Like EMC HP pushes around smaller rival in bidding war

Like EMC HP pushes around smaller rival in bidding war

The HP/Dell bidding war over storage vendor 3Par is shaping up to be a repeat of last year’s high-profile battle between EMC and NetApp.

In May 2009 NetApp triumphantly announced a $1.5 billion deal to purchase Data Domain, but was quickly outbid by EMC. Although NetApp raised its bid to $1.9 billion, EMC eventually won the seven-week bidding war with a $2.1 billion offer that provided a key victory over its smaller rival.
Xerox Global Services helps global IT company reduce document costs by 30%: Download now

Tech M&A deals of 2010

Fast forward to August 2010, and HP has offered $1.6 billion to purchase 3Par, topping Dell’s bid of $1.15 billion. If the HP/Dell contest follows the same pattern, Dell will soon raise the bid closer to $2 billion. (See also: Five technology bidding wars preceding EMC vs. NetApp.)

“The strategic value of 3Par to Dell is such that it wouldn’t surprise me to see Dell come back with a counteroffer,” says Pund-IT analyst Charles King. “3Par is going to go to whichever company has the stomach to stick with the bidding.”

Like EMC, HP is trying to push around a smaller competitor. HP reported more than $30 billion of revenue in the most recent quarter, compared to $15.5 billion for Dell. But while the HP/Dell situation is similar to the EMC/NetApp bidding war of 2009, there are some key differences.

At the time of the Data Domain bidding war, EMC reportedly had $7 billion in cash reserves, compared to $2.7 billion for NetApp. According to YCharts, HP has $14.17 billion cash on hand, compared to Dell’s $10.88 billion Microsoft MCTS Training.

While HP clearly has more money to spare in the contest for 3Par, Dell has a much larger cushion than NetApp did when it was pursuing Data Domain.

HP is also in a precarious position with shareholders, partly due to CEO Mark Hurd being forced out of the company in the wake of sexual harassment accusations.

“If HP pushes this too far, they’re going to have to come up with some very solid justification,” King says. “3Par is a highly innovative company, but this is still a fairly young market. The payoff is further down the road than a deal for a well-known entity like, say, NetApp would be.”

But even if one assumes that Dell is in a better position vs. HP than NetApp was vs. EMC, there is still at least one other consideration: 3Par isn’t the only option for either HP or Dell.

EMC and NetApp seemed to believe that Data Domain was far and away the best option in the data de-duplication market. 3Par is attractive to HP and Dell because of its thin provisioning and virtualized storage technology. But there are other vendors offering cloud-centric, highly virtualized storage systems (Isilon and Compellent are two examples).

Thus, if either HP or Dell believes the price for 3Par is too high, they may be less gung ho than EMC and NetApp were over Data Domain because they have other options Microsoft MCITP Certification.

“There are other companies in this space,” King says. “3Par wasn’t alone.”

Registry operator Afilias embraces DNS security

Registry operator Afilias embraces DNS security
which operates .info and more than a dozen other Web site extensions, will announce on Monday plans to deploy an emerging standard known as DNSSEC that adds a layer of encryption to the Internet’s Domain Name System.

Will security worries propel DNS into the cloud?
Osterman Research : Minimizing the Pain of eDiscovery with a Proactive Strategy: Download now

Afilias will deploy DNS Security Extensions (DNSSEC) on 13 of the domains it operates — including .info, India’s .in and the Hong Kong-based .asia — by the end of the year. DNSSEC prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

“Afilias supports more different top-level domains across the Internet than any other provider,” says Roland LaPlante, senior vice president and chief marketing officer for Afilias.”When we start making a move and start expanding the use of DNSSEC, it really makes quite a big difference on the Internet.”

The Internet’s root servers began supporting DNSSEC on July 15.

Since then, 26 top-level domains — including .org for non-profits and .edu for universities — have begun digitally signing DNS look-ups with DNSSEC.

“Afilias supporting DNSSEC is a pretty big increase in the number of top-level domains that support DNSSEC,” LaPlante adds.
In order to be effective, DNSSEC must be deployed across the entire Internet infrastructure, from the root servers at the top of the DNS hierarchy to the servers that run .com and .net and other top-level domains, and then down to the servers that cache content for individual Web sites.

Once it is fully deployed, DNSSEC will prevent cache poisoning attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or user knowing. Cache poisoning attacks are the result of a serious flaw in the DNS that was disclosed by security researcher Dan Kaminsky in 2008.

Afilias says it will support DNSSEC for the .info domain, which has 6.5 million registered names, in September, followed by .in and .asia in early October.

Next, Afilias will roll out DNSSEC for the following domains before the end of the year: Mongolia’s .mn; Seychelles’ .sc; Honduras’ .hn; Belize’s .bz ; Antigua and Barbuda’s .ag; St. Lucia’s .lc ; St. Vincent and the Grenadines’ .vc ; Gibralter’s .gi; and Montenegro’s .me. Afilias also will support DNSSEC for .aero, a Web site name extension restricted to the aviation industry.

Afilias already helped the Public Interest Registry add DNSSEC support to .org.

“We learned a lot from the .org DNSSEC deployment experience,” says Ram Mohan, executive vice president and CTO for Afilias. “When you digitally sign a zone, the size of the zone increases. The size and type of queries that you get increase quite a bit. There are all sorts of infrastructure changes that you have to accommodate on the back end, but the end user doesn’t really see that much of a change.”

Afilias says it has spent several million dollars upgrading its DNS software — it runs both the BIND and NSD open source offerings — as well as adding server capacity to support DNSSEC.

“It’s been a multi-million dollar effort on our part,” Mohan says. “If you look at the DNSSEC deployment since 2006-2007, all of the DNS infrastructure upgrades, the software, the energy and the time, and you add them all up, it’s many millions of dollars…I think we’re going to recoup that cost in attracting customers who want to have a dot-info name that is signed.”
Three ways to Prevent USB Insecurity in Your Enterprise Microsoft MCTS Training:

Afilias also is touting its DNSSEC experience as it markets itself to be the back-end registry operator for hundreds of new top-level domains such as .nyc for New York City and .ibm for IBM Corp. that the Internet Corporation for Assigned Names and Numbers, a policymaking body that oversees the Internet’s DNS, plans to support next year.

