News from June, 2009

by Timothy Prickett Morgan

The OpenSolaris development release of Sun Microsystems' Unix operating system has only been available officially on x64 PCs, workstations, and servers. The OpenSolaris distribution has not been packaged up for Sparc workstations or servers. Starting today, with the OpenSolaris 2009.06 release, both x64 and Sparc iron are now supported in the distro.

According to the release notes, OpenSolaris 2009.06 can run on all Sun4v-based platforms (that is UltraSparc T1 and T2 machines) and Sun4u-based platforms (that's UltraSparc-II, UltraSparc-III, and UltraSparc-IV machines). These latter machines have to have an OBP level of 4.17 or greater, and across all Sparc machinery, the distro is only available as an Automated Install image. (Fujitsu's Sparc64 platforms were not mentioned as being supported.)

The initial "Project Indiana" OpenSolaris 2008.05 release, which came out a little more than a year ago, was targeted mainly at 32-bit x86 and 64-bit x64 desktops and laptops for students and workstations, and with the OpenSolaris 2008.11 update Sun started pushing the distro as suitable for production workloads on x64 servers.

The OpenSolaris 2009.06 release is notable for a few reasons. Unlike other development operating systems, such as Red Hat's Fedora and Novell's openSUSE, OpenSolaris is available with the full suite of support services from Sun. The support was a bit different than that available on standard Solaris 10 platforms, and with bigger x64 boxes - the kinds that customers use to run production Solaris workloads - Sun was charging higher prices for OpenSolaris than it was charging for Solaris 10. It did so presumably because it was more expensive to deliver 24x7 support on OpenSolaris because the code was a little more raw, as a development release always is.

But starting today, according to Charlie Boyle, director of Solaris product marketing, OpenSolaris 2009.06 and Solaris 10 (in its many updates) have exactly the same Sun Spectrum support prices for silver, gold, and platinum support, and they are the Solaris, rather than the higher OpenSolaris, prices. Solaris and OpenSolaris have the same support contracts, even if they use different mechanisms to deliver support. This is something that Sun's field sales and support people have been asking for because customers wanted it.

The updated OpenSolaris is also the first release of any Sun Unix variant to sport the Project Crossbow networking virtualisation and management stack to market. Crossbow has a reimplemented networking stack with revised architecture that virtualises Ethernet network interfaces and InfiniBand host adapters.

Up until now, Solaris and OpenSolaris tied an Ethernet NIC or InfiniBand adapter to a specific CPU inside of a machine or, in a virtualised environment, to a virtual machine. But with the Crossbow stack, Ethernet NICs and InfiniBand adapters are themselves now virtualised, and system administrators can carve up slices of high-bandwidth networking adapters to provide each VM or processor core with a suitable amount of bandwidth. Before, a fast 10 Gigabit Ethernet or 20 Gigabit InfiniBand adapter card would be tied to a CPU or VM, which it could easily flood.

Boyle says that the Crossbow stack can be managed using standard SNMP tools (for both physical and virtual network links), which means HP OpenView, IBM Tivoli, and other system management tools can reach into the OpenSolaris servers and monitor and manage them. This is not the case, Boyle says, with the "California" Unified Computing System built by Cisco Systems with the help of VMware. "Cisco and VMware do proprietary stuff, and you have to use their tools to manage networking."

OpenSolaris 2009.06 also has fine-grained control for networking, which means you can do traffic shaping and provide quality-of-service guarantees (such as a minimum bandwidth or latency) for the networking for physical and virtual machines. This kind of fine-grain control, and monitoring through dynamic tracing (DTrace) has been available in Solaris for processors and memory capacity for years, but networking has been set up as a shared resource that the operating system can just hog at will. "We now give you the tools to set network limits and the tools to observe the effect of the limits that you set," says Boyle.

In addition to the Crossbow features, OpenSolaris 2009.06 includes a bunch of other tweaks and tucks. The Zettabyte File System (ZFS) is now tweaked to automatically turn any flash-based memory or drives in a system into read and write accelerators for disk subsystems. The native OpenSolaris CIFS Windows file server has been added as a full peer to NFS in OpenSolaris, and faster iSCSI and Fibre Channel block protocols have been added into the OpenSolaris kernel as well.

OpenSolaris 2009.06 already has support for the "Istanbul" six-core Opteron processor whose launch is imminent, and supports most of the features in the "Nehalem EP" Xeon 3500 and Xeon 5500 processors from Intel, which were launched in March. Support for Sun's future "Rock" UltraSparc-RK processors is also in the release, and this software could, in theory, run on Intel's eight-core "Nehalem EX" Xeon 7500 processors, even though they won't be here until next year. Boyle says that more tweaks for the Nehalem and Istanbul processors will come out with the next OpenSolaris release in about six months.

Because Sun is competing against Linux for a lot of accounts, it is always comparing OpenSolaris to Linux. On its Project libMicro performance benchmark suite, OpenSolaris 2009.06 has 35 per cent better memory management, 22 per cent better integer math performance, and 18 per cent better multithread scheduler management compared to the latest Linux releases on the same iron.

