Lisa Evans

Led by the late Michael Jackson and the vampire-driven "Twilight" series, Yahoo's Top 10 Searches for 2009 show that penny-pinching consumers are escaping to the Web "to pursue news and their guilty pleasures," according to a Yahoo search trend analyst. Rounding out Yahoo's top ten this year were, in consecutive order, Naruto, American Idol, Kim Kardashian, NASCAR, and Runescape. World Wrestling Entertainment (WWE) came in third on this year's list of Top 10 Overall Searches for 2009, rising celebrity Megan Fox landed in fourth place, and Britney Spears came in fifth. To me, the celebrity orientation of this year's Internet searches seems almost reminiscent of how, during the Great Depression, people found their escapes in movie magazines and lavish musical entertainment But Vera Chen, a Yahoo Search trend analyst, also acknowledges that during the current deep recession, "with economic uncertainty looming, people looked for ways to find stability by searching the Web." Accordingly, Yahoo's "Top 10 Economy-Related Searches for 2009" include coupons, Stimulus Plan, student loans, and foreclosures, for example.

Thus, Yahoo has also put together a list of the Top 10 Mobile Searches for 2009. Some members of the overall Top 10 list - such as Megan Fox and Michael Jackson - also made the mobile list, although others - including WWE and Kim Kardashian - did not. As many of us already know, however, sales of mobile devices stood out as one big bright spot on 2009's bleak economic canvas. "Mobile devices emerged as essential and indispensable to the lives of many Americans," according to a Yahoo press release. Those searching the Web from their mobile phones were also particularly interested in Lady Gaga, the NFL, and - not at all surprisingly - Mobile Games. For one thing, maybe consumers will be able to forego some of their searches for coupons and the like. What will Yahoo's Top 10 list look like for the year 2010? Hopefully, the economy will have turned the corner a bit.

The European Commission has signed an agreement with the online music industry designed to improve consumers' access to online music across the 27-nation European Union, it said Tuesday. The agreement they reached sets out general principles that will underpin the online distribution of music in the future, leading to "improved online music opportunities for European consumers," the participants said in a joint statement. "European consumers want and deserve better online music offerings," Kroes said in a statement, describing the agreement as evidence of "real progress in this direction." This is the first time players involved in the distribution of music have agreed on "a common roadmap," she said. Online music retailers including Amazon.com and Apple, Finnish mobile phone giant Nokia, royalty rights collecting societies, consumer groups and the record labels EMI and Universal Music Group struck the deal with E.U. Commissioner for competition Neelie Kroes.

Apple is optimistic that over the coming year it will be able to make its iTunes online music store available in countries where it doesn't operate at present, the Commission said. The biggest obstacle to creating a fully functioning online marketplace for music until now has been the reluctance of collecting societies to do away with their traditional approach to the European market, which involved each one maintaining a monopoly over rights collection in its national territory. Meanwhile, EMI expects to sign non-exclusive digital licensing agreements with two of the most obstinate collecting societies in Europe - SACEM of France and Spain's SGAE, the Commission said. The Internet's ability to reach across borders makes it harder for online stores to restrict sales to customers in a particular territory.

The Internet Corporation for Assigned Names and Numbers (ICANN) has reached a new agreement with the U.S. Department of Commerce allowing the nonprofit greater independence, while giving more countries oversight of the organization. The DOC will continue to be involved in ICANN's Governmental Advisory Committee, but the new agreement recognizes ICANN as a global "private-sector led organization." The new agreement is a "huge moment not just for ICANN but for the Internet," said Paul Levins, vice president at ICANN. "This really vital resource was being overseen by one government." The U.S. government will have "one seat at the table" for the three-year reviews, ICANN CEO Rod Beckstrom said in a video on the organization's site. "What it really means is we're going global," he said. "All the reviews and all the work done will be submitted for public comment to the world. The new agreement, called an Affirmation of Commitments, sets up reviews of ICANN's performance every three years, with members of ICANN advisory committees, the Department of Commerce (DOC), independent experts and others serving on the review teams. But there's no separate or unique or separate reporting to the United States government.

The new agreement won praise from critics who have complained that the U.S. governmenthas had too much control over ICANN, which manages the Internet's DNS (domain name system). The new agreement should allow ICANN to become more open and accountable to users worldwide, said Viviane Reding, the European Union's commissioner for information society and media. All the reporting is to the world; that's the real change." The new agreement was announced Wednesday, the same day that an 11-year series of memorandums of understanding between ICANN and the DOC expired. The new agreement ends "unilateral" review of ICANN by the DOC and sets up independent review panels, she said in a statement. "I welcome the U.S. administration's decision to adapt ICANN's key role in internet governance to the reality of the 21st century and of a globalized world," Reding said in her statement. "If effectively and transparently implemented, this reform can find broad acceptance among civil society, businesses and governments alike." The challenge, she said, will be to make ICANN's Governmental Advisory Committee more effective, as it has a major role in appointing the review panels. "Independence and accountability for ICANN now look much better on paper," she said. "Let's work together to ensure that they also work in practice." The new agreement commits ICANN to a "multi-stakeholder, private sector led, bottom-up policy development model for DNS technical coordination." It also requires ICANN to "adhere to transparent and accountable budgeting processes, fact-based policy development, cross-community deliberations, and responsive consultation procedures that provide detailed explanations of the basis for decisions." ICANN will publish annual reports that measure the organization's progress and it will provide a "thorough and reasoned explanation of decisions taken, the rationale thereof and the sources of data and information" on which it relied. The Internet Society, a nonprofit organization focused Internet-related standards, education, and policy, also praised the new agreement, saying it emphasizes ICANN's obligation to "act in the public interest as the steward of a vital shared global resource." The new agreement doesn't change the DOC's contract with ICANN to perform the functions of the Internet Assigned Numbers Authority (IANA), which is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. While the expiration of the old agreement with the DOC "threatened to open an accountability gap" for ICANN, the new agreement should resolve that concern, added Steve DelBianco, executive director of e-commerce trade group NetChoice. "The Commerce Department has crafted an arrangement here that delivers what the global Internet community has clamored for: permanent accountability mechanisms to guide ICANN in the post-transition world," he said. "These reviews should help ICANN stay focused on security, choice and consumer trust, with an added emphasis on interests of global Internet users - especially those who can't yet use their native language in domain names or e-mail addresses."" The new agreement addresses an issue that's been missing at ICANN, "a balanced way to bring all governments into the oversight process alongside private sector stakeholders, with a sharpened focus on security and serving global internet users," he added. The DOC, in the new agreement, also doesn't endorse ICANN's efforts to allow an unlimited number of new generic top-level domains, such as .food or .basketball.

The controversial plan has met resistance from trademark owners, who say they'd have to register for dozens of new Web sites to protect their brands. "Nothing in this document is an expression of support by DOC of any specific plan or proposal for the implementation of new generic top level domain names or is an expression by DOC of a view that the potential consumer benefits of new gTLDs outweigh the potential costs," the new agreement said.

It's been 10 years since the Apache Software Foundation hung out its feather, creating what has become a series of communities filled with focused project entrepreneurs working on a laundry list of innovative efforts, one of which landed in the White House just a few weeks ago. In its 10 years, ASF has become a shining example of the power of open source development and the group, now with 65 projects operating under its banner, shows no signs of slowing down. The application that now runs the White House Web site is Drupal, but its underpinnings, the Lucene search service, is pure Apache Software Foundation (ASF), an all-volunteer membership that now exceeds 300 people, including some of the most respected talent in the open source community.

Just four years ago, the number of ASF projects stood at 25. ASF will celebrate its 10th anniversary at this week's ApacheCon conference even though the official anniversary date is in June. "I think [ASF] has shown to be successful in that there is a lot of good software that comes out of Apache that is widely used," said Doug Cutting, a member of the ASF board of directors, and the creator of the Lucene project. "We lead by example. In addition, there are 33 projects in the Apache Incubator, and more than two dozen codebases being explored in the Apache Labs. That is something we aspire to do." Cutting's leadership examples include three ASF projects – Lucene, Hadoop and Nutch. It all operates within the Foundation, which is actually a membership-based non-profit corporation registered in Delaware. Unlike other open source organizations, before Apache hosts a project it has to be given to the ASF, which ultimately controls the intellectual property of all its projects. From its beginnings with 21 members and the Apache HTTP Server, still the most popular Web servers in use, the foundation has forged a set of principles that continue to drive it today.

