Caroline Kennedy

Microsoft has launched new betas for its free Office suite and for the "streaming" technology it will use to deliver some paid versions of Office 2010 next year. Office Starter will include on-screen advertisements, the first desktop edition of Microsoft's longstanding suite to do so. As first reported by ZDNet blogger Mary Jo Foley, Microsoft has kicked off a private beta of Office Starter 2010, the ad-supported edition that the company will offer computer makers in lieu of the ancient Microsoft Works, which has been discontinued.

The ads will be limited to a space in the lower-right-hand of the applications' windows. Office Starter will include reduced-functionality versions of Word and Excel, the suite's word processor and spreadsheet, but will not be a time-limited trial. Microsoft announced Office Starter 2010 more than a month ago, but said it would not be available to the public until the completed Office 2010 suite ships sometime in the first half of next year. Microsoft hopes that customers will like what they see and pony up the money for the real deal, such as the entry-level Office Home and Student 2010 or the more expensive Office Home and Business 2010. Prices for Office 2010 have not been set, and last month Microsoft refused to say whether Office Starter users will receive a discount if they purchase a for-a-fee edition. According to Foley, Office Starter to Go will run from the flash drive on Windows Vista and Windows 7 systems. Today, Microsoft confirmed that it has launched a preview of Office Starter 2010 to what a company spokesman said was a "select group of users." Also included in the Starter beta, said the spokesman, is a new feature called "Office Starter to Go" that lets testers run Word Starter and Excel Starter from a USB flash drive.

Microsoft also sent invitations to a larger group of testers for a preview of the "Click-To-Run" mechanism it plans to use to deliver some final editions of Office 2010 next year. Last weekend in an FAQ posted to its Web site, Microsoft hinted that it would offer the public a beta of Home and Business using Click-To-Run, but those plans have been put on hold, said Takeshi Numoto, the corporate vice president for Office, in an interview earlier this week . "We're working to make that available as soon as possible," said Numoto. In messages sent to people who had tested the Technical Preview of Office 2010 last summer, Microsoft urged them to try the Click-To-Run delivery. Click-To-Run is a new technology that Microsoft debuted in the Technical Preview that went out to testers last July. It also runs Office 2010 in a virtualized environment, separating it from the rest of Windows and other applications. Essentially, it "streams" pieces of the suite as users begin a download, letting them start running the suite within minutes.

Unlike the Office 2010 Beta that went live on Wednesday, the Click-To-Run version of Office 2010 Home and Business must be installed alongside existing versions of Office on the PC; it's not possible to upgrade from Office 2003 or Office 2007 to the beta of 2010. Testers must also first uninstall the Technical Preview before installing the Click-To-Run edition of the beta. Like the standard download of Office 2010 Beta, the version delivered via Click-To-Run expires Oct. 31, 2010. The beta of Click-To-Run Office Home and Business 2010 includes Excel, OneNote, Outlook, PowerPoint and Word.

If Order Mapper has its way, we'll all be ordering pizzas on our iPhones without ever having to talk to another soul." The application maker this week released Order Pizza, a free app for the iPhone and iPod touch which allows you to order takeout or delivery from your favorite pizzeria with just the push of a few buttons. The app requires some initial setup the first time you launch it-you have to enter your name, address, and phone number initially, as well as a personal ID number for order tracking. The app takes advantage of a number of iPhone features-location awareness and push notifications, most notably-as well as the Twilio Web services API for automating phone calls. But after that, it's just a matter of punching in that PIN number and you're set to order.

Use Order Pizza's location awareness feature, and the app will pull up a list of nearby pizza joints. Order Mapper founder Jim Bricker contrasts his app's approach with that of the Pizza Hut iPhone offering, which requires a name and password each time you place an order. That list will be dominated by chains mostly, but you can also enter the name and phone number of your favorite neighborhood pizza parlor. That's where Twilio comes in. From that point, it's just a matter of selecting pickup or delivery, picking a pizza size and toppings, and tapping a button to place your order. It enables Order Pizza to call the pizzeria-even on the iPod touch-and place your order.

Order Mapper claims a 95-percent success rate with pizza orders getting accepted in its testing. "We were surprised by the number of pizzerias that took the order," says Bricker. "We have some really good engineers." Bricker notes that premium features for specific restaurants could be added to future versions of Order Pizza. If the order goes through, you get a push notification. And Order Mapper sees its slice of the pie expanding beyond pizzas and into other areas. "I think the next version will probably be Chinese food," he adds.

Google plans to upgrade its YouTube video streaming Web site to provide support for IPv6, a long-anticipated upgrade to the Internet's main communications protocol. Google's Chrome operating system - whose source code was released this week - supports IPv6, as does its Android platform for mobile devices. Google already supports IPv6 with its Search, Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa, Maps and Wave products. For example, if a Verizon Droid user connects to a Wi-Fi network with IPv6, the user will be able to connect to IPv6 Web sites.

We've seen healthy growth in the last year." Google is anticipating IPv6 traffic growth as more devices such as LTE handsets and set-top boxes ship with IPv6 support, and as more ISPs such as Hurricane Electric, Global Crossing and Comcast offer IPv6 access and transit services to users. "We expect roll-outs to happen in our user community," Colitti says. "We expect other ISPs to push this to users, and we'll be ready for that." Google is one of the Internet's most aggressive adopters of IPv6. Indeed, Google's lead IPv6 engineers - Colitti and Kline - were recognized by the Internet Society earlier this month for their contributions to IPv6 deployment as winners of the Itojun Service Award, which includes a $3,000 prize. IPv6: The Essential Guide Next up for Google's IPv6 development team is YouTube. "YouTube is the IPv6 team's number one priority right now," says Erik Kline, IPv6 software engineer at Google. "We haven't said anything about the timeframe for that yet." Google admits it isn't seeing much IPv6 traffic yet on the Web services it has enabled so far. "It's somewhere on the order of the 0.2% range of Google users have IPv6 access," says Lorenzo Colitti, network engineer at Google. "Around 40% of that traffic is native. The Internet Engineering Task Force (IETF) created IPv6 in 1995 as a replacement to the existing version of the Internet Protocol, known as IPv4. IPv6 is needed because the Internet is running out of IPv4 addresses. IPv6, on the other hand, uses 128-bit addresses and can support so many devices that only a mathematical expression - 2 to the 128th power - can quantify its size. IPv4 uses 32-bit addresses and can support approximately 4.3 billion individually addressed devices on the Internet. Experts predict IPv4 addresses will be gone by 2012. At that point, all ISPs, government agencies and corporations will need to support IPv6 on their backbone networks.

The Planet, Netflix and Limelight Networks demonstrated IPv6 services over Comcast's network in June. Besides Google, other early adopters of IPv6 in the United States include the federal government and Bechtel. Google engineers have said that IPv6 deployment is not as difficult nor is it as expensive as they thought it would be. "We've seen that it's easy, and not that expensive, and refreshingly simple to operate," Colitti says. "We didn't spend any significant money on infrastructure at all….The boxes major vendors are shipping have had this for years. Google says that it's easier to design an IPv6 network than an IPv4 network because network architects can allot large blocks of IP addresses to subnets to cover future growth. It's just a question of turning it on and maybe fixing some bugs." Google is running IPv6 internally on its enterprise network and on the wi-fi and wired LANs in its offices in Santa Monica and Mountain View, Calif. "We have a couple corporate data centers running IPv6 through our internal corporate services," Kline says.

They said it's also easier to run an IPv6 network because there are no network address translation devices. "It's a much lower operational cost, it's easier to debug, and it's easier to design," Colitti says. "The larger address space allows you to break it up in a very predictable way. The Info Pro released survey results this week that indicated 7% of enterprise network managers have adopted IPv6, up from 5% six months ago. You can define a network 10 years out in terms of what IP addresses your routers will have." Google is encouraging other enterprises and Web content providers to experiment with IPv6. "You can set up an IPv6 lab for a trivial cost," Colitti says. "The bottom line is that it doesn't really cost you anything, it prepares you for the future, and it prepares you for a future where you will have lower costs." Google's strong support for IPv6 comes at a time when enterprise adoption of the next-generation Internet Protocol is slow. Additionally, 15% of the enterprise networking professionals interviewed by The Info Pro said IPv6 was in their plans as an infrastructure technology upgrade, down from 17% six months ago. InfoPro said that it is not anticipating much progress on IPv6 because the technology lacks "a significant business justification." The survey results are based on more than 200 interviews with enterprise networking professionals.

PayPal used its inaugural PayPal X Innovate 2009 conference in San Francisco to officially announce the PayPal X program to release APIs allowing developers to integrate PayPal seamlessly into third-party applications. The new PayPal APIs allow developers to engage customers directly within their own applications rather than forcing them to port users off to the actual PayPal site. The expanded functionality will help PayPal to compete against similar online payment services from Amazon and Google.