According to the release notes, Sun is not planning on putting another OpenSolaris release into the field until 2010, and it is a fair guess that this release will be timed to the eight-core Nehalem EX processor from Intel and the six-core "Lisbon" and twelve-core "Magny-Cours" Opterons. That future OpenSolaris will have full interactive installation on Sparc platforms (including installing a custom spin based on the OpenSolaris repository), and will also presumably support Fujitsu Sparc64 machines. That future OpenSolaris will sport a new Gnome interface, ZFS deduplication and user quotas for storage and "cloud integration." ®

by Gavin Clarke

CommunityOne Microsoft is making its debut at Sun Microsystems' annual Java jamboree in what's looking like a mission of mutual support.

The company will use its first ever JavaOne keynote speech Thursday to talk about the ability to use open-source infrastructure components built by Sun with Microsoft's nascent Azure cloud. Microsoft's come a long way in the last 10 years, having been at one time the subject of a Sun legal action for breaking compatibility on Java with its implementation.

Microsoft will discuss interoperability between Azure and an open-source, high-performance web service stack called Metro for Sun's GlassFish application server to talk to .NET systems, Sun distinguished engineer Eduardo Pelegri-Llopart said during a presentation. Microsoft's executives are due to take the stage on Thursday morning.

It's not clear whether the discussion will focus only on Metro or whether the keynote will address other ways to run GlassFish on Azure and program and deploy Java applications to Azure.

Azure is due later this year, and Microsoft wants to encourage non-.NET developers to build applications on the platform - particularly developers using open source. It recently unveiled the PHPAzure software development kit (SDK) to build apps for Azure and the cloud's underlying SQL-like Windows Azure Storage service's blobs, tables, and queues.

Microsoft and Sun already have a technology interoperability agreement dating from April 2006, which has seen work on servers, security, directories, and web services.

Meanwhile, Sun is expected to use the coming few days at JavaOne to evangelize its own cloud strategy.

Sun's "on track" for "more broader public access this month" of its cloud, senior vice president of cloud computing and chief sustainability officer Dave Douglas told Sun's CommunityOne on Monday. He added: "Of course we love more partners."

Sun had promised to release further details of its cloud offerings this summer when it unveiled its cloud APIs and formally announced its cloud service in March.

A "secure and hardened" virtual machine for use on OpenSolaris in the cloud was also announced with the availability of OpenSolaris 2009.06. The VM is designed to ease concerns people might have that a cloud opens their systems to being hacked through back doors in the VM and the date center.

Sun's cloud computing chief technology officer, Lew Tucker, said the company had: "Turned off underused ports and got rid of services that are not really need, so if you are a developer, not a security expert, you can get on with what you do." Tucker, also pointed to tools under its Project Kenai hosting site to encrypt ZFS snap shots and lock down and secure your data.

But the future of Sun's whole cloud strategy is in question. Several years late, Sun's set of computing and storage options mirror Amazon's existing service. Furthermore, the chief executive officer of the company buying Sun has poured doubt on cloud services. CEO Larry Ellison appears to believe in providing component parts such as virtualization, but not in providing his own cloud service.

Douglas claimed that 3,000 of Sun's staff are currently using its internal cloud.

by Robert McMillan

Sun Microsystems has opened up a test version of its Java Store, which it bills as a Web site where developers can connect with millions of computer users who run Java on their desktop.

Similar to Apple's successful App Store, the site is designed to give consumers an easy way to download Java programs. A beta version of the store launched Tuesday with just a couple of applications – a Java version of the RuneScape online role-playing game and a Java-based Twitter client called Twitter FX – but developers will have until the Java Store's public launch at the end of this year to add programs to it.

The company is also testing a new developer portal, called the Java Warehouse, which Sun says is "the central repository for Java and JavaFX applications." Developers who pay a $50 fee to register with Java Warehouse will then be able to distribute their programs via the Java Store.

At first, Java Warehouse applications will be targeted at Mac and Windows users in the U.S. who use the Firefox, Safari, or Internet Explorer browsers, Sun said.

Sun has had a lot of success promoting Java as a platform for popular back-end servers applications, but has not enjoyed the same kind of popularity with desktop software. Java Store and Java Warehouse, known internally at Sun as Project Vector, are an effort to breathe new life into client-side applications.

Sun estimates that 800 million desktop users worldwide have Java installed, and it hopes Java Store will give developers an easy way to reach this vast audience.

In a May 18 blog posting announcing Project Vector, Sun CEO Jonathan Schwartz said he hopes the portal will be used by "banks looking to sign up new accounts, sports franchises looking for new viewers, media companies and news organizations looking for new subscribers – basically, any Java developer looking to escape the browser to reach a billion or so consumers."

The Java Store and Java Warehouse sites went live Tuesday morning in advance of the company's annual Java One conference, which runs through the week in San Francisco.

by Robert McMillan

Sun Microsystems, Orange, Vodafone Group, and Sony Ericsson Mobile Communications are taking steps to make it a little easier - and cheaper - for software developers to bring Java programs to mobile phones.

