The ongoing global economic crisis may spark a pricing war in the SaaS (software as a service) arena, according to a major vendor in the space.

During an appearance at an investor conference in New York this week, Salesforce.com chief financial officer Graham Smith discussed the company's readiness to lower prices in order to remain competitive.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

"It won't surprise me if going forward in these times that we see much more aggressive pricing. That's sort of typical," said Smith, who also addressed investors in London on Friday. "We are able to match pricing."

Smith indicated that Salesforce.com, known for its CRM software, is not about to run a closeout sale, however.

"My view is you have to sometimes be aggressive but equally, if you've got a small company that's being insanely aggressive on pricing, if I was a customer I'd be kind of nervous about that -- it speaks to their business situation," he said.

SaaS vendors typically cite a handful of purported advantages, such as no need to buy and maintain new hardware, faster deployment, and easier upgrades. Therefore, some price cutting may be at hand, but at the same time such factors could also compel more customers to adopt SaaS, according to Forrester Research analyst Ray Wang.

Also SaaS vendors may not be compelled to cut prices as much as companies that sell traditional licenses, said another Forrester analyst, Andrew Bartels.

That's because SaaS companies sell subscriptions, getting their money on an ongoing basis, and aren't necessarily scrambling as desperately to meet growth targets as a quarter ends, Bartels said. Meanwhile, it is common for major vendors to discount list prices for on-premise licenses by 50 percent.

But another observer believes Smith's prediction will be borne out in the market.

"We were already predicting something of a battle on pricing given how aggressive Microsoft is being around Dynamics CRM Online. I guess the economic doom and gloom just lifts that," said 451 Group analyst China Martens. "It's also a way for Salesforce to appeal to its smaller customers and retain them. I've yet to hear the same price-cutting story from other SaaS players name-checking the economy, but it's sure to come."

Beyond the world's economic woes, SaaS has now reached a certain level of maturity, and customers have had time to measure costs and their return on investment compared to on-premises software deployments, Martens said.

"There's also a sense that SaaS companies in general have been a tad opaque on pricing -- there's a base price for [sales force automation] but then customers have to pay extra for stuff like integration and other modules they might have thought would be part of the package," she added. "I'm sure customers are turning around to Salesforce and asking for more transparency on pricing from the get-go."

Meanwhile, other on-demand vendors acknowledged that pricing could become an issue, but overall painted themselves as being in a sound position to weather the rocky financial times.

Intacct, which sells financial applications to midmarket customers, is "not seeing any pricing pressure at all," said Daniel Druker, senior vice president of marketing.

The sour economy is in fact driving business to Intacct, both for its lower cost compared to "dinosaur on-premises accounting systems" and the fact that companies are now looking to upgrade their financial systems for better visibility, he said.

Over in the crowded market space of enterprise social-networking platforms, one vendor sounded a similar refrain.

"For us, business is actually up, and the future looks good despite this macro environment we're in," said Timothy Young, CEO of Socialcast.

Like Druker, he claimed his software has actually become more strategic as the economy weakens.

Companies are cutting costs through measures such as layoffs and having employees work from home, and are buying collaboration software to redistribute that workload and "increase the transparency of their organization," he said.

"We definitely have room to move, and as a company we're going to stay competitive on price," Young added. "But we have not seen that as a need right now."

An executive at large data-integration vendor Informatica, which launched an on-demand division a couple of years ago, also said his company is feeling no cost pinch.

Informatica's on-demand products don't have the same features as its high-end on-premises offerings, but they also cost far less, said Ron Papas, senior vice president and general manager of the division. Prospective customers have therefore been "pleasantly surprised" and cost hasn't been a major issue, according to Papas.

But he did make one prediction: "It's pretty common for SaaS customers to [sign up] for multiple years. Maybe you'll see people opt for one year [deals]."

Microsoft bills its upcoming Professional Developers Conference as a gathering of developers and architects and a chance to understand the future of Microsoft's platform. From this backdrop, the Los Angeles conference, which begins on October 26, is set to feature insights on a host of technologies ranging from model-driven software development to cloud computing and the Windows OS.

Highlights include a Community Technology Preview of Microsoft's "Oslo" software modeling platform, as well as sessions on the company's "Dublin" application server extensions for Windows. Microsoft's planned cloud OS, dubbed "Red Dog," also is expected to draw a lot of attention.

In some cases, technologies from different spaces will mesh together at the conference, such as during a session entitled, " 'Dublin' and .Net Services: Extending On-Premise Applications to the Cloud."

"Would you like to extend your existing SharePoint and .Net applications both on-premises and to the cloud in a non-intrusive way? This session will show you real-world examples of how to harness .Net Services workflow, access control and service bus to enhance business processes and add new capabilities to your application," the session description reads. "We will demonstrate the use of 'Dublin' Windows application server technologies to build extended application functionality. Lastly, you will see how workflow can be used to integrate across multiple organizations and the cloud," the session description reads.

Developers will have an opportunity to delve into specifics of the Oslo platform, including the planned M language set to anchor Oslo. "The 'Oslo' language, at the heart of the Oslo modeling platform, allows developers to quickly and efficiently express domain models that power declarative systems, such as Windows Workflow Foundation and 'Dublin,'" one session description reads.

For cloud computing, sessions are featured on cloud service development and problems being solved by cloud computing. Microsoft will present a cloud services road map for the next few years.

Windows 7 will be highlighted from various perspectives, including audio communications applications, design principles, designing background processes, and developing multitouch applications. Extension of battery life with Windows 7 is another topic covered at a PDC session.

Microsoft's Silverlight rich Internet application technology will be covered, including from a mobile application development angle. A road map also will be laid out for the 4.0 version of ASP.Net, Microsoft's technology for building Web sites. F#, Microsoft's functional programming language for the .Net Framework, will be pondered at PDC as well.

Other sessions tout agile and Web development with the Visual Studio platform as well as Microsoft's Surface SDK for touch-based computing interaction. Development of supercomputer applications also will be covered in a session pertaining to Windows HPC (High Performance Computing) Server 2008.

Microsoft's Live Services platform also is covered in detail, ranging from mesh services to programming services.

Another hot topic at PDC is virtualization. "Microsoft Application Virtualization (App-V), formerly known as Microsoft Softgrid Application Virtualization, allows companies to create and customize 'virtual packages' of desktop applications that can be streamed over the web providing a SAAS experience without a costly rewrite of the application," according to the conference Web site.

Project Velocity, Microsoft's distributed in-memory cache, will be detailed at PDC also, as will the future of the C# platform.

Common Language Runtime features of the .Net Framework will be examined. "Hear about support for in-process side-by-side CLR version support. Get a look at development improvements including code contracts and tools, mini dump debugging in Visual Studio, and enhanced base class libraries including BigInteger, tuples, and trees," the session agenda states.

Other topics to be covered include:

* A road map for Microsoft's Windows Presentation Foundation, including improvements planned for graphics, data visualization, performance and line of business application development. * Microsoft Sync Framework, with the next version intended to make it easier to synchronize distributed copies of data across different types of systems and services. * Mono, which puts the .Net Framework on platforms such as Linux. * SQL Server 2008, featuring details on storing and querying semi-structured data. * Geneva server and framework, for identity management. * Oomph, a microformat toolkit for Web developers and designers.

Microsoft is not wasting any time in its battle against Adobe when it comes to the company's Flash technology competitor, Silverlight .

Microsoft is reportedly very interested in pushing Silverlight on Apple's devices. But it's well known that Apple ultimately controls what software runs on the iPhone -- so good luck Microsoft. However, the story is quite different when it comes to the G1.

[ Special report: IT's guide to the iPhone | All about Google Android ]

Google's Android mobile operating system is open source, and with the forthcoming Android Market, Google's implementation of Apple's App Store, things are going to be easier for Microsoft to release Silverlight for Android. The fundamental difference between Android Market and Apple's App Store is that Google's mobile apps store is open to all, making it easier for companies to release their software on the Android platform (just three steps: register, upload, describe).