Users who don't even use PayPal can actually sign up for PayPal within the third-party application and begin making PayPal payments seamlessly from within the third-party application. Part of the goal of opening PayPal to developers is also to expand the types of transactions PayPal is used for to include things like paying rent, or employee payroll. PayPal wants to make it easier for developers to leverage its payment system, ostensibly making PayPal a sort of de facto currency for the Web. PayPal also has its eye on smart phones and wants to incorporate PayPal payments into mobile applications. PayPal is an established name in online transactions. Google Checkout is already working on mobile devices, and Nokia is working on its own mobile payment system, Nokia Money.

It built a reputation for providing a safe and secure means of making payments for things like EBay purchases. There are fees involved and some users have taken issue with those fees (including recently adding fees without notice for services that were previously free). Rather than adopt PayPal (and the fees that come with it) for online payment, Amazon and Google have developed homegrown online payment systems. It worked so well and got so popular that EBay eventually bought PayPal in 2002. PayPal doesn't provide the service as a charity though. Google and Amazon are both online gorillas, and Amazon is a huge online retail site, so the competition is a threat to PayPal. The new PayPal X API's provide an even more integral and seamless opportunity for SMB's to leverage PayPal for both incoming and outgoing financial transactions.

A couple years ago PayPal introduced the Website Payments Pro program aimed at providing small and medium businesses (SMB) with a platform for conducting secure online transactions. Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Enterprise efforts to consolidate data centers and install virtualization software are taking a big bite out of the number of power-hungry application and storage servers required to support enterprise data. You can move from hatchet to scalpel (to borrow a metaphor from President Obama). In this instance, the reference means that once you've minimized your number of power-sucking devices, it's time to precisely monitor and measure data center environmental metrics - down to the nitty-gritty rack level - so that you know exactly what adjustments are needed to optimize efficiency. But after taking this critical first step, what else can you do to boost efficiency?

What does a real green data center look like? Having visibility into them on a device-by device basis - a scarce capability today - reveals the degree to which they are in sync with each equipment manufacturer's recommended specifications for optimal operation.  'It's hard to improve power and cooling efficiency if you don't know where the waste is in the first place," says Nik Simpson, senior analyst in Burton Group's data center strategies practice. These metrics, of course, are electrical power, heat, airflow, cooling, temperature, humidity and pressure levels. Let's face it: it's far easier and less expensive to mount wireless sensors than wired ones. Wireless data center sensors, sensor networks and associated monitoring and management applications - available from companies such as SynapSense and Arch Rock - are starting to enable these capabilities and could kick off an evolved approach to data center energy management. "The smart grid is moving into the data center, and it is wireless instruments making this possible," asserts Peter Van Deventer, CEO at SynapSense.

Not needing cabling lets sensors live in many more places, so you can see a more complete and fine-grained lay of the land and make precise, appropriate adjustments. He estimates that the cost of a wireless sensor (SynapSense's are $100 each) is 10 to 20 times less than that of a wired sensor once you figure in the installation cost. In fact, sometimes sensors are only in the computer room air handler (CRAH). Though some helpful tabulations and assumptions can be made from this data, they don't show the entire efficiency picture. Because of cabling complexities, costs and the need for pricey data center 10Gbps ports for sensor communication, wired sensors tend to be installed in ver y few locations. There are also useful sensor capabilities built directly into some equipment, such as Cisco's Energywise solution for monitoring the power levels of Cisco network-connected devices. The emergence of wireless sensor applications aimed specifically at gathering real-time statistics in many places throughout the data center should ease the task, though.

One drawback with embedded sensors, though, is that they usually feed measurement data into each manufacturer's own management system, making it complex to correlate, Simpson notes. The applications help maintain compliance with industry standards for Power Usage Effectiveness and Data Center Infrastructure Efficiency. More on this subject next time. SynapSense also automates some adjustments for optimization.

The U.S. Department of Homeland Security's effort to hire some 1,000 new cybersecurity experts could hit a wall because such skills are increasingly hard to find, according to security experts. Alan Paller, research director with the SANS Institute, a Bethesda, Md.-based computer training and certification organization, said DHS has a critical need for strong technicsal skills among its security professionals who handle tasks like intrusion analysis, malware reverse engineering, security auditing, secure code analysis, penetration testing and forensics. "That's what DHS needs and is trying to hire," he said, adding that the agency faces strong competition for such skills from other government agencies like the National Security Agency along with private sector companies. DHS Secretary Janet Napolitano announced last week that the U.S. Offices of Personnel Management and Management and Budget has agreed to allow the agency hire up to 1,000 security experts over the next three years to ramp up its cybersecurity efforts.

The problem for all of the organizations, Paller said, is there aren't enough security professionals to meet the need. "DHS will be forced to hire weaker people and the cost of the very strong people will skyrocket," Paller predicted. The agency needs to address issues that have contributed to a relatively high turnover rate among mid-level to senior cybersecurity professionals at the agency, Kreitner said. Clint Kreitner, president and CEO at the Center for Internet Security (CIS), added that DHS must also create "leadership stability and consistency" before it can hope to attract the right kind of talent. The DHS' National Cyber Security Division, which oversees day-to-day cybersecurity efforts, has seen a "tremendous amount of turnover," Kreitner said. "It has been a revolving door." Many of the security professionals have gone on tothe private sector. "My guess is they don't feel like they are contributing as much as they would like to. President Barack Obama's continuing delay in appointing a White House cybersecurity coordinator has also been "a source of discouragement to many who are wondering whether the realty will match the rhetoric," on cybersecurity matters, Kreitner said. If people felt they were being effective they would stay longer," he said.

Obama announced the creation of the position in May. Pescatore conceded that an agency with the DHS mission has more information security needs than the typical company, the plan to hire 1,000 new workers is "incredibly silly and hard to do. John Pescatore, an analyst with Gartner Inc in Stamford, Conn., questioned whether the DHS, which employs some 200,000 workers overall, really needs 1,000 new security experts to meet its requirements. "For a typical private industry company of that size, you might see at most 200 information security staff -1,000 would be unheard of," he said. They don't need that many. [Even] if they did, they would be much better off training existing staff to become skilled in information security." he said. The NSA increasing security leadership has led to increasing calls for the DHS to oversee the defense of government and commercial interests in cyber space. The announcement about the DHS hiring plans come amid continuing questions about cybersecurity leadership . Critics have said that the NSA and the Department of Defense continue to exert more leadership on cybersecurity issues.

Even experienced developers can run into problems developing and deploying custom applications for software-as-a-service  platforms because SaaS vendors don't always embrace the accepted corporate processes for build, test and release. SaaS is popular in part because applications can be made available without the long deployment cycle typical of on-premise development. The trick is to adapt your configuration management processes to meet SaaS challenges. So a new report can be delivered immediately or a new field can be added to a data entry form on the fly.

A salesforce.com application may have features such as real-time Web service integration, automated e-mail and Web feeds, and batch integration to operational systems. But as SaaS offerings such as Salesforce.com have matured into full-fledged development platforms, the complexity of applications has grown dramatically. This increases the risk that a minor change could impact critical business processes or break the application. Consider the development of a Salesforce.com application from a traditional developer point of view, with the goal being to manage development in the most controlled fashion to ensure reliability. It is often challenging to apply best practices for configuration management in SaaS environments because: * The application may be supported by business, not IT. * SaaS administrators may not be familiar with configuration and release management practices. * SaaS deployment tools are still maturing. * Deploying an application often requires both manual and automated steps. * SaaS integrations require synching releases with legacy systems. * Code, configuration, deployment scripts and manual checklists all need to be checked into the source code repository.

The Force.com platform, Saleforce.com's custom development platform, is based upon the Model-View-Controller paradigm. This is configured via the salesforce.com setup menu that allows administrators to add custom fields to standard CRM data objects, like leads and accounts, or create new data objects with their own custom fields. This paradigm can be defined as: * Model represents the database structure. As soon as a field is defined or modified it can be queried via SOQL, the Salesforce. Salesforce.com has a built in forms editor for "page layouts" that are associated with data objects.

Com Object Query Language, or SOSL, the Salesforce Object Search Language used for free form text searches. * View represents the user interface. Pages can also be developed in Visualforce, salesforce.com's markup language that is tightly integrated with Apex code, Force.com's programming language that is based on Java. * Controller represents business and application logic. Custom business logic is developed as Apex code associated with triggers, Salesforce.com's version of stored procedures, Visualforce controllers, or as shared class libraries. Rules for field validation, workflow and button actions are configured via the setup menu. Force.com development uses practices that should be familiar to most Web developers.

A sandbox can house a full copy of production data, code and configuration, or just configuration. Salesforce.com allows copying the production environment or "org" to a "sandbox" just as you would copy the production data model and code to a development server. Development is done using the Force.com integrated development environment (IDE), an add-in for Eclipse that lets developers  create a project linked to a development org, production org or sandbox. Apex has a built in unit test framework that requires 75% coverage for all Apex code before it can be deployed. A project can be synched to a code repository, allowing check-in and check-out of code.