But the projects themselves run as semi-autonomous units within ASF, which provides members with legal protection from suits directed at foundation projects. He says more people are building software today and calling it open source, "but if you look closely they are aiming for vendor lock-in." ASF's structure and strategy avoids that result, Cutting says. "Today, our model is getting stronger and that is bringing more projects into Apache." Cutting says the future should hold more of the same. "We are not seeking to rock the boat and reinvent Apache, but we will continue to guide and scale the Foundation." That effort is one of the tests for ASF as it moves into its second decade. "Part of the design challenge is to build a scalable Foundation that does not require a lot of management," he says. "We don't want a big heavy bureaucracy." While the board works on the future of ASF, Cutting sees the innovation part of the Foundation taking care of itself."Technically what the future brings is anyone's bet," Cutting says. "But I think the future holds room for more and more software that is open source and more and more that is Apache style open source and more and more that is within the Apache Software Foundation." Follow John Fontana on Twitter. New members are by invite only, voted upon by existing members, and prove their value by contributing to a project or projects at the Foundation, which describes itself as a meritocracy. "We build software on its merits, which is a pretty great model," Cutting says. "Hopefully we set a tone, but we don't force the Apache Way on other projects." Cutting says the focus on building software and letting people do what they want to do with it is one of the important roles that ASF plays in the open source movement today.

A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers. The messages, which come bearing subject lines such as "Facebook Password Reset Confirmation," include a file attachment that supposedly contains the new password. The attack, which began Monday afternoon, according to e-mail security vendor Cloudmark, targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. In fact, the attached .zip file includes a Trojan downloader, dubbed "Bredlab" by some antivirus companies, "Bredolab" by others.

At least 8% of the users who have received one of the fake messages have tagged it as legitimate, going to the trouble of pulling the message from their junk folder - where Cloudmark has placed it - because they think it's real, Tomasello said. The downloader grabs a variety of malware from hacker servers, including fake security software , or "scareware," and installs attack code and rogue antivirus applications on the compromised PCs. Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog . Jamie Tomasello, Cloudmark's abuse operations manager, said today that her company alone has detected nearly three-quarters of a million phony Facebook messages since Monday, and nearly 250,000 in the last 24 hours. "Our count continues to go up, and is at about 735,000 now," said Tomasello. "It's a pretty high volume." According to Tomasello, both desktop clients and ISPs that use Cloudmark to filter potentially malicious mail have reported receiving the fake Facebook e-mail. Cloudmark has no data on how many users were actually duped into opening the .zip file and running the enclosed .exe that installs Bredolab, however. "The numbers are equal to or higher than other Facebook malware or phishing campaigns," Tomasello claimed. Because of its huge base - last month Facebook said it had more than 300 million users - the site is a frequent target for hackers and identity thieves. She said that Cloudmark is currently revising that 8% estimate upwards.

Last March, for example, the Koobface worm made the rounds on Facebook, as well as other social networking sites such as MySpace and Friendster, infecting large numbers of users. Facebook did not respond to a request for comment on the attacks, or to questions what it is doing, or can do, to stymie the campaign or warn its users.

Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. The 15 flaws fixed in Tuesday's six security updates were less than half the record 34 Microsoft patched last month in 13 separate bulletins. None affect Windows 7, the company's newest operating system. Of today's 15 bugs, three were tagged "critical" by Microsoft, while the remaining 12 were labeled as "important," the next-lowest rating in the company's four-step severity scoring system.

That update, which was ranked critical, affects all still-supported editions of Windows with the exception of Windows 7 and its server sibling, Windows Server 2008 R2. "The Windows kernel vulnerability is going to take the cake," said Andrew Storms, director of security operations at nCircle Network Security. "The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. Experts agreed that users should focus on MS09-065 first and foremost. This is absolutely a drive-by attack scenario." Richie Lai, the director of vulnerability research at security company Qualys, agreed. "Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver." Both Storms and Lai were referring to the one bug marked critical in MS09-065, which actually patched a trio of vulnerabilities. EOT fonts, however, can also be used in Word and PowerPoint documents. According to Microsoft, the Windows kernel improperly parses Embedded OpenType (EOT) fonts, which are a compact form of fonts designed for use on Web pages. Hackers could also launch attacks by attaching Word or PowerPoint documents to e-mail messages, then duping users into opening those documents.

Because Windows 7 and Windows Server 2008 R2 were not affected by the MS09-065 update, Storms and Lai assumed that Microsoft caught the bug before it wrapped up the final code, or release to manufacturing (RTM) build, of the operating system, and is only now getting around to plugging the holes in Windows 2000, XP and Vista, as well as Server 2003 and Server 2008. "Windows 7 Release Candidate [RC] is probably vulnerable," said Storms, citing Microsoft's policy of not providing security updates for preview versions of an operating system when the final has been released. "That's why you don't see Microsoft patching Windows 7 RC or Beta," said Storms. "For anyone still running RC, they should take heed and upgrade to the RTM." But while Storms speculated that Microsoft knew the EOT font flaw was a security issue - and waited until now to patch older Windows - Lai thought that Microsoft didn't realize until recently that it was also a security vulnerability in editions prior to Windows 7. "I think they fixed this bug as part of the code sanitization during [Windows 7's] development cycle. In lieu of patching the problem, users can easily block the most likely attacks by disabling IE's support for embedded fonts. "That's a low-impact mitigation," Lai said. "The worst that could happen is that some sites might look ugly." His advice would still leave PCs open to attack via malicious Word or PowerPoint documents, a point Microsoft also made in the vulnerability's write-up. It was actually only publicly disclosed recently, and then they patched it in other Windows." Microsoft acknowledged that information about the EOT vulnerability had gone public before today's patch. "While the initial report was provided through responsible disclosure, the vulnerability was later disclosed publicly by a separate party," stated the accompanying advisory. Microsoft also issued critical updates for Vista and Server 2008 , as well as for Windows 2000 Server. Storms expects to see attackers jump on the EOT vulnerability. "This is the one to watch in the coming weeks, not only because of its novelty, but also because it can be exploited through IE, which is the easy route, as well as through Word and PowerPoint documents," he said.

On the latter, which harbors a bug in its implementation of the License Logging Server , a tool originally designed to help customers manage Server Client Access Licenses (CAL), Storms urged users of that aged operating system to apply the patch pronto, even though the machines are probably well-protected. "Windows 2000 Server has the logging server enabled by default, but those systems are likely behind multiple firewalls, and people running [Windows 2000 Server] are pretty cognizant of the fact that it's an older version and will act accordingly." Excel and Word also received patches today. This month's security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services. Eight vulnerabilities were addressed in Excel in MS09-067 and one in Word with MS09-068 . Both updates also affected the Mac editions, Office 2004 and Office 2008. "These are the kind of file format vulnerabilities we've seen many times before," said Storms, noting in a follow-up instant message that the bugs are in the older, binary file formats, not in the newer XML-based formats that Microsoft debuted in Office 2007 for Windows and Office 2008 for Mac.

Sybase is extending its Afaria mobile-device management platform and database software to the Apple iPhone, taking advantage of new enterprise features in Version 3.1 of the iPhone's software to give IT departments more control and capabilities on the popular handset. Going on sale in the middle of this month, Sybase's Afaria 6.5 will finally give administrators the kinds of controls they have had previously for mobile platforms such as Symbian, Microsoft Windows Mobile 6.1, Research In Motion BlackBerry and PalmOS. Apple's recent iPhone 3.1 release added the capability to lock down certain settings on a device so the user can't change them using the phone's configuration utility, said Mark Jordan, senior product manager for Afaria. Though many enterprise employees bring iPhones into the office and rely on them for personal communications, the device originally caught on as a consumer gadget for music, Web browsing and entertainment applications, and has only gradually made inroads as a workplace tool. That allowed Sybase to give enterprise IT departments the power to do things such as block applications, define the required password strength and lock down Wi-Fi and VPN (virtual private network) settings.

With the new Afaria, enterprises can make and change settings on employees' iPhones over the air based on overall policies for certain departments, job descriptions and other criteria. Administrators can now establish a trusted relationship between Afaria and the employee's phone using a certificate, he said. Among other capabilities, they can also require device authentication for access to a corporate directory and set up compliance reporting on the employee's use of the phone. Also on Tuesday, it announced tools for the Sybase SQL Anywhere database to be used for synchronization of data between an iPhone application and a back-end database. Sybase announced Afaria's iPhone capabilities on Tuesday at the iPhone Developer Summit in Santa Clara, California.

Using SQL Anywhere, internal developers and software vendors can build in bi-directional synchronization between an on-device app and relational databases including Sybase, Oracle, SQL Server, DB2 and MySQL. This frees employees from having to depend on the cellular data connection to get work done while on the road, Jordan said. Also on Tuesday, the company's Sybase 365 subsidiary introduced a turnkey system for mobile banking on the iPhone. There is a beta test program now open for SQL Anywhere for iPhone. With it, banks can allow their customers to check balances, transfer funds among accounts, securely communicate with bank representatives, find branches and automatically dial the bank, Jordan said. The Sybase mBanking 365 iPhone platform is available now and is already deployed by BBVA Compass as the BBVA Compass Mobile application.

