New In The News

Microsoft Corp. will release Windows XP Service Pack 3 during the second half of April, according to a report from a Web site that has correctly predicted recent Windows ship dates.TechARP.com, a Malaysian Web site that nailed Vista SP1’s release-to-manufacturing (RTM) date last month as well as its release to Windows Update last week, said that Microsoft will wrap up work on XP’s third and final service pack next month. The site pegged RTM for Windows XP SP3 as “second half of April 2008″ for seven languages, with a follow-on RTM of the remaining supported languages “approximately 21 days” later.

By TechARP’s account, Microsoft will first finish work on the Chinese, English, French, German, Japanese, Korean and Spanish versions of the service pack.

Microsoft declined comment, other than to repeat an earlier statement about the service pack’s timing. “We are targeting 1H [first half] 2008 for the release of XP SP3 RTM, though our timing will always be based on customer feedback as a first priority,” a spokeswoman said in an e-mail.

The last time Microsoft made a public move with Windows XP SP3 was a little over a month ago, when it posted a second release candidate to Windows Update.

About two weeks ago, however, XP SP3 caused a minor stir when what was purportedly the newest build leaked to the Internet and hit BitTorrent search sites such as The Pirate Bay. Although Microsoft initially refused comment, last week it acknowledged that the build — designated 5503 — was real and had been released to a portion of the invitation-only beta test group.

It also warned users away from any download. “This build was not intended for public release and anyone who has that build and is not part of the private beta is working with bits that Microsoft can’t verify,” a company spokeswoman said in an e-mail last week. “It’s possible the bits may have been modified with malware or other bad code that Microsoft hasn’t tested.”

Multiple versions of XP SP3 build 5503, including English- and Russian-language editions, are available via BitTorrent.

Once SP3 ships, the next major milestones for Windows XP are June 30, when the popular operating system is slated to fall off the reseller and retail availability list, and Jan. 31, 2009, when it will be taken out of all distribution channels, including system builders.

source: Computer World

Steven Jobs, Apple’s chief executive, is hoping to expand the iPhone’s appeal by luring software developers to create programs for it.

John Doerr, the venture capitalist, is adding an incentive: his firm is putting up $100 million to invest in the work of those programmers.

At an event Thursday at Apple headquarters, Jobs announced a low-cost software development kit that outside programmers can use to create programs for the iPhone, much as they now write the vast majority of the programs created for the Macintosh. Until now, iPhones have officially been able to run only the limited assortment of applications that Apple includes. (Some buyers have modified the phones to add unauthorized software.)

“We’re very excited about this,” said Jobs, who also announced that the company was adding features to make the iPhone more appealing to business users. “We think a lot of people, after understanding where we are going, are going to want to become an iPhone developer.”

Sharing the stage with Jobs, Doerr announced that his firm, Kleiner Perkins Caufield & Byers, had established a $100 million venture capital fund for iPhone entrepreneurs. Called the iFund, it is the largest fund the company has created for a specific technology.

“The potential for iPhone is huge,” Doerr said.

Matt Murphy, the Kleiner partner overseeing the fund, said he expected the fund to last two to three years, after which the company might decide to add more capital.

Jobs said Apple would offer a developer kit for $99 that would allow programmers to create everything from games to business programs. On Thursday, Sega and AOL demonstrated applications they created for the iPhone using the kit.

The programs that are created will then be available to iPhone users exclusively through a new service on all iPhones called the Apps Store, an aspect of the plan that may discourage some developers. Apple will keep 30 percent of the sale price.

Jobs said that Apple would offer only those programs that it approves, rejecting pornography, for example, and programs that might not provide adequate security for users.

He argued that developers would benefit from Apple’s being the sole distributor because only Apple could give third-party programs such wide exposure to customers. All iPhone users will be able to browse the available programs directly from their devices. Customers will also benefit, he said, from Apple’s weeding out of malicious programs.

“We can track the developers and we can tell their parents,” Jobs said, joking about the demographic profile of many Apple entrepreneurs.

In an attempt to lure corporate customers, Apple executives also announced that the iPhone would be able to work directly with Microsoft’s Exchange software, allowing it to interact closely with corporate networks and e-mail systems in much the way that BlackBerry devices do. Apple said Genentech and Nike were among the companies that were already taking advantage of this feature.

The new business abilities will be added to the iPhone in June and will come to existing owners in a free upgrade. The software will include extensive security features, like the ability to lock and erase the system remotely in the event of loss or theft.