The Force IDE deploys code from a project to a production org. Ensuring reliability for the enterprise involves: * Limiting which users have a system administrator profile and defining their configuration management responsibilities. * Putting procedures in place to insure that code, configuration and data for production are checked into the code repository and archived (this may require taking manual snap shots of sharing rules, the role hierarchy and so on). * Creating manual or automated installation scripts. * Making sure that there is a plan for backing out production changes if needed. * Deploying to a sandbox for testing and QA. * Repeating the deployment to production. * Validating the deployment in production. How to address audit, security and business continuity upfront Configuration management traditionally looks at production configuration and code as a "baseline," identifies changes that will be released, and incorporates them into a new, auditable baseline once the release is validated. The gotchas Even senior developers can get lost in the weeds trying to figure out how a feature can be, or might have been implemented, in Force.com. Configuration experts and developers run the risk of reinventing the wheel if they do not collaborate closely on solution design. * Force.com deployment tools do not currently support critical items such as data sharing rules, picklist fields on standard data objects, lead and sales processes, and the management role hierarchy. * Apex unit tests are impacted by actual org data, so code that passes unit test requirements in the sandbox may not deploy. Typical "gotchas" include: * With numerous configuration options and powerful programming tools there are many ways to implement the same features.

For example, data queries on objects with more than 100K of data require querying an external ID field. Success is all in the plan Getting configuration management under control is much easier if the development and testing teams are on the same page from day one. Unit tests that pass in a sandbox can fail in production, killing your deployment. While typical build/release cycle looks like this: * Check in code. * Compile code. * Run database scripts and deploy code to test. * Run tests/inspections. * Deploy to pre-production/production. * Validate deployment. SaaS software development platforms such as Salesforce.com require a mix of configuration and custom development that can confuse developers and be difficult to deploy.

The following tasks need to be adapted for Salesforce.com development: * Check in code and configuration from development. * Check in task list for manual changes to the code repository. * Deploy manual code/configuration changes to test. * Run Eclipse/Ant automated deployment to test. * Run tests inspections. * Deploy using same process to pre-production/production. * Validate deployment. This can be addressed by adapting your configuration management processes for SaaS projects. Once you understand how standard programming and configuration management practices apply to a SaaS application it becomes easier to tackle with the traditional approach. Although SaaS offerings are designed to limit the time spent on traditional development, some tweaking is required in order to fully integrate them with enterprise systems. Hamilton is a CRM technical architect at Acumen Solutions, a business and technology consulting firm.

Contact him at ghamilton@acumensolutions.com.

There are a lot of reasons why Dell Inc. agreed to buy Perot Systems Corp. for $3.9 billion, but Congress' vote earlier this year to appropriate billions of dollars to spread the use of electronic medical records may be a key one. Even before today's announcment that Dell plans to buy Perot, the PC maker and IT services firm had agreements in place develop platforms dedicated to electronic health care applications. Perot, which says that about half of its $2.8 billion in annual revenue is derived from health care projects, is in a good position to gain a significant chunk of the $36 billion the federal government is poised to spend on IT related health care projects.

During a conference call with reporters today, Michael Dell, CEO and chairman of Dell, called the move "the right acquisition" for his company, and that the two Texas-based firms share several similar characteristics. "Our products, services and structures are overwhelmingly complementary," Dell said. EDS was spun off in 1996 as an independent firm and remained that way until it was acquired last year by Hewlett-Packard Co. for $13,9 billion . Ross Perot founded Perot Systems in 1988. Harry Greenspun, chief medical officer for Perot Systems' health care group, told investors garthered at an industry conference this month that there's tremendous opportunity for companies like Perot in the health care market. "Most hospitals, most physicians' offices are very immature in their adoption in their technology," he said, according to an archived recording on Perot's web site. Ross Perot, the chairman emeritus of Perot, added, "We saw this as a cultural match, and we saw what we could do together, and I think that made it a lot easier to jump on Michael's vision to build Dell," Perot founded Electronic Data Systems (EDS) in 1962 and sold it to General Motors Corp. in 1984 for $2.5 billion. Dell hopes to complete the deal by year's end, just after the federal fiscal year starts on Oct. 1, which is when federal spending on electronic records is set to begin in earnest. Dell and Perot are already jointly offering what Greenspan called a "dumb box" without ports of disk drives.

The demand for help in implementing new health care IT projects should come quickly - Under the law, health care providers have to start upgrading e-health systems by 2015 or face federal penalties. The Software-as-a-Service system delivers electronic records to virtual desktops that charge customers on a subscription basis. "This is a different way of delivering this service," said Greenspun. Bendor-Samuel said improved revenue from health care projects should be a strong side effect of the merger, but contended that Dell's primary interest is gaining access to a broader base of enterprise customers. "It's great to be a dominant player in the fastest growing segment of the economy, but I view that as a nice thing to have," he said. The purchase of Perot Systems will also give Dell some credibility among large users as a service provider, said Peter Bendor-Samuel, CEO of Everest Group, an Dallas-based outsourcing consultancy. "It both significantly improves their delivery capability and tremendously improves their credibility," he said. Dane Anderson, an analyst at Gartner Inc., believes that the deal shows only that Dell is finally embarking on a services strategy. It has not offered the broader consulting and integration services provided by IT services firms like Perot Systems, he added.. "Really, where the opportunity is in the nearest term is to bring more capabilities to the table for that Dell installed based of clients, he said.

Dell's support operation has traditionally focused on providing services to meet the needs of existing users. Anderson said that he doesn't expect Dell to quickly gain new services contracts due to the acquisition of Perot. Enterprise aren't likely to exit existing contracts with other services providers.

SAP said Wednesday it contacted Oracle and its CEO, Larry Ellison, in recent months over concerns about the future of the Java programming language and competition in the database market, not to offer help facilitating Oracle's purchase of Sun Microsystems, which is being held up by a European antitrust review. The editorial was based on a letter sent to Ellison on Sept. 15 by SAP CEO Léo Apotheker, which consisted of the following statement, according to the Journal: "As you know, we have significant concerns about Oracle's proposed takeover of Sun. The statement follows a recent Wall Street Journal editorial that speculated about the latter possibility. We renew our invitation to meet to attempt to resolve our concerns and other open issues between our companies.

SAP "strongly rejects" the editorial's "misleading speculation," Wednesday's statement said, reiterating remarks by an SAP spokesman earlier this week. Please let us know if and when you would like to meet." The Journal noted that "other issues" between the two companies include an ongoing intellectual property lawsuit Oracle filed against SAP in connection with TomorrowNow, a now-shuttered subsidiary of SAP that provided third-party support for Oracle applications. Instead, SAP has "concerns about customer choice in the database market and the future open licensing of Java," and first contacted Oracle and Sun about the matter "as far back as the end of July 2009." "Since there was no response, our CEO Léo Apotheker took the initiative and wrote to both Oracle and Sun CEOs in the middle of September to voice our concerns again, offer a dialogue, and attempt to clarify the issues. Meanwhile, this week the European Commission issued a formal statement of objections to Oracle and Sun regarding the merger. We have not heard back from Oracle, but instead found Léo Apotheker's letter leaked to the press last week," the statement adds. "This is both telling and disappointing as it demonstrates that there is no real interest by Oracle to listen and explain how it wants to ensure the required level of customer choice in the database market as well as open access to Java." In a blog post on Monday, SAP CTO Vishal Sikka also called for more openness in Java.

The body is particularly concerned over the fate of Sun's open-source MySQL database if it comes under Oracle's ownership. An Oracle spokeswoman declined comment.

The European Space Agency wants volunteers to take the 520-day trip to Mars. Starting in 2010, an international crew of six will simulate a 520-day round-trip to Mars, including a 30-day stay on the Martian surface. Well ok, a simulated version of the red planet voyage but you would get to go to Moscow and pretend you were on a spaceship. The 'mission' is part of the Mars500 program being conducted by ESA and Russia's Institute of Biomedical Problems (IBMP) to study human psychological, medical and physical capabilities and limitations in space through fundamental and operational research.

For the surface exploration, half of the crew will move to the facility's Martian simulation module and the hatch to the rest of the facility will be closed, ESA stated. NetworkWorld Extra: 10 NASA space technologies that may never see the cosmosTop 10 cool satellite projects The crew will follow a program designed to simulate a 250-day journey to Mars, a 30-day surface exploration phase and 240 days travelling back to Earth. The reason for such research? When contemplating missions beyond Low Earth Orbit, such as to the Moon and Mars, daily crew life and operational capabilities may be affected by the hazardous space environment, the need for full autonomy and resourcefulness, the isolation, the interaction with fellow crewmembers and other aspects, the ESA stated. When preparing for long-duration space missions beyond the six month range currently undertaken by Expedition crews on the International Space Station (ISS), medical and psychological aspects become an issue of major importance.