The mobile phone market globally turned a corner in the third quarter, with shipments by manufacturers increasing by 5.6% over the previous quarter, market research firm IDC reported. In all, 287.1 million cell phones and smartphones were shipped in the third quarter, down 6% from the 305.4 million shipped in the third quarter of 2008. Shipments do not necessarily result in sales to end user customers, but indicate that carriers and other retailers are expecting to make sales by ordering from manufacturers. The results for the third quarter were still down by 6% from the same quarter in 2008, but the quarter-to-quarter growth was taken as the first sign of improvement since the onset of the economic downturn, the analyst firm said Thursday. In the third quarter, various sales channels promoted older devices at lower prices, creating demand that pushed up shipment volumes, said Ramon Llamas, an IDC analyst.

New smartphones, such as the Droid and the Cliq from Motorola which are both based on the Android operating system, are appearing in November in the U.S., for example, IDC noted. Now that we have moved into the fourth quarter, vendors are setting the stage for further gains by launching their flagship devices to meet pent-up demand, he said. Will Stofega, another IDC analyst, said that the economy is expected to make a slower recovery than many predicted a year ago, but mobile phone manufacturers should still increase their spending on research and development to stay competitive. Western Europe showed strong signs of recovery, with increases in all devices year-over-year. IDC assessed market performance in various geographies, noting that North America posted mixed results, with the U.S. showing gains in the quarter, but with Canada declining for the third straight quarter for all mobile phones, even as smartphone shipments increased. IDC did not provide specific numbers for various geographies, however.

Mexico has experienced an increase in taxes for telecom services, personal taxes and value-added taxes, all of which have a negative impact on mobile phone sales. Latin America and Asia/Pacific performed weaker than other areas. Market leader Nokia once again led for all types of mobile phone shipments, with 108.5 million shipped, a decline of 8% over third quarter 2008. The Finnish company took 37.8% share of the market. Samsung finished second with 21% market share; LG Electronics finished third with 11%; Sony Ericsson was fourth with 4.9%; and Motorola was fifth with 4. All other manufacturers combined to account for 59 million mobile phones shipped, or 20.6% of the market.

In a contentious court battle launched by record label EMI, the brazen owner of online retailer BlueBeat has begun complying with a new court order to stop selling Beatles music online, after offering a quirky defense that he owns the copyright to the songs at issue. Risan contended that he authored the songs using "psycho-acoustic simulations." These simulations "are my synthetic creation of that series of sounds which best expresses the way I believe a particular melody should be heard as a live performance," he messaged. In a message sent from his iPhone earlier this week, BlueBeat owner Hank Risan told his attorney that he - rather than EMI or Apple Corps - is the rightful owner of the Beatles tunes for sale on his Web site, according to a report in paidContent.org. But on Wednesday, a Los Angeles judge rejected BlueBeat's assertions that it is selling only re-recorded versions of the songs.

Ruling that BlueBeat hasn't provided enough evidence to back up its claims, the judge came out with an injunction banning the company from streaming or selling tracks from the Beatles and other EMI music artists. Instead, the judge found in favor of EMI, a record label that argued in court that BlueBeat is "thumbing their noses" at EMI and Apple. As of Friday at about 9:15 a.m. Eastern time, BlueBeat has indeed stopped selling the unauthorized downloads of the Beatles tracks, previously hawked at bargain basement pricing of 25 cents a track. Clicking on "Buy" prompts a message that the tracks aren't available for purchase. The tunes are still visible on the site.

Risan's claims rest on a section of the Copyright Act - often applied to music by tribute bands - exempting recordings that "imitate or simulate those in the copyrighted sound recording," according to an account by the BBC. Yet the Beatles tracks might possibly return to BlueBeat at some point, and with court approval. Meanwhile, EMI, the owner of the original Beatles recordings, has been in longtime talks with Apple Corps - the company set up by the Beatles to look after their catalog - about arranging some kind of legitimate deal for selling the tunes online. On a date set for November 20, a court will hear arguments presented by both sides.

Brocade Communications Systems Inc. has hung a "for sale" sign on its door, according to a report today in the Wall Street Journal . Brocade declined to comment on the report. Brocade is said to be valued at about $3.2 billion. Hewlett-Packard Co. and Oracle Corp. have shown interest in buying Brocade, which make switches for routing data storage traffic, according to the report, which added that an agreement is not imminent. The company reported a loss of $21 million on sales of about $493.3 million in the its 2009 fiscal year's third quarter that ended Aug. 1. San Jose-based Brocade has about 2,800 employees.

If true, he added, the timing isn't surprising. Brocade late last year acquired Foundry Networks Inc. whose IP networking technology gives it a leg up in the server networking market, and puts it in a stronger competitive position rival Cisco Systems Inc. "The question is: 'do the server vendors want to increase the competitive pressure against Cisco because Cisco is now in the server business?'" said Brian Babineau, an analyst with the Enterprise Strategy Group in Milford, Mass. "I think that's what makes Brocade more attractive, and you can consider Oracle in the server business as well because they plan to own Sun ." Babineau said he has heard rumors as recently as last week about Brocade putting itself on the block. Over the past seven or so years, switch maker Cisco has added a line of storage switches and routers that make it a heavy player in the storage business. Earlier this year, Cisco, EMC and others said they jointly developed a new storage blade server to be sold by Cisco. Just last month, it was reported that Cisco and EMC Corp. were in talks to create a technology services arm.

Brocade has also been making moves to attract new sales channels by signing reseller agreements with EMC rivals IBM, Hewlett-Packard Co. and quasi-competitor Dell Inc. Dell's acquisition of storage vendor EqualLogic two years ago likely placed a strain on its reseller relationship with EMC. Babineau said Hewlett-Packard may be the most appropriate suitor for Brocade because it has an established networking and a storage portfolio of products, and because Cisco is increasingly competitive with HP . "It's very logical. Dell has increased its presence in business-class data storage systems over the past few years, originally through reseller deals with EMC and recently with its own line of data storage products that are moving from entry-level to midrange. If you look at the timing, it's almost like a perfect storm for Brocade," Babineau said. "Exiting a Foundry integration process, potential uptick in IT spending starting shortly, and big IT companies wanting to compete against Cisco with Brocade being one of the only viable candidates in that market." "This is not about storage, but about networking," he added. Another source, who asked not to be named, said that HP executive Dave Donatelli , who had headed EMC's storage unit until earlier this year, could help HP position Brocade's storage offerings against those of his former firm. "I just think Donatelli has some real institutional knowledge after selling a good portion of Brocade's products when he was with EMC," the source said.

ICANN's approval of non-Latin character domains undoubtedly is a game-changing decision in the history of the World Wide Web. Here are a few pros and cons to consider as we move away from the traditional ASCII based-Web. With scheduled to start popping up in the middle of next year, many people are debating if this digital support for more distinctly international sites balances with potential security threats and fragmentation of the Internet.

Pro: World Wide Web Supporting World Wide Language Let's face it; millions of Internet users speak languages that aren't written using Roman characters. The transition will begin on November 16 when countries can apply for country codes in their own unique character sets. "The first countries that participate will not only be providing valuable information of the operation of IDNs in the domain name system, they are also going to help to bring the first of billions more people online - people who never use Roman characters in their daily lives," ICANN CEO and President Rod Beckstrom said in a statement. Allowing Web sites to have domains that use other characters will make Web addresses more recognizable to some and make the Web more accessible to millions of new users. Con: Country Codes are Only the Beginning Generic domains such as .com, .org and .net aren't open to international characters yet, but could be in the next couple of years. Pro: Country Codes are Only the Beginning If done properly, opening generic domains to international characters could be a good thing. If ICANN decides to open generic domains without extending rights to existing URL holders, international companies and brands might find themselves purchasing URLs in multiple languages to protect the use of their name, points out PC World Tech Inciter writer Tech Inciter David Coursey.

If International corporations were granted rights to the .com URLs they already possess it could spell an end to selecting a region before entering the site. It would also open doors for smaller Web sites that are just interested in serving a particular language group. For instance, going to intel.com could lead to the English version of the site, while using a Japanese, Russian, or Korean suffix would take you to a version of the site with that language. Con: A lesson from 1337 h4ck3r$ Expanding beyond Roman characters also increases potential for site rip-offs that use homoglyphs, characters with identical or indistinguishable shapes. Con and Pro: No Latin Base Emphasis Apparently homoglyphs are drawing some attention at ICANN. Languages that use accented Latin characters aren't being supported at this time, The CBC Reports.