Microsoft's Silverlight has been in use on the Web by companies such as NBC to stream video from this summer's Olympic games and is Adobe Flash's main contender in the multimedia rich browser plug-ins. Microsoft launched version 2 of the Silverlight browser plugin earlier this week.

Google Apps administrators are complaining that their Apps "Start" portal pages are malfunctioning and wreaking havoc in their organizations.

According to multiple reports Thursday night and Friday morning in the official Apps discussion forum, Google is apparently unilaterally and without prior warning updating both the layout and functionality of Apps Start pages.

[ Read about other Google admin headaches relating to an extended Gmail outage. ]

In addition to causing confusion among Apps users, the changes apparently have also introduced bugs into the Start pages, causing them to malfunction.

Google Apps is a hosted collaboration and communication suite aimed at workplace use, and its Start pages are designed as a portal main point of entry for end users to their applications, such as Calendar and Gmail.

Among the most common complaints about the Start page upgrade are broken links that generate error messages, misconfigured buttons and application "gadgets" that prevent end users from reaching their e-mail inboxes, and layout problems that render pages unreadable.

According to the discussion forum reports, Google is apparently rolling back some of the updated Start pages and rolling them out again but without having solved the problems, compounding the confusion among end users and administrators.

The layout changes seem aimed at making the Apps Start page look and act more like the company's iGoogle, a personalized home page service primarily for consumers.

At a little after 8 p.m. U.S. Eastern Time on Thursday, a Google representative posted a message on the discussion forum acknowledging that there had indeed been a problem on Google's end affecting the Apps Start pages and saying it had been solved.

However, Apps administrators continued posting problem reports throughout the night and Friday morning.

"Why must Google change things without letting administrators know in advance? They have changed the portal page to be iGoogle now and the email gadget is completely different. I now have over 1,200 users that have no idea how to get into their email. The phones are ringing off the hook. What is going on with customer service these days. This really stinks," an administrator identified as Jay wrote Friday morning.

Another Apps user identified as Josh wrote : "Today, our homepages suddenly 'upgraded' to the new 'igoogle' interface. However, it doesn't work." He mentioned broken links and a misconfigured Gmail gadget that instead of taking him to his Apps inbox took him to his personal Gmail account.

It's not clear whether the problem is related to a major upgrade of the iGoogle service Google rolled out on Thursday with much fanfare.

Google didn't immediately respond to a request for comment.

Some Apps administrators were dealing with a Gmail problem that kept users from accessing their e-mail in some cases for more than 24 hours between Wednesday and Thursday of this week. Google declared that unrelated problem solved late on Thursday.

During Google's third-quarter earnings conference call on Thursday, co-founder and Technology President Sergey Brin said that there are now more than 1 million businesses using Google Apps.

Google Apps is one of the best known examples of a new wave of Web-hosted communication and collaboration suites that are emerging as options to Microsoft's Office and Outlook/Exchange suite.

Apps is hosted by Google in its data center and accessed by end users via a Web browser. Its Standard and Education editions are free -- a more sophisticated version called Premier costs $50 per user per year.

The appeal of Web-hosted software like Apps is that it doesn't have to be installed by customers on their own hardware, reducing maintenance costs and complexity. Apps and others like it are also designed from the ground up for workgroup collaboration.

However, when something breaks on the vendors' data centers, IT administrators have little or no control over how or when to remedy the problem, and are left to appease their angry end users as best they can.

IT service spending might not feel drastic cuts as high-tech leaders look to shave dollars off their budgets, because outsourcers and service providers could help them contain costs and streamline operations, industry analysts say.

A majority of IT executives report they are re-assessing how to invest what's left of their 2008 IT budgets . Many have decided to cut overall IT spending, but relatively fewer are reducing the amount they put toward outsourcing IT services, according to Forrester Research. A recent Forrester survey shows that while 46 percent of 258 Global 2000 enterprises have already cut back their IT budgets, only 21 percent have cut back on their IT services spend.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

"The primary value proposition of a good IT services deal for enterprise IT buyers is lowered costs, improved processes and streamlined operations," says Paul Roehrig, principal analyst at Forrester Research.

That means IT executives that currently invest in outsourcing will continue that trend during cost-cutting times, and companies that might not have previously considered sending IT services to an external provider might turn to the delivery model to avoid adding head count or investing in new technology.

"For the enterprise, outsourcing could help the total spending go down even though outsourcing revenue for the service provider would go up," Roehrig says.

For instance, despite reported softness in the third quarter, global sourcing advisory firm TPI anticipates 2008 to outperform 2007 in terms of the outsourcing contracts awarded. The number of contracts awarded until this point is up 5 percent compared to last year, and the total contract value of the deals is up 19 percent. TPI estimates that the global outsourcing market will reach $88 billion in 2008, up 10 percent from the previous year. Specifically business process outsourcing is expected to increase a total of 14 percent to $22 billion, and information technology outsourcing is forecast to be up about 9 percent, bringing revenue to $66 billion.

"Infrastructure-oriented management of servers, desktops, and other IT components is expected to go unchanged, but application development work could be potentially impacted. There will be a downturn in discretionary projects in the short term, but application maintenance won't be affected," says Brian Smith, partner and managing director of financial services operations for TPI North America.

Still the outsourcing industry won't go completely unscathed, according to TPI. TPI reports that the outsourcing industry overall experienced a 22 percent drop in the number of deals from the second to third quarter this year, but the firm attributes that to IT executive caution in late 2007 and a lessened demand in the financial services industry. Still, TPI says it doesn't anticipate certain types of sourcing deals to be cut in reaction to more recent economic woes.

"Because the value for much of outsourcing is efficiency and process management, we don't see any reason the economy would significantly negatively affect those deals," Smith says. "Our view is the same pattern of activity we've seen in 2008 will repeat in 2009."

Outsourcing deals may continue to multiply, but that doesn't mean that the nature of outsourcing deals won't change -- and in some cases, to the benefit of enterprise IT buyers. TPI notes that the trend toward large multiyear, billion-dollar outsourcing deals is on the downturn, and more targeted, specialized contracts are becoming the norm. Industry watchers attribute this shift to public failures of comprehensive outsourcing contracts and enterprise IT being more strategic in the functions it performs in-house.

"Comprehensive deals aren't as common, and there is a danger to having too many vendor contracts, but generally IT is being more selective on the services it sends out," Forrester's Roehrig says. "Smart execs are using IT services not merely to manage technology plumbing but also to profoundly affect business performance."

According to David Etzler, CEO of OutsourceWorld, activity in the outsourcing market is "higher than ever, but the deal size has changed." The seventh annual OutsourceWorld was held this week in New York and drew about 1,000 attendees looking to learn more about their sourcing options. From talking with CIOs there, Etzler says he discovered companies are learning they don't need to put all their functions under one umbrella with a single provider and many are opting to pick and choose outsourcers that best address specific needs.

"Because of the events of Wall Street, companies are in a complete state of shock but realizing they need to be strategic and look more closely at what their core components are," Etzler says. "The risks they are taking with outsourcers are smaller but more focused on what can really bring gains to the business."

Another benefit of more selective outsourcing deals is that IT buyers can negotiate better contracts with service providers, especially in the down economy.

"The smart service providers understand that this is the worst economic crisis since the Depression, and ultimately they will be hurting too," Roehrig adds. "If they can offer enterprises a way to contain costs while improving businesses, they will be able to prove their worth in the long haul."

Network World is an InfoWorld affiliate

Bolstered by the June launch of its Hyper-V virtualization software , Microsoft grabbed nearly a quarter of the fast-growing x86 server virtualization market in the second quarter, IDC said Thursday.

The success cut VMware's global share to less than twice its own. Counting by license shipments, VMware had 44 percent of the Q2 market with its VMware ESX and VMware Server products, IDC said.

[ For more on Microsoft's Hyper-V, check out InfoWorld's review. And stay up to date on all the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

But IDC analyst Brett Waldman said in an e-mail, "VMware's virtualized license share is likely to decrease in the long run [as Hyper-V continues to] grow and take share from both [Microsoft's] Virtual Server 2005 and VMware."