“The majority of the objections IT managers have had about the iPhone have been addressed today,” said Van Baker, an analyst with Gartner Inc., referring to corporate information technology managers. “It’s a very valid and robust device, and for that reason it’s a viable platform for the enterprise in competition with the BlackBerry and others.”

But attracting a huge following among corporations is something Apple has not been able to achieve with the Macintosh, and it remains to be seen whether the iPhone will take sales from the BlackBerry, the popular business communicator sold by Research in Motion of Waterloo, Ontario.

“It’s a better device and platform that does more things than the BlackBerry,” Murphy said. If people have been questioning whether the iPhone is a business tool, the integration with Exchange “takes the issue off the table,” he said.

The iPhone is already the second most popular smartphone after the BlackBerry, with a 28 percent share of the market, but its inability to communicate with corporate computer systems running Microsoft Exchange has hindered its growth in that market.

source: International Herald Tribune

Programmers will be able to earn money from games that they create and upload to Xbox Live

Tens of thousands of ‘bedroom developers’ are vying to create the next best-selling computer game after Microsoft effectively handed the keys of its Xbox console to the gaming community.

Microsoft has said it wants amateur developers to write games that can be played and downloaded via its Xbox Live web platform, which has ten million users worldwide - and for them to share in the revenues their creations generate.

The software giant said that a ‘toolkit’ it had released which enables developers to write games for Xbox had been downloaded 800,000 times and was being used by teams in more than 400 universities worldwide.

The first trials of the community-generated games for Xbox are due to begin in the spring, with a full commercial roll-out expected later in the year.

“I think of this as games created by the community, managed by the community and enjoyed by everyone,” John Schappert, corporate vice president of LIVE software and services at Microsoft, told the Game Developers Conference in San Fransisco.

Once a game is created for Xbox Live, it will be submitted for ‘peer review’ by other developers, who will check that it does not contain any prohibited material and that it is correctly labelled for graphic content, Microsoft said. The game will then be uploaded to Xbox Live Arcade and placed alongside other Xbox games that can be bought and downloaded.

Micrsoft also hinted that developers would be able to share the revenue generated from their games - either through download sales, or advertising that appeared alongside free versions - but said that the business model for the new venture was still being worked out.

The company released its free toolkit for creating games, known as XNA, two years ago, but until now the games developed using it could not be shared. Only seven community-generated games have so far been uploaded to the Xbox Live platform, Microsoft said, but by the end of the year this number would swell to more than a thousand.

“There are tens of thousands of developers out there chomping at the bit,” Mr Schappert said. “We need to unlock that potential.”

Third-party developers have always written games for Xbox, PlayStation, and Nintendo, but typically the software which enables them to do so is expensive, meaning that only established games developers have been able to afford it.

Microsoft’s announcement reflects an increasing desire on the part of the large console makers to tap the skills of the wider developer community. Nintendo has released a similar toolkit - called Wii Ware - and already about a hundred titles are in development, with the first due to be released in the US in May.

“It makes sense for Microsoft and others to develop their online platforms in this way,” Piers Harding-Rolls, an analyst at Screen Digest, said. “It doesn’t cost them much - other people are generating the content, plus it’s a way of maintaining good relations with the online gaming community, and there’s also a number of business models they can explore.”

Asked whether bedroom developers could compete with the likes of Activision, the company behind games like Guitar Hero, Mr Harding-Rolls said: “You can definitely make extremely interesting, entertaining and addictive casual games that become popular with a huge number of people.”

source: Times Online

The Swiss national elections in October 2007 provided the opportunity to witness quantum cryptography in ‘real-life’ action for the first time. Geneva was first in line to test the unbreakable data code developed by Swiss start-up company id Quantique, paving the way for a new era in data security.

The canton of Geneva became a world pioneer when it decided to use quantum cryptography to protect the dedicated line used for counting votes in the October national elections. The world’s first commercial quantum random number generator and quantum cryptography system was developed by the Swiss company id Quantique – a spin-off company of the University of Geneva – so the choice of Geneva to test the system in action was only appropriate.

The firm was founded in 2001 by four researchers from the University of Geneva: Nicolas Gisin, Grégoire Ribordy, Olivier Guinnard and Hugo Zbinden. According to Gisin: “Protection of the federal elections is of historical importance in the sense that, after several years of development and experimentation, this will be the first use of a 1 GHz quantum encrypter, which is transparent for the user, and an ordinary fibre-optic line to send data endowed with relevance and purpose. So this occasion marks quantum technology’s real-world début.”