This already occurs to some degree (for instance pointing your browser to google.com takes you to a different site than go0gle.com) but different languages might have characters that are identical to characters in other languages. They attribute the lack of support to security concerns that accented characters could lead to phishing scams because, "internet users might not at first see the difference between, for example, 'google.com' and 'goógle.com.'" This is bad news for French, Spanish, Turkish, and Vietnamese speakers - all four languages use accented characters. As fellow PC World writer Jacqueline Emigh pointed out, it would be next to impossible to produce a keyboard that could support characters from every language under the sun. But, if ICANN is aware of security concerns that would arise from including these languages, maybe they have some sort of anti-homoglyph trick up their sleeve for other languages, (here's looking at you, Cyrillic.) Con: Keyboards and Restrictive Access Adding support for 100,000 international characters would make traditional keyboards insufficient input devices for accessing the entire Internet. Virtual keyboards and language packs could possibly help alleviate the problem for some people, but there wouldn't be an easy fix. ICANN released this video with its announcement, hoping to encapsulate the potential for opening up international character domains.

Today Google released Picasa 3.5, an updated version of its free photo editing software. The most notable addition in this release is an enhanced version of Picasa's people-tagging feature, previously only available in Picasa Web Albums. With Picasa you can edit and organize your images, and sync and share them with Picasa Web Albums, Google's online photo-sharing site. Other improvements include Google Maps integration for faster and easier geotagging, a smarter keyword-tagging interface, and more importing options.

You can then go through and add name tags one at a time or in bulk. When you first launch Picasa 3.5, it scans all of the images on your computer and groups similar faces. If you already use name tags in your Picasa Web Albums, you can log into your Google account and download that information to the Picasa application (Tools-> Download Name Tags from Picasa Web Albums). Logging in also means you can use your Google contacts list when tagging people. Geotagging is much easier in 3.5. In the Places panel, a Google map displays the locations of your geotagged photos. Picasa will automatically create an album for each person you tag.

To add location information to a photos, you can search directly in the panel and add a pin, or drag and drop an image or images onto the map from your library. It's now possible to upload images directly to Picasa Web Albums from your camera, iPhone, or memory card. Picasa's import features have also been greatly improved. Before importing you can choose which images to include or exclude. This update is for both Mac and PCs, and is the first Mac version of Picasa to drop the beta label.

For example, you could opt to upload all of the images to your hard drive, but only starred images to the Web.

The Palm Pre's WebOS browser is a relatively recent entrant in the mobile browser arena, arriving in early June of this year. The opening screen of the Palm Pre's browser contains your bookmarks and a combination address-and-search bar at the top. But the Pre's new mobile browser comes fully prepared for a battle royale with other leading smartphone browsers. When you start typing a URL, the Pre's browser will look through your visited sites and try to match the string you're typing to addresses you've typed previously-so with luck you won't have to type the whole thing more than once.

After you enter the URL that you want to visit, a persistent loading-progress bubble appears at the bottom right of the screen, which then becomes a reload/stop button. If you enter a search term, the browser asks you whether you want to search Google or Wikipedia, and then it directs you to the relevant results. A back/forward button floats at the bottom left of the screen. The transition during zooming isn't as smooth as on the iPhone, however. The page's title appears in a floating bubble at the top (it disappears when you scroll down). Like the iPhone's browser, the Palm Pre's browser can perform adaptive zooming when you double-tap a given area of the page. The Pre's browser doesn't display a scroll bar, so it gives you no way of knowing where you are on a page.

On the other hand, this method does allow you to load two pages side to side (or in the background). Flicking through browser windows on the Pre works exactly the same as browsing through multiple open applications (also displayed as cards), with virtually no limit to how many pages you can open at the same time. You won't find a button on the Pre for switching tabs either, as Palm's playing-card metaphor requires you to open a new browser window from the menu launcher in order to open a new Web page. You can also flick between open browser windows without being in card mode on the Pre, but only by flicking left/right on the touch-sensitive area underneath the screen (the option must be enabled from device settings). One major shortcoming of the Pre's browser is that it doesn't let you save images. On the iPhone, when you tap and hold an image, the browser prompts you to save it.

More than 2 billion applications have been downloaded from Apple Inc.'s App Store, with more than 85,000 apps available to 50 million-plus iPhone and iPod Touch owners worldwide. After the App Store launched on July 11, 2008, it took nine months to hit 1 billion, and only six more months to hit 2 billion, noted Carl Howe, an analyst at Yankee Group Inc. "The more devices that are out there, the more people want to download software, and they see it's an easy and fun experience," Howe said in an interview. The numbers announced by Apple today are staggering to even normally reserved analysts, who noted that after a somewhat slower summer buying rate, App Store downloads globally have exceeded more than 10 million a day in much of September. It also helps that Apple has attracted 125,000 developers to its iPhone Developer Program, he noted.

With the success of the App Store and the growth in other application storefronts backed by BlackBerry, Android and others, "any digital media is fair game," Howe said. After the one-year mark was reached in July, analysts were heralding application stores, including several imitators of the App Store, as the new way to buy software. "You don't have to go to a store to a buy a disc and get the ultimate in instant gratification," Howe said. In fact, while games are a big hit on the App Store, both the free and the paid versions, Apple is calling attention to its "staff picks," which include a free app for the complete works of Shakespeare, with a text-sizing tool. Howe said one of the secrets of the App Store's success is the large number of devices downloading them, but another is the ease with which the apps are downloaded. "If you provide a friction-free way of buying things like App Store, which shortens the time it takes from an impulse to buy to actually buying something, you'll sell a lot," Howe said. "There's not a lot of time for buyer's remorse, and it's a lot like going past a magazine stand in a store and paying $3 for a magazine. In a 28.8 MB app, users get all 40 plays, 154 sonnets and six poems, as well as some works attributed to the Bard, although whether he wrote them remains in doubt. There's not a lot of remorse in buying that item." A Yankee survey of 1,200 U.S. smartphone owners showed that 18% of applications are paid for.

Even the recession has not held back this kind of impulse buying. "The recession doesn't seem to be having an impact. However with growth in the average cost of the paid apps, and the growth in the number of devices, the U.S. revenues from applications will grow by 10 times between 2009 and 2013, reaching $4.2 billion in 2013 . In that survey, more than 70% of all the apps downloaded in the U.S. were games. "It's interesting that you see how the App Store is doing when it was not that long ago - about 2001 when the dotcom bubble burst- that people were saying people would want information to be free on the Internet," Howe noted. These small impulse purchases are kind of recession-proof," Howe said. Enderle said the application store concept might have come along earlier had bricks-and-mortar retailers not objected. "The fact is, that with enough bandwidth, there's very little that can't be delivered over the Web," Enderle said. "We're witnessing what will probably be the end of the traditional software delivery model. Rob Enderle, an analyst at the Enderle Group, said the two billion mark is "outstanding" given the number of phones available for downloads. App Store is an indicator that the times they are a changin'."

Would an extra US$10,000 feel good in your pocket? The CEA launched a contest called Apps for Innovation on Wednesday. If so, the Consumer Electronics Association (CEA) has got a deal for you.

The top prize is, you guessed it, $10,000. The winner also gets a free trip to the huge International CES trade show in Las Vegas in January. Other people are smarter than I am. The CEA, focused on driving a so-called innovation agenda in Washington, D.C., is looking for developers to build software applications that use publicly available data to demonstrate how innovation and entrepreneurship are making an economic impact in the U.S. The trade group is also accepting submissions from developers with applications that help CEA members and consumers advance policy goals that support innovation in the U.S. If those rules sound a bit wide open to you, that's by design, said Gary Shapiro, CEA's president and CEO. "What we're looking for are the things we can't anticipate," he said. "I don't want to limit someone. We're very comfortable with ambiguous definitions, because people are innovative." Pressed for examples, Shapiro said an app could track the country of origin of U.S. Nobel Prize winners and see how many of them are immigrants. Another example: An innovative app could use U.S. Federal Communications Commission broadband data and Internet mapping tools to show the need for high-speed Internet access in rural areas.

Or, a developer could make an app that makes it easier for CEA backers to communicate with each other or communicate with their lawmakers or local media. The contest is open to apps for any type of device or any type of Web platform. CEA launched the Innovation Movement in June in an effort to garner public support for policies including broadband deployment, alternative energy and international trade. Developers can either create something new or submit an app they've already created. "The hope is, frankly, that people have some unnoticed or unused applications," Shapiro said. More than 35,000 people have joined the movement, CEA said.

The contest ends Nov. 6. Winners will be announced Nov. 10 at the CES New York press preview. In addition to the grand-prize winner, judges will award a second place of $5,000 and a third place of $3,500. The best apps will be included in an Apps for Innovation library, where they will be available free to the public.