Potential Mars explorers should be 20-50 years old, motivated, in good health and no taller than 6ft. Candidates must have a background and work experience in medicine, biology, life support systems engineering, computer engineering, electronic engineering or mechanical engineering, the ESA stated. They should speak one of the working languages: English and Russian. Except for weightlessness and radiation, the simulations will be as close to a real Mars mission as possible including: • The crew will live and work in a facility in Moscow, which has been specifically designed for the needs of these simulations. Additionally, private communication to family and friends will be limited comparable to a spaceflight situation.• During work time the crew will conduct scientific experiments, perform physical exercise, as well as tasks related to maintenance of the facility, life support system control and maintenance, sanitary and hygienic procedures Selection will be based on education, professional experience, medical fitness and social habits.

The facility comprises a medical module: it will accommodate up to 2 crewmembers in case of illness, and has equipment for routine medical and laboratory investigations; living quarters with 6 individual compartments; a kitchen-dining room, living room and a toilet; a Mars landing module, which will only be used during the 30 day Mars orbiting phase and; a storage module containing food supplies, an experimental greenhouse, sauna and gym.• Nutrition and hygiene of the crewmembers will be comparable to that on-board the ISS, i.e. food will be predefined and carefully rationed, there will be no shower, smoking and consumption of alcoholic beverages will not be allowed.• The crew will largely be autonomous, which will be expressed in independent decision-making, control of the environmental situation and of consumable resources, to name a few.• A signal passage delay of up to 20 minutes one-way during communication of the crew and the ground-based control center will be gradually built in with the aim of simulating a real interplanetary mission. Following an initial assessment, potential candidates will have to submit results from medical tests and will then be invited for interview, to be screened in a process similar to that used in astronaut selection. You have to be a citizen of ESA Member States meaning: Austria, Belgium, Switzerland, Czech Republic, Germany, Denmark, Spain, France, Greece, Italy, Ireland, Norway, The Netherlands, Sweden and Canada. The kicker?

IBM's lawyers have a busy winter ahead of them as Big Blue attempts to fight off antitrust accusations related to its mainframe business and an IBM employee faces allegations of insider trading. Moffat, the head of IBM's Systems and Technology Group, was placed on a leave of absence. Biggest tech crime stories The U.S. Department of Justice has issued formal requests for information related to a complaint lodged by the Computer and Communications Industry Association (CCIA) about IBM's actions in the mainframe market, as the IDG News Service reported Oct. 8. In a separate incident, the U.S. Securities and Exchange Commission last week charged IBM executive Robert Moffat with insider trading.

Big Blue will suffer a blow to its reputation, but ultimately survive these legal problems, says Bob Djurdjevic, a longtime industry analyst who founded Annex Research in 1978, and was an IBM employee for eight years performing technical, sales and management functions. "If there's any company that's always been a model of pristine behavior, being above it all, it was IBM," Djurdjevic says. "I don't think it will have an effect on IBM's business because it has deep talent. Out of the three, the insider trading allegation "probably hurt the most," he writes. However, it is a black eye to IBM's reputation." Djurdjevic writes that IBM is dealing with "triple trouble," referring to the two legal incidents and a beating taken by IBM stock. According to the IDG News Service, "Moffat allegedly provided insider information when IBM was considering acquiring Sun Microsystems to Danielle Chiesi, a portfolio manager at New York-based New Castle Funds. Oct. 16 may go down as a "Black Friday" in IBM history, he says. "When this writer worked for IBM in the 1970s, we had to be holier than thou," he writes. "No disparaging of competition. Chiesi allegedly made trades on behalf of New Castle Funds based on the tips and generated about $1 million in illegal profits." Djurdjevic notes that "accused doesn't mean convicted," but he writes about what seems to be a negative shift in IBM culture.

No special deals. No longer. Selling only at list prices. … Being lily white and pure as mountain spring water was ingrained as part of the Big Blue culture. Not after what Bob Moffat, senior IBM vice president in charge of all of company's hardware, has been accused of doing - passing proprietary company information to his Wall Street co-conspirators for personal gains." As for IBM's mainframe problem, the company is accused of refusing to issue licenses for its z/OS mainframe operating system to competitors. IT analyst Joe Clabby criticizes the CCIA complaint in an article titled "Mainframe Monopoly?" for a weekly newsletter issued by the Pund-IT research firm.

The CCIA trade group says this alleged tactic is limiting competition and preventing mainframe customers from finding less expensive alternatives. One could argue that IBM does have a monopoly, owning more than 90% market share in the mainframe world, Clabby writes. Even if IBM has a monopoly, that doesn't automatically make the company guilty of anti-competitive behavior, Clabby continues. "Ultimately, the biggest question on the table is whether other vendors should have a right to deploy z/OS on other platforms," Clabby writes. "If allowed to do so, competing vendors could undermine IBM's mainframe pricing structure by delivering lower-cost alternatives to mainframe hardware. But a mainframe is a type of server, and "mainframes represent only .03% of the server market by volume," he notes. And, to us, that would be unfair." The Department of Justice has not commented on the complaint, so it's difficult to tell when it will be resolved.

Moffat was one of six people charged with insider trading, a group that included an Intel executive, and there could be more arrests coming. The Moffat case could be tied up in the court system for months or years, as is typical with large criminal investigations. IBM continued on its usual path this week, announcing software for management of virtual servers and a desktop package to compete against Microsoft's Windows 7. Whether Big Blue's legal troubles bring any long-lasting harm to the company remains to be seen. Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Among a slew of online cybercrime forums, Pay-Per-Install.org stands out as a malware flea market where shadowy pushers of Trojan downloaders and tools for evading detection are bargaining with thousands of would-be "affiliates" willing to compromise victims' computers globally and get paid for it. Those who do the dirty work are paid $140 for every 1,000 U.S. computers they seed with bits of malware, to ready these victims' computers for other types of criminal assaults such as stealing financial data, sending spam or pushing fake antivirus software. Top dollar goes to anyone who can compromise computers in the United States.

The pay-per-install rate drops to $110 per 1,000 computers in the United Kingdom; $60 in Italy; $30 in France and just $6 in Asia. The online forum encompasses about 10 distinct entities, such as TrafCash.com and earning4u.com (believed since August to be the new name of InstallsCash), angling for affiliates to do their dirty work to take control of computers they can exploit. "They don't want infection of Russian computers," Stevens says. Curiously, Russia and several of Russia's neighbors, such as Belarus and Ukraine, are considered off limits.  America's 10 Most Wanted Botnets "They will not pay for installs in Russia or former Soviet Bloc countries," says Kevin Stevens, a researcher at SecureWorks, which recently issued a report delving into the malware bargaining that goes on at Pay-Per-Install.org. Some rogue antivirus software even has an installer component that checks to see if a user has visited sites such as Google.ru (the Russian-language Google site) or vkontackte.ru, and if so will exit immediately. In addition, the earning4u site, which is among the most notorious, has a Russian IP address. Many researchers suspect Russian-speaking kingpins to be the key players at Pay-Per-Install.org, where forum discussions go on in both Russian and English.

There's plenty of speculation why big-time malware pushers such as earning4u.com wouldn't want to mess with computers owned by Russians or in countries bordering Russia where many ethnic Russians reside. It's only in the past couple of years that Pay-Per-Install.org has emerged as what's perhaps the biggest of the crimeware forums, Chien says. But the most likely explanation is one put forward by Benjamin Edelman, assistant professor at Harvard Business School in its negotiations, organizations and markets unit. "Why would Russian law enforcement want to pursue attacks that never hurt Russians?" Edelman says. "By declining to hurt people in their own country, they discourage law enforcement from pursuing them." Crimeware forums flourish Geographic motivations aside, it's the contentious marketplace at Pay-Per-Install.org - where thousands of affiliates demand to be paid or brag about numbers of computers infected - that draws the main interest from security researchers. "The hot thing now is rogue antivirus software,'" says Eric Chien, technical director at Symantec's security technology and response division. "It pops up and says you're infected, convincing users to go pay $70 to get de-infected." Most of the code writers for the pay-per-install sites are believed to be based in Eastern Europe or Russia, Chien says. The site has been around for at least five years, and early on it catered to the adware industry. But that era of quasi-legitimate software is largely gone, replaced with blatant crimeware designed to steal and deceive to make a buck. Though adware is widely detested, its propagandists made some defense of legitimacy.

Today, Pay-Per-Install.org is "a primary way that people get malware," Chien says, noting a large number of major threats, such as Virut and Vundo, originated as pay-per-install programs. The affiliates get paid via payment methods that include e-gold, WebMoney, PayPal, Fethard, Western Union, MoneyGram, Anelik and ePassporte. The malware pushers at Pay-Per-Install.org keep track of ever-changing numbers of computers under control, which call home to report on successful installations. It's known that affiliates use a variety of methods to get malware installed on each victim's machine, which include exploiting peer-to-peer networks such as BitTorrent and eMule. Pay-Per-Install.org., to encourage its affiliates, offers guidance on how to use a "seedbox," a dedicated server to upload and download digital files to spread the malware since peer-to-peer sites try to keep malware out of their networks. Pay-per-install affiliates might bind a malicious file to a legitimate program and upload the bundled file, with the goal to have computer users download the malicious bundled file and execute it, SecureWorks points out.

