related story on how details of a major Internet flaw were posted by accident. And learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The author of one widely used hacking tool said he expected to have an exploit by the end of the day Tuesday. In a telephone interview, HD Moore, author of the Metasploit penetration testing software, agreed with Aitel that the attack code was not going to be difficult to write.

The flaw, a variation on what's known as a cache poisoning attack, was announced on July 8 by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an Aug. 6 presentation at the Black Hat conference.

That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.

And that's bad news, according to Paul Vixie, president of the company that is the dominant maker of DNS software, the Internet Systems Consortium. Vixie, like others who were briefed on Kaminsky's bug, did not confirm that it had been disclosed by Matasano. But if it had, "it's a big deal," he said in an e-mail message.

The attack can be used to redirect victims to malicious servers on the Internet by targeting the DNS servers that serve as signposts for all of the Internet's traffic. By tricking an Internet service provider's (ISPs) servers into accepting bad information, attackers could redirect that company's customers to malicious Web sites without their knowledge.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network.

"Most people have not patched yet," Vixie said. "That's a gigantic problem for the world."

Just how big of a problem is a matter of some debate.

Neal Krawetz, owner of computer security consultancy Hacker Factor Solutions, took a look at DNS servers run by major ISPs earlier this week and found that more than half of them were still vulnerable to the attack.

"I find it dumbfounding that the largest ISPs ... are still identified as vulnerable," he wrote in a blog posting . "When the [hackers] learn of the exploit, they will go playing. They are certain to start with the lowest hanging fruit -- large companies that are vulnerable and support a huge number of users."

He expects that users will see attacks within weeks, starting first with test attacks, and possibly even a widespread domain hijacking. "Finally will be the phishers, malware writers and organized attackers," he wrote in a Tuesday e-mail interview. "I really expect these to be very focused attacks."

Most ISPs will have probably applied the patch by the time any attacks start to surface, and that will protect the vast majority of home users, said Russ Cooper, a senior information security analyst with Verizon Business. And business users who use secure DNS-proxying software will also be "pretty much protected" from the attack at their firewall, Cooper said.

"If anyone actually tries to exploit this, the actual number of victims will end up being extremely small," he predicted.

HD Moore said he didn't exactly see things that way. Because the flaw affects nearly all of the DNS software being used on the Internet, he said that there could be lots of problems ahead.

"This is a bug we'll be worrying about a year from now," he said.

REFERENCES:Details of major Internet flaw posted by accident, Jul. 21, 2008The Internet gets a patch, as DNS bug is fixed, Jul. 8, 2008Internet bug fix spawns backlash from hackers, Jul. 9, 2008

Brocade Communications Systems' planned $3 billion acquisition of Foundry Networks is a major strategic move in a brewing war over the future of datacenter connectivity, industry analysts said Tuesday.

The deal, expected to close in the fourth quarter, would combine a maker of Fibre Channel SAN (storage area network) switches for datacenters and a specialist in enterprise Ethernet LANs, two technologies that are headed toward a merger themselves.

[ Learn more about Brocade's $3 billion acquisition of Foundry Networks. And keep up on the latest networking news with our Networking Report newsletter.  ]

The future of datacenters lies with Ethernet, because it's relatively inexpensive, keeps scaling up to higher speeds, and is ubiquitous throughout the rest of enterprise networks, analysts say. Virtualization and datacenter consolidation are helping to drive the need for Ethernet's growing speeds. The idea is to create a "unified fabric" that spans both the datacenter at the enterprise's core and the LAN where client systems are located. But there are two main ways to bring Ethernet to datacenters with the features needed there.

Both Brocade and Cisco are pushing FCoE (Fibre Channel over Ethernet), an IEEE standard expected later this year that would combine characteristics of both systems. By mapping Fibre Channel traffic over Ethernet networks, it will let enterprises take advantage of Ethernet speeds of 10Gbps and up while keeping the latency, security, and traffic management benefits of Fibre Channel. FCoE will also smooth the migration to Ethernet by letting the two technologies coexist in a single switch, so existing SANs (storage area networks) can stay.

The alternative is iSCSI, (Internet Small Computer System Interface) which some smaller enterprises have adopted because it can be used with conventional Ethernet switches and without in-house Fibre Channel expertise, said Bob Laliberte of Enterprise Strategy Group. Its main proponents have been storage vendors, he said.

Although it will take years for current Fibre Channel SANs to be replaced, one of the two is likely to win out, analysts said.

"There's a major religious war between FCoE and iSCSI," said Burton Group analyst Dave Passmore. They represent completely different technical approaches to combining Ethernet and storage transport protocols. "Reasonable people will disagree," he said.

Like Fibre Channel, FCoE does not use TCP/IP (Transmission Control Protocol/Internet Protocol), the basic communication protocol of the Internet and Ethernet networks, instead making up for it with other tools. Of the two approaches, only FCoE requires expensive, specialized switches, Passmore said, but it's more attractive to many organizations because it allows for a smoother transition from existing architectures, he said.

Enterprises could eventually lose out by choosing the technology that loses, but FCoE and iSCSI will probably coexist for years, Passmore said.

A unified fabric could save users money as well as complexity, Passmore said. For example, instead of having one network connection to the LAN and another to the SAN that it taps into for data, a blade server could have just one set of connections.

"That would greatly simplify the user's network infrastructure and require fewer switches," Passmore said.