Microsoft said the results "reflect the strong customer and partner adoption" of its virtualization software. VMware did not immediately respond to a request for comment.

Microsoft has aggressively discounted Hyper-V to $28 per server. A standard license for VMware's ESX Server costs $3,000. Microsoft also released this month a free low-end standalone version called Hyper-V Server 2008 . Higher-end versions of Hyper-V are also free to users of Windows Server 2008.

Waldman said shipments of the legacy Virtual Server 2005 still comprised the majority of Microsoft's shipments in Q2, however.

As a result of its heavy discounting, Microsoft only held 1.1 percent of the market by revenue, Waldman told Network World . VMware continues to hold 78 percent of the market by revenue, with sales up 27 percent year-over-year, according to IDC.

Waldman said he believes VMware "has put in place several new initiatives, such as vCloud , to address new opportunities for themselves that Microsoft has not yet taken head on."

Parallels' Virtuozzo ranks second by revenue behind VMware , and third in terms of license shipments, Waldman said.

"XenSource has seen some momentum under the stewardship of Citrix in the last year. However, in terms on virtualized licenses, they are still rather small," Waldmain said.

Overall, the server virtualization market slowed again for the fourth quarter in a row, though sales overall are still growing, says IDC.

Sales grew 53 percent year over year in Q2, versus 72 percent year-over-year in Q1. Virtualization sales on the x86 platform, or Intel -based servers, were up 60 percent year-over-year.

Computerworld is an InfoWorld affiliate.

Intel has started shipping new solid-state flash drives designed for servers, workstations, and storage devices. Intel announced the move this week with Sun , which pledged to deliver storage products using Intel's flash technology.

Earlier this year, Intel announced its collaboration with Micron Technology to develop NAND flash memory that's as much as five times faster than conventional NAND. This week, Intel said it now is shipping its fastest SSD, the X-25E Extreme Serial Advanced Technology Attachment Solid-State Drive, potentially accelerating enterprise adoption of flash technology. Flash is more expensive than spinning disk drives, also faster and more efficient.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

Sun already had said it would make embedded flash drives an option for nearly all of its servers by year-end. Now Sun says it will deliver multiple storage products using Intel's solid-state drives, which are designed for computing operations requiring a high rate of input/output operations per second (IOPS). ( Compare storage products.)

Intel said its flash drives are 100 times faster than standard hard-disk drives, offering performance of 35,000 IOPS. "Solid-state drive technology will change the economics of enterprise datacenters," said John Fowler, Sun's server and storage chief, in a press release.

Intel's new flash drive comes in a 32GB capacity, and is priced at $695 for up to 1,000. A 64GB drive is expected to be available in the first quarter of 2009. Intel previously announced 80GB and 160GB flash drives for laptop and desktop computers.

Network World is an InfoWorld affiliate

If your IT department has decided to "go green," you probably need help from your strategic IT vendors. But which ones?

In an attempt to find out, Gartner analyst Simon Mingay, in partnership with the World Wildlife Fund, sent an 82-question survey to 24 vendors worldwide. His goal was to try to determine which vendors were tackling climate change within their own company, as well as which ones were delivering green products and services to their customers.

[ Keep up on green IT trends with InfoWorld's Sustainable IT blog and Green Tech newsletter. ]

A number of key vendors declined to participate, including AT&T , Microsoft , Oracle and Sun .

Of those vendors that did respond, IBM stood out in virtually every category, particularly when it came to its internal green initiatives. HP was also high on the list, with good overall performance.

Cisco  could be doing better, Mingay said. "There's a little bit more talking than doing," he said. Other companies that fall into the middle ground include Nortel , Dell and Lenovo.

Surprisingly, Google did not score well in the survey. The company has more than 1 million servers and therefore is a huge energy user, but it has no greenhouse gas targets, isn't very transparent about its green strategy and is not using much in the way of renewable energy, Mingay said. "We expected a higher score," he said.

Looking at global companies, British Telecom scored the highest of any vendor, while Ericsson and Fujitsu also demonstrated a high level of greenness.

The results of the survey were based on answers provided by the companies, and there was no attempt to verify the information, Mingay cautioned.

Network World is an InfoWorld affiliate

Apple customers unhappy that the company dropped FireWire from its newest notebooks are venting their frustrations on the company's support forum in several hundred messages.

Within minutes of Apple CEO Steve Jobs wrapping up a launch event in Cupertino, users started several threads on the company's support forum blasting the omission of a FireWire port on the new MacBook laptop.

[ For more on Apple's most recent MacBooks, check out Tom Yager's Ahead of the Curve blog. ]

"Apple really screwed up with no FireWire port," said Russ Tolman , who inaugurated a thread that by Thursday had collected more than 200 messages and been viewed over 5,000 times.

"No MacBook with [FireWire] -- no new MacBook for me," added Simon Meyer in a message posted today.

The two new MacBook configurations, which are priced at $1,299 and $1,599, include a pair of USB 2.0 ports, as did earlier models, but lack the FireWire 400 port their predecessors boasted.

FireWire is Apple's name for the IEEE 1394 interface and data transfer specification. Ironically, Apple has been one of the biggest boosters of the spec and was one of the primary drivers of the technology when it began development in the late 1980s.

Apple first added FireWire to its computers in early 1999, when Jobs -- who had returned three years earlier to the company he co-founded -- unveiled the technology at a MacWorld Conference and Expo. "Think of FireWire as USB, but rather than running at 12 megabits-per-second it's running at 400 megabits-per-second," said Jobs then. "And it's already an industry standard."

Many of the users who posted messages this week said that they were photographers, videographers, or musicians who relied on FireWire to connect hardware ranging from cameras to drum kits. Others were disappointed that the new MacBooks could not be connected to their current FireWire external hard drives.

Several mentioned that FireWire's disappearance meant that the new MacBooks could not be connected to other Macs using Target Disk Mode (TDM), a procedure that's often used as a last resort to retrieve files from a dead system. TDM is also used by Apple's Migration Assistant, a utility that copies files and settings from one Mac to another.

Although the upper-end MacBook Pro -- which Apple also revamped and relaunched Tuesday -- includes a FireWire 800 port, users bemoaned the FireWire loss on the more affordable MacBook models.

"Dropping FireWire from the MacBook only serves to force people into buying the MacBook Pro," said a user identified as "miniconvert" yesterday. "I don't need a backlit keyboard, 15" screen or any of the other small things the Pro model provides. I'm perfectly happy sacrificing a little bit in speed to save a lot of cash. I need FireWire so I can take videos of my kid off my SD camcorder and then upload to YouTube, put on a DVD or what ever I'd like to do."

Others pointed out that the previous-generation MacBook, which Apple is still selling at a reduced price of $999, includes a FireWire port.

Other threads about FireWire going missing tallied several hundred more messages, where some users called on Apple to publicly declare its intentions or rethink its decision. "The MacBook Pro has FireWire 800," said Ross Corsair , who said he uses Macs in his small video production business. "But that costs $1,000 more. And will FireWire 800 exist next year on any Apple computers? I was going to purchase a new Apple laptop this week. I won't be now."

Apple has ditched technologies before, most notably when it was one of the first computer makers to abandon the 3.5-in. floppy drive in favor of an internal CD-ROM drive.

Apple did not respond to a request for comment on users' reactions to the disappearance of FireWire from the new MacBook laptops.

Computerworld is an InfoWorld affiliate.

Windows 7 will be like Windows Vista , but more so, Microsoft CEO Steve Ballmer said Thursday as he defended the first two years of Vista and claimed its successor will be a major release.

"[Windows 7], it's Windows Vista, a lot better," said Ballmer during a 45-minute question-and-answer session hosted by a pair of Gartner analysts at the research firm's annual Symposium ITxpo in Orlando, Fla. The interview was later posted as a webcast on the Gartner site .