Ciena has agreed to acquire Nortel's Metro Ethernet Networks business for approximately $521 million in cash and stock. The two companies earlier this week confirmed they were in an advanced stage of negotiations for the sale.  Ciena will pay $390 million in cash and 10 million shares of Ciena stock for Nortel's MEN business. Hottest tech M&A deals of 2009 The MEN business includes Nortel's optical networking and Carrier Ethernet assets. Ciena's stock closed yesterday at $13.05. The product and technology assets to be acquired include Nortel's long-haul optical transport portfolio, including the 40G/100Gbps systems; metro optical Ethernet switching and transport solutions; Ethernet transport, aggregation and switching technology; multiservice SONET/SDH product families; and network management software products.

The assets to be acquired generated approximately $1.36 billion in revenue for Nortel in 2008 and $556 million in the first six months of 2009. Nortel says it has deployed 430,000 optical nodes to more than 1,000 customers in 65 countries, making Nortel – along with Ciena – one of the leading optical transport and switching vendors worldwide. "We believe this transaction will position us for faster growth by giving us greater geographic reach, broader customer relationships and a deeper portfolio of solutions," said Gary Smith, Ciena's CEO and president, in a statement. "We believe we are best positioned to leverage these assets, thereby creating a significant challenger to traditional network vendors." Ciena says it expects to offer employment to at least 2,000 Nortel employees, which represents more than 85% of Nortel's optical networking and Carrier Ethernet workforce. The agreement also includes all patents and intellectual property that are predominantly used in the businesses, and provides for the transition of substantially all of Nortel's Optical Networking and Carrier Ethernet customer contracts. As of July 31, Ciena employed 2,110. Nortel's bankruptcy: A long time coming "Today's announcement is a positive step forward for the future of Nortel's Optical Networking and Carrier Ethernet customers and employees," said Philippe Morin, Nortel MEN president, in a statement. "The sale of these businesses to a strong and stable buyer enables the innovation of one of the foremost leaders in the optical industry to continue to thrive." The transaction is subject to a "stalking horse" competitive bidding process and requires the approval of the United States Bankruptcy Court for the District of Delaware and the Ontario Superior Court of Justice Ciena expects hearings before those courts to approve bidding procedures, break-up fee and expense reimbursement will be held within the next several weeks, followed by a bid period and a potential auction, with final sale hearings to be held thereafter. Nortel is liquidating assets after having failed to restructure the company under Chapter 11 bankruptcy as a viable telecom competitor. The transaction is also subject to customary closing conditions, including receipt of necessary regulatory approvals.

To date, Nortel has sold its CDMA and LTE wireless assets to Ericsson for just more than $1 billion and its Enterprise Solutions business to Avaya for just less than $1 billion. It's also looking to sell its GSM wireless business. 

Although one of the top consumer security vendors welcomed Microsoft's Security Essentials to the market, another dismissed the new free software as a "poor product" that will "never be up to snuff." Earlier today, Microsoft launched Security Essentials , its free antivirus and antispyware software suite, which has been in development for almost a year. "I think it's a good thing that they're in the market," said Carol Carpenter, the general manager of Trend Micro's consumer division. "We look forward to the competition ... and I think Microsoft's targeting of developing countries and the unprotected is a good approach." Microsoft has pitched Security Essentials, which replaced the now-defunct for-a-fee Windows OneCare, as basic software suitable for users who can't, or won't, pay for security software. And now they've decided to go for the free market, but that's a very crowded market. Not everyone, however, agreed with Carpenter. "Security Essentials won't change anything," said Jens Meggers, Symantec's vice president of engineering. "Microsoft has a really bad track record in security," he added, ticking off several ventures into consumer security that the giant has tried, including Windows Defender, an anti-spyware tool bundled with Windows Vista and Windows 7; the released-monthly Malicious Software Removal Tool; and OneCare. "Like OneCare, Security Essentials is a poor product," said Meggers. "It has very average detection rates. There's not much room to grow there." In a company blog, another Symantec employee called Security Essentials a "rerun" of OneCare , and said: "At the end of the day, Microsoft Security Essentials is a rerun no one should watch." It's no surprise that top-tier security vendors like Trend Micro and Symantec dismissed Security Essentials today.

At the time, a Symantec executive said it was a capitulation by Microsoft, which was tacitly admitting it couldn't compete . But Meggers' take today was even more bearish. "We don't like the notion of 'basic,'" he said. "That makes me very worried, because the risk on the Web today is far too high for 'basic.' Tossing a bunch of little basic tools into the computing environment doesn't make it safe." Even Carpenter had some unkind words for Microsoft. "It's better to use something than to use nothing, but you get what you pay for," she said. "But I don't think it will worry the main security vendors. They did the same thing last year, when Microsoft announced the upcoming demise of OneCare and said it would ship a free, streamlined product. If I were a free, focused security company, trying to get my upsell over time, like AVG [Technologies], then I'd be concerned." Symantec's Meggers also wondered what took Microsoft so long to come up with Security Essentials. "It takes them an entire year to remove features from OneCare, to make something even worse than OneCare?" Meggers asked. "I could have done that with three developers in three months." And that's a good clue that Microsoft won't be able to keep up with the likes of Symantec, Trend Micro and McAfee, Meggers added. "Look how long it took them to build it. When was the last time that Microsoft innovated?" The free Security Essentials can be downloaded for Windows XP, Vista and Windows 7 from the Microsoft Web site. Security needs constant innovation.

One unmistakable trend at this year's DEMOfall show is the number of Web sites and applications that rely to some degree on crowdsourcing. 13 hot products from DEMOfall '09 Crowdsourcing – a buzzword loosely defined as giving large crowds of users the ability to collaboratively create or change content on Web sites or applications – was made popular by open-source encyclopedia Wikipedia and has since become a staple of Web 2.0 applications. So why does crowdsourcing have such an appeal for developers? "With all due respect it's because developers are lazy," laughs Micello founder and CEO Ankit Agarwal. "When I crowdsource it means that I don't have to do the work to get data myself." But crowdsourcing does have perks beyond getting other people to do your work for you. Among the new crowdsourcing technologies to debut at DEMO this fall are Article One Partners' AOP Patent Studies, an open-source enterprise service that employs an online community of patent advisors to research patent claims; Waze, a mobile application that can be used to update traffic conditions in real time; TrafficTalk, a mobile application that is similar to Waze but also lets users provide traffic updates simply using their voice rather than typing into their mobile phone; Micello, a mobile app that aims to be the Google Maps of indoor spaces; and Answers.com, a Web site that combines established reference resources and crowdsourcing to create a comprehensive information database.

Some crowdsourcing developers say if you can create an application that meets a common need and gives people a real stake for getting involved, then it can go a long way toward growing your product's popularity. It's a shared pain of being frustrated by traffic jams and the like, but our goal is to resolve that pain and to minimize the wait during commutes." Greenfield says that while larger crowds are obviously better for an application such as TrafficTalk, the application can be relatively successful even if only two people who trust each other are using it. TrafficTalk founder Larry Greenfield, whose product is still currently in its alpha testing phase, says that he has found fertile crowdsourcing ground in the form of frustrated commuters during tests he has run of his software. "For us, crowdsourcing has to create a sense of community among our users," he says. "There has to be something that binds people together. After all, he notes, if one friend who shares a commute route with another friend can notify that friend of a traffic accident using TrafficTalk, the application will have served its purpose. Demo's biggest stars of all time Answers.com, on the other hand, is a Web site that really does require massive participation if it is to meet its lofty goal of becoming a central hub for people seeking answers to their queries.

Even so, he says the application needs around a dozen or so people to really reach its potential. Right now, the Web site lets users ask questions whose answers are partially provided by information culled from licensed professional encyclopedias and dictionaries and partially provided by user-generated Wiki-style content. This past August, for instance, Answers.com got around 45 million unique visitors. "Crowdsourcing for us really starts to work when you get to a certain scale," he explains. "Right now we get 45,000 new questions asked each day and then about one third of those are answered every day. Answers Corp. founder and CEO Robert Rosenschein says that as the Wiki portion of the Web site has grown over the past year, participation has snowballed to the point where the company doesn't have to work as hard to promote itself. Those answers are the most valuable thing we have even though some are more detailed and some less so… When you start to get that sort of scale it just sort of happens.

As Rosenschein acknowledges, crowdsourced answers are far more likely to contain factual errors than are answers taken from professional sources. The more new questions you get, the more new answers you get." Of course, the paradox of success is that the more popular your crowdsourcing site is, the more likely it will become the target of vandals. This is why, he says, it's so important to foster a tight community that takes pride in keeping the site accurate and will work quickly to clean up any vandalism. Because the service uses its online community to research the validity of patent claims – a time-consuming task if there ever was one – it pays money to users who are the first to come up with a correct solution to whether a patent is valid or not. For AOP Patent Studies, developing a sense of community is also important, but it's not the only incentive it uses to push its users toward greater accuracy.