Other means, including malicious downloads from compromised Web sites, are evidence of spreading pay-per-install malware. Malware pushers also sell crimeware applications called crypters that can be used to hide malicious code once it's on victimized computers. This could be done by outside attackers or rogue insiders. One example is PXCrypter, which costs $75 and includes one "stub," which is available to perform the decryption; additional stubs cost $25. Pay-per-Install.org has a Trojan downloader for sale called SDdownloader or Silent Downloader, which normally costs $300, but is on sale now for $225. The download managers let attackers infect a computer and force it to download and install any pay-per-install malware upon command. Tools such as XRumer can announce an attacker's Web site by posting messages about it wherever possible online. And in the twisted business world of Pay-Per-Install.org, scammers also make use of what's called "black hat search-engine optimization" to direct traffic to their sites that host malicious code.

Another method is to use "doorway pages," which are Web pages that list many keywords in an attempt to increase the search-engine ranking, according to SecureWorks. Only a determined effort to stop the people behind them will have any impact, Chien points out, as they can move apparatus like domain names around to so-called "bulletproof hosting," or rogue providers that will look the other way. So far, the international crimeware pay-per-install rings have gone largely unchecked, many say.

Amazon plans to start selling its Kindle reader in over 100 countries and territories on Oct. 19, and the company has already started booking pre-orders for the device on its web site. The Kindle was earlier only available in the U.S. Amazon has been working with publishers for many months to build a vast selection of English language books available around the world, said Stephanie Mantello Ward, a spokeswoman for Amazon, in an e-mail on Wednesday. Amazon is selling the Kindle with U.S. & International Wireless to customers in Asia, Africa, Europe, Australia and South America, for US$279 for a reader with a 6-inch display and the ability to wirelessly download books and other content globally, the company said on Wednesday. Amazon also has some books in languages other than English, but its focus right now is to provide its customers with the best possible experience for English-language content, she added.

She did not give a reason why China was not included in the current launch. The Kindle will not be sold in China because Amazon is unable to ship the Kindle or offer Kindle content to Chinese customers, the company said. "We want to ship Kindle everywhere, and we're working on it," Ward said. Best-seller books will cost $11.99 or more for international customers, with about 100,000 other titles available for less than $5.99, Amazon said. Amazon also said that it is lowering the price of the 6-inch display Kindle in the U.S. from $299 to $259. The Kindle DX, which has a 9.7-inch display, retails for $489. The Kindle with U.S. & International Wireless is 0.36 inches thick and weighs just over 10 ounces, Amazon said. These prices are higher than in the U.S. where most best sellers cost $9.99. As Amazon is selling from the U.S. store, the prices of the books in international markets are denominated in U.S. dollars rather than local currencies. "We aren't announcing a timeline today for payments in other currencies," Ward said. Its 2GB of memory holds up to 1,500 books.

Customers who buy a Kindle in a country without Whispernet coverage will be able to purchase content from the Kindle Store through a PC and download it to their Kindle through a USB (universal serial bus) cable, Ward said. The device features an experimental text-to-speech feature, Amazon added. Whispernet is a wireless delivery system for the Kindle that allows a user to download books and other Kindle content. AT&T will be offering the service to international users of the Kindle.

A new service designed to let Twitter users make short, tweet-like phone calls to one another begins its beta testing period today. It's set up to allow Twitter users to launch two-minute, two-way voice chats with any other Twitter user - even without knowing the other person's phone number. Jajah, Inc. , an IP communications company based in Mountain View, Calif., launched the free service, called Jajah@call today. To use the new service, people have to be users of both Twitter and Jajah, the person receiving the call has to be a Twitter follower of the person making the call.

That will certainly be something to behold - and perhaps a sign of the apocalypse." Social networking seems to be leaving the realm of text-online behind. In a statement, Jajah said the system should work on any Twitter platform - from a computer to a mobile phone. "Essentially, this is adding Skype-like functionality to Twitter," said Dan Olds, an analyst at Gabriel Consulting Group. "This is certainly a valid extension for the Twitter platform, but the one-to-one nature of the feature as it is now is a bit different than the existing Twitter model. "If this catches on," he added, "further developments might include the ability for Twitterers to call all of their followers, which would certainly make it a lot easier for them to stream their every thought and activity without even having to take the trouble to type. Earlier this week, Vivox, a Boston-based company, announced that engineers there are working on an application that should enable Facebook users - whether individuals or groups - to have voice chats online. Vivox said it's looking to add a new dimension to online reunions or meetings. "With Facebook adding much the same functionality, it looks like social networking is moving away from typing all of a sudden," added Olds. "These new mechanisms will be used, but voice probably won't prove to be a must-have feature for most users."

Data center managers should turn server temperatures up to 75 degrees Fahrenheit, and adopt more aggressive policies for IT energy measurement, Gartner says in a new report.  Five tools to prevent energy waste in the data center After conducting a Web-based survey of 130 infrastructure and operations managers, Gartner concluded that measurement and monitoring of data center energy use will remain immature through 2011. Only 7% of respondents said their top priorities include procurement of green products and pushing vendors to create more energy efficient technology. In a troubling sign, 48% of respondents have not yet considered metrics for energy management. In general, data center managers are not paying enough attention to measuring, monitoring and modeling of energy use. "Although the green IT and data center energy issue has been on the agenda for some time now, many managers feel that they have to deal with more immediate concerns before focusing attention on their suppliers' products," Rakesh Kumar, research vice president at Gartner, said in a news release. "In other words, even if more energy efficient servers or energy management tools were available, data center and IT managers are far more interested in internal projects like consolidation, rationalization and virtualization." About 63% of survey respondents expect to face data center capacity constraints in the next 18 months, and 15% said they are already using all available capacity and will have to build new data centers or refurbish existing ones within the next year.

Gartner issued four recommendations for improving energy management: • Raise the temperature at the server inlet point up to 71 to 75 degrees Fahrenheit (24 degrees Celsius), but use sensors to monitor potential hotspots. • Develop a dashboard of data center energy-efficient metrics that provides appropriate data to different levels of IT and financial management. • Use the SPECpower benchmark to evaluate the relative energy efficiency of servers. • Improve the use of the existing infrastructure through consolidation and virtualization before building out or buying new/additional data center floor space. CDW surveyed 752 IT pros in U.S. organizations for its 2009 Energy Efficient IT Report, finding that 59% are training employees to shut down equipment when they leave the office, and 46% have implemented or are implementing server virtualization. In addition to Gartner's report, a recent survey by CDW illustrates trends related to data center efficiency. The recession has helped convince IT organizations of the financial value of power-saving measures, with greater numbers implementing storage virtualization, and managing cable placement to keep under-floor cooling chambers open and thus reduce demand on cooling systems. Data center managers are finding it easier to identify energy efficient equipment because of the Environmental Protection Agency's new Energy Star program for servers. CDW found that 43% of IT shops have implemented remote monitoring and management of their data centers, up from 29% the year before.

But data centers are still missing many opportunities to save money on energy costs. "Energy reduction efforts are yielding significant results … Still, most are spending millions more on energy than necessary," CDW writes. "If the average organization surveyed were to take full advantage of energy-savings measures, IT professionals estimate they could save $1.5M annually." Follow Jon Brodkin on Twitter 

Ciena has agreed to acquire Nortel's Metro Ethernet Networks business for approximately $521 million in cash and stock. The two companies earlier this week confirmed they were in an advanced stage of negotiations for the sale.  Ciena will pay $390 million in cash and 10 million shares of Ciena stock for Nortel's MEN business. Hottest tech M&A deals of 2009 The MEN business includes Nortel's optical networking and Carrier Ethernet assets. Ciena's stock closed yesterday at $13.05. The product and technology assets to be acquired include Nortel's long-haul optical transport portfolio, including the 40G/100Gbps systems; metro optical Ethernet switching and transport solutions; Ethernet transport, aggregation and switching technology; multiservice SONET/SDH product families; and network management software products.