“For the next round of new top-level domains, ICANN is requiring all registries to be DNSSEC signed from the start,” Mohan says. “When we talk to corporations about bringing up a new top-level domain, one of the things that has them liking us over others is that we have four to five years of design, deployment and practical experience doing DNSSEC.”

The Afilias announcement is another indicator that DNSSEC is gathering momentum across the Internet now that the root zone is signed.

The U.S. federal government is migrating all .gov Web sites to support DNSSEC, and that effort got a boost in early August when popular content delivery network provider Akamai announced that it was supporting the standard.

Another significant milestone for DNSSEC will occur in December, when VeriSign supports DNSSEC in .net. But the biggest boon for DNSSEC will occur next March, when VeriSign adds this extra layer of protection to the more than 80 million registered .com names.

One potential stumbling block for DNSSEC deployment is that some domain name registrars are lagging in their support of the security standard. Among the U.S. registrars that are leading the charge towards DNSSEC are GoDaddy, Dyn Inc. and NamesBeyond.

In a recent survey of domain name registrars, Afilias found that while 80% believed that DNSSEC was a good idea, only 69% had plans to offer DNSSEC services in 2011 or beyond. Registrars said they were waiting for their customers to demand the service, with 29% saying that a lack of user demand was their top concern regarding DNSSEC deployment.

“Cost does not seem to be much of a factor for registrars,” Mohan says. “They want enough time to roll DNSSEC out in a prepared and managed way, and they seem to want it to be market driven. They want to hear their big customers demand it.”

Despite these issues, Afilias is urging CIOs and other IT executives to prepare to deploy DNSSEC on the Web sites that they operate.

DNSSEC “is the single largest security upgrade of the core DNS, of the core of the Internet, ever,” Mohan says. “It’s happening right now at the network level, but in a short time, it will come up at your MIS level, and you have to be ready for it Microsoft MCITP Certification.”

Read more about security in Network World’s Security section.

Microsoft Issues New Windows Security Advisories

Microsoft Issues New Windows Security Advisories
Microsoft issued even more details about Windows security concerns, even after releasing its August security update on Tuesday.

Late yesterday, Microsoft MCTS Training announced two security advisories. One is new, while the other updates a previously issued advisory. Meanwhile, IT pros already are tying to cope with this month’s massive security update.

The updated advisory simply states that Microsoft has concluded its investigation into a security advisory issued in February. That problem concerns the Transport Layer Security and Secure Sockets Layer (TLS/SSL) protocols in general, and the Windows Secure Channel security package in particular.

The issue was addressed with critical security bulletin MS10-049  in Microsoft’s August patch. It’s designed address the flaw in Windows Server 2008, Windows 7 and 12 other supported versions of the Windows OS, including XP and Vista.

Left unpatched, the Windows Secure Channel vulnerability could allow attackers the ability to perform “man-in-the-middle” attacks via TLS/SSL connections. The problem is of general concern, and Microsoft’s issuance of a fix suggests that broad industry engagement occurred, according to Jason Miller, data and security team manager at Shavlik Technologies.

“In recent months, we have heard of Microsoft working with other vendors such as Adobe to address vulnerabilities as a whole and not as a one-company issue,” Miller said. “The release of MS10-049 shows that Microsoft is again working with the industry with vulnerability management.”

Miller added that the fix from Microsoft had long been in the works. The TLS/SSL vulnerability was “not just Microsoft’s problem” as it affected the “IT industry as a whole,” he said.

Windows Service Isolation Flaw
Next up, Microsoft issued a new security advisory on Tuesday concerning a Windows Service Isolation feature that could enable elevation-of-privilege exploits. The operating systems involved include Windows XP, Windows Vista and Windows 7, as well as Windows Server 2003 and Windows Server 2008.

Microsoft said that an attacker could use this feature to elevate processes running on a Windows-based “NetworkService account” to the “LocalSystem account” on a server. It could give the attacker the ability to take control of a system.

At-risk Microsoft products include the Windows telephony application programming interfaces, SQL Server and Internet Information Services (IIS) in Windows Server 2003 and Windows Server 2008.

Because there is no known vulnerability and only a “potential” likelihood of such attacks at this time, Microsoft did not specify whether the issue would warrant further actions, such as the issuance of workarounds or patches. However, in this Knowledge Base article, the software giant describes various access control tools in both IIS and SQL that can restrict entry into the NetworkService account.

No Security Advisory for Clipboard Issue
On Wednesday, Microsoft provided an updated statement on the zero-day Windows kernel-level clipboard vulnerability uncovered last week by independent security researchers. The software giant said it will not release a security advisory for the heap overflow problem affecting all supported Windows versions.

For this issue to be exploited, it has to be an inside job, according to the rationale of the Microsoft security team. Redmond said “an attacker must have valid log-on credentials on the target system and be able to log on locally, or must already have code running on the target system.”

This assessment rules out the prospect that an urgent out-of-band patch will arrive soon. However, Microsoft MCITP Certification promised that the issue would be fixed in a future security update. Microsoft Security Response Center spokesperson Jerry Bryant wrote that Microsoft “will continue monitoring the threat landscape and alert customers if anything changes.”

Microsoft Extends UTD Discount for Windows and Office

Microsoft Extends UTD Discount for Windows and Office
Microsoft has extended its “up-to-date” (UTD) discount upgrade offer for Windows and Office licensees through next month.

The extension of the UTD upgrade offer “through September 30, 2010” was announced on Tuesday by Eric Ligman, global partner experience lead for the Microsoft Worldwide Partner Group. He provided a description of how the UTD offer works in a blog post back in January. At that time, Microsoft had said that the offer would expire in July.