It basically works like this: a company comes to AOP Patent Studies and pays them to look into a patent claim. The first two people to get results get paid a portion of the money. The Web site then throws the case to its online community for research. Still, Article One Partners CEO Cheryl Milone thinks that monetary incentive can't help your crowdsourcing site if you don't first develop a strong sense of cooperation among users. "There really has to be a sense of camaraderie and loyalty," she says. "Whether people are brought to the site because they know a lot about a particular technology or because they feel strongly that the patent system needs to be strengthened, it's the feedback they get from the community that keeps them coming back and is in itself compensation for their efforts."

Microsoft still does not acknowledge a weakness in its Internet Explorer browser that was pointed out seven weeks ago and enables attackers to hijack what are supposed to be secure Web sessions. If Microsoft doesn't fix the problem, Apple can't fix it on its own, Apple says. The company says it is still evaluating whether the weakness exists, but Apple, which bases its Safari for Windows browser on Microsoft code, says Safari for Windows has the weakness and the Microsoft code is the reason.

Apple has fixed the problem for Safari for Macs. Once our investigation is complete, we will take appropriate action to help protect customers," a Microsoft spokesperson said via e-mail. "We will not have any more to share at this time." The weakness can be exploited by man-in-the-middle attackers who trick the browser into making SSL sessions with malicious servers rather than the legitimate servers users intend to connect to. Black Hat's most notorious incidents: a quiz "Microsoft is currently investigating a possible vulnerability in Microsoft Windows. Current versions of Safari for Mac, Firefox and Opera address the problem, which is linked to how browsers read the x.509 certificates that are used to authenticate machines involved in setting up SSL/TLS sessions. The attacks involve getting certificate authorities to sign certificates for domain names assigned to legitimate domain-name holders and making vulnerable browsers interpret the certificates as being authorized for different domain-name holders.

In July two separate talks presented by researchers Dan Kaminski and Moxie Marlinspike at the Black Hat Conference warned about how the vulnerability could be exploited by using what they call null-prefix attacks. For instance, someone might register www.hacker.com. In that case, the authority would sign a certificate for bestbank.hacker.com, ignoring the sub-domain bestbank and signing based on the root domain hacker.com, Marlinspike says. In many x.509 implementations the certificate authority will sign certificates for any request from the hacker.com root domain, regardless of any sub-domain prefixes that might be appended. At the same time, browsers with the flaw he describes read x.509 certificates until they reach a null character, such as 0. If such a browser reads bestbank.com\0hacker.com, it would stop reading at the 0 and interpret the certificate as authenticating the root domain bestbank.com, the researcher says. An attacker could exploit the weakness by setting up a man-in-the-middle attack and intercepting requests from vulnerable browsers to set up SSL connections.

Browsers without the flaw correctly identify the root domain and sign or don't sign based on it. If the attacking server picks off a request to bestbank.com, it could respond with an authenticated x.509 certificate from bestbank.com\0hacker.com. The user who has requested a session with bestbank would naturally assume the connection established was to bestbank. The vulnerable browser would interpret the certificate as being authorized for bestbank.com and set up a secure session with the attacking server. Once the link is made, the malicious server can ask for passwords and user identifications that the attackers can exploit to break into users' bestbank accounts and manipulate funds, for example, Marlinspike says. These certificates use an asterisk as the sub-domain followed by a null character followed by a registered root domain.

In some cases attackers can create what Marlinspike calls wildcard certificates that will authenticate any domain name. A vulnerable browser that initiated an SSL session with bestbank.com would interpret a certificate marked *\0hacker.com as coming from bestbank.com because it would automatically accept the * as legitimate for any root domain. Such a wildcard will match any domain, he says. This is due to "an idiosyncrasy in the way Network Security Services (NSS) matches wildcards," Marlinspike says in a paper detailing the attack. The differences between what users see on their screens when they hit the site they are aiming for and when they hit an attacker's mock site can be subtle.

A Microsoft spokesperson says Internet Explorer 8 highlights domains to make them more visually obvious, printed in black while the rest of the URL is gray. "Internet Explorer 8's improved address bar helps users more easily ensure that they provide personal information only to sites they trust," a Microsoft spokesperson said in an e-mail. The URLs in the browser would reveal that the wrong site has been reached, but many users don't check for that, Marlinspike says. Marlinspike says the null character vulnerability is not limited to browsers. "[P]lenty of non-Web browsers are also vulnerable. Outlook, for example, uses SSL to protect your login/password when communicating over SMTP and POP3/IMAP. There are probably countless other Windows-based SSL VPNs, chat clients, etc. that are all vulnerable as well" he said in an e-mail.

MediaTek has started shipping a new generation of its widely used mobile phone chips with support for an application download store that will first target China's masses of mobile subscribers, the store developer said Tuesday. The download store, now available only with the new MediaTek chips, is planned to launch outside China later as well, said Luo Tianbo, vice president of business development at Vogins, the middleware vendor that developed the platform. Chips from Taiwan-based MediaTek already power most mobile phones in China.

Handset makers, mobile carriers and other companies have announced plans for similar download stores as a way to lure users and boost revenue. The MediaTek download platform will compete for phone buyers' attention with Apple's App Store and the three mobile carriers' stores. Apple's App Store may launch in China when the iPhone formally goes on sale in the country this year, and China's three mobile carriers are all developing download stores. While the App Store may face regulatory obstacles and China Mobile's store, launched last month, has yet to take off, phones that support the MediaTek store could pour quickly into the hands of Chinese users. The MediaTek store will not "absolutely" compete against the download stores from China's carriers, said Luo.

China has a huge market for mobile phones and services with over 700 million mobile subscribers, and MediaTek holds over a 50 percent share of China's handset chip market, according to BNP Paribas. MediaTek is in talks with China Mobile, China Unicom and China Telecom about altering the Vogins platform to support their stores as well, he said. The Vogins store currently has about 100 free or paid applications made by third-party developers, mostly games but also including other content such as e-books, he said. MediaTek began including support for the application download platform in its chipset packages for mobile phone manufacturers last month, and handsets that support it will go on sale in China around November, Luo said. Vogins, which is majority-held by MediaTek, aims to reach at least 400 to 500 applications by the end of next year.

The application store can be accessed from a software platform MediaTek modified from the Nucleus kernel, said Luo. One hugely popular program it may soon offer is a client for the QQ chat service, owned by Chinese portal Tencent, said Luo. Nucleus is a real-time operating system designed by Mentor Graphics for use mainly on embedded devices. A further boost for the store in China could come from its stock of local applications, JP Morgan said. "We think MediaTek is in a strong position to build a far bigger set of China-specific applications than any other vendor," the note said. The retail price for handsets that support the MediaTek store could reach as low as US$100, partly because the company is using its own OS, JP Morgan predicted in a recent research note.

MediaTek did not immediately reply to a request for comment.

CIOs are giving satellite communications a second look, as providers deliver faster, more affordable services and as more government agencies and large corporations focus on keeping networks up and running.

Slideshow: Top 10 cool satellite projects

One sign of this trend: The U.S. government has announced a joint military/civilian agency purchase for commercial satellite communications services worth an estimated $5 billion over 10 years. The feds plan to request bids from satellite communications providers next year and to award contracts in 2011.

Related story: Feds to spend $5B on satellite services

"We see the need for commercial satcom service to continue and to increase over the next couple of years," says Kevin Gallo, program manager for satcom services at the U.S. General Services Administration.

The U.S. government is interested in commercial satellite services for traditional uses - emergency response, remote locations, video broadcast and distance learning - as well as the emerging area of continuity of operations (COOP).

"We think every organization should consider using satcom for their COOP needs," Gallo says, pointing out that satellite offers excellent redundancy for terrestrial networks and can be used for voice and data. "Satellite-provided backup can really be cost-effective insurance for when your terrestrial network goes down. It's available at a low cost, and you can surge when you need it."

Among the companies that are buying satellite services to back up terrestrial networks are Republic National Distributing Co. (RNDC), a wine and liquor distributor, and Roundtree Automotive, an Alabama car dealership.

Companies with remote locations such as BP, ConocoPhillips and other gas station chains have traditionally used satellite communications for low-bandwidth applications such as credit card authorizations and inventory updates. But as the satellite capacity over the United States increases, more enterprises are considering satellite for broadband and mobile applications.

"There's always been demand for higher bandwidth satellite solutions from enterprises… The problem has been the supply," says Christopher Baugh, president of NSR, a market research firm specializing in satellite and wireless services.

Baugh says that the newest satellites from Hughes, ViaSat and WildBlue will change how CIOs view satellite services for broadband applications, particularly COOP.

COOP is "a no-brainer for a lot of enterprises that need 100% or near 100% uptime," Baugh says. "This has been talked about since 2005, after Hurricane Katrina. That's when disaster recovery and business continuity propelled itself to the forefront."