The assets to be acquired generated approximately $1.36 billion in revenue for Nortel in 2008 and $556 million in the first six months of 2009. Nortel says it has deployed 430,000 optical nodes to more than 1,000 customers in 65 countries, making Nortel – along with Ciena – one of the leading optical transport and switching vendors worldwide. "We believe this transaction will position us for faster growth by giving us greater geographic reach, broader customer relationships and a deeper portfolio of solutions," said Gary Smith, Ciena's CEO and president, in a statement. "We believe we are best positioned to leverage these assets, thereby creating a significant challenger to traditional network vendors." Ciena says it expects to offer employment to at least 2,000 Nortel employees, which represents more than 85% of Nortel's optical networking and Carrier Ethernet workforce. The agreement also includes all patents and intellectual property that are predominantly used in the businesses, and provides for the transition of substantially all of Nortel's Optical Networking and Carrier Ethernet customer contracts. As of July 31, Ciena employed 2,110. Nortel's bankruptcy: A long time coming "Today's announcement is a positive step forward for the future of Nortel's Optical Networking and Carrier Ethernet customers and employees," said Philippe Morin, Nortel MEN president, in a statement. "The sale of these businesses to a strong and stable buyer enables the innovation of one of the foremost leaders in the optical industry to continue to thrive." The transaction is subject to a "stalking horse" competitive bidding process and requires the approval of the United States Bankruptcy Court for the District of Delaware and the Ontario Superior Court of Justice Ciena expects hearings before those courts to approve bidding procedures, break-up fee and expense reimbursement will be held within the next several weeks, followed by a bid period and a potential auction, with final sale hearings to be held thereafter. Nortel is liquidating assets after having failed to restructure the company under Chapter 11 bankruptcy as a viable telecom competitor. The transaction is also subject to customary closing conditions, including receipt of necessary regulatory approvals.

To date, Nortel has sold its CDMA and LTE wireless assets to Ericsson for just more than $1 billion and its Enterprise Solutions business to Avaya for just less than $1 billion. It's also looking to sell its GSM wireless business. 

As IBM moves to upgrade its cache of social networking tools, some users are taking a cautious approach to the technology while figuring out where it will apply and how to measure its effectiveness. The new 2.5 version software includes micro-blogging, file sharing and new mobile capabilities. Where IT pros do their social networking IBM Tuesday unveiled Lotus Connections 2.5, its upgraded lineup of social networking tools that are a major expansion to the company's suite of collaboration software.

But some of the features are expanding faster than users' plans to utilize the software. The company's manager of messaging and collaboration asked for anonymity because he was not authorized to speak on the record. One Connections 2.5 beta tester, a global consumer product corporation, is taking a deliberately slow approach to rolling out the social collaboration tools. The company started slow with a few hundred users who were only allowed to communicate with each other. At that point, the manager says, the number of users exploded by 650% to a few thousand. The group's size was eventually doubled and then the tools were opened up companywide.

Despite the growth, the company is still "seeding the environment," said the manager, but a broader rollout is planned. We will likely "wind up doing it anecdotally," said the manager. "The things we're struggling with there is that this doesn't match the ROI [metrics that executives] are used to looking at. The harder part to plan is the expected results because the company has yet to figure out how to measure its return on investment. How do you measure, 'we recruited this person because of the [collaboration tool]?'" While results are hard to gauge, the broader, anticipated benefits are being defined in the context of capturing and recording corporate knowledge. The worker could develop a how-to guide for use by others, he said.

For example, a certain administrative assistant may routinely be tasked with booking a certain type of event, said the manager. The manager said it is a good time to ramp up internal communities and knowledge-sharing because as the economy and job markets rebound, workers who may have suffered pay or benefit cuts amid the recession will be looking to move on. "Now is the time to get people to put information in, so you're not losing it on the back of a Post-it note." Follow John on Twitter. -Kanaracus is with the IDG News Service Follow Chris on Twitter.

After a stinging critique from a noted expert in establishing consortia, the leader of Microsoft's new CodePlex Foundation says such frank evaluation is welcome because the open source group's structure is a work in progress. The CodePlex Foundation's aim is to get open source and proprietary software companies working together. Sam Ramji, who is interim president of the CodePlex Foundation, was responding to last week's blog by Andy Updegrove, who said the group has a poorly crafted governance structure and looks like a sort of "alternative universe" of open source development.

Updegrove, a lawyer, noted expert on standards, and founder of ConsortiumInfo.org, laid out in a blog post five things Microsoft must change if it wants CodePlex to succeed: create a board with no fewer than 11 members; allow companies to have no more than one representative on the Board of Directors or Board of Advisors; organize board seats by category; establish membership classes with rights to nominate and elect directors; and commit to an open membership policy. He added, however, "There are some best practices [for running the boards of non-profits] that we are not as familiar with as we would want to be." Slideshow: Top 10 open source apps for Windows  Stephanie Davies Boesch, the foundation's secretary and treasurer, is the only board member with experience sitting on a non-profit's board. Despite the stinging tone in Updegrove's assessment, Ramji says he is thankful for the feedback. "Andy's been incredibly generous with his expertise and recommendations," Ramji says. "It is the kind of input and participation we were hoping to get by doing what is probably non-traditional for Microsoft but not necessarily non-traditional for non-profit foundations, which is to basically launch as a beta." For instance, Ramji says that the decision to go with only five people on the board came from Microsoft's experience that larger groups often have difficulty with decision making. Ramji says Updegrove's suggestion to have academic representation on the board was "outstanding. And basically it is re-writable.

We did not think of that." And to Updegrove's point on becoming an open membership organization, Ramji says, "our goal is to become a membership organization and Andy has some excellent recommendations for that."He says the fact that Updegrove took the time to respond "in the format that he did is more proof that there is something worth doing here." Ramji, compares the Foundation's formation to the early days of a software development project. "We have said in these first 100 days we are looking at everything as a beta. Obviously, there are some areas like contributions and licensing agreements we put a lot of time into but even those can be modified." Microsoft announced the foundation Sept. 10 with a stated goal "to enable the exchange of code and understanding among software companies and open source communities." The company seeded the group with $1 million and Microsoft employees dominated the interim board of directors and board of advisors. One is a call for a broad independent organization that can bridge cultural and licensing gaps in order to help commercial developers participate in open source. Ramji says the foundation has spent the past couple of weeks listening to feedback in "Twitter messages, email, and phone calls in order to understand what people hope this can be." Within that feedback two patterns have emerged, Ramji says. The other focuses on creating a place where open source .Net developers can gain strong backing. "Look at projects related to Mono, you also can look at NUnit, NHibernate, we really feel optimistic that the Foundation could help them gain a higher level of credibility in the open source community. Miguel de Icaza, the founder of the Mono project and the creator of the Gnome desktop, is a member of the Foundation's interim board of directors.

They feel they have been lacking that strong moral support," Ramji says. From a high level, Ramji says the Foundation stands as a sort of enabler that helps independent developers, companies and developers working for those companies navigate the nuances and practices of open source development so they can either contribute source code to projects or open source their own technologies. "One suggestion has been that the Foundation should house all the best practices we have seen software companies and open source communities use," said Ramji. "We want to have a place where everyone interested in how to participate can come and read and if they choose they can use our license agreements or can use the legal structure of the Foundation to grant patent licenses and copyrights for developers and derivative works." Those licensing agreements have a distinct focus, Ramji said, on the rights that are related to code that is being contributed and on how to contribute the patent rights on that code. Ramji says the goal is to service multiple projects, multiple technologies and multiple platforms rather than having one specific technology base, which is how most current open source foundations are structured. "It's early days and we have received a lot of good ideas from experts in a variety of fields from law to code to policy that is what we had hoped for," says Ramji. "Someone wrote it is nice to see Microsoft engaging early on without all the answers and to have the community solve what they would like to see. Once those issues are settled, code would be submitted using existing open source licenses. That is satisfying for me and refreshing to others. This is the right way to proceed." Follow John on Twitter

Sexy consumer start-ups traditionally grab the headlines at the semi-annual Demo conferences. Take Lunchster and its Web app for automatically scheduling lunch meetings. This year was no exception, with excitement centering around Micello's "Google Maps inside a building" and Emo Labs "invisible speakers." But some of the fledgling companies at DemoFall 09 didn't seem fully hatched. USA Today reporter Ed Baig was "a little baffled" by it, while Microsoft director of business development Don Dodge wondered about Lunchster's potential business model.

One Demo attendee wrote that he was "baffled looking for the innovation." Some see the premature launches as the result of "Release early, release often" agile development models favored by some Web companies combined with a lack of resources in today's tough funding environment. "You may have a big vision, but sometimes you need to chew it off in steps," said Chris Shipley, the longtime executive producer of Demo, who is retiring after running the show for 13 years. Or take dotSyntax LLC, which showed off a Twitter client for its IM app, Digsby. But that tactic can leave start-ups struggling to distinguish themselves in a crowded market, said Venetia Kontogouris, a managing director with venture capital firm Trident Capital. "If you're a small firm, how do you cut through the worldwide clutter?" she asked. Keen Systems Inc., for instance, launched a turnkey e-commerce Web store for independent commercial printing companies at Demo. Finding success in niches Business-to-business start-ups, by contrast, tend to target more obscure niches and problems. Vitaly M. Golomb, CEO of the San Francisco start-up, is a former turnaround executive of commercial printing companies.