The terms of the deal only apply under Microsoft’s “open value subscription” (OVS) three-year licensing program. Users can upgrade their copies of the Professional editions of Windows or Office to the current Professional editions, and Microsoft grants a half-off discount for the first year of the OVS subscription only. The cost reverts back to the nondiscounted price in years two and three of the OVS subscription.

This nondiscounted price is called the “estimated retail price” by Microsoft. In this case, according to Microsoft’s volume-licensing lingo, “retail” doesn’t mean the box price as found in retail stores. It’s the price set by Microsoft’s partners, who buy Open Value Subscription licenses from Microsoft. Consequently, the estimated retail price can vary, depending on the partner offering it, but it’s typically lower than store box prices.

The UTD discount plan permits upgrades to current Windows and Office Professional editions from releases that are two generations removed. Microsoft MCTS Training uses the math expression, “N-2,” as a shorthand explanation for this concept. The N-2 release for the current Windows 7 product is Windows XP. The N-2 release for the current Office 2010 product is Office 2003.

The older software being upgraded can be based on OEM, retail or volume licenses, but only the Professional editions qualify. In addition, if IT shops have some current releases mixed in, they will have to pay again for those licenses under the OVS program. To qualify under OVS licensing, organizations need to have more than five PCs but less than 250 PCs.

OVS is unlike other open-value licenses in that it does not require the purchase of Software Assurance (SA), according to Paul DeGroot, research vice president at Directions on Microsoft MCITP Certification . SA is a licensing option that lets organizations upgrade to the next version of a product within the SA contract’s time period. OVS costs less “because you never pay for the licenses,” DeGroot said in an e-mail. However, after the three-year subscription period is over, organizations will either have to buy the licenses, renew the OVS or just stop using the software.

OVS allows “true downs” in calculating annual licensing costs. So, licensing costs can go down as the number of PCs running the software declines in an organization. This kind of licensing might prove to be valuable for small companies that downsize the workforce, for instance.

HTML5 raises new security issues

HTML5 raises new security issues
When it comes to new security issues, the security team for the Firefox browser have the new version of the Web HyperText Markup Language, HTML5, foremost on the mind.

“Web apps are becoming incredibly rich with HTML5. The browser is starting to manage full-bore applications and not just Web pages,” said Sid Stamm, who works on Firefox security issues for the Mozilla Foundation. Stamm was speaking at the Usenix Security Symposium, held last week in Washington D.C.
Free trial: V-locity virtual platform disk optimizer: View now

“There is a lot of attack surface we need to think about,” he said.

On the same week Stamm expressed worry over HTML5, developers of the Opera browser were busy fixing a buffer overflow vulnerability that could be exploited using the HTML5 canvas image-rendering feature of Microsoft MCTS Training.

Is it inevitable that the World Wide Web Consortium’s (W3C) new set of standards for rendering Web pages, collectively known as HTML5, come with a whole new bundle of vulnerabilities? At least some security researchers are thinking this is the case.

“HTML5 brings a lot of features and power to the Web. You can do so much more [malicious work] with plain HTML5 and JavaScript now than it was ever possible before,” said security researcher Lavakumar Kuppan.

The W3C is “gearing this entire redesign over the idea that we will start executing applications within the browser, and we’ve proven over the years how secure browsers are,” said Kevin Johnson, a penetration tester with security consulting firm Secure Ideas. “We have to go back to understanding the browser is a malicious environment. We lost site of that.”

Although it is the name of a specification on its own, HTML5 is also often used to describe a collection of loosely interrelated set of standards that, taken together, can be use to build full-fledged web applications. They offer capabilities such as page formatting, offline data storage, image rendition and other aspects. (Though not a W3C spec, JavaScript is also frequently lumped in these standards, so widely used it is in building Web applications).

All this new proposed functionality is beginning to be explored by security researchers.

Earlier this summer, Kuppan and another researcher posted a way to misuse the HTML5 Offline Application Cache. Google Chrome, Safari, Firefox and the beta of the Opera browser have all already implemented this feature, and would be vulnerable to attacks that used this approach, they noted.

The researchers argue that because any Web site can create a cache on the user’s computer, and, in some browsers, do so without that user’s explicit permission, an attacker could set up a fake log-in page to a site such as a social networking or e-commerce site. Such a fake page could then be used to steal the user’s credentials.

Other researchers were divided about the value of this finding.

“It’s an interesting twist but it does not seem to offer network attackers any additional advantage beyond what they can already achieve,” wrote Chris Evans on the Full Disclosure mailing list. Evans is the creator of the Very Secure File Transfer Protocol (vsftp) software Microsoft MCITP Certification.

Dan Kaminsky, chief scientist of the security research firm Recursion Ventures, agreed that this work is a continuation of attacks developed before HTML5. “Browsers don’t just request content, render it, and throw it away. They also store it for later use … Lavakumar is observing that the next-generation caching technologies suffer this same trait,” he said, in an e-mail interview.

Critics agreed that this attack would rely on a site not using Secure Sockets Layer (SSL) to encrypt data between the browser and Web page server, which is commonly practiced. But even if this work did not unearth a new type of vulnerability, it does show that an old vulnerability can be reused in this new environment.

Johnson says that, with HTML5, many of the new features constitute threats on their own, due to how they increase the number of ways an attacker could harness the user’s browser to do harm of some sort.

“For years security has focused on vulnerabilities–buffer overflows, SQL injection attacks. We patch them, we fix them, we monitor them,” Johnson said. But in HTML5’s case, it is often the features themselves “that can be used to attack to us,” he said.

As an example, Johnson points to Google’s Gmail, which is an early user of HTML5’s local storage capabilities. Before HTML5, an attacker may have had to steal cookies off a machine and decode them to get the password for an online e-mail service. Now, the attacker needs only to gain entry into the user’s browser, where Gmail stories a copy of the inbox.

“These feature sets are scary,” he said. “If I can find a flaw in your Web application, and inject HTML5 code, I can modify your site and hide things I don’t want you to see.”