The new economics of Satcom

Enterprises are interested in satellite communications because it has gotten faster, less expensive and more reliable over the last five years.

"The cost of satellite service has come way down, and it will continue to come down," says Lisa Scalpone, senior vice president for business development at WildBlue, a residential satellite broadband service that is available to enterprise customers through resellers. "The newest satellites offer 10 times the capacity of older models but at the same cost."

For example, WildBlue provides a Ka-band satellite service with 1.5 megabit/sec download and 256 kilobit/sec upload for less than $80 a month. WildBlue has been selling its broadband satellite service to residential customers for four years, and it has attracted 400,000 customers.

Although WildBlue doesn't offer COOP services to enterprises directly, the company says it has excellent growth potential.

"Satellite is such a tremendous resource for continuity of operations because you cannot take out the core infrastructure. The satellite is 22,000 miles in space. Even if you have a terrorist attack or a massive fire, you have a satellite in the sky that can't be taken out," Scalpone says. "Even if the end user site is destroyed, you can simply bring in a managed gateway. All you need is a power supply. You can run it on battery."

Internet Technology Solutions (ITS), a WildBlue reseller in Centennial, Colo., is pitching T-1 backup services to telecom, energy and utilities companies for less than $2,000 a year.

"These companies have two things in common: they have to have connectivity 24-by-7, and they are in underserved areas," says Randy Thompson, president of ITS. "Right now, satellite is not competitive with cable modem. But it's very, very inexpensive compared to what it used to be. It's a very inexpensive security blanket for backup applications."

Next-generation satellites due for launch in the next two years will be an even better fit for COOP.

The ViaSat-1 satellite, due for launch in the first half of 2011, will have another 10 times the capacity of today's Ka-band satellites for the same cost. ViaSat calls this satellite a third-generation satellite, following in the footsteps of Ku- and C-band satellites and Ka-band satellites.

"These third-generation satellites don't cost that much more to design, build and launch than the second or the first but they have 10 times the capacity of the second and 100 times the capacity of the first," says Kristi Jaska, vice president of strategy and marketing for commercial satellite networks at ViaSat. "They become much more cost-competitive with other technologies."

Jaska says ViaSat's new satellite will provide up to 20 megabits/sec download speeds for enterprise customers.

"Right now companies are using DSL or EVDO to backup T-1s," Jaska says. "The third-generation satellites bring us squarely into the mix of being a better choice than DSL for backup."

The latest satellites eliminate the problem of latency, too, by adding application acceleration and WAN optimization features. ViaSat, for example, offers application acceleration that's built into its satellite ground equipment.

DISA promotes satellite backup

One organization that's embracing satellite communications for network redundancy is the Defense Information Systems Agency (DISA).

Bruce Bennett, DISA's director and procurement executive officer for satellite communications, teleports and services, says the newest communications satellites offer more capacity and more of them are being launched at a time, bringing down the cost for broadband service.

"This new generation of satellite communications is going to have a significant amount of bandwidth and is very economical," Bennett says. "It will be a third of the cost you see today, and you can buy it on the spot. You can get guaranteed, variable or best-effort kind of bandwidth so it becomes very economical to have everything backed up."

In the United States, DISA is looking at a satellite/wireless combination that would serve as a backup to its terrestrial networks

"We're also doing a lot of work in the area of using satellite as a front end for major wireless nodes so that we don't have to hook up to the terrestrial infrastructure," Bennett says. "We're going to use broadband from small VSAT terminals and then feed that into WiMAX or LTE for backup."

DISA encourages other enterprises to consider satcom to improve network diversity and reliability.

"People tend to only think about … adding more fiber and adding more routers. They don't think about adding different layers of transport. Instead of more terrestrial, they could have satellite or wireless," Bennett says.

Hughes Network Systems has been promoting business continuity applications for broadband satellite since 2005, after Hurricane Katrina wiped out New Orleans and surrounding areas.

"After 9/11, federal agencies started to recognize the need for redundant communications, and where all of them went was down the path of awarding contracts to two terrestrial carriers," says Tony Bardo, assistant vice president for government solutions at Hughes. "What Katrina taught us is that nothing could be further from the truth. Those terrestrial lines came to a screeching halt…The only thing that worked was satellite."

Bardo says it's been easier to pitch back-up satellite services since spring 2008, when Hughes started selling services from its newest satellite dubbed SPACEWAY 3. That's because the SPACEWAY 3 services are a better fit for backing up MPLS networks, which feature differentiated classes of service.

"Our story is better. It's one of speed, and it's a lot less expensive," Bardo says. "Now these services have the ability to match up well with terrestrial services in most parts of the country."

Hughes offers a part-time broadband service that companies can buy for less than $150 a month. This service is like an insurance plan that companies can call up if they suffer a natural disaster or a fiber cut that eliminates their Internet access.

"If you have terrestrial communications, you do have single points of failure, and it's often in that last mile," Bardo says. "Even if you're buying from two carriers, you're not as diverse as you think you are. Our service is really insurance… The key attribute of satellite is that it's going to get you a long ways away from the disaster."

Microsoft Corp.'s July announcement that it would change IE8's installation process was sparked by a complaint filed with U.S. antitrust officials, the company said.

In one of the regular status reports filed with U.S. District Court Judge Colleen Kollar-Kotelly, Microsoft, the Department of Justice and state antitrust watchdogs said that Microsoft's modifications to IE8 emanated from a May complaint.

"May of 2009, the State Plaintiffs and the [Technical Committee] received a complaint, and observed published reports, regarding how the most recent version of Internet Explorer ('IE'), IE 8, was being installed on PCs running Windows XP and Vista," according to the report to Kollar-Kotelly, who oversees Microsoft's compliance with a 2002 antitrust settlement the company struck with federal and state antitrust agencies.

The report didn't name the companies or groups that complained, but in early May, both Opera Software and Mozilla Corp., makers of the Opera and Firefox browsers respectively, had carped about how Microsoft offered IE8 to customers running the older IE6 and IE7 editions.

Opera and Mozilla accused Microsoft of hijacking users' default browser settings when it pushed the IE8 upgrade via Windows Update. In May, Microsoft defended the practice, saying that, "users continue to have complete control over IE8 settings and behavior throughout the first-run experience and ongoing use."

Last month, however, Microsoft reversed itself and said it would alter the IE8 installation process so that its browser did not replace a PC's default browser when a user selects the already-checked "Use express settings" option in the setup screen.

Computerworld and analysts linked the move to continued pressure by EU antitrust officials. Today, however, it was clear that the decision had been prompted, at least in part, by filings with U.S. regulators.

"We got feedback from a variety of people and groups that indicated we needed to make the [IE8 installation] procedure simpler and clearer," Microsoft spokesman Kevin Kutz said today when asked if the Opera and Mozilla complaints in May had driven the change.

Opera spokesman Thomas Ford said he knew of no complaint his company had filed in the U.S, while Opera Chief Technology Officer Hakon Wium Lie added that his company has not been in contact with U.S. antitrust officials.

Mozilla did not immediately reply to a request for comment.

In the status report delivered to Kollar-Kotelly last Friday - a prerequisite for an Aug. 13 status conference - Microsoft agreed to the IE8 installation changes and said it would make the modifications as of tomorrow to Windows XP and Vista. The changes would also be delivered to users who later this year install IE8 on Windows 7 or upgrade PCs to the new operating system.

Last month, Microsoft said it would not re-release IE8 to modify the browser's setup process, but instead would "use dynamic updates in order to deliver this change." Then, it scheduled those updates to occur around the middle of this month.

When the change is put into place, users who select "Use express settings," which is the first of the two setup choices, will next see a frame asking, "Do you want to make Internet Explorer your default browser?" Previously, that dialog box only showed up when users picked the "Choose custom settings" option during IE8 setup.

Tuesday is also Microsoft's monthly security patch day. Last Thursday, it warned customers that it was planning to issue nine vulnerability updates, five of them critical, to address eight problems in Windows and another in Office Web Components.

This wasn't the first concession on IE8 that Microsoft's made to regulators. Late last month, the company announced it would add a "ballot screen" to EU customers, letting them choose from at least five browsers, including IE8, Firefox, Opera, Apple's Safari and Google's Chrome, when they first boot a new PC.

Two of China's most popular technology news Web sites went offline Tuesday after carrying news reports that linked the son of China's president to a corrupt African deal.

The technology news sections disappeared for several hours from major Chinese portals Sina.com.cn and NetEase.com early Tuesday afternoon, when they started redirecting viewers to general news pages. Both tech sections had carried reports on a state-owned company accused of bribing Namibian officials in the last day, but those reports were missing when the Web pages reappeared.

The suspensions appeared to be a government penalty against the companies for reporting on a sensitive political issue.