Ballmer was responding to a question from Gartner's Neil MacDonald , who asked how Microsoft would walk the line between doing too much with Windows 7 -- thus, risking the kind of compatibility problems that plagued Vista early in its career -- and too little, which might give customers an excuse to pass on the upgrade.

"Windows Vista is good, Windows 7 is Windows Vista with clean-up in user interface [and] improvements in performance," Ballmer said. "Look, I'm not encouraging anybody to wait, I'd go ahead and deploy it right away. We didn't have to go in an incompatible direction to make big strides forward."

Ballmer also took exception to the idea that Windows 7 will be a minor release or a spit polish on Vista. "It's a real release," he said, "because it's a lot more work than a minor release. It turns out you can [do] more than just a minor release in what is essentially a two-and-a-half year period of time. There's no reason to do just, quote, a minor release, in two-and-a-half years."

The major-minor release question has plagued Microsoft since shortly after Vista was released, when company executives seemed to say that it planned to update its operating system on an alternating basis, with the major updates -- what Vista was to XP, for example -- every four years, with minor updates in between. By that map, Windows 7 would be a "minor" update, since Vista was "major."

Microsoft itself has given mixed messages about the follow-up to Vista. Many observers have interpreted the fact that Microsoft has been adamant about application and device driver compatibility between Vista and Windows 7 as proof that the latter will be a minor upgrade. But top company officials have increasingly been pressing the "major" button; Ballmer is only the most recent to do so.

On Tuesday, for instance, when Mike Nash, vice president of Windows product management, said Windows 7 was the product's official name, he called the operating system "evolutionary" but still a "significant" advancement. "It is in every way a major effort in design, engineering and innovation," Nash said then.

But even as Ballmer defended Vista's first two years in the market, claiming that it has 180 million users, he seemed to understand that companies might decide to skip the OS and move straight from Windows XP to Windows 7. "If people want to wait, they certainly can," he said, answering MacDonald's question about why users simply shouldn't wait for the new-and-improved Vista, aka Windows 7.

"Look, no Windows release has to have people want to use it right away," Ballmer continued. "At least in this audience, everybody's going to test it. But the fact of the matter is, no one really ever waits." Instead, he argued, most companies constantly refresh a portion of their computer inventory each year, bringing in the newest operating system with that turnover.

Windows 7, which Microsoft has said would be out in the latter part of 2009 or early 2010, will debut as an alpha in less than two weeks, when the company hands it to attendees at its Professional Developers Conference (PDC), which opens Oct. 27 in Los Angeles.

It will be the first in what apparently will be a long line of operating systems built on the Vista code base. Today, Ballmer rejected the idea that Microsoft would need to do a "reset" of the client code in the near future. "We can do a lot of innovation for a lot of years on the same code base," he said before acknowledging that how the OS takes advantage of multi-core processors is still an open question.

"We have a lot of enhancements we can do [to the code base]," he said.

Computerworld is an InfoWorld affiliate.

Microsoft is considering giving its Windows client OS the capability to be turned on very rapidly by allowing users only limited access to the OS, a concept it's calling "Instant On," according to a survey Microsoft conducted.

Through its public relations firm, Microsoft confirmed on Thursday that the survey, screenshots of which were posted on the Engadget blog , was sent out to some users. The company would not comment specifically on the survey, saying only that Microsoft "routinely does research about various scenarios to see what customers are interested in having their computers do."

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Microsoft said it's "too early" to discuss Instant On specifically. However, the company may be considering it as a feature of Windows 7, the next version of its client OS, which is expected to be released late next year or in early 2010.

In the survey, Microsoft asks users their opinion of Instant On, which "takes your computer from being completely powered down or 'turned off' to being usable for a few specific activities in a very short amount of time," according to a screenshot of the survey posted on the Web.

Microsoft distinguished between an Instant On Windows experience and a "Full Windows" experience by describing Instant On as limiting what activities users can do with the OS and what applications they have access to.

Providing extremely fast boot-up for PCs is not a new concept, and companies have been experimenting with ways to do it by giving people access only to some information on their PCs and other devices without having to power up the full OS.

Dell has two technologies -- one called MediaDirect with Instant Office, for Inspiron notebooks, and another called Latitude ON, for its Latitude laptops -- that give people access to their calendars, contacts, the Internet and other basic tools by just hitting a button on their PCs. Microsoft had publicly demonstrated similar technology for laptops before it became available from Dell.

Another application called Splashtop, from San Jose, California, startup DeviceVM, lets people access the Internet in only a few seconds after turning on a computer. Low-cost laptops from ASUS and Voodoo PC use Splashtop.

In the survey, Microsoft said that in an Instant On scenario, a computer would turn on in about eight seconds, and users would only be able to browse the Web, watch DVDs, use instant messaging and listen to music. They would not have access to all their data or applications.

The company also asked users to identify what functionality they would expect to have in an Instant On scenario, and how quickly an OS would have to turn on for it to be characterized as instantly on. For the latter question, the multiple-choice answers ranged from as little as less than two seconds to as much as one to two minutes.

Advanced Micro Devices will lay out its product strategy for small, low-cost laptops, called netbooks, at an analyst meeting next month.

Netbook sales have soared in recent months, largely due to the release of Intel's low-cost Atom processor. Although Taiwanese chip vendor Via Technologies, which provides the C7 processor used in Hewlett-Packard's Mini-Note 2133 netbook, has a foothold in this market, Intel hasn't faced any competition from AMD in this space. But that appears set to change.

[ For more on products in the hot mini-notebook category, check out our hands-on looks at Asus' Eee PC 901 and 1000, the Cloudbook Max netbook, Elitegroup's G10IL mini-laptop, MSI's Wind low-cost laptop, Giga-byte's M912X mini-laptop, HP's Mini-Note netbook and Acer's Aspire one. ]

"We do have strategies together with our OEMs for pushing our solutions both down into smaller form factors and lower notebook price points," said Dirk Meyer, AMD's president and CEO, during a Thursday conference call with financial analysts.

Meyer said describing AMD's plans for the netbook segment required a "complicated answer" not suited to a phone conversation. Instead, the company will outline its thoughts at an analyst meeting in November, where the company will discuss its long-term product roadmaps for different market segments. That meeting is scheduled for Nov. 13.

Hints of what AMD may be thinking can be drawn from the blog of Pat Moorhead, AMD's vice president of advanced marketing, who has spent a considerable amount of time writing about netbooks and their limitations in recent months.

Last month, Moorhead documented his experience using MSI's Atom-powered Wind laptop during an August trip to Florida. His biggest complaints? Lackluster battery life and poor video performance.

Like Intel executives, who pitch netbooks as second computers rather than primary machines, Moorhead's verdict was that users should opt for a more powerful system if they want to use their computer for multimedia. "If you want to do anything other than surfing basic, light websites at home without the bells and whistles, go for the full-size notebook, not one of these cheap mini-notebooks," he wrote.

Intel limits the specifications, such as screen size, of computers based on its Atom chips to segment the laptop market and avoid eating into sales of PCs based on more profitable chips. But those limitations offer room for competitors like AMD to enter the market with competing products that have more powerful capabilities.

One possibility is to add a faster graphic processors and increase the multimedia performance of these small laptops -- something that would be relatively easy for AMD to do with its existing range of ATI graphics chips and integrated chipsets.

Several U.S. states still are not doing all they can to ensure the accuracy of votes over electronic voting machines, and 10 states received inadequate grades in three of four categories of safeguards, a report from three voting security advocacy groups said.

Somewhere in the United States, voting systems will fail on Election Day Nov. 4, predicted the report, released Thursday by Common Cause, Verified Voting and the Brennan Center for Justice at the New York University School of Law.

[ For more on how technology is reshaping the race for the U.S. presidency, see InfoWorld's special report. ]

On Election Day, "voting systems will fail somewhere in the United States in one or more jurisdictions in the country," the report said. "Unfortunately, we don't know where. For this reason, it is imperative that every state prepare for system failures."

State protections against voting fraud and e-voting machine failure have improved greatly since the last U.S. presidential election, in 2004, said Pamela Smith, president of Verified Voting. But several states still refuse to take basic precautions to protect the integrity of voting systems, she said.