With local storage, an attacker can read data from your browser, or insert other data there without your knowledge. With geolocation, an attacker can determine your location without your knowledge. With the new version of Cascading Style Sheets (CSS), an attacker can control what elements of a CSS-enhanced page you can see. The HTML5 WebSocket supplies a network communication stack to the browser, which could be misused for surreptitious backdoor communications.

This is not to say that the browser makers are oblivious to this issue. Even as they work to add in the support for the new standards, they are looking at ways to prevent their misuse. At the Usenix symposium, Stamm noted some of the techniques that the Firefox team is exploring to mitigate damage that could be done with these new technologies.

For instance, they are working on an alternative plug-in platform, called JetPack, that would keep tighter control of what actions a plug-in could execute. “If we have complete control of the [application programming interface], we’re able to say ‘This add-on is requesting access to Paypal.com, would you allow it?'” Stamm said.

JetPack may also use a declarative security model, in which the plug-in must declare to the browser each action it intends to undertake. The browser then would monitor the plug-in to ensure it stays within these parameters.

Still, whether browser makers can do enough to secure HTML5 remains to be seen, critics contend.
Gaining Network Visibility Into Virtualized Infrastructure: View now

“The enterprise has to start evaluating whether it is worth these features to roll out the new browsers,” Johnson said. “This is one of the few times you may hear ‘You know, maybe [Internet Explorer]6 was better.'”

Surviving And Staying Ahead

Surviving And Staying Ahead
To survive and thrive in today’s brutally competitive business environment, tech firms must find ways to continuously move ahead– and to stay ahead– of their competition. Here’s an insight on the factors that differentiate the best from the rest, and the leaders from the also-rans.

Joe Tiller, a famous football coach, said, “It’s always a chess game, and you’re trying to stay one move ahead of the competition.” Tiller’s words are as applicable to business as they are to football. Today, the Internet and the WWW (World Wide Web) are changing the way business is done, by providing a level playing field for small companies to effectively and efficiently compete with large conglomerates. No longer are cash-laden behemoths safe in their market-lead positions– those could be taken at any time by smart and agile new competitors.

Running an efficient organisation Microsoft MCITP Certification that delivers high-quality products and services at reasonable prices is essential for business success– but it is no longer sufficient to ensure survival. Customer satisfaction; early adoption and effective use of technology; better data collection, analysis and decision-making; automation of business processes, etc, are all essential for survival. However, these are not the key differentiators in today’s global Web economy.

Innovate or perish

Many research firms and industry analysts indicate that the only way for companies to compete is to constantly innovate; avenues for improving the bottom line have been exhausted, and the only way to move forward is to sustain top line growth and increase profits. So CEOs and the top management must change their focus from the operational issues to growth and innovation. According to Rosabeth Kanter, “To stay ahead, you must have your next idea waiting in the wings.”

Some well-known examples of companies that constantly innovate are Dell, which revolutionised the PC market; McDonald’s, which redefined the fast food market; and – of course! – Apple. Consider the barrage of new Apple products in recent years– the iMac, iBook, iCube, and eMac; the iPod and its multiple variants and versions; iTunes, the Mac Book, Mac Pro, Apple TV, the iPhone, and more. With such ceaseless innovation, no wonder other firms are always trying to catch up with Apple, and never quite succeeding! According to Apple CEO Steve Jobs, “Innovation distinguishes between a follower and a leader.” Today, innovation is no longer a luxury; it is the key to survival.

Innovation does not happen automatically; organisations need to foster it, to create an environment that is conducive to innovation. For example, at Google, employees can spend 20 per cent of their time on exploring and developing their own ideas. Some of the best Google applications and products are the result of such projects. Organisations must also prevent innovation stoppers and idea-killers from stamping out the innovative spirit of employees. In his book “The Myths of Innovation”, Scott Berkun defines an innovation stopper as “a person with the power and motivation to kill new ideas.” Idea-killers are those whose response to new ideas are, “We have tried it before” or “We don’t have the time/budget.”

Continuous learning

Continuous learning keeps employees up-to-date with the latest technological developments, and helps them improve their efficiency with newer methods, practices, tools and techniques. In his book,The Fifth Discipline: The Art and Practice of the Learning Organisation , Peter Senge stresses the importance of making an organisation a home of continuous learning, where people continually expand their capacity to achieve the results they truly desire. New ideas, new knowledge and new findings are used to anticipate and to innovate.

Again, organisations need to provide employees with an environment that promotes learning, as well as ample learning opportunities. Well-stocked libraries and computer facilities are a necessity. HRD should study employee profiles to fill the gaps in employee skill-sets, in accordance with the organisation’s long-term strategies. For example, before a switch from UNIX to Windows as the main operating system, employees who are not familiar with Windows need to be trained to ensure a smooth transition.

Continuous evolution

The phrase ‘survival of the fittest’ – one of the fundamental laws of evolution– is true in the case of businesses too. Tech firms that adapt to new environments and evolve are able to survive and thrive even during difficult times. The two aspects of evolution are diversification and strengthening of core competencies.

All organisations have core competencies which they should identify and strengthen. For example, a car manufacturer should find ways to improve the quality of cars, make them safer, more fuel efficient and comfortable, while keeping prices as low as possible.

Diversification can be either horizontal or vertical. In the case of horizontal diversification, the organisation enters areas that are related to its core competency– like acquiring or developing new products that appeal to existing customers. For example, a car manufacturer can diversify into auto accessories. In vertical diversification, the company moves into the business areas of its suppliers. For example, the car manufacturer could diversify into manufacturing steel or tyre- making so that it could produce what’s required for its core business.

Diversification, if done properly, gives entry to new markets, provides new business opportunities, and reduces financial risk. Diversification can be achieved through mergers, acquisitions and by starting new business units. The advantages of the first two strategies are that you get a new product and a set of talented people, while eliminating a potential competitor.

Kaizen– continuous improvement

The Japanese concept of Kaizen, or continuous improvement, is one of the best ways to improve the efficiency and effectiveness of an organisation.