All about Eve

Quantum cryptography, or quantum key distribution (QKD), enables two communicating parties to produce a shared random bit string know only to them, which can be used as a key to crypt and decrypt messages. An important and unique feature of quantum cryptography is the ability of the two communicating parties to quickly detect the presence of any third party trying to gain access to the key. This third party, the eavesdropper if you like, is commonly known as Eve among cryptographers. Quantum cryptography then is essentially all about cutting Eve out of the equation.

The use of the system developed by id Quantique makes it possible to detect Eve’s presence almost immediately and to take counter measures. The system works, however, not only when there is an eavesdropper on the line but also when data become corrupted accidentally. Which, in the case of the Swiss elections, is an equally important feature.

For Robert Hensler, the Geneva State Chancellor, the application of quantum cryptography will go a long way towards alleviating concerns over eVoting. “In this context, the value added by quantum cryptography concerns not so much protection from outside attempts to interfere as the ability to verify that the data have not been corrupted in transit between entry and storage,” he is quoted as saying.

SwissQuantum, a new standard for data security

The Swiss elections are an important milestone for id Quantique, but they are just the initial phase of a wider-ranging plan which is expected to lead to the creation of a pilot quantum communications network in Geneva similar to the nascent internet network in the United States back in the 1970s. Known as SwissQuantum, this next stage in the project aims to provide a platform for testing and validating the quantum technologies that will help to protect the communications networks of the future.

The project’s plans, however, extend beyond the Geneva region with a longer-term view of expanding the network throughout the country and beyond. This technology will appeal in particular to certain core industries of the economy which depend particularly on data security – banks, insurance companies, high-tech businesses,… In this regard, it is hoped that the SwissQuantum name will come to be seen as the best guarantee for reassuring potential clients of the soundness of this scientific innovation.

id Quantique is a partner in the European project SECOQC which began in April 2004. “The SECOQC project makes it possible for id Quantique’s engineers to interact with some of the best groups worldwide in the field of quantum cryptography,” observes Ribordy. Together, the project partners intend to lay the foundations for a long-range, high-security communication network that combines the entirely novel technology of quantum key distribution with components of classical computer science and cryptography.

Ensuring effective data security is the next challenge for global data networks. SECOCQ will provide European citizens, companies and institutions with a tool that allows them to face the threats of future interception technologies, thus creating significant advantages for the European economy.

Adapted from materials provided by ICT Results.

source: Science Daily

The National Institute of Standards and Technology (NIST) has opened a competition to develop a new cryptographic “hash” algorithm, a tool that converts a file, message or block of data to a short “fingerprint” for use in digital signatures, message authentication and other computer security applications.

The competition is NIST’s response to recent advances in the analysis of hash algorithms. The new hash algorithm will be called Secure Hash Algorithm-3 (SHA-3) and will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. NIST’s goal is that SHA-3 provide increased security and offer greater efficiency for the applications using cryptographic hash algorithms. FIPS standards are required for use in federal civilian computer systems and are often adopted voluntarily by private industry.

FIPS 180-2 specifies five cryptographic hash algorithms, including SHA-1 and the SHA-2 family of hash algorithms. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design, NIST has decided to standardize an additional hash algorithm to augment the ones currently specified in FIPS 180-2.

NIST issued a Call for a New Cryptographic Hash Algorithm (SHA-3) Family in a Federal Register Notice on Nov. 2, 2007. The announcement specifies the submission requirements, the minimum acceptability requirements, and the evaluation criteria for candidate hash algorithms. Entries for the competition must be received by Oct. 31, 2008.

Details about the competition are available at http://www.nist.gov/hash-competition.

Adapted from materials provided by National Institute of Standards and Technology.

source: Science Daily

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft’s “Windows 2000″ operating system. The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using “Windows 2000″ is susceptible to tracking. “This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers,” remarked Dr. Pinkas.

Various security vulnerabilities in different computer operating systems have been discovered over the years. Previous security breaches have enabled hackers to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole, exposed by a team of researchers which included, along with Dr. Pinkas, Hebrew University graduate students Zvi Gutterman and Leo Dorrendorf, enables hackers to access information that was sent from the computer prior to the security breach and even information that is no longer stored on the computer.

The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and email encryption, and for the SSL encryption protocol which is used by all Internet browsers.