At Sun's annual JavaOne developer conference in San Francisco Tuesday, they released new open-source testing tools and said they were enhancing the five-year-old Java Verified program used to certify Java ME programs on mobile devices. The goal: to simplify the process and reduce the number of tests that software developers have to run in order to be sure that their programs will run properly on different phones.

"Nobody likes testing," said Martin Wrigley, director of technology with Orange's partner program, at a press conference. As the market for mobile applications matures, developers will do more of the testing themselves, he said.

The problem is that different network operators have different requirements and sell different devices, so any software developer who wants to reach a large audience has to do a lot of testing. And that can be expensive. A single test can cost $200, and while that may not sound like a lot, it can add up quickly. Wrigley knows of one applications developer who maintains 14,000 versions of his product. With the new testing methodology "we have seen reductions in up to 50 percent in the costs of testing," he said.

Sun has been pushing Java on mobile phones for about a decade now, but in recent years the platform has been overshadowed by the iPhone and Google's Android.

The most popular applications on Orange's network are very simple Java apps like Pullface and Bob the Belcher, but there's no reason why Java couldn't be used to create the same kind of applications that are being downloaded from Apple's App Store, Wrigley said.

In fact, as Java ME programs become more sophisticated, testing will become even more important, he said. "When you have more complex applications ... that requires more testing to make sure it works for the customers."

There are about 200 million high-end handsets on the market, and that number will quadruple in the next few years, said Carl-Eric Mols, director of software strategies with Sony Ericsson. Still, while high-end products such as the Blackberry and the iPhone get a lot of attention, "the big majority of handsets out in the rest of the world are regular phones with Java ME," he said.

Both Mols and Wrigley declined to comment on what effect, if any, Oracle's planned acquisition of Sun Microsystems will have on Java ME or their new initiatives.

by Dong Ngo

When it comes to backing up your computer, it's probably safest and most convenient to use a cloud storage service where you store data at remote location via the Internet. However, there's a big obstacle: bandwidth. With most existing broadband services, it can take a couple of hours to upload a few gigabyte of information.

This might change in the near future.

Asankya, a network service company, announced Wednesday that it has improved its parallel networking technology to deliver up to 40 times throughput improvement for Internet-based applications. This, if true, would solve the biggest challenge that hinders the growth and global scale of cloud- and SaaS-based services.

Asankya's new networking technology is a set of patented parallel networking algorithms that significantly increase bi-directional Internet Protocol performance and accelerate encrypted traffic delivery for both ICP- and UDP-based applications. It aggregates throughput across the Internet by using multiple available pathways and removes duplicate packet transmission. The breakthrough algorithms were first funded through grants by the National Science Foundation.

The technology has been deployed by the U.S. government for real-time, interactive video applications delivered over wired and wireless IP networks. It now has been commercialized-that means soon you will be able to take advantage of it.

This is exciting news as cloud computing has been on the raise in the last few years. According to the research firm IDC, the cloud computing industry is going to be a $42 billion business by 2012.

by Cade Metz

A new privacy study says that Google-controlled web bugs are tracking users on 92 of the net's top 100 sites and about 88 per cent of almost 400,000 other domains.

Using a Firefox browser plug-in called Ghostery, three graduate students in the School of Information at the University of California, Berkeley recently examined the use of cookies, beacons, and other trackers on 393,829 distinct domains across the web, and Google trackers appeared on 348,059 of them.

Google Analytics was used by over 71 per cent of the domains, Google AdSense by over 35 per cent, and Google DoubleClick by over 26 per cent.

The study was conducted in March of this year. And preliminary numbers from April indicate that Google trackers appeared on roughly 80 per cent of 766,000 distinct domains on the net. The researchers call Google "the most dominant player in the tracking market."

Cookies for Microsoft's Atlas service, Redmond's DoubleClick competitor, appeared on 60 per cent of the top 100 websites (compared to DoubleClick's 70 per cent). But it turned up on less than 3 per cent of the nearly 400,000 total domains examined. Omniture and Quantcast cookies appeared on 57 per cent of the top 100 and less than 6 per cent of the 400,000.

The study does not imply that Google is combining data across its various tracking services. "We are not claiming that Google aggregates information from each of these trackers into a central database, though it does possess the capability to do so," the researchers write in their study, available here.

Speaking with the New York Times, Google took issue with that last bit. The company said that Analytics cookies are different for each site using the service, so it can't track users across multiple sites. And The Times has a Google managing counsel saying that contracts with customers don't allow the company to aggregate data from services like DoubleClick and AdSense.

Google did not respond to our requests for comment. But the DoubleClick-AdSense situation is at best a gray area. The two ad services are now using what would seem to be identical cookies, and to date, despite repeated questions, Google has not given us a direct answer on whether users are being tracked across both services.

If it's not tracking across both services, it would indeed be trivial for it to do so.

According to the Berkley study, only 36 of the top 50 websites acknowledged the use of third-party web bugs in their privacy policies, and all 36 stated that their policies did not cover third-party tracking. Meanwhile, some sites couldn't get their story straight.