The difference between innovation and improvement is that innovation often involves drastic changes to the existing process, and requires large investments, whereas Kaizen signifies small but continuous improvements– the result of coordinated and continuous efforts by all employees. Improvements could range from the elimination of an unnecessary process to the introduction of a safer working practice.

Such small and minor improvements can have a dramatic impact on the overall performance of a company. Consider the example of AZ Technologies, which conducted touch-typing training for all its employees when they found that 95 percent of employees used computers for at least four hours a day. The productivity improvement was dramatic– many employees were able to save hours, as their typing speed doubled or tripled.

Recruiting and retaining the best…

Employees are the most valuable assets of any organisation. But recruiting and retaining the best minds is not an easy task– it takes a lot of work, coupled with really innovative and creative plans.

Google (the best company to work for, according to Fortune magazine, 2007), offers goodies such as stock options, an informal work environment, free meals, a spa, free on-site medical care, free transportation, hair saloons, gyms, massage parlours, childcare, on-site notaries, car services, and more. It’s no wonder that Google gets more than 1,300 resumes a day!

According to the 2007 Business Today study of the best company to work for, Microsoft MCTS Training India has toppled the 2005 and 2006 winner, Infosys. The reasons? A host of innovative strategies, including leadership development programmes, recognition of talent, seamless internal branch transfers, excellent compensation packages, an exemplary mentoring system, assistance with finding homes, school admissions, childcare, etc.

All the top employee-friendly companies have informal and flexible work environments, challenging assignments, a fun-filled and enjoyable work culture, comfortable and often luxurious workplaces, excellent perks, ample scope for personal and professional growth, and so on.

Business agility

Change is one thing that all businesses have to cope with. How well an organisation manages change is one of the factors that decides its success. New technological developments are revolutionising the way we think, work and do business due to the introduction of new business models, addition of new rules and regulations, and entry of new competitors. Customer preferences change so fast that most new products have a very short shelf-life.

In such an environment, the success of an organisation depends on how fast it can adapt, and how quickly and effectively it can respond to change– its agility. When an organisation has to adapt quickly, the responsibility of problem solving will go to its employees. Innovative and apt solutions for each new situation can be created quickly by the collective intelligence of employees. According to Kouzes and Posner (Management 21C, 2000), the secret of high-performing organisations is that everyone within them knows that leadership at all levels is expected and rewarded, and that individuals everywhere are responsible for making extraordinary things happen.

Jack Welch, the former CEO of General Electric, has popularised the concept of ‘boundary-less organisations’. These are firms that are not limited by the horizontal, vertical or external boundaries imposed by a predetermined structure, and where cross-functional teams dissolve horizontal barriers, while external partnerships and collaboration overcome the firm’s boundaries. Obstacles like hierarchy, bureaucracy, unnecessary regulations, and geography are removed, to achieve outstanding business performance– enabling the company to respond quickly to environmental changes, and to spur and stimulate innovation.

Staying ahead

To survive and stay ahead of the competition, the management must run leaner and smarter organisations. Whether a company becomes an industry leader or remains just another in the pack, depends on its ability to constantly innovate and learn, continuously improve, use technology intelligently and effectively, anticipate, adopt, and react to changes quickly. Organisations should hire the best talent, keep them happy, and make the best use of their talents. The four factors that are critical for the success of any organisation are people, innovation, information and technology.

Change is continual…

“It is change, continuing change, inevitable change that is the dominant factor in society today. No sensible decision can be made any longer without taking into account not only the world as it is, but the world as it will be…This, in turn, means that our statesmen, our businessmen, our everyman must take on a science fictional way of thinking.” Isaac Asimov

What New With Operating Systems

What’s New With Operating Systems?
In the light of fast-paced changes on the browser front, are users finding that innovation at the desktop has stagnated? Has it? Or is there a lot brewing ‘under the hood’ that we’re just not aware of, yet take for granted as our user experience improves incrementally?

For most computer users, an operating system is somewhat like the engine under a car’s hood. They know how to start and stop the engine, how to drive around, probably how to check oil levels, but beyond that, the knowledge is limited. With a car, that is okay, since we do not really need to know more unless we are hard-core enthusiasts, or working in the automotive industry.

Getting back to operating systems, the beauty of these ‘engines’ is that they allow users to run their computers and use their favourite applications, while they take care of allocating system resources, handling processes, and so on. Operating systems are far from perfect, but they are remarkable pieces of software for the sheer complexity of tasks that they handle.

We open up the engine and take a look at some of the recent innovations in operating systems.

Splashtop: A fast-booting OS

What do PC users do after they press their PC’s power button?

* Go get a cup of coffee
* Stare at the screen and practice meditation
* Chat with colleagues
* Any of the above

Jokes aside, most of us usually spend minutes waiting for the operating system (OS) to boot up. This is especially frustrating when we need to look up something on the Internet quickly, or just have a few minutes to check personal e-mail.

{quotes}A new operating system called Splashtop allows you to connect to the Internet without booting your main operating system{/quotes}. Splashtop has two components: a core engine that runs out of the BIOS, and an optimised Linux stack that boots rapidly. Splashtop boots out of the BIOS (basic input-output system) on the motherboard of the PC, generally in five seconds or less, according to the website, and provides quick access to certain applications, like the Splashtop Web browser (based on Firefox) and Skype– or offers you the choice of booting your main operating system.

Splashtop is currently available only on ASUS motherboards. When we enquired about how the company plans to make Splashtop available to customers, Andrew Kippen, press and blogger relations manager at DeviceVM (the company that provides Splashtop) revealed, “We spoke about many different ways to release Splashtop, but in the end decided that launching with a partner like ASUS, the world’s largest motherboard manufacturer, was the best way to reach consumers. Splashtop-enabled laptops and desktops will be released later this year.”

Splashtop uses flash memory on the motherboard to store its applications. Could that be a bottleneck? Kippen says, “This is not an issue, since we tailor each version of Splashtop to the manufacturer’s specifications. If there is a size issue, manufacturers can include a larger flash memory chip, or run Splashtop from a partition on the hard drive.”