Most of them either have built expensive-to-operate custom Web storefronts, or they continue to do some work, such as process graphics files and bills, in a laborious, non-integrated fashion, he said. He said the opportunity is sizable: a $162-billion-a-year industry in the U.S. composed of 36,000 businesses. Targeting a niche allows B2B start-ups to operate in low-pressure stealth mode for longer periods, giving them time to perfect their product before hitting the market. For $29 a month, FuzeBox supports up to 1080p video streaming to PCs and 720p streaming to iPhones and BlackBerries. FuzeBox Inc., for example, had 30 developers working for a year and a half before it launched its high-definition, video-enabled webconferencing tool. "There was the sense that the business customer is more discriminating, and thus you only get one chance to get it right," said Rafael Alenda, director of marketing for FuzeBox. That is better quality on a wider variety of devices than incumbents like Cisco Systems Inc.'s WebEx, according to the San Francisco start-up.

Granted, Demo has been the launch pad for successful consumer companies. Hosts invite attendees via Twitter and FaceBook, or via instant messaging sent to the most popular IM networks, including AOL Instant Messenger, Yahoo Messenger, Windows Live Messenger and even Microsoft's corporate Office Communication Server (OCS), according to Patrick Moran, chief marketing officer for FuzeBox. The PalmPilot and the Tivo both debuted at Demo. And eight of the 11 start-ups honored by Demo's "lifetime achievement awards" on Wednesday roughly fall on the B2B side of the fence. "In this economy, enterprises are sexy," said Ravit Lichtenberg, a Silicon Valley start-up consultant with Ustrategy. But so did Salesforce.com, VMware, Adobe's AIR platform, WebEx, blogging platform Six Apart and wireless chip maker Atheros Communications Inc. Not that some of the B2B firms at Demo didn't try to rise transcend the label.

But they also appeal to the software's target market - artsy designer types - along with the features, which Van Sydow boldly claimed, "are the first that give designers a report they can actually read, and metrics they are interested in." Besides conventional stats, such as ad clickthroughs, Rich also measures "visibility" - whether visitors scrolled down low enough on the Web page to see an ad - and "view-throughs" - how many of those people then noticed the ad. Swedish start-up Burt AB named its Web ad metrics tool "Rich." The ironic names capture the personality of Burt's CEO, Gustav Van Sydow, and his fellow 20-something employees. These stats help designers figure out if the ad succeeded or failed because of its quality, or because of factors beyond their control such as its placement on the Web page, Van Sydow said. RumbaFish's real-time analytics let marketers quickly fine-tune their campaigns, such as raising the value of rewards like gift cards for consumers who tweet about their brand, said CEO Michelle Bonat. "You never really know as a marketer what will work," Bonat said. "This is an easy way to iterate and change your campaign." Launched this week, Rumbafish costs between $50 a month for a small company to $10,000 a month for a large enterprise. Another firm, RumbaFish, helps Web marketers set up and track promotional campaigns on Twitter, MySpace, LinkedIn and FaceBook.

That's still a bargain, maintains Bonat, compared to the costs for custom, short-term Twitter campaigns by some corporations. Other noteworthy B2B product releases from DemoFall 09: * Enroute Systems Corp.'s ShipIt! Web app for cutting postage costs * 80legs Inc.'s custom webcrawling service. * Hashwork, which wants to bridge the gulf between personal and corporate Twittering. * Symform Inc.'s unique cloud storage 'co-op' * LeapFILE Inc., which promises enterprise-grade file collaboration for any app.

With the hope of sparking Windows 7 upgrades, Microsoft is planning an early release of its suite of desktop deployment tools.  The tools were originally slated to ship in early 2010, but Microsoft hopes to give customers the software in late October for use in rollouts of Windows 7 across corporate desktops. The news of the early release was announced by Ran Oelgiesser, senior product manager for MED-V, on the MDOP blog. The catch is that the Microsoft Desktop Optimization Pack (MDOP) R2 2009 is only available to volume licensing customers with Software Assurance contracts.

Slideshow: Snow Leopard vs. All the tools in MDOP R2 2009 will include support for Windows 7 except MED-V. Support for the new OS in MED-V 1.0 SP1 will come early in 2010, wrote Oelgiesser. Windows 7 Windows 7 is slated to ship to commercial customers on Oct. 22, but corporate users with volume licensing contracts have had access to Windows 7 since last month. MED-V runs multiple versions of Windows or applications concurrently without having to open multiple virtual machine sessions. The suite is a major part of Microsoft 's Optimized Desktop strategy, which addresses centralized management and deployment of physical and virtual resources. The software complements another MDOP tool called App-V, which is used for managing and deploying virtual PCs. The MDOP lineup also includes Asset Inventory Service; System Center Desktop Error Monitoring; Advanced Group Policy Management (AGPM) for change management via group policy objects; and the Diagnostics and Recovery Toolset, which helps in recovering a crashed PC. MDOP is composed of software from Microsoft's purchases of Softricity, Kidaro, AssetMetrix, Winternals Software and DesktopStandard.

According to Oelgiesser, App-V 4.5 SP1 will have various integration points with 32-bit versions of Windows 7, including with the AppLocker, Branch Cache and BitLocker ToGo features. The 64-bit version, App-V 4.6 will be available in the first half of 2010. Advanced Group Policy Management 4.0 features two new capabilities targeted at Windows 7. One allows users to manage group policies across different domains, and the other provides new search and filtering to ease tracking of group policy objects. In addition, the software will support 32-bit version of XP, Vista and Windows Server. Follow John Fontana on Twitter 

Scammers tricked the New York Times' Digital Advertising department into placing a malicious ad for fake antivirus software on the NYTimes.com Web site over the weekend, the company confirmed Monday. According to the Times, the scammers initially claimed to be Internet phone provider Vonage, and had placed what appeared to be legitimate Vonage ads on the Web site. The newspaper had warned of the scam advertisement Sunday, after receiving about 100 e-mails from concerned readers.

However, sometime over the weekend, they switched these ads for aggressive pop-up advertisements that tried to trick victims into thinking that their computers were infected. When the complaints started pouring in, the Times first suspected that the ad had been unauthorized, and pulled third-party advertisements from the site. The point of the scam was to sell worried computer users a product called Personal Antivirus, a fake "scareware" product that bombards victims with popup ads until they either hand over their credit card information or somehow manage to remove the program. But on Monday spokeswoman Diane McNulty confirmed that the ad had been submitted directly to the company's online ad department. "The culprit masqueraded as a national advertiser and provided seemingly legitimate product advertising for a week," she said via email. "Over the weekend, the ad being served up was switched so that an intrusive message, claiming to be a virus warning from the reader's computer, appeared. " Technology executive Troy Davis was hit with the ad after he clicked on a Times story about Dubai on Saturday night. This gave the criminals a way to include embedded Web pages in their copy that could be hosted on a completely different server, outside of the control of the Times. After his antivirus software warned him not to visit the article, he performed an analysis of the site and discovered that the Times was allowing advertisers to embed an HTML element known as an iframe into their advertisements.

Apparently the scammers waited until the weekend, when it would be hardest for IT staff to respond, before switching the ad by inserting new JavaScript code into that iframe. It was, of course, all just a fake. That code redirected Davis's browser to the Web site that served a pop-up ad designed to look like a Windows system scan that had found security problems on his system.

As expected, the Federal Communications Commission has launched multiple inquiries into the wireless industry, one focused on the billing practices of some top carriers and the others aimed at spurring innovation and competition in the market.

The inquiries, announced late last month, come after months of criticism from consumer groups and users who have said that exclusive smartphone deals - such as the one that made AT&T the sole network for Apple's iPhone - and other industry practices are unfairly boosting wireless prices.

Complaints filed with the FCC about wireless industry billing practices rose some 47% between 2007 and 2008, the agency said.

A notice of inquiry is a first step in the process of creating new FCC policy. Seeking input from multiple interested parties is part of that process.

"We are at a pivotal moment in the history of the mobile industry," said FCC Chairman Julius Genachowski during the Aug. 27 FCC meeting where the inquiries were approved. "We are transitioning from a voice-centric world to a world of ubiquitous, mobile Internet access. This transition promises to increase the pace of innovation and investment."

Consumer groups, such as the Washington-based nonprofit organization Free Press, have said that carriers are using exclusive smartphone deals and other policies to help justify higher wireless prices even as their technology investments decline.

"Wireless carriers are charging more but not improving the quality of network service with network buildouts and coverage," contended Free Press policy counsel Chris Riley in an interview.

Riley noted that the major carriers all charge similar prices. He cited texting costs as the "poster child" for the pricing issue, noting that all of the carriers simultaneously raised the price of a text message from 10 cents to 15 cents and finally to 20 cents. "It all happened at about the same time, although I'm not saying they met in a room in Washington to decide on it," Riley added.

GOP Commissioners Say Wireless Industry Inquiries Aren't Needed

The FCC's decision last month to launch inquiries to find ways to boost competition and innovation in the wireless industry wasn't unanimously backed by the agency's five commissioners.

During an Aug. 27 meeting to decide whether to move forward with the inquiries, the two Republican commissioners argued that the industry is performing well for its users and questioned whether the inquiries are needed.