"Within the same privacy policy, we often found that a site would say 'We don't share your information with third-parties' but then elsewhere in policy they'd say 'We do permit third-party tracking via web bugs,'" Brian Carver, the professor who oversaw the study, tells The Reg. "To the average web user that's a contradiction."

What's more, the study says, 46 of the top 50 websites share data with their affiliates. And despite inquires sent to each site, it wasn't clear how many affiliates each site has. "Most stated that they do not disclose corporate information. Some companies did offer a little information... Based on our experience, it appears that users have no practical way of knowing with whom their data will be shared."

MySpace, the study points out, is owned by News Corp., which has over 1,500 subsidiaries. Bank of America has 2,300.

"The law on affiliate sharing generally is more permissive. Incentives for security and fair treatment of data are assumed to exist among affiliates," the study continues. "However, given the large size of affiliate networks, the fact that many affiliates are essentially unrelated entities with different business models in entirely different fields, and the practical challenge of identifying their size and scope, the more liberal treatment of affiliate sharing should be reexamined." ®

by Chris Mellor

The diskless PC is to return - not as a thin client, but packing a 1TB solid state drive instead. OCZ is showing Colossus, a prototype of this, at Computex in Taiwan.

Unlike OCZ's Z-Drive, a PCIe-connected 1TB SSD shown at this year's CeBIT, Colossus comes in a standard 3.5-inch drive bay form factor. This format is generally used for hard drive storage arrays and server and desktop drive bays, with the 2.5-inch format, which many SSDs use, designed into notebook computers.

According to reports, Colossus uses Samsung flash chips and has two Indilinx controllers, plus a JMicron RAID controller. It offers read and write performance up to 265MB/sec though a 3Gbit/s SATA connection.

The Z-Drive is much faster, offering 510MB/sec read performance and 480MB/sec write, although the sustained write speed drops to 200MB/sec.

The idea of getting back to PCs that zip through applications instead of lumbering along waiting for the disk I/O is obviously attractive. We all know that Microsoft just cannot write a fast system anymore: Windows 7 is not going to turn our desktop Hummers into Ferraris, any more than Windows Vista did. No, the Windows O/S is a dog, and replacing the hard drive with an SSD looks to be the only practical way of turning our desktop mutt into a greyhound.

One terabyte SSDs show that the capacity needed is here. Now we want the price to drop. Imagine the SSD sales boost if masses of desktop users could afford to retrofit SSDs to their PCs by swapping out a hard drive. That's got to be exciting SSD suppliers in a big way. It's also surely got to be a big interest of PC suppliers needing a sales boost and not getting one from new versions of either the Windows O/S or Intel CPUs.

The price decrease needed for desktop HDD-replacement SSDs to become generally affordable is substantial, but we may be seeing the start of such desktop HDD replacement in 2011, possibly sooner.

The Colossus device may hit retail outlets in six to eight weeks in 512GB and 1TB configurations, and cost around €2,500 for 1TB. ®

by Paul Krill

Listening to Sun Microsystems heap accolades on its JavaFX multimedia application technology Wednesday evening almost obscured the fact that JavaFX faces quite a battle in the space against the established Adobe Flash and AJAX platforms and Microsoft's up-and-coming Silverlight platform.

The company spent an hour lauding the JavaFX extension to the Java platform at the JavaOne conference in San Francisco and touting the technology as providing a bridge from the desktop to the mobile device and television. Sun's Eric Klein, vice president of Java marketing, focused primarily on JavaFX for mobile devices during the presentation. Qualcomm "smartbook" technology, serving as a hybrid between a smartphone and a netbook, also was detailed running JavaFX.

Java on mobile systems has been a hedge against an otherwise down economy, Klein said. "The interesting thing is the Java mobile ecosystem grew solidly last year," he said. There are now 2.6 billion mobile phones deployed with Java, he added.

"JavaFX Mobile delivers rich, expressive user experiences and we know that this is what our customers require these days," Klein said. The new 1.2 release of JavaFX Mobile offers significant performance improvements, a user interface library, and localization.

JavaFX Mobile devices are coming out later this year and in 2010 on carrier networks, Klein said.

Emphasizing use of JavaFX in systems other than mobile phones, Klein and Qualcomm Vice President Rob Chandhok paraded plans for using JavaFX on "smartbook" devices, which offer such capabilities as Internet access and GPS services on a device that is smaller than a traditional laptop. Qualcomm's Snapdragon chipset would be the basis of these systems, which are expected by the end of the year, and on Thursday, Sun and Qualcomm announced an early-access release of Java Platform Standard Edtion 6 ported to the Snapdragon ARM-based processor.

Klein and PayPal Vice President Osama Bedier noted PayPal has a mobile payment application running on JavFX Mobile. "Not only can you build great applications but you can make money from them, too," Bedier said.

Klein also showed the new JavaFX authoring tool, which enables collaboration. "This tool was written in Java," Klein said.