On issues like vulnerability to attacks and whether it is possible to save attachments or documents, Kippen says, “Like I mentioned earlier, we tailor each version of Splashtop to a manufacturer’s specifications, so [the answer to] your question depends on the manufacturer. On current ASUS products, we allow persistent data (like bookmarks and cookies) to be written to memory. However, users cannot save files, for security reasons.”

Since Splashtop is Linux-based, it is immune to most of the attacks that plague traditional operating systems. Restricting access to memory, whether flash memory or the hard drive, further ensures that Splashtop always works properly.

Speaking on the reasons for the OS’s popularity, Kippen adds, “A major reason for Splashtop’s success is that more and more applications are moving to the Web. Users (excluding business users) spend more time with Web-based e-mail, Facebook, MySpace, YouTube, and other websites than on any desktop program. Online applications like Google and Zoho are quickly becoming viable options for most Office-like applications.

“We are targeting mass-market consumers, i.e., normal people who just want their computer to work without any wait or fuss. We see ourselves as a good complement to the traditional OS, great for lightweight applications like Web browsing and media playback, but not the right fit if you want to do video editing.”

Splashtop is not the only company in this space. Phoenix Technologies, a company that makes BIOS software, is developing software called Hyperspace that will launch along with the PC’s regular OS. Hyperspace, which is billed as a “compact and secure application environment”, will be able to run applications as well as perform systems maintenance (repair, back-up, recovery, etc) and security. Phoenix expects manufacturers to start offering Hyperspace in the latter half of 2008.

Desktop search

While Google is the leader in Web search engines, its dominance in the desktop environment is not so clear-cut. A probable reason for this is that both Apple and Microsoft MCTS Training have included better search capabilities in their operating systems, Mac OS X and Vista.

Leopard, the latest version of Mac OS X, allows you to flip through files just as you would browse album art on iTunes, perform Boolean searches, save searches, and even find files on your network. Vista’s search capabilities include tagging, search folders (pre-defined searches), and search integration with different applications.

About innovations in desktop search, Dr Michael Swift, an assistant professor at the University of Wisconsin-Madison says, “Since the introduction of Apple’s OS X 10.4 [Tiger], desktop search has become a predominant way of accessing files. This was followed by Vista’s search capabilities. Currently, these capabilities are not completely integrated into the OS, in that they execute as shell extensions, but I see search as becoming the dominant way to access files on a PC.”

BumpTop: Real-world desktop metaphors

Take a look at the desk where you work. Do you have piles of books, or maybe papers stacked on it or even strewn about? Most of us tend to organise in stacks– of books, magazines, and papers. What if you could organise your computer’s files on your desktop in a similar way?

BumpTop, software developed by Anand Agarwala and Ravin Balakrishnan, aims to do exactly that. The interface uses techniques like shading and animation to drag files with a fluid movement. You can drag, or even toss files into piles. You can view the items in the pile in different ways by using widgets– flipping them like you would flip pages in a book, or viewing them like a deck of cards. Other manipulation techniques let you organise your files in different ways.

BumpTop is in the ‘private alpha’ stage at the moment, but you can sign up on the website to try it once it is available. You can also view a demo video from the website at https:://www.bumptop.com/

It is too early to tell whether BumpTop will change the way in which we organise our desktops. What is clear, though, is that BumpTop’s interface is an interesting and innovative concept.

Device driver reliability

Most of us are unaware that device drivers which are required for the different hardware that we use cause many of the crashes we experience with operating systems. Researchers are looking at ways to minimise the effects of device drivers when something goes wrong.

One such effort is the Nooks project, being conducted at the University of Washington by Dr Michael Swift. Nooks (as defined by the researchers) is a reliability sub-system that seeks to enhance OS reliability by isolating the OS from driver failures.

{quotes}The Nooks project worked on the Linux kernel, since the source code was freely available.{/quotes} According to Dr Swift, “The team also investigated an implementation in the Windows 2000 kernel, even going as far as to implement key portions: object tracking, wrappers, and limited recovery. However, the inability to redistribute code, and the lack of available driver source code for Windows, limited our ability to pursue this work.”

About the future of driver protection mechanisms, Dr Swift says, “I would expect that in the future, driver protection mechanisms will come in two formats: user-level drivers and driver protection integrated with virtual machines. Windows Vista added support for the User-Mode Driver Framework (UMDF), which allows certain drivers to be written for user mode. This does not provide the compatibility of Nooks, but does provide similar protection.

“You can see driver protection in Xen [an open source virtual machine monitor], in its ability to run drivers in a separate virtual machine. However, Xen to date has not added recovery support, so it does not tolerate driver failures in the same way as Nooks. I would expect that improved recovery would become part of virtualised drivers.”

Making back-up easier

Backing up your computer is like eating healthy– you know you should, but you probably don’t actually do it. Since operating systems in the past did not offer easy-to-use solutions, it made the task of backing up onerous. Dr Swift thinks that this will change.

He says, “As people put more of their life online, I think that back-up will be a place that desktop operating systems innovate. Apple has done this already with its Time Machine back-up system, which allows simple time- or date-based access to old versions of files. Microsoft MCITP Certification has added back-up capabilities to Vista as well, but not with the same level of UI (user interface) sophistication.”

Other areas of innovation

What are the other areas of innovation in the OS space? Dr Swift reveals, “Security continues to play a huge role on the desktop. Both Apple and Microsoft have added extensive new security features to their latest products, in the form of more powerful firewalls and the ability to restrict the permissions of executing code (Sandboxing on Leopard; and User Account Control and Internet Explorer safe mode with mandatory integrity controls on Vista).”

He adds, “As the hardware industry moves from single-processor chips to multi-core chips, desktop operating systems need to invest more in scalability and parallelism, to both reduce the cost of OS activity, and to enable applications to make better use of the multiple cores. Vista introduced several new mechanisms for writing concurrent code, including new types of locks and signalling methods.