For example: in correspondence with a bank or any other website that requires typing in a password, or a credit card number, the random number generator creates a random encryption key, which is used to encrypt the communication so that only the relevant website can read the correspondence. The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, and eavesdrop on private communication.

“There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk,” explained Dr. Pinkas.

According to the researchers, who have already notified the Microsoft security response team about their discovery, although they only checked “Windows 2000″ (which is currently the third most popular operating system in use) they assume that newer versions of “Windows”, XP and Vista, use similar random number generators and may also be vulnerable.

Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the “Windows” security system to enable computer security experts outside Microsoft to evaluate their effectiveness.

The results of the research are described in a scientific paper entitled “Cryptanalysis of the Windows Random Number Generator”, which was presented at the ACM Conference on Computer and Communications Security which took place in Alexandria, Virginia on October 29 - November 2, 2007.

Adapted from materials provided by University of Haifa.

source: ScienceDaily 

 IBM offered about $4.9 billion in cash Monday to acquire Cognos, a Canadian producer of software used by corporations to analyze their operations.The friendly bid comes a month after SAP said it would spend $6.8 billion to buy Business Objects, a company based in Paris that is the chief rival of Cognos in what is called the business intelligence software business.

Oracle acquired Hyperion Solutions, another Cognos rival, for about $3.3 billion in April.

Shares of Cognos, based in Ottawa, had risen recently because of takeover speculation. The bid by International Business Machines, which must be approved by Cognos shareholders, offers a 9.5 percent premium to the stock’s closing price Friday.

While SAP has said it will keep Business Objects as a stand-alone unit, IBM said that Cognos would be incorporated into its operations.

“IBM has been providing business intelligence solutions for decades,” said Steve Mills, senior vice president and group executive of IBM’s software group. “We chose Cognos because of its industry-leading technology.”

read the rest of the story at Herald Tribune.

Company says it has a fix, but won’t release patch until January

With exploit code in circulation and no patch available for a buffer-overflow bug, Oracle Corp.’s flagship database software is open to attack, security researchers said today.

The vulnerability was first disclosed yesterday by VeriSign Inc.’s iDefense Labs, which issued an advisory outlining the flaw in Oracle Database 10gR2. Earlier versions of the enterprise database software may also be at risk, iDefense cautioned.

Today, Symantec Corp. followed with a warning to customers of its DeepSight threat management system. “The issue affects the ‘OWNER’ and the ‘NAME’ parameters of the ‘XDB.XDB_PITRIG_PKG.PITRIG_DROP
METADATA’ procedure,” said Symantec. “Specifically, if the combined length of both parameters is excessively large, a buffer will overflow when constructing a SQL query.”

An attack requires authentication to the database, but assuming that, a successful exploit could execute code remotely. Proof-of-concept exploit code was posted on the Internet last Friday.

Oracle claimed it has quashed the bug in the Database 10g code, but it will not issue a patch until the next quarterly update — dubbed Critical Patch Update, or CPU — scheduled for Jan. 15, 2008, both iDefense and Symantec reported.

Because there are no work-arounds available in the interim, Symantec recommended that users deploy network intrusion-detection systems to monitor traffic for malicious activity, and allow only trusted employees to access the database.

source: ComputerWorld

these are not all, if you wanna get the whole story check this article Google’s new baby “Open Social” and watch the video.

This application is now more for developers, but this is going to be something that facebook people will have to make a choice.

This is what google says about OpenSocial

The web is more interesting when you can build apps that easily interact with your friends and colleagues. But with the trend towards more social applications also comes a growing list of site-specific APIs that developers must learn.

OpenSocial provides a common set of APIs for social applications across multiple websites. With standard JavaScript and HTML, developers can create apps that access a social network’s friends and update feeds.

Many sites, one API

Common APIs mean you have less to learn to build for multiple websites. OpenSocial is currently being developed by Google in conjunction with members of the web community. The ultimate goal is for any social website to be able to implement the APIs and host 3rd party social applications. There are many websites implementing OpenSocial, including Engage.com, Friendster, hi5, Hyves, imeem, LinkedIn, MySpace, Ning, Oracle, orkut, Plaxo, Salesforce.com, Six Apart, Tianji, Viadeo, and XING.

In order for developers to get started immediately, Orkut has opened a limited sandbox that you can use to start building apps using the OpenSocial APIs.