Republican Commissioner Robert McDowell noted that 94% of U.S. residents have at least four mobile carriers to choose from - an indication that there's plenty of competition.

Fellow Republican Meredith Attwell Baker added that over the past seven years, the mobile phone industry has invested an average of $22.8 billion annually to update networks and expand broadband services.

"We stand on the verge of the next generation of wireless broadband products, and the government should proceed with great caution so as to ensure the best outcome for consumers," she said.

In a statement, Steve Largent, president and CEO of wireless industry association CTIA, said that the U.S. has the "least concentrated wireless market on the planet."

He contended that the "wireless ecosystem" - which he said includes everyone from carriers, handset manufacturers and network providers to operating system vendors and application developers - has changed in just three years. "Innovation is everywhere," said Largent.

He said developments like simultaneous price increases would be less likely if the federal government could help inject more competition into the wireless market.

Jack Gold, an analyst at J.Gold Associates LLC in Northboro, Mass., agreed that wireless prices will stabilize only with more competition. "We don't really have true competition, even with multiple carriers," he said.

Gold suggested that the wireless industry needs a period of "true disruption," similar to the one that the U.S. auto industry experienced 30 years ago with the influx of Japanese cars. That era marked the start of the decline of U.S. automakers, but it led to a period of innovation that yielded lower-cost, higher-quality vehicles.

Gold suggested that emerging technologies like WiMax networks or cellular networks created by cable television companies like Cox Communications Inc. could spawn similar disruption in the wireless industry.

He added that some wireless carriers have avoided cutting prices because they fear that a rapidly expanding user base could lead to choked networks as more and more people download videos and other data-rich applications.

AT&T spokesman Mark Siegel defended his company and the industry in general on the subjects of pricing, innovation and exclusive deals. "The U.S. has the lowest per-minute voice price - 5 cents - in the industrialized world, and it's hard to argue with a system that has produced the highest level of innovation in the world," he said.

He contended that smartphone prices are dropping, pointing out that it's possible to buy an iPhone for $99.

AT&T is spending $18 billion in network upgrades, Siegel said. "We feel really good about where we are," he added.

Members of the CTIA, a wireless trade association, are confused by the level of criticism aimed at the industry, especially by charges of overpricing and a failure to innovate, said Christopher Guttman-McCabe, the organization's vice president of regulatory affairs. CTIA membership includes wireless service providers, handset makers and a growing number of vendors of other wireless-based products and services, such as Google Inc.

"I think it's extremely hard to understand the criticism we're hearing," he said. "People pay a hell of a lot less than they paid [for wireless services] 15 years ago, and think of what you get now that you couldn't get then. The wireless industry in the U.S. has the coolest handsets, the applications are more robust, and the networks have the highest speeds with the lowest pricing.

"I'm willing to debate where the industry is from an innovation perspective, but it's not fair to say we're not innovative," Guttman-McCabe added. "Can things get better? Yes. But things will get better."

The CTIA said it plans to provide any information sought by the FCC in connection with the three inquiries.

Gross is a reporter for the IDG News Service.

Microsoft today said it would deliver nine security updates next Tuesday, all but one affecting Windows. Five are pegged "critical," the company's highest threat rating.

One researcher speculated that most of the updates will tackle bugs introduced when a Microsoft programmer added an extra "&" character to a vital code library.

Of the nine updates previewed today in the monthly advance notification, eight affect various versions of Windows, while the ninth deals with vulnerabilities in Office, Visual Studio, Internet Security and Acceleration Server (ISA Server), BizTalk Server and other products.

One of the eight Windows updates also affects what the bulletin dubbed "Client for Mac," and which Microsoft later confirmed refers to Remote Desktop Connection Client for Mac, software that lets Mac users connect to Windows-based machines.

In addition to the five critical updates, four are marked "important," the next rating down in the company's four-step scoring system.

"It won't be a go-take-a-nap month," said Andrew Storms, director of security operations at nCircle Network Security. "The good thing is that we're not looking at a lot [of vulnerabilities] in the public domain, so that should give everyone some time, a week or two at least, to test the updates before they deploy them."

One of the nine bulletins, however, appears to address the only unsolved issue Microsoft has publicly acknowledged: one or more flaws in its Microsoft Office Web Components (OWC). "The outstanding bug we know [exists] they disclosed July 13," Storms said. "And Bulletin 1 today is the only one that affects the Office Web Components. I'd say that Microsoft's on track to patch that this month."

Last month, Microsoft issued a security advisory related to OWC, saying that hackers were already exploiting an unpatched, critical vulnerability in a company-made ActiveX control, putting people running Internet Explorer (IE) at risk. The flawed ActiveX control is used by IE to display Excel spreadsheets in the browser.

Microsoft's advisory went out the day before its regularly-scheduled July batch of security updates; most analysts had not expected to see a fix make the July slate.

Storms' bet that Bulletin 1 will patch the problem seems safe. At the time it issued the advisory, Microsoft warned that users running Office XP, Office 2003, ISA 2004, ISA 2006 and Office Small Business Accounting 2006 were vulnerable to attack through IE. Today, Microsoft called out all those programs, as well as several others, as affected by the expected update.

It's also possible that several of the bulletins outlined today will update Microsoft software that previously contained flaws inherited from a buggy code library, said Storms.

Today's Bulletin 5 looks like the most likely candidate, he said. That bulletin will patch Outlook Express, an entry-level e-mail client Microsoft used to bundle with Windows, as well as update the two newest versions of Windows Media Player. "They could be patching applications that linked to the old library," said Storms, talking about Active Template Library, or ATL. "I wouldn't be surprised if this goes on for a number of months as they go back and check their software."

Just over a week ago, Microsoft rushed a pair of emergency updates to users that plugged multiple holes in IE and Visual Studio. Those vulnerabilities were traced to ATL, a library used by Microsoft and an unknown number of third-party developers to create ActiveX controls and application components. Adobe, for instance, admitted its Flash Player and Shockwave Player were developed using the buggy ATL, and updated both applications late last week after recompiling them with a patched ATL.

Another clue about a connection between Bulletin 5 and ATL comes from a pair of German security researchers, who in early July claimed that several pieces of Microsoft-made software, including Windows Media Player, had used ATL.

The mention of Remote Desktop Connection Client for Mac in Bulletin 2, also hints at an ATL fix. "Client and server side of that equation," said Storms in an instant message follow-up. "Hmm...and remote code [executable], too. It sounds like it's related to the entire Remote Desktop Services."

Remote Desktop Services, which is present on both client and server versions of Windows, is used to access applications and data on a remote system over a network. It was formerly called Terminal Services, which was another Windows component fingered as containing the flawed ATL code by the German researchers.

"I wonder if we aren't looking at an entire month of ATL fixes," said Storms. "One thing I noticed at Black Hat [was that] I didn't see any MSRC [Microsoft Security Response Center] people at the Dowd et al talk when they talked about this [ATL] bug," he added, referring to the Las Vegas security conference that wrapped up a week ago, and a presentation by Mark Dowd, Ryan Smith and David Dewey. "[That] would lead one to believe that [Microsoft had] already worked the issue internally [and that] it was behind them."

But it's impossible to tell the specific components within Windows that Microsoft will patch, and thus what risk users face, until next Tuesday, Storms argued. "It looks like they'll be patching core parts of the operating system," he said. "Sometimes that's a little more worrisome than when Microsoft patches a single application, like IE, because if there's a problem with the patch, the entire OS could go down into a Blue Screen of Death."

Microsoft will release the nine updates at approximately 1 p.m. ET on Aug. 11.

The crew of the space shuttle Endeavour spent this morning continuing their inspection of the protective tiles on the outside the craft as it nears the International Space Station.

The shuttle, which blasted off from Cape Canaveral, Fla. late Wednesday afternoon, is set to dock with the station at 1:55 p.m. EDT today.

NASA reported that during the initial inspection of the tiles, astronauts and engineers in mission control discovered that small foam pieces had been lost from the shuttle's external tank during take off. NASA said the foam pieces caused dents in the shuttle's in outer shield, though it has yet to determine the extend of the damage.

The inspection of the heat shield began yesterday when the Endeavour astronauts used the shuttle's robotic arm to collect data and images about the condition of the outer tiles. The inspection is a routine NASA practice that's done whenever a shuttle reaches orbit.

As part of today's inspection, astronauts rolled Endeavour into a backward flip so that its underbelly is facing the space station. In that position, astronauts onboard the space station can take high-resolution photos of the shuttle's heat shield for viewing by engineers in mission control. Those engineers study the photographs to look for any as-yet undiscovered damage, as well as to calculate the extent of the damage already found.

During Endeavour's 16-day mission, four of the seven crew members are scheduled to conduct five spacewalks in an attempt to finish installing a Japanese laboratory on the space station.

NASA is calling this shuttle trip its most technical mission yet - one that will call on the power of three separate robots. The highly complex mission will include five spacewalks and the use of three robotic arms, with two working together and the other actually "walking" across the outside of the space station.