{quotes}”Reliability has become an important place for innovation on the desktop. Vista has more support for detecting and handling application hangs, and a new kernel transaction manager with filesystem transactions.{/quotes} These transactions make it easier to simultaneously update several files, and to handle any failures that occur during the update process.”

Microsoft Research’s OS team is also working on a research project called Singularity in order “…to build more reliable systems and applications.” On whether the research would make its way into newer versions of Windows, a Microsoft spokesperson says, “We are not giving official guidance to the public yet about the next version of Windows. We are currently in the planning stages for Windows 7 and will provide updates when we are ready.”

In the case of the One Laptop Per Child (OLPC) project, in addition to its hardware innovation, it has created a laptop with a Linux-based operating system and a radical desktop interface (SUGAR) that was designed for children.

Speaking about OS innovations, Walter Bender, president of Software/Content and COO of the OLPC Foundation, reveals, “From the OLPC perspective, there are a number of metrics we consider paramount in regard to the operating system, which are not mainstream considerations in an era of ‘bigger-faster’ computing.”

“Most important is power management. When you live off the electrical grid, making the most of every watt is critical. We are pushing the concept of power management to new extremes. Memory management is another area of concern: memory costs money, and consumes power. The extent to which we can better manage memory usage is correlated with the extent to which we can manage power usage. A further challenge is the lack of swap space, since we are using flash storage rather than a hard disk. Finally, the culture of free and open source is essential for the viability of a project such as One Laptop Per Child: it is the only way to scale, and at the same time, enable unencumbered local capacity development.”

In short, we may not be able to ‘see’ all the innovations in the operating systems space, but they are taking place!

What the future holds

If you look back to the days of DOS-based PCs, we have come a long way to our current operating systems. What will the future of PC operating systems be? Will we even have PC operating systems, given that Web-based operating systems are coming up? What about the fast-booting operating systems, embedded on the motherboard?

Dr Swift says, “To date, there have been many attempts to dislodge the dominant operating system vendors, with little success. I have not used the systems you mention [Web operating systems] enough to understand what their value proposition is, but I think they may be most useful as layers above a normal operating system. In this way, they would serve more as an advanced browser than as a full operating system, as they may not provide the complete hardware access and resource scheduling capabilities of Windows, Mac OS, or Linux.

“Fast-booting OS concepts make sense for embedded devices or closed products where devices cannot be attached, but the extensibility of the personal computer makes it unlikely that these products will supplant existing desktop operating systems.

“Regarding Web operating systems, I think they provide some benefit, but people today are comfortable going to individual websites for their content, so I am not sure they add that much value. What may happen instead is that more of people’s computing experience will migrate to mobile devices, such as smart phones, so the services that Web-based operating systems offer will be used from mobile devices rather than desktop PCs.” It looks like desktop operating systems are here to stay, albeit in a different avatar in the future.
Ubuntu: the new face of desktop Linux?

Linux has been around for quite a while now, especially in the server world — but distributions like Xandros and Mandriva have made installing and using Linux on your desktop much easier. The latest buzz around the desktop Linux world, though, is Ubuntu, which has become a major player since Dell began selling computers with Ubuntu pre-installed, in Europe and the US, in 2007.

Mark Shuttleworth (owner of Canonical Ltd, which sponsors Ubuntu) blogged that while a number of excellent companies like System76 already offer Linux pre-installed, Dell represents “the industry”, and it’s very important that the industry is now seeing a future for Linux on the desktop.

In other recent high-profile adoptions, the French National Assembly migrated to Ubuntu late last year. France’s Gendarmerie National recently announced plans to migrate 70,000 desktops from Windows to Ubuntu. In India, HCL has announced low-price laptops that run Ubuntu.

About Ubuntu’s innovations in the OS space, Gerry Carr, marketing manager, Canonical Limited, says: “Ubuntu’s innovation is that it ‘just works’. Linux was held back for many years by its perceived and actual difficulty.” Earlier, people’s peripherals would not work, and adding applications would require going to the command line. Ubuntu has changed that; due to the Ubuntu team’s efforts, adding drivers is now easy, and hardware compatibility has improved. New users usually have a wonderful experience on the desktop, rarely needing to go “under the hood”. Linux has had a lot of the fear that was associated with it taken away by Ubuntu’s simple, clean, and effective interface.

This is why it’s possible that Ubuntu is going to be the new face of desktop Linux; do keep an eye on the progress of this amazing Linux distribution– and if you haven’t tried it yet, maybe it’s time you did!
Backing up the back-up!

Apple’s Time Machine, released in October 2007 as part of Mac OS X Leopard, lets you do incremental back-ups, and allows you to go back to a specific date and see how a file looked on that date. Windows Vista also allows incremental back-ups, and allows you to back up to a location on a network. Vista’s shadow copy lets you recover files that you may have accidentally deleted. Maybe, someday, we will see operating systems that back up files via the Internet to a data centre

Intel grabs server market share from AMD, says IDC

Intel grabs server market share from AMD, says IDC

Intel has expanded its share of the server microprocessor market, taking advantage of a slow product transition at perennial rival Advanced Micro Devices, according to figures released late Wednesday by IDC.

Intel supplied 93.5 percent of the server processor units shipped in the second quarter, up from 89.9 percent in the same quarter last year. AMD’s share slipped to 6.5 percent from 10.1 percent over the same period, IDC said Microsoft MCTS Training .
Virtualization Boosts Public Sector Efficiency: Download now

Most of AMD’s share loss occurred between the first and second quarters, when server makers were slow to offer AMD’s new 6000 series Opterons in their systems.

“AMD is in the middle of a product transition. It stated in late Q1 and they hoped it would be completed in Q2, but it turns out it took their OEMs a bit longer to ramp up the products they were building,” said Mercury Research analyst Dean McCarron.

AMD executives said as much during an earnings call for the second quarter, in which the company swung to a loss after two straight quarters of profit. Intel had a much stronger quarter, thanks largely to growth in its server chip business.