"There are some folks who still don't get it," Smith said.

The report details which states have not taken precautions against fraud or technical errors associated with e-voting machines and other voting systems:

-- Ten states -- Colorado, Delaware, Kentucky, Louisiana, New Jersey, South Carolina, Tennessee, Texas, Utah, Virginia -- received failing grades in three of four voting security areas.

-- Of the 24 states using direct recording electronic (DRE) machines, only three -- California, Indiana, and Ohio -- get satisfactory grades in all four categories, the report said. Colorado, Delaware, Louisiana, Nevada, Texas, Utah, Virginia, and West Virginia have no state-mandated requirement for emergency paper ballots to be available in precincts that use voting machines, in the case of voting machine failure.

-- Nine states -- Alabama, Illinois, Kentucky, Maine, New Jersey, South Carolina, Texas, Utah, and Virginia -- have requirements for ballot accounting that "fall far short" of the groups' recommended best practices.

-- Eighteen states, including Florida, New York, Texas, and Virginia, do not have adequate requirements in place for paper-record backups to e-voting or other nonpaper voting methods. Voter-verified paper records allow states to conduct recounts of voting machine totals, supporters say.

-- Another 27 states, including New York, Michigan, Virginia, and Georgia, do not have adequate provisions in place for conducting post-election audits of voting results, the report said.

Others took issue with the report, saying states will be ready for Election Day.

"We are prepared and we continue to make preparations for the general election," said Chris Whitmire, a spokesman for the State Election Commission in South Carolina, a state that flunked three of the four voting security categories in Thursday's report. "We will be adequately prepared."

The report comes too late for changes to be made this year, added David Beirne, executive director of the Election Technology Council, a trade group representing e-voting machine vendors.

"With less than three weeks to go, the election has already begun and now is not the time for new procedures to be adopted," Beirne said. "It is also unlikely that the Department of Justice would grant approval for such changes this close to the election. While well intentioned, the report and recommendations may only drive fear for the voting public, which is not productive at this stage in the process."

The report also fails to recognize steps taken by county election officials to ensure against fraud or errors, Beirne said. "The call for procedural safeguards has been recognized by the elections community in recent years and there is little question that the state and local election officials will be prepared for Nov. 4," he added.

The report points out several shortcomings, but most states are headed in the right direction, Smith said. "Over the next couple of years, I see significant improvement," she said.

In 2004, only eight states had requirements in place for election systems to have paper backups, and a few more used paper backups during the election, Smith said.

This year, 32 states have either voter-verifiable paper ballots, or voter-verifiable paper record printers connected to voting machines statewide, the report said. Four states -- Maryland, New Jersey, New York, and Tennessee -- have laws that take effect in 2009 or 2010 requiring voter-verified paper records.

Arkansas, Colorado, and Mississippi have paper in most counties. The District of Columbia and Florida have paper ballot systems in all counties, along with paperless DREs, and Florida will eliminate paperless systems altogether by 2012, the report said.

Mozilla plans to release on Thursday an alpha version of its mobile browser for Nokia's Internet tablets.

It's the first public release of the browser, code-named Fennec, and it will work on Nokia's N810 and N800 devices.

[ Track the latest trends in open source with InfoWorld's Open Sources blog. ]

In addition to the alpha release for the Internet tablets, Mozilla is offering a PC emulator that developers can download to their desktops to see some of the features included in the browser and to get a feel for the user interface, said Jay Sullivan, vice president of mobile for Mozilla.

"This is really for our community to be able to test and localize and build add-ons," he said, referring to both the emulator and the Internet tablet release.

Despite being made by Nokia, the Linux-based N800 devices aren't quite mobile phones. They are larger than a phone but smaller than a laptop and can connect to the Internet via Wi-Fi. They don't include cellular capabilities, although users can connect a phone to the device to reach the mobile Internet. The devices are popular with developers because they use open source software, but Nokia has not revealed sales figures to indicate how many are in the market.

Mozilla hopes that this release will result in some good user feedback, Sullivan said. "The next step in the road map is to start optimizing for performance," he said.

His group has simultaneously been developing a version of Fennec for Windows Mobile phones. While Sullivan said they've been working hard on it, he wouldn't reveal a release time frame for that browser. His group has also been looking at developing the browser for LiMo phones that are based on the mobile Linux operating system and for Symbian phones, he said.

Mozilla released a video in June that offered a first look at Fennec. One unique feature to the browser is that it displays control buttons, such as back and forward, off screen. Users flick the screen to the left or right to display and click the buttons. "One of our big goals is to take advantage of the whole screen, because they are pretty small," Sullivan said. The design lets a Web page fill the whole screen.

He also thinks that Fennec will be unique because Firefox developers will be able to build add-ons for it. "We don't claim to have all the answers. We want to build a great product but make it extensible so anyone can hack on it," he said.

Mobile browsing has historically been a painful experience, and countless handset and software makers have created mobile browsers hoping to make them easier to use. While mobile browser development from the likes of Apple, Google, and Microsoft is unlikely to cease because of Fennec, other mobile browser efforts may, Sullivan said. "When our browser is ready, a lot of folks will stop building custom browsers," he said. "Carriers and OEMs are telling me they'd rather ship Firefox rather than hack together their own browser."

While he wouldn't reveal names, Sullivan said that Mozilla is talking to handset makers and operators about preloading Fennec onto phones. Traditionally, only a very small percentage of phone users load applications onto their phones, so preloading the browser could significantly help distribution.

This isn't the first time that Mozilla has begun work on a mobile browser, and most of its previous attempts have fizzled. For several years, it worked on a mobile browser it called Minimo that included a release for Windows Mobile devices. But last year Mozilla said it wouldn't continue work on that browser, instead focusing on Fennec, which is based on the latest Mozilla platform that also supports Firefox.

Mozilla also developed and later retired a project called Joey that let people save portions of Web sites while on their PC and call up those images from their mobile phones.

While Mozilla has been working on those projects, Apple released its iPhone and included a mobile version of its Safari browser. That browser has been widely praised as a significant improvement over historical mobile browsers because it displays Web pages just as they look on a computer but allows users to easily scroll around and examine the page. Next week the first phone running Google's Android software will hit the market, and it includes a browser developed by Google and based on Webkit, the same technology that fuels Safari. That browser offers a similar improved experience but one-ups Apple's Safari because it can display Flash Web sites.

Mozilla expects to make the alpha download for the Nokia tablets available on Thursday from its Mozilla.org Web site.

Individual Internet users, businesses, the government, and tech vendors all need to focus more on cybersecurity and be aware of the dangers, a group of cybersecurity experts said Thursday.

The Internet is vulnerable at multiple levels, and each of those groups play a part in protecting cyberspace, said Steve DelBianco, executive director of NetChoice, an e-commerce trade group.

[ Don't be a dupe! Read our tips on how not to be taken in by social engineering. ]

NetChoice, in a report released Thursday, focused much of its attention on user behavior, saying that Internet users need to be better educated about types of social-engineering attacks. Last week, the U.S. Federal Trade Commission issued a warning about new phishing e-mail scams that identify the sender as a bank or mortgage lender that has taken over the e-mail recipient's account. The e-mails ask the recipients to click a link to confirm personal information, but the link takes them to a site harvesting personal information, not to a real financial institution.

This attack can look credible, given the number of bank and mortgage lender failures in the U.S. right now, DelBianco said. "The bad guys are clever, and they're getting badder," he said during a cybersecurity event in Washington, D.C.

NetChoice's report, "Hardening the Security Stack," described potential vulnerabilites directed at user behavior and the DNS, two layers of the so-called Internet stack identified by the group. It would be "phenomenally expensive" to implement proactive, tech-based security at every layer of the stack, which also includes operating systems, software and internal network services.

"Responsibility for cybersecurity lives at all layers of the security stack, not in any one layer," said the report, co-authored by DelBianco. "Simply put, there is no silver bullet."