Sun first unveiled the JavaFX project at JavaOne two years ago. There have been more than 400,000 downloads of the JavaFX software development since the release of JavaFX, and JavaFX Mobile, Klein said.

Other mobile efforts from Sun have involved the Phone ME platform and support for technologies such as Lightweight User Interface Toolkit (LWUIT).

by Don Reisinger

There are hundreds of Facebook apps that provide no real benefit. How many times can you send flowers to your friends with Flowers of Friendship before it gets old? Do you really need Pieces of Flair to show off your interests in your Facebook profile? I don't think so.

That's why I thought I'd write something constructive today. Facebook might be fun, but some of its apps can really teach you something. Let's take a look at 10 apps that stimulate your brain (or are otherwise useful).

Books
Books is a book-sharing and discovery application that will help you find titles that interest you. When you add the app to your profile, you can immediately begin adding books you've read. You can then rate the book and write reviews for your friends to see.

Books also lets you view titles your friends are reading. If you think it's something worth trying out, you can click on its link, and you'll be brought to its Amazon.com page so you can complete your purchase. Books' listing of the most popular titles is another great thing to check out. You'll find a slew of interesting reads.

CourseFeed
CourseFeed is a unique service. The Facebook app helps you find high-school and college classmates, and connect with them through the service. You might be surprised by how many people are on there.

But where it adds considerable value is in its "learner" feature. The app makes classes from major universities available to users. You can learn computer science from Stanford University professors or nuclear warfare from Notre Dame. It gives you access to online-learning tool BlackBoard, so you can see all the documents, quizzes, and instruction the professors provide. CourseFeed is a great learning tool.

My Personality
When you're looking for apps that teach you something, what's better than an app that teaches you about yourself? When you add My Personality to your Facebook profile, it asks you to give honest answers to questions it poses on a questionnaire. The more questions you answer, the more accurate the reading (at least by design). When you're done answering the questions, My Personality will tell you if you're shy or confident, trustworthy or untrustworthy. It provides you with a full evaluation of your personality.

Teach the People
Teach the People is a community of teachers that want to share their knowledge with Facebook users through classes and workshops. The app has a variety of topics. Once you pick something that interests you, you can subscribe to the class.

When you enter the course, you'll find instruction videos, audio, documents, and more. You can even share insight on the course's comment wall. Not all courses are created equal, though. Some classes you join will have little instruction. Others will be loaded with documents, videos, images, and discussions. So be sure to pick your classes carefully.

There Test
One of the biggest issues folks have when writing is determining which "there/their/they're" to use. Thanks to the There test, they might learn how to use those words properly. The test asks you to pick the right word that would be used in 20 different sentences. When you're done, you can see how well you did and retake the test to fix your mistakes. You can also share the result with friends. It's a simple test, but it should help you remember the rules for using those words.

Typing Speed
Typing Speed gives you a simple tool to see how fast you can type. It asks you to type out words it highlights in a sentence. The further you get in the test, the faster your typing speed. It also measures your accuracy, words per minute, and percentile-how much better you performed than those who also took the test. To increase your typing speed, the tool lets you retake the test as often as you'd like. Over time, your typing speed-and hopefully your accuracy-will increase.

Veechi Classes
Veechi Classes is designed for students. It tells them which classes on campus they should take, providing grade distributions for previous semesters, as well as class and instructor ratings. It uses that information to recommend the class that will help students get the best grade. The tool also finds other Facebook users who are in the class, so students can befriend them on the service. The only problem with Veechi Classes is that it doesn't apply to every college. But if you go to a big school, you should be fine.

Visible Vote
Visible Vote is a really neat tool that tells your legislators how to vote on key issues. You research those issues in the app. Every week, the app sends a fax to the legislators' offices, telling them what their constituents want them to do. Once they vote on the issue, you can see how they voted to see if your voice is being heard. Visible Vote not only gets you involved in the political process, but it educates you on all the key issues facing the United States today.

WeRead
Reading books is an important part of life. But too many people aren't reading as much as they should. That's where WeRead comes in. When you first add it to your profile, WeRead asks you to click on the books you like from a list. Based on those choices, it automatically generates a list of books you might like to read. It even lets you search friends' profiles to see which books they recommend. If you read a lot of books, you might want to take the WeRead "Never ending book quiz." It asks you questions about hundreds of books to see how much you comprehend after you finish a book.

What's Your Philosophy?
Philosophy is one of those topics that teaches you about yourself. But defining your philosophy can be difficult. That's why the What's Your Philosophy? app is such a useful tool. It asks you a variety of thought-provoking questions. When you're finished answering the questions, it gives you a listing of philosophies that might interest you. What's Your Philosophy? is a great way to learn more about yourself.

My top 3

If you're serious about learning, definitely add these three apps to your Facebook profile.

1. CourseFeed: Learn from the best professors in the U.S.

2. What's Your Philosophy?: There's something so nice about learning about yourself.

3. Visible Vote: Stay informed on all the big issues.

by Rik Myslewski

Intel has speed-bumped its top-of-the-line Core i7 Extreme Edition processor, increasing its lead as the fastest desktop chip that the company has ever offered.