Server optional

OpenSocial is built upon Google Gadget technology, so you can build a great, viral social app with little to no serving costs. With the Google Gadget Editor and a simple key/value API, you can build a complete social app with no server at all. Of course, you can also host your application on your own servers if you prefer. In all cases, Google’s gadget caching technology can ease your bandwidth demands should your app suddenly become a worldwide success.

source: Google

Apple developers continue to hustle Leopard compatibility updates out the door.Chronos announced that its entire product line is now compatible with Mac OS X 10.5 Leopard: SOHO Organizer, SOHO Notes, SOHO Business Cards, SOHO Labels & Envelopes, SOHO Signs, iScrapbook and F10 Launch Studio have all been updated to run on Apple’s latest operating system. Leopard-compatible versions are available for immediate download.

CS Odessa is also engaged in updating its software for Leopard, and has confirmed ConceptDraw Business Suite for Mac OS X 10.5 is available now, a suite consisting of: ConceptDraw 7, ConceptDraw Project 4 and MindMap 5.

Bitcartel Software has shipped PandoraJam 1, bringing Leopard support for Mac OS X 10.5 (Leopard) for listeners of Pandora.com radio services. The software lets users stream music wirelessly, record audio for playback on iPods, and submit tracks to Last.fm.

Finally today, DssW, the leading developer of Mac energy saving software, today announced free Mac OS X 10.5 (Leopard) updates to its software. Power Manager, Sleep Monitor, and Energy Schedule, all of which have been updated to support Mac OS X 10.5.

“Our users are early adopters and environmentally conscious. DssW’s updates ensure that they can continue to save energy while adopting Apple’s latest operating system.” said Graham Miln, DssW’s director.

Power Manager 3.7 helps schools and businesses by allowing them to schedule their Macs to start, wake, shutdown, restart, log out, switch to the login window, and so on — which can offer impressive power savings for places with lots of Macs.

source: MacWorld

This is a collection of FAQ and tips for SQL Server DBA and developers. The clear answers and sample scripts provided can be used as learning tutorials or interview preparation guides.

SQL Server DBA FAQs and Tips - 442 Questions/Tutorials

Downloading and Installing SQL Server 2005 Express Edition (14 questions)

Getting Started with Transact-SQL Statements (10 questions)

Creating and Managing Databases and Physical Files (16 questions)

Creating/Managing Tables and Adding/Altering/Deleting Columns (16 questions)

Understanding INSERT, UPDATE and DELETE Statements (18 questions)

source: Programmer’s Heaven

Microsoft have announced that the source code for many of the .Net Class Libraries is to be released to developers. This means that when debugging code that calls into the .Net class library, you will be able to trace into the library itself to see what is happening. Not all libraries will have their source released right away, though they plan to release the source for more of them over time.

This will potentially be very useful to those of us who want to know how things really work inside the .Net class library. A class library of this size is also going to have some bugs here and there, and being able to trace into it will provide a way for developers to know that the bug really is inside the class library rather than in their own code. That way, more detailed bug reports can be made to the Microsoft development team and a workaround may be easier to identify.

The sources are to be released under the Microsoft Reference License. This permits you to read the source code and make copies of it within your organization, but not to make changes to it and distribute those changes, whether inside your organization or not. Basically, you can read the code, but you can’t hack on it.

The choice of license has got an unfavorable response from many open source and Free software advocates. A friend of mine who is neither described it as a “sucky license”. I think that the license illustrates Microsoft’s purposes, though. They want to help .Net developers, but do not want to give up control over their code base and see the class library forked in many incompatible ways. Also, while they are denying themselves the benefits of having people from outside Microsoft contribute code that fixes bugs or improves the software, accepting such contributions opens up a legal can of worms. It’s not impossible for them to do, but the work of taking steps and obtaining documentation to prove the code is an original contribution or that they can legally use it may well exceed the cost of having an engineer make the fix.

Therefore, my own feeling is that Microsoft are making a step in the right direction here, that will be of benefit to .Net developers. Of course, there are some people, such as those working on the Mono Project and are re-implementing the .Net class libraries from the documentation, that should probably steer well clear of this code to avoid accusations of being “tainted” or copying Microsoft’s implementation. Someone will probably suggest (if they haven’t already) that Microsoft is taking this step in hope that this kind of copying will happen so they can kill off the Mono Project through legal means, but I’m not feeling cynical enough for that today. And anyway, the Mono Project has ported .Net to all kinds of platforms, extending its reach. I’m not sure why Microsoft would want rid of it anyway.

And, of course, I look forward to searching the released source code for swear words and reporting just how many were found. Maybe that’s why it’s taking some time to prepare the code for release, though.