“Intel got significant sales traction for its new 32 nanometer Xeon DP products, formerly code-named Westmere-EP, and for its 45 nanometer Xeon MP products, formerly code-named Nehalem-EX,” IDC analyst Shane Rau said via e-mail.

“In contrast, while AMD launched its 8-core and 12-core Opteron products, formerly code-named Magny Cours, OEMs didn’t buy them and ship them in significant volume [in the second quarter]. I expect that to change in [the third quarter],” he said.

McCarron also said things could look up now for AMD. “Presumably in the third and fourth quarters they won’t be weighed down by those transition issues,” he said.

In the wider x86 market, including server, desktop and mobile processors, things looked better for AMD. Its overall market share increased a fraction between the first and second quarters, from 18.8 percent to 19.0 percent of processor units shipped Microsoft MCITP Certification.

AMD’s share of laptop processor shipments increased to 13.7 percent in the second quarter, from 12.1 percent in the first quarter, while Intel’s share fell from 87.8 percent to 86.1 percent. In desktop processors, Intel added a half percentage point of share from the first quarter, to reach 72.2 percent, IDC said.

Via Technologies accounted for 0.3 percent of overall processor shipments in the second quarter, up from 0.2 percent in the first quarter but down from 0.5 percent in the first quarter last year, IDC said.

Overall x86 processor shipments for all vendors were up 30.8 percent year-over-year in the second quarter, as IT buyers resumed spending on equipment. The mobile sector saw the most growth, followed by servers.

(IDC is owned by International Data Group, the parent company of IDG News Service.)

Microsoft aims to stop drive-by downloads on Patch Tuesday

Microsoft aims to stop drive-by downloads on Patch Tuesday

and third-party security experts warned that users could be subjected to drive-by downloads because of flaws in Windows and Internet Explorer that received fixes on Patch Tuesday this week.

Hackers are likely to use social engineering tricks to lure users to infected Web sites and media files, they warned. The vulnerabilities are among 10 security updates that patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.

Microsoft TechEd event to shed light on cloud computing plans

One bug in particular – a Windows kernel TrueType font parsing vulnerability – was rated as the most serious Patch Tuesday fix by Joshua Talbot, security intelligence manager for Symantec.

“Exploiting this – likely through a drive-by download attack – would give an attacker near system-level privileges. It’s doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font.”

The TrueType vulnerability was contained in Security Bulletin MS10-032, one of the ten issued by Microsoft Tuesday.

However, Microsoft MCTS Training rated three other bulletins as being even more important than this one, with two of them involving potential drive-by downloads, which occur when users authorize a download without understanding the consequences, or that simply occur without the user’s knowledge.

MS10-033, a critical bulletin, “is a remote code execution vulnerability in both Quartz.dll and Asycfilt.dll and is rated Critical on all supported versions of Windows. Specially crafted media files could trigger the vulnerability when a user visits a web page or opens a malicious file,” Microsoft said.

With this vulnerability, hackers may use media files to lure users into downloading malicious code.

“This could result in a drive-by download where the user visits a specially crafted Web site, and in this case it would be like a media file that could start streaming or the user could open a specially crafted media file that got sent to them via e-mail or some method like that,” Microsoft security official Jerry Bryant said in a video accompanying the announcement.

These bugs are on par with some of the most critical ones observed on Patch Tuesday, says Andrew Storms, director of security operations at the security vendor nCircle.

Rather than making businesses vulnerable on the server side, this month’s most serious bugs mainly target end users, he said.
“What looks to be a normal movie file that you click on and watch could have embedded malware inside and take control of your system,” Storms said.

Similarly, the new bulletin MS10-035 involves flaws in Internet Explorer which could also result in drive-by downloads.

A third critical bulletin, MS10-034, involves ActiveX Kill Bits and affects Windows 2000, XP, Vista and Windows 7.
Kill Bits ensure that vulnerable ActiveX controls can no longer be exploited through Internet Explorer.

Typically, Kill Bits are issued for third-party software, rather than for software created by Microsoft, according to Storms. What is unusual about MS10-034 is that two out of the six Kill Bits being issued are for Microsoft ActiveX controls.

“What that means is Microsoft has found one of their ActiveX controls to be vulnerable as well,” Storms said. “Today they found two. That’s unusual. We haven’t seen that from Microsoft since last summer.”

Overall, this was a record-setting month for Patch Tuesday.

“This is the largest Microsoft MCITP Certification patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year,” Talbot of Symantec said. “This month’s release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together.”

Microsoft offers Windows 7, Office 2010 via download stores

Microsoft offers Windows 7, Office 2010 via download stores
Microsoft has for the first time allowed selected partners to sell its flagship software products as downloads. The move sees Microsoft selling Windows 7, Microsoft MCTS Training Office 2010 and other flagship titles via ESD (Electronic Software Delivery) at online stores including the PC Advisor Software Shop.

ESD is the practice of delivering software without the use of physical media, typically by downloading via the internet. Digital distribution bypasses conventional physical distribution media, such as paper or DVDs, reducing costs and waste. As broadband connections have become more widespread software downloads have become an increasingly popular method of purchasing programs.
Get your job scheduler out of the 90’s: Download now

Traditionally Microsoft has sold the majority of its operating system software via OEM (original equipment manufacturer) deals. Manufacturers would buy Windows licences from Microsoft and pass the cost of the OS on to customers when they buy desktop PCs and laptops. Similarly, Office licences have typically been sold in large chunks to enterprises.

As digital media has become more capacious, Microsoft has targetted consumers with software DVDs sold from high street stores, with download purchases available only direct from Microsoft. Thus the decision to allow selected third-party vendors is a significant move by Microsoft.

PC Advisor has available for download a range of Microsoft MCITP Certification products including upgrades and full versions of all flavours of Windows 7 and Microsoft Office 2010. This is the first time that Microsoft has allowed third parties to sell downloads of its products in the UK, and follows a matter of weeks after the company first trialed ESD in France and Germany.