"I'm impressed by the bravery of Sina and Netease in attempting to report this at all," said Rebecca MacKinnon, a Hong Kong-based expert on the Internet in China, in an online message.

Information on top leaders' children has always been off-limits in Chinese media, though the Internet has made it more difficult to control discussions on such topics, MacKinnon said.

Chinese police heavily patrol the Internet, and Internet companies run rigorous screening to prevent sensitive information from appearing on user forums or in search results on their sites. Companies can be punished if that process fails to catch certain political or pornographic content.

"This is not particularly surprising or different from long-standing censorship patterns," MacKinnon said.

A story posted on the NetEase tech page the night before its suspension cited English broadcaster BBC as saying that Nuctech, a Chinese company, was suspected of bribery in a deal to provide scanners for airports and ports in Namibia. The BBC report had said Namibian authorities wanted to question Hu Haifeng, the former company president and son of Chinese president Hu Jintao, but did not suspect him in the case.

The NetEase story did not mention Hu, but said Namibia wanted to question "relevant" Nuctech executives.

Sina's tech page carried a similar article the next morning, hours before the sites went down. After the tech sections returned to the portals, visiting the URLs of the scandal reports returned messages that they could not be found or had been deleted.

An employee who answered the phone at NetEase Tuesday said its tech section was down for tests. Sina did not respond to a request for comment.

Nuctech's parent company, Tsinghua Holdings, controls a range of other technology companies including Chinese PC maker Tsinghua Tongfang.

Red Hat has launched a new partner program to make sure its enterprise Linux and JBoss software are core components of a cloud-computing infrastructure, and to guarantee that Red Hat-based applications will run reliably and safely in the cloud.

The new Premier Cloud Provider Certification and Partner Program unveiled this week certifies cloud-computing providers to offer applications and infrastructure based on Red Hat software, including Red Hat Enterprise Linux (RHEL) and JBoss Java middleware, according to Red Hat.

Amazon Web Services, which already has a technology partnership to run RHEL as part of its Elastic Compute Cloud (EC2) offering, has signed on to become the first Red Hat Premier Cloud Provider Partner.

Red Hat considered the various constituencies interested in cloud computing - end-users and independent software vendors among them - and decided to set up a new program to work with cloud-computing providers to serve them all, said Mike Evans, vice president of corporate development at Red Hat.

Different Red Hat customers have different interests and needs when it comes to the cloud, he said. Enterprise customers want to know that their applications that run on Red Hat in their own data centers will run safely and reliably in the cloud, while ISVs want to ensure that the applications they've built can be extended to the cloud without too much hassle, Evans said. Red Hat believes that it serves both by ensuring that companies providing cloud-computing infrastructure can handle the technical and logistical complexities of transferring Red Hat-based applications to the cloud, Evans said.

Although Red Hat unveiled the new program this week, it won't reveal the specific requirements of the program until August, when it also will reveal other partners, he added.

Through the program, Red Hat will work with cloud-computing infrastructure providers to technically enable customers to move RHEL and JBoss subscriptions from their in-house environments to the cloud, Evans said. The company also will help technically enable by-the-hour, pay-as-you-go versions of RHEL and JBoss, and provide joint technical support with the cloud-computing provider. Red Hat wants to ensure customers will get the same level of support from Red Hat after moving applications to the cloud that they do before the move, Evans said. Red Hat also will plan coordinated marketing and sales efforts with its Premier Cloud Provider Partners, he added.

Currently, there are a handful of large companies in the cloud-computing market - Google, Rackspace, Verizon, IBM, Salesforce.com and Microsoft among them - but he anticipates there eventually will be 50 to 100 cloud-computing providers when all is said and done.

"I call this the 'goat-herding' phase of cloud computing," he said. "It's the wild West right now. We're trying to bring some sanity and safety [to the market] and give customers more options."

The list of cloud-computing providers is still being decided, so the move for businesses to take their applications to the cloud is still in the early stages of adoption. While the recession has slowed the move to cloud computing, analysts expect the market for cloud-based IT services will continue to grow. Research firm IDC predicts that spending on cloud-based IT services will reach US$42 billion by 2012 and account for 25 percent of IT spending growth that year.

Believing a supercomputer would help create jobs, New Mexico paid for and built a massive supercomputer named Encanto to spur economic development.

In the fall of 2007, at its birth, New Mexico's supercomputer was ranked No. 3 in the world. It's now ranked No. 12 and when the latest Top500 ranking comes this month, it may fall some more.

As with most supercomputers, fame is fleeting, and so now is patience of the government that funded Encanto.

A state Legislative Finance Committee report released last month was skeptical about the $36 million project's future. The report pointedly said the group that runs the project was a worry. "[New Mexico Computing Application Center's] ability to continue as a going concern is in question."

It's too early to know if New Mexico's experiment will spur high-tech economic growth, which is the ultimate goal of the system. But when New Mexico decided on this approach, it aimed big. Encanto has 14,500 Intel Xeon processors running on a Silicon Graphics Inc. system.

SGI was recently sold at a fire sale price of $25 million to Rackable Systems Inc., another source of legislative ire. But what hasn't changed is center's access to the engineering talent at Los Alamos and Sandia national laboratories, as well as several universities.

The state would like this system, which became fully operational in January 2008, to earn some $59 million over a six year state commitment, as well as cover the initial investment by renting out cycles, grants and other sources. It is projected to only make $2 million in the next fiscal year beginning July 1.

Reaching the larger goal "is going to be a challenge," said Tom Bowles, the science advisor to Governor Bill Richardson and chair of the board of directors of NMCAC.

Part of the problem has been political. It wasn't until this week that the center received all the legal approvals to operate as an independent entity to get the freedom it needed to enter into contracts. But it recently announced a deal with a state-based firm, Cerelink Digital Media Group, for digital media work and is expected to create 160 jobs in three years.

Bowles said other projects are in the pipeline, including grants and federal stimulus funds tied to smart grid development. He believes the state's real competitive advantage is its access to the national labs for development help. "If it was just a computer, we wouldn't be any different from any other system in the country," he said.

New Mexico is part of small movement of states to attempt to democratize high performance computing capabilities, and improve the ability of smaller companies to use faster design and testing processes to compete against nations that rely on low wages to manufacture goods.

It's difficult to create a state sponsored computing model that is "cash-in and cash-out," or pay for itself, Stacey Simmons, associate director of economic development at Louisiana's State Universities Center for Computation & Technology. The goal of the center is build the talent pool of people who can work with in high performance environments. Success is "reaching a level of expertise of how many people can use the resources and use meaningfully."

Louisiana wants to build a talent base of people who can work in large parallel environments, said Stacey Simmons, associate director of economic development at Louisiana's State Universities Center for Computation & Technology. Success is "reaching a level of expertise of how many people can use the resources and use meaningfully."

Louisiana's focus on HPC prompted Electronic Arts Inc., a Redwood City, Calif.-based developer of computer games and other interactive entertainment software, to announce last August a plan to create a test center in Baton Rouge that will eventually have 200 employees.

Despite the initial challenges, Bowles said he is talking to genomic and medical research firms and others about New Mexico's system. He believes that there is "growing awareness of the role supercomputing plays in economic development," and its range of applications is expanding.

Oracle is planning to finally release its long-simmering Fusion Middleware 11g portfolio during a July 1 launch event in Washington, D.C.

Company President Charles Phillips and Senior Vice President Thomas Kurian will deliver keynotes, and sessions are scheduled for WebCenter Suite 11g, the company's portal platform; Identity Management 11g and SOA Suite 11g. Oracle is also planning to discuss WebLogic Suite 11g, its application server, as well as its application grid technology.

Oracle discussed Fusion Middleware 11g at its OpenWorld conference in November 2007 and since then released a number of developer previews, but the suite's general availability date has been in question as Oracle worked over the past year to integrate the array of middleware technologies it acquired by buying BEA Systems.

The July 1 event may shed light on how Oracle plans to reconcile overlaps between its middleware portfolio and software it would acquire if it successfully completes its pending deal to purchase Sun Microsystems. Sun has an application server, GlassFish, as well as identity management software.

Still to come, though, is an announcement of another anticipated product, Oracle Database 11g Release 2. During a recent conference call, Phillips said 11g R2 should be released in the first quarter of Oracle's fiscal year, which started in June.

Meanwhile, Oracle middleware users reacted quickly to the launch event news Wednesday.

"For those of us that inhabit the Oracle ecosystem, the Fusion Middleware 11g release is an enormous shifting tectonic plate," said Jason Jones, who works for an Oracle systems integrator, in a blog post.

Jones is eagerly anticipating the release, but added that it poses a certain challenge: "As exciting as all the new shiny toys are, at what point do we put our relationships with our clients on the line by recommending 11g over 10.1.X? Such is the life of an Oracle SI."