The report calls on tech vendors to implement multifaceted security programs, including user education, as well as hardened software and equipment upgrades aimed at security. Government agencies can test new technologies and ensure that businesses use proper safeguards, the report said. The government also needs to maintain high standards for its tech vendors, the report added.

Ken Silva, senior vice president and chief technology officer at .com and .net registry operator VeriSign, agreed with the NetChoice report, but he called on individual computer users to be vigilant about cybersecurity. Individual users are often the target and often the cause of many cybersecurity problems, he said.

"Anyone who wants your money will find very creative ways to get it, legitimate or not," he said. "Most security vulnerabilities rest between the keyboard and the back of the chair."

The U.S. could make significant progress in fighting cybercrime if Internet users were more wary of phishing and other scams, if individuals and businesses changed static passwords, and if laptops included several layers of protection against data theft when they were lost and stolen, Silva said.

However, it's not always easy to see cybercriminals at work, Silva added. Earlier this decade it was fairly easy to tell if a computer was compromised with spyware or a virus because the malware caused easily seen problems, he said. But now, many people are unaware that their computers have been compromised and are leaking personal data or are used in a botnet to send spam or attack other computers, he said.

"More things are being exploited by smarter people, and they're doing it quietly," Silva said.

Consumer education about cyberthreats needs to lose the jargon and simplify the message, added Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), a trade group focused on cybersecurity. Internet users, when they type in "www," need to think of "who, what and why," he said.

Internet users should ask themselves who wants the information they're being asked to provide, what information they're asking for and why they're asking for it, Kaiser said. If Internet users slow down and ask those questions, they may be less susceptible to phishing and other scams, he said.

"At NCSA, we really believe that user behavior matters," he said. "They have to pay attention when they're using the Internet."

Microsoft said Thursday it is not pursuing an acquisition of Yahoo, despite public comments by Microsoft CEO Steve Ballmer Thursday suggesting a deal between the two companies might still be on the table.

Microsoft's position on Yahoo hasn't changed and it has "no interest in acquiring Yahoo," the company said in an e-mailed statement.

[ Special report:  The complete saga of Microsoft's attempt to take over Yahoo. ]

"There are no discussions between the companies," Microsoft said.

The statement came after Bloomberg.com and other news outlets quoted Ballmer as saying that buying Yahoo would still make economic sense for shareholders of both companies. The comments were made at a Gartner conference in Orlando, Thursday, according to published reports.

Microsoft and Yahoo spent months trying to hammer out an acquisition earlier this year after Microsoft offered $44.6 billion for Yahoo on Feb. 1. Microsoft was pursuing the company in its quest to compete with Google in online advertising. Microsoft eventually walked away from the bid in May.

The possibility that a deal with Microsoft could still be on the table sent Yahoo's shares up Thursday in a volatile U.S. stock market. Yahoo (YHOO) shares jumped after Ballmer's comments, before falling later in the day. On Thursday afternoon Eastern time, Yahoo shares were still up 10 percent from the opening price of $11.82, hovering at around $13.00.

Microsoft (MSFT) shares also went up slightly after Ballmer's comments, but then dropped again to hover around their opening price of $22.97 Thursday afternoon.

Hackers have released code that could be used to take control of a server running Microsoft's Host Integration Server 2006, used to connect mainframe applications to Windows PCs.

The software was released Wednesday as part of the Metasploit hacking toolkit.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Microsoft released a patch for this flaw on Tuesday, as part of its monthly security updates. The bug lies in the SNA (Systems Network Architecture) remote procedure call used by the server to communicate with the mainframe.

Normally, this service would be blocked by a firewall and in a typical configuration the attacker would need to have an account on the Host Integration Server in order to launch the attack. However, poorly configured machines such as test systems might be vulnerable to an attack, said Russ Cooper, a manager with Verizon Business's RISK Team.

This Host Integration Server flaw was one of 20 security bugs patched by Microsoft this month, but it is the first to be exploited by hackers since the patches were released Tuesday.

A prolonged, ongoing Gmail outage has some Google Apps administrators pulling their hair out as their end users, including high-ranking executives, complain loudly while they wait for service to be restored.

At around 5 p.m. Eastern Time on Wednesday, Google announced in the official Google Apps discussion forum that the company was aware of a problem preventing Gmail users from logging into their accounts and that it expected a solution by 9 p.m. on Thursday.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Google offered no explanation as to what is causing the problem nor as to why it will take the company so long to solve the problem, which manifests itself by giving Gmail users a "502" error when trying to access their e-mail accounts.

Although Google said the bug is affecting "a small number of users," that is little comfort for Google Apps administrators who are fielding angry complaints from end-users.

An administrator identified as Bill W. posted a desperate message on the forum Thursday morning, saying his company's CEO is steaming about being locked out of his e-mail account since around 4 p.m. on Wednesday.

"Support keeps telling me it is affecting a small number of users. This is not a temporary problem if it

lasts this long. It is frustrating to not be able to expedite these issues. I have to speak with the boss again and he's po'd (pissed off). This is considered a mission critical issue here. We may have to make other arrangements. Apparently Google mail is not very reliable. I think I would have pushed for something else before we switched if I had known the level of unreliability," he wrote.

Another administrator identified as Techlinks wrote: "This outage has hit us pretty hard and we've been out of email for 24 hours and now business is suffering."

Google Apps is a suite of hosted collaboration and communication software and services designed for workplace use. Its Premier edition costs $50 per user per year and includes a 99.9 percent uptime guarantee for the Gmail service.

In August, Gmail had three significant outages that affected not only individual consumers of the free Webmail service but also paying Google Apps Premier customers. As a result, Google decided to extend a credit to all Apps Premier customers and vowed to improve its problem-notification methods.

"We're committed to making Google Apps Premier Edition a service on which your organization can depend. During the first half of August, we didn't do this as well as we should have," Google said a letter sent to Apps administrators at the time.

One outage, on Aug. 11, lasted about two hours but affected almost all Apps Premier users. The other two, on Aug. 6 and Aug. 15, hit a small number of Apps Premier users, but both outages were lengthy, lasting for some affected users more than 24 hours. In all of the incidents, users were unable to access their Gmail accounts, getting instead an error message when trying to log in. It seems the tech gremlins that caused the problems in August are back again.

Google Apps is the poster child for the wave of SaaS (software as a service) Web hosted office productivity and communications suites that are emerging as options to traditional on-premise options such as Microsoft's Office and Exchange/Outlook.

SaaS suites such as Google Apps have become popular because customers don't need to install them on their own PCs and servers, which in theory reduces the effort and cost of software installation and maintenance. These SaaS applications are also designed from the ground up for Web-based collaboration of workgroups.

However, a major concern and objection to SaaS applications is their performance and availability, since they're provided by the vendor via the Internet and accessed by end-users through browsers. When the applications become slow or altogether unavailable due to problems in the vendors' datacenters, IT administrators have little to do but sit and wait for the problem to be fixed. This often creates extremely stressful and tense situations for them if the outages are prolonged and their end-users become angry.

Google didn't immediately respond to a request for comment.

SpringSource on Thursday is introducing a repository of OSGi libraries intended to lower barriers to modular application development based on OSGi and Java.

The company is unveiling the free SpringSource Enterprise Bundle Repository, hosted online by Amazon EC2 and S3 services. The repository contains more than 400 of the most popular open source, enterprise Java libraries for general use in an OSGi-ready format, SpringSource said. Artifacts can be deployed in an OSGi environment such as SpringSource's own dm Server, a Java server built on OSGi..

Developers have access to OSGi-ready libraries and are freed from searching for third-party code. "If you're working with OSGi, to get [the] full potential of OSGi modularization you need to need to have the libraries that you use packaged with OSGi metadata packaged as OSGi bundles," said Rod Johnson, SpringSource CEO.

OSGi is a technology that can be used to modularize infrastructure and applications, Johnson said. This is important because it helps reduce the footprint of infrastructure so, for example, an application can have a faster startup time, he said. Also with OSGi, infrastructure can work better in a virtualized environment, Johnson said.