Security is the main potential concern about having a common type of network across data centers and LANs, he said. Having two completely different networks as is traditionally done has built-in security benefits. But costs and benefits always have to be balanced in adopting new technologies, he said.

Brocade's purchase of Foundry will create a second powerful vendor of FCoE, said Yankee Group analyst Zeus Kerravala. So far, Cisco has been the only company with both the vision and the technology to create a unified fabric, he said. Brocade had the vision and now is gaining the Ethernet goods, Kerravala said.

"If the concept of unified fabric really does come true, there are really only two vendors," Kerravala said.

San Francisco Mayor Gavin Newsom met with jailed IT administrator Terry Childs Monday, convincing him to hand over the administrative passwords to the city's multimillion dollar wide area network.

Childs made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city's FiberWAN network, which carries about 60 percent of the municipal government's network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13.

[ Read InfoWorld's scoop on "Why San Francisco's network admin went rogue" | Paul Venezia has technical analysis of the city's case against Childs ]

On Monday afternoon, he handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane. Newsom is ultimately responsible for the Department of Telecommunications and Information Services (DTIS) where Childs worked for the past five years

Mayor Newsom secured the passwords without first telling DTIS about his meeting with Childs, according to DTIS chief administrative officer Ron Vinson, who added, "We're very happy the mayor embarked on his clandestine mission."

The department now has full administrative control of the network, he said in an interview Tuesday night.

It's likely that Childs had a lot to tell the mayor when the two met.

Childs' attorney has asked the judge to reduce Childs $5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.

"None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing.

Childs intends to disprove the charges against him but also "expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion reads.

Vinson dismissed the allegations. "In Terry Childs' mind, obviously he thinks the network is his, but it's not. It's the taxpayers'," he said. "The reason he's been sitting in jail is because he denied the department and others access to the system."

The court filings help explain just how this happened.

According to an affidavit from James Ramsey, an inspector with the San Francisco Police Department, he and other investigators discovered dial-up and DSL (digital subscriber line) modems that would allow an unauthorized connection to the FiberWAN. He also found that Childs had configured several of the Cisco devices with a command that would erase critical configuration data in the event that anyone tried to restore administrative access to the devices, something Ramsey saw as dangerous because no backup configuration files could be found.

This command, called a No Service Password Recovery is often used by engineers to add an extra level of security to networks, said Mike Chase, regional director of engineering with FusionStorm, an IT services provider that supports Cisco products.

But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time-consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."

Without the passwords, the network would still continue to run, but it would be impossible to reconfigure the equipment. The only way to restore these devices to a manageable state would be to knock them offline and then reconfigure them, something that would take weeks or months to complete, disrupt service, and cost the city "hundreds of thousands, if not millions of dollars," Ramsey claims.

Crane argues that these monitoring devices were installed with management's permission and were critical to the smooth functioning of the network. They would page Childs when the system went down and allow him to remotely access the network from his personal computer in case of an emergency.

In interviews, current and former DTIS staffers describe Childs as a well respected co-worker who may have gone too far under the pressure of working in a department that had been demoralized and drastically cut as the city moved forward with plans to decentralize IT operations.

About 200 of the department's 350 IT positions had been cut since 2000, mostly to be relocated to other divisions within city government, said Richard Isen, IT chapter president with Childs' union, the International Federation of Professional and Technical Engineers, Local 21.

Despite his conflict with some in the department, Childs has a lot of support there, Isen said. "There is a lot of sympathy, only because there is a basic feeling that management misunderstand what we actually do and doesn't appreciate the complexity of the work."

(Paul Venezia is Senior Contributing Editor with InfoWorld)

VMware Tuesday said it will offer the small-footprint version of its ESX virtualization software free, responding to pressure from Microsoft and other companies that are threatening VMware's lead in the virtualization market.

The next version of ESXi, which will come in about two weeks, will be available at no cost, said VMware CEO Paul Maritz on a conference call Tuesday to discuss the company's second-quarter earnings. ESXi is a basic hypervisor, which is technology that separates the OS from server hardware so multiple OSes can run virtually on one physical server.

Maritz said the move to make the already low-cost product free is part of VMware's plan to make its virtualization and network infrastructure products "as freely available to everyone in the industry" as possible as it diversifies its products beyond merely enabling virtualization. A former Microsoft executive, Maritz replaced VMware cofounder and former CEO Diane Greene, who was ousted in a sudden move two weeks ago.

Bogomil Balkansky, VMware senior director of product marketing, said ESXi has all the capabilities of VMware's older ESX product, including support for advanced VMware Infrastructure features like Vmotion, which allows a workload to be moved to another physical server while it is still being used.

"Functionally the two products are equivalent; ESXi does anything and everything ESX does," Balkansky said.

The reason VMware is making ESXi free and not ESX is because ESXi has the more modern architecture and is the product VMware wants customers to use moving forward, he said. ESXi uses an agentless model for management, which is why its footprint is so much smaller (at 32MB) than that of ESX, he said.

Tom Bittman, vice president and distinguished analyst with Gartner, said the move is indeed significant. It will allow VMware to compete more effectively with Microsoft, which is bundling its Hyper-V virtualization software with high-end editions of Windows Server. "This takes the price argument away," Bittman said.

Most companies now are buying other VMware products along with the hypervisor, which is why the company can afford to