The new 45nm Core i7 975, based on the company's Nehalem architecture, clocks in at 3.33GHz. It includes 8MB of L3 Smart Cache running at its four cores' clock speed.

Dual QuickPath Interconnects (QPI) transfer data at 6.4GT/sec, and such performance-enhancing niceties as Intel's SpeedStep (EIST), Virtualization (VT), and Turbo Boost auto-overclocking technologies are all enabled.

Its core-clock multiplier is set at 25X - but it's unlocked, should you feel the need to experiment with a bit of straightforward overclocking.

The Core i7 975 slots into the now-second-class Core i7 965's price point, which is $999 in lots of 1,000 - although processors at this rarified level are rarely if ever sold in those amounts. You can find it today in retail packaging at sites such as NewEgg for $1,039 and Platinum Micro for $1,078.

But if that's too rich for your Meltdown-melted wallet, you might instead pick up a Core i7 920, which can be found at various outlets for well under $300. It takes well to overclocking, and an Intel spokesman told The Reg that it will "most definitely" remain available for the foreseeable future. ®

by John Fontana

Directory and identity start-up UnboundID has released a free tool for Sun users to help them add missing capabilities to their directories and migrate off the platform.

UnboundID Synchronization Server provides bi-directional sync that allows users to run in parallel the Sun Directory Server and the UnboundID Directory Server as part of an overall migration away from Sun.

Later this year, UnboundID will add synchronization for Active Directory (which Sun already provides for its directory) and database synchronization.

The Synchronization Server also includes a sophisticated replication feature that supports fractional, filtered, and partial replication between the two directories. The feature, which Sun's directory is lacking, lets users create directory instances designed for specific use-cases that contain only the data needed and not the entire contents of the master directory.

"We have provided a back-out mechanism so you can sync the changes in the old environment with the new environment or the changes in the new environment with the old environment," says Don Bowen, co-founder and vice president of marketing at UnboundID. If panic hits, Bowen says, users can cut back to their old directory system with assurances that changes, wherever they were made, are retained.

UnboundID's synchronization tool comes at a time when Sun is in transition, both with an impending acquisition by Oracle and with a majority of its user base on its aging version 5.2 directory platform. In addition, Oracle's own directory technology, which supports identity management and directory synchronization, overlaps with the Sun directory technology.

UnboundID Directory Server, which was launched in March, is based on the Lightweight Directory Access Protocol V3 and combines qualities found in directory and database technology to create an identity platform for large service providers and corporate networks.

The directory server is built around customizations to the OpenDS project, which was developed by the four former Sun employees who founded UnboundID.

The Synchronization Server includes real-time sync between the UnboundID and Sun directories, which lets companies run the two platforms in parallel and manage directory migration in a controlled fashion. The server also supports DN mapping, attribute mapping, and transformation. Users can modify both the directory information tree and the directory schema without scripting.

"Directory server migration is a great time to correct sins of the past," says Bowen. "In particular, addressing schema changes, attribute name changes, and object classes"

by Caroline McCarthy

I thought Twitter hype had reached a fever pitch with the big Oprah appearance. Boy, was I ever wrong.

If it isn't Time magazine's "How Twitter Will Change the Way We Live" cover story, it's the widely-circulated Comedy Central clips of co-founder Biz Stone's April appearance on "The Colbert Report," or it's chairman Jack Dorsey, in New York for this week's Internet Week festivities, showing up in society-blog photos from the sidelines of a Diane von Furstenberg fashion show. (OMG!) When I was joking about Twitter's executives reaching pop-idol ubiquity, I didn't think it'd be this soon that they'd start to seem like a slightly older, slightly less puppy-faced set of Jonas Brothers. Twitter and its creators are unavoidable.

But there's something nobody's really saying about Twitter throughout all this: Not everyone is going to use this service. Far from it, in fact. Its mainstream impact could very well have nothing to do with TweetDeck, hashtags, or even the name "Twitter" itself.

The Business Insider did a nice by-the-numbers of exactly what Twitter's explosion amounts to: 60 percent of users quit after a month, ten percent account for 90 percent of all "tweets," et cetera. All these numbers point to one fact: Twitter is high-maintenance. Even if you're only using it to read the latest updates from a few publications and some of your favorite bands, you're still reading about them in short bites that flow in a relatively inefficient manner. Parsing the noise takes effort; participating in it takes even more.

Compare that to Facebook: you can create a static profile, check in every few days, get an e-mail alert when a former high school classmate has added you as a friend, and you're all set. There are loads of apps on the social network if you feel like playing a round of poker or pretending to turn your friends into vampires, but at its most basic level, it doesn't require much effort to stay active on Facebook. Not so with Twitter.

The company's executives seem to acknowledge that in order to reach those who won't get involved otherwise, Twitter has to think outside the 140-character box (er, stream) and get the news industry involved. These people who don't actively participate in Twitter-you know, the 60 percent who drop out after a month-are going to know Twitter as something that enhances the news they already read and watch.