The Eclipse Foundation has used OSGi as the basis for its Eclipse plug-in model to extend the popular Eclipse IDE. "SpringSource is [attempting] to unleash the power of OSGi to enterprise Java, really, in the same way that Eclipse did on the desktop," Johnson said.

The repository includes data on dependencies between the libraries.

Artifacts in the repository are accessible via a Web interface and the Maven and Ivy build tools. Access also is integrated into the SpringSource Tool Suite.

To protect published artifacts, SpringSource applies a governance model to the repository content to ensure that metadata is correct and consistent through the repository, the company said.

While all libraries are open source at the moment, the repository may be expanded to include non-open source software, Johnson said.

The repository is available at this Web page.

The economy may be in a recession, and the stock market may be going through convulsions -- prompting talk of possible hiring freezes and layoffs within IT departments. But at this point, data storage doesn't appear to be an area that many companies or other organizations are targeting for budget cuts.

The reason, according to a sampling of attendees at the Storage Networking World conference here this week, is simple: Even with the economy struggling and Wall Street mired in chaos, the amount of critical data that needs to be securely stored continues to increase, with no end in sight.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. And get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

For example, Gary Pedersen, storage manager for the city of Plano, Texas, said that thus far, at least, the IT department there is moving forward with projects as scheduled. From a storage perspective, he added, the amount of incoming data certainly isn't being reduced, despite the economic downturn. "Data is just coming out of everybody's ears," Pedersen said. "We have to keep up with it or we'll sink."

To help cope with the unending flow of data, Plano is looking at installing new storage equipment and SANs. "We've got to revamp our whole storage system," Pedersen said. "We're beyond adding on."

The city -- population 255,000 -- currently uses a Fibre Channel SAN, which provides adequate bandwidth and performance, according to Pedersen. But he's evaluating less expensive alternatives, including iSCSI technology.

Pedersen also said that he was attending the conference, which is run jointly by Computerworld and the Storage Networking Industry Association, to learn about technologies that will become available a year or two from now. "I want to see what's here so we can prepare for tomorrow," he noted.

Paula Pollei, information systems manager at Materials Transportation Co. in Temple, Texas, said that the economic downturn hasn't affected funding for a document management project that she's undertaking. The company, which makes customized food-processing equipment and robotic systems for changing batteries in trucks and other vehicles, is installing the new system to help organize its vast collection of engineering plans and other records.

Materials Transportation has product diagrams that date as far back as its inception in 1946, and workers need to pull out the documents when customers call for help or replacement parts. "Everything's customized, so we have unique diagrams from every piece of equipment [we sell]," Pollei said. "We're going to computerize that."

But doing so requires a new storage system that will go well beyond the small, basic SAN that the company uses today, she said. Her mission at Storage Networking World was to find product information and possible vendors for the storage piece of the project.

The economy also isn't affecting storage plans at Leprechaun LLC, according to Ann Jones, a network storage engineer at the Fort Worth, Texas-based provider of data management outsourcing services for Medicare Advantage insurance plans.

Jones said that because of new federal rules mandating additional audits of health care records management practices, Leprechaun's business -- and its IT needs -- are increasing despite the gloomy economic conditions. "We're getting ready to buy new storage and new backup [technology]," she said. "We have [data] that's coming online faster than we can keep up with it."

The IT department in the city of Bryan, Texas, is in the second year of a three-year disaster recovery deployment that is designed to help protect its systems from data loss and downtime. Gustavo Roman, Bryan's IT director, said that since the city's fiscal year just began on Oct. 1, he expects the project to continue as planned. "You don't want to have a knee-jerk reaction," he said of the current economic problems, although he added that the project could face funding issues in the future if the crisis continues.

Likewise, James McCartney, a systems programmer at the University of Arkansas in Fayetteville, said that while the economic problems eventually could pinch budgets at the school, that hasn't happened yet. But even before the global financial crisis really hit home several weeks ago, McCartney said he already was planning to look for ways to save money on storage at Storage Networking World.

One option may be storage virtualization, he said. The university's IT department also is exploring the idea of creating multiple storage tiers to enable less critical data to be kept on less expensive storage systems. "We have everything on mostly high-end storage now," McCartney said. "We're looking for ways to trim that down."

Mike Martin, a senior storage engineer at a retailer based in the Midwest, said budgetary freezes were already implemented earlier this year, before the recent upheavals in the financial markets. No cutbacks have been made since then, though, and several new IT projects, including a virtualization initiative, are still on track, said Martin, who asked that his employer not be identified. "We're business as usual for all intents and purposes," he noted.

A senior vice president of IT at a large bank based on the East Coast said that its IT road map also hasn't been redrawn at this point. "This is not something that you can just change course at the flip of the switch," said the executive, who asked to remain anonymous. "If anything, there is more focus [on IT right now] from a risk management perspective."

And a systems engineer at a major national retail chain, who also asked that he not be identified, said his company has scaled back on some smaller IT projects but is continuing to proceed on major initiatives. He added that he was at the conference to find out more about technologies that the retailer wants to pursue to save money and increase operating efficiencies. Included among them was virtualization. "We're already doing it," the systems engineer said. "We're looking at how we can do it better."

Money has been budgeted for that work, but increasing the amount if needs expand likely would be a hard sell internally, according to the systems engineer. "You're going to have to justify going beyond that budget," he said. "You'll get to sit before the review committee and justify it. That's not going to be fun."

Computerworld is an InfoWorld affiliate.

An uproar erupted when iPhone users discovered a so-called remote kill switch on their phones -- will it spur the same reaction in users of the G1, the first Android phone?

In the Android Market terms of service, Google expressly says that it might remotely remove an application from user phones. "Google may discover a product that violates the developer distribution agreement ... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion," the terms, linked to from the phone, read.

[ Check out Tom Yager's hands-on first look at the T-Mobile G1 and learn more about Google Android in InfoWorld's special report. ]

That item is one of a few hints of things to come in the "About phone" section of the device, which also alludes to some hitherto unknown people and companies that were instrumental in developing the software.

The G1, the first phone to run the Android software developed by Google, goes on sale Oct. 22, and many people are getting their first in-depth look at it because T-Mobile has loaned the devices to reporters. The Android Market is the online store accessible from the phone where users can download applications.

Android users might be more receptive to Google's remote kill switch than iPhone users were to Apple's for a couple of reasons. First, Google is being upfront about it. Apple didn't confirm the capability for the iPhone until days after a developer discovered it.

In addition, Google says that if it does remotely remove an application, it will try to get users their money back, a question that iPhone users have wondered about in the case of an iPhone application recall. Google said that it will make "reasonable efforts to recover the purchase price of the product ... from the original developer on your behalf." If Google fails to get the full amount back, it will divide what it gets among affected users.

Google may have more need to use a kill switch than Apple. That's because Apple vets applications before putting them into its Apps Store. Anything goes in Google's Android Market, opening the chances of malicious or otherwise unwanted applications appearing in the market.

The Android Market business and program policies also include an item that says users can return any application for a full refund within 24 hours of the time of purchase. In the absence of a trial version of applications, this offer will let users return an application that might not deliver exactly what they expected.

Android Market users can also reinstall as many times as they wish an application that they buy, another useful feature in case a phone fails.

For now, all applications in the market are free because Google hasn't yet set up the mechanisms to allow developers to offer them for purchase.

People around the world -- phone users or not -- might also be pleased to learn about this item listed in the Android Market terms of service, in all caps for extra effect: "None of the products are intended for use in the operation of nuclear facilities, life support systems, emergency communications, aircraft navigation or communication systems, air traffic control systems or any other such activities in which case the failure of the products could lead to death, personal injury, or severe physical or environmental damage."

That's not the only bit of levity to be found on the phone. The G1 comes with a text-only scrolling video listing contributors and offering special thanks. After a pause, at the very end, Google assures us that "no robots were harmed in the making of this product."

While the contributors video refers to the Open Handset Alliance -- the group of companies backing Android -- without naming all the members, it thanks contributors that many industry observers may not have known were involved in the creation of Android.