"One thing that's missing from it is the editorial. I think a cohesive narrative around all these reports is missing," said Jack Dorsey at Internet Week's I Want Media panel on Wednesday, just a few hours before he was looking worthy of any gossip magazine's annual eligible bachelors list at that Diane von Furstenberg show. "Bringing journalistic integrity to this mass of messages happening in real time is still very important."

In other words, Twitter's executives realize that the product in and of itself doesn't suffice universally for a legitimate, lasting mainstream reach-namely, an impact on people who aren't going to use Twitter otherwise. There are already dozens of developer applications making it possible to customize and enhance the service. The company is now working actively with media outlets on what it calls the "creative API", integrations of Twitter into content like Current TV's news programming and MTV's forthcoming "It's On With Alexa Chung." That's the beginning of what Dorsey was alluding to on Wednesday.

As more media deals roll in, the question to explore is whether this will, paradoxically, dilute Twitter's reach (and potential for profits) as a company. Once something becomes a standard rather than a brand, it gets tougher for a single company to make money off it. Think about instant messaging: Millions of us use AIM, but AOL isn't getting any ad revenue from those of us who are using it on universal IM clients like Pidgin or Adium.

The Twitter guys have built a great product, and to their credit, I don't think any of them have ever gone on the record saying that they hope to turn all six or seven billion or however many people there are on the planet into active users. It's not that this "Twitter is revolutionary" talk isn't true. Twitter is revolutionary in the sense that it turned the world on to a whole new form of information consumption-real-time, public conversations, aggregated and searchable. But just like blogging or instant messaging, this is going to get bigger than a single brand or company.

Jack Dorsey said in the same event at Internet Week New York that "Twitter's a success for us when people stop talking about it." He's right. But that implies a few things: one, that the hype and wildfire adoption will die down; two, that Twitter will fade into the background as the mainstream starts to recognize it as something they see on TV news broadcasts rather than a nifty, trendy tool for informing the world what you're doing; and three, that as other innovative companies catch on, the "real-time streaming conversations" phenomenon will expand beyond this one microblogging service. Twitter's legacy may very well have the word "Twitter" left out of it.

For the 140-zillionth time, let's not get ahead of ourselves.

by Chris Mellor

The Storage Performance Council has produced a storage energy benchmark, which will allow users to compare the energy consumption of storage arrays against a recognised standard.

It is the SPC-1C/E, where the E stands for energy. This is an extension of the existing SPC-1C benchmark, based in turn on SPC-1. IBM and Seagate results are available on the SPC website. The benchmark only includes small storage devices with up to 48 drives - disk or solid state (SSD) - in an enclosure or enclosures up to 4U deep overall and some kind of HBA or controller head.

A future SPC-2C/E benchmark will cover larger storage configurations. This will use one of the three existing SPC-2C workloads in its performance phase: large file processing, large database query, or video on demand.

The SPC notes that energy consumption measurements are taken during both idle and active states of the SPC-1C/Ebenchmark execution. Multiple idle modes are allowed and the benchmark highlights anticipated energy use in environments that impose zero (idle), light, moderate, or heavy workload demands upon the benchmark storage configuration.

The active (performance) state consists of SPC-1C-equivalent performance test runs, and SPC-1C/E energy use results cannot be reported without these test run results. A more comprehensive description of the SPC-1C./E benchmark can be seen here.

Benchmark results are reported in some detail and enable average annual energy consumption and cost figures to be presented. The SPC may introduce an end-user tool to enable the results to be made relative to a customer's local conditions. This could involve allowing the customer to input their data in the hours-per-day value in the benchmark calculation and using local energy costings, for example.

Seagate announced SPC-1C/E results for a 24-drive array, configured with around 7TB of storage, using Savvio 10K.3 2.5-inch hard drives. It reported an Annual Energy Use of 1,765.41 kWh and a projected Annual Energy Cost of $211.85 at $0.12/kWh, with a rating of 8,013.39 SPC-1C IOPS.

IBM produced SPC-1C/E figures for its System Storage EXP12S product. This is a 2U system configured with eight 69GB SSDs in the benchmark. The Annual Energy Use was 1,425.41 kWh and the projected Annual Energy Cost was $171.05.

Interpreting these results is not simple. There are composite metrics for nominal power, IOPS, and IOPS/Watt, which are calculated from hours per day of heavy and moderate use and idleness. These are further modified by low, medium, and high daily usage. The picture is a complicated one and it seems unlikely that the storage industry will be able to devise a storage energy figure as simple (relatively) to interpret as a car's fuel consumption.

Knowing the energy use and energy cost is relatively useless without knowing the work the array has achieved and how much storage capacity is involved.

In the IBM case, the SPC-1C result was 45,000.20 SPC-1C IOPS from a near 560GB array. The benchmark executive summary report does not present an energy use per SVP-1C IOPS number.

If it did then the IBM result would be 0.0317 kWh per SPC-1C IOPS. The Seagate one would be 2.170 kWh per SPC-1C IOPS from a 7TB array. This shows that the SSDs were far more energy-efficient than the Savvio hard drives, but were based on a much smaller storage capacity pool.