Andy Missan and Jason von Nieda are the only people called out by name under the special thanks section. According to Missan's Web site, he has worked as legal counsel for MobiTV, ReplayTV, and WebTV. He also worked for Danger, the company recently acquired by Microsoft and founded by Andy Rubin, who later started a mobile software company called Android that Google acquired.

On his Web site, von Nieda describes himself as a Seattle-based "computer programmer, systems administrator, network engineer and all around good guy."

Other companies listed as contributors or given special thanks include Swedish software technology and design company The Astonishing Tribe; Swiss engineering company Noser Engineering; media player developers Hooked Wireless; Indian consultancy Satyam; mobile software and services providers Core Mobility; and designers Mike and Maaike.

IT workers may have been tempted to switch to any other field -- other than banking, that is -- following a stream of depressing surveys that gloomily predict shrinking IT budgets and shrinking career opportunities.

However, hiring and placement firms who specialize in IT are feeling upbeat about the market. "IT has become different from sales or finance," says John Challenger, CEO of recruitment firm Challenger, Gray, and Christmas. "It's a core area that every company needs."

[ Find out what IT jobs are most at risk due to the financial meltdown in InfoWorld's special report. See what technology areas are also most at risk. | Discover the 30 IT skills every tech should have. ]

He does see the IT sector as volatile and likely to suffer from a decrease in capital investment -- a prediction echoed by consulting firms such as Gartner and Forrester Research -- but companies will still want to optimize their existing systems and will still be hiring with an eye toward that goal.

"When you look at what we see -- job postings and companies trying to match jobs to candidates -- IT is winning the day right now," says Barry Lawrence, a career expert at the recruiting site JobFox.

Recession-proof tech jobs Lawrence's company recently published a list of recession-proof job positions, and IT positions dominated. Among the seemingly recession-proof areas: software design and development, networking and systems administration, software implementation analysis, testing and QA, and database administration.

Jennifer Mauney, a vice president at Robert Half Technology, identified several areas where her company is seeing a lot of opportunity. These include:

Virtualization: The technology is largely perceived as a cost-cutting measure, so IT managers facing smaller budgets will be looking at it more. "We're not really seeing a slowdown in that space," she says.

VoIP and wireless technologies: VoIP is perceived as another IT measure where a modest initial outlay will produce a strong ROI, so Mauney expects that sector to stay strong. It is also, Mauney says, ripe for anyone who's on the project management track in IT. "For those who are experienced, there's opportunity to get into the wireless space."

Systems upgrade and maintenance: "Those [areas] require strong help desk or desktop talent, and what we're seeing are jobs that require a combination of those skills," Mauney says.

Data warehousing and data analysis: Anyone who can work with data and build industry-specific reports is in demand, Mauney says. "We're seeing a technical side and a functional side where [candidates] understand the business facets of the reports."

Web 2.0 technologies: Mauney says the demand for people who know AJAX and Ruby on Rails is strong.

It helps to go in-house Lawrence says that lower-level IT skills may be outsourced, but the higher-level IT positions will remain in-house. Keeping them in-house is cheaper for employers than hiring consultants, and keeping them in-house makes it easier to hire from within -- often a less expensive proposition than finding an outside candidate.

He adds that anyone looking for an in-house IT position would do well to consider whether the job provides any hands-on training or experience in new technologies. For the foreseeable future, such training and experience is the most likely way employees can pick up new job skills without paying for them; however due to shrinking IT budgets, Lawrence said, employers are not as willing to pay for employee classes. "You better take care of your training, because your employer's not in a position to do it."

Challenger says that the strongest hiring areas are likely to be in-house too: "Companies are keeping spending down, but they have to maintain and utilize all the systems [they already have]. The core areas like networking administration, tech support, and database management will continue to be strong."

Do not underestimate the nontechnical skills Work on what are often called the "soft skills," such as user interaction, dealing with difficult people, and working well in a team environment. "A lot of companies are putting emphasis on these skills because they know tech skills can be picked up through training," Mauney notes.

Lawrence concurs: "You've got to have people inside your building who not only know the technology, they know how to make it work with people." In fact, he says that many companies are reconsidering outsourcing because the interpersonal skills that are part of nearly every IT job are better found in-house.

Your last option: Wait it out Although the perception among job-hunters may be that there's a dearth of IT opportunities, recruiters say they have the opposite problem: There's a looming talent shortfall. Mauney says that two factors will contribute to a contraction in the available IT workforce: Baby Boomers will leave the workforce, and there aren't enough young workers in IT-friendly curricula coming out of school in time to replace the retiring workers.

Lawrence concurs: "Do the math. There are 76 million Baby Boomers who are going to leave the marketplace. Behind them are 44 million Gen-Xers. The numbers just don't add up." Although more Baby Boomers will stay in the workplace longer, either in full-time or part-time capacities, it won't take the pressure off the IT workplace, he adds.

Adobe Systems has released a new version of its Flash Player software, fixing a critical security bug that could make the Internet a dangerous place for Web surfers.

The new Flash Player 10 software, released Wednesday, fixes security flaws in Adobe's multimedia software including bugs that could allow hackers to pull off what's known as a clickjacking attack, wrote Adobe spokesman David Lenoe in a blog posting.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

For those who can't update to this new version of Flash, a Flash 9 security patch is still about a month off, he added. Adobe rates the clickjacking bug as 'critical.'

Although not widely used by criminals, clickjacking has received a lot of attention since it was first discussed a month ago. Flash isn't the only software that is vulnerable to a clickjacking attack, but Flash attacks have been considered among the most dangerous.

The security researchers who discovered the problem, Robert Hansen and Jeremiah Grossman, had intended to fully discuss clickjacking at a Sept. 24 security conference presentation. But they backed off and gave a slimmed-down version of their talk when Adobe asked for more time to patch its software.

Last week, however, security researcher Guy Aharonovsky showed how an Adobe Flash clickjacking attack would work, and with the information now out in the open, Hansen and Grossman went public with their findings.

In a clickjacking attack, the hacker users a variety of techniques to take control of what links the victim is actually clicking. In one attack, for example, the attacker would first have to trick the victim into visiting a malicious Web page and then clicking on what appeared to be a regular Web link. In reality the victim would be clicking on something altogether different such as a Flash object that turned on his microphone. "It's almost impossible for a user to determine what's going to happen when they click on a link," said Hansen, who is CEO of SecTheory.org, in an interview last week.

A clickjacker could wiretap victims' PCs, force them to execute online stock trades, delete blog pages, change a router or firewall configuration, create new Web mail accounts, or even force them to download software, Hansen said.

Because clickjacking affects other browser plugins, the best way to fix the clickjacking problem may be to change the way browsers work, Hansen said. "Browser makers understand the problem and they're trying to find ways to mitigate it," he said.

TopCoder, a company known for its competition-based software development services, is turning its sights on the SMB market with a new portal called TopCoder Direct that will come out of beta at the end of October.

Whereas TopCoder has previously used its community of programmers to develop custom applications for enterprises, the new offering will enable a wide range of customers to set up coding contests on their own.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Users furnish a description of what they want developed, name a prize purse, and start a contest. Community members then submit entries, and the user chooses a winner and downloads it.

"The enterprise business is still strong. But this was always the vision from the start," said Robert Hughes, chief operating officer.

Initially, TopCoder Direct will focus on front-end tasks like logos and Web site look-and-feel. Later the service will move to full-blown application development. The second release will introduce "co-pilots" -- community members that for a negotiated fee will help customers set up competitions.

There is no charge to access the site; customers pay to start a contest. TopCoder will make money by taking a cut -- now set at 20 percent -- of the prize purse.

"It took us quite a while to build the supply side -- the community -- and to build out the processes, to get a predictable outcome from the community," Hughes said. "There'll be somewhat of a learning process for us [with TopCoder Direct]. Not everything is going to work right out of the gate."

Financial services provider Tree.com has been involved in the TopCoder Direct beta-testing period.

The service doesn't yet appear