EMC has not supported SPC benchmarking, so we shouldn't expect EMC SPC-1C/E numbers to become available. ®

by James Urquhart

I was privileged to be a part of the Enterprise Cloud Summit that took place at the beginning of Interop in Las Vegas a few weeks ago. The program was excellent, with an all-star list of cloud experts and a surprisingly large number of attendees who were new to cloud computing and trying to get a sense of what it was all about.

What was different from prior cloud-related conferences, however, at least for me, were the types of questions this inquisitive audience was asking. Almost nobody asked around defining cloud computing, but many took advantage of the show to ask panelists and speakers to describe how they could put the cloud to use in their own businesses.

The cloud conversation is moving from "what is it?" to "how would I use it for my business or institution?"

I find this very exciting-and, quite frankly, very refreshing. The amount of energy spent on presenting and defending terminology and taxonomy has become a huge time-sink for those trying to advance the cloud discussion. It's not that I mind walking people through the differences between cloud computing and virtualization, but I'd rather focus my efforts on business cases and customer success stories (or even failures).

It's not that the industry has arrived at a common cloud definition-though the NIST definition has some legs, and I'm a huge fan of Chris Hoff's terminology map (pictured here). Rather, the market seems to have come to the conclusion that cloud computing has a lot in common with obscenity-you may not be able to define it, but you'll know it when you see it.

Perhaps the most beneficial aspect of this shift is the fact that we should start seeing some real business cases, use cases, and best-practice discussions appear in the cloud-computing discussion.

Best Buy running on Google App Engine; stories about impressive gains by the venerable New York Times and Animoto when they used Amazon Web Services; and Eli Lilly's tale of redefining research projects: all these serve as examples of cloud's value in the right contexts. We know from these examples that "batch jobs" are great cloud fodder (such as grid computing and image processing), as are applications with unpredictable scale.

We need to see more such examples publicized, however. Where are the financials with their complex models and data mining? Biotech with its constant data processing demand? Manufacturing with its "just in time" supply chain management?

Perhaps the examples will continue to be more of the same, but that's OK to me. Then we know where cloud's strengths and weaknesses are, and we can move the conversation forward from there.

by Paul Krill

In a mock debate focused on the rich Internet application development realm, AJAX was pitted against Sun Microsystems' JavaFX Friday, with proponents for both technologies pointing up their entrant's high points and the low points of their rival.

A session at the JavaOne conference in San Francisco had the co-founders of the Ajaxian Web site for AJAX technologies squaring off, with Ben Galbraith playing the part of the JavaFX advocate and Dion Almaer serving as AJAX's proponent. Both serve as co-directors of developer tools at Mozilla. While Galbraith and Almaer are obviously geared toward AJAX, Galbraith said he also has experience consulting on Java.

"JavaFX is built on top of an incredibly mature runtime that gives you amazing performance," as well great features, and Oracle CEO Larry Ellison, Galbraith said, giving a humorous nod to Oracle's plans to buy Java founder Sun Microsystems.

Almaer focused on AJAX being synonymous with the Web. "It's all Web stuff that's going on," he said.

The two went back and forth, measuring factors such as graphics performance, language capabilities, and tools.

"Today's JavaScript runtimes are just pitiful," Galbraith said, and the Web is slow, he added. Java also has a more sophisticated API, he argued. But Almaer countered, "We have a very simple API. I consider that a feature."

Almaer also advocated the performance of the Google Chrome browser, prompting Galbraith to ask how many people actually use Chrome.

In the graphics space, JavaFX and Java outpace AJAX "by a huge margin," Galibraith said. Almaer promoted the Canvas graphical technology for browsers. Google's new O3D technology also boosts 3D rendering on browsers, said Almaer.

Video, Galbraith said, is "an area [where] I'm pleased to say JavaFX is also leading the way." But citing YouTube as a successful Web video venture, Almaer said rich video already is possible now on the Web through mediums such as Flash. In addition, HTML 5 also supports video and is backed by Mozilla, he said.

Almaer asked why JavaFX needed its own language, (JavaFX Script), rather than using something already available, such as Groovy. "You have to invent yet another language," Almaer said.

JavaScript far outpaces JavaFX when it comes to available components, he said. "In our world of JavaScript, you've of course got millions of components," said Almaer.

Galbraith pointed out there have been issues with CSS, which is used with JavaScript. He did this by showing a coffee cup, with a box showing the words "CSS is awesome," with the word, awesome, over-running the lines of the box.

by Chris Mellor

According to market intelligence firm IDC, you're not buying as much storage software as you did last year. Their report shows a 5.2 per cent decline in the first quarter of this year compared to a year ago.

IDC's Worldwide Quarterly Storage Software Tracker reports revenues of $2.8bn in the quarter, half that of the quarter's storage hardware revenues which were down 18.2 per cent over the year. Storage software sales slowed but not that steeply.

The report tracks eight functional storage markets: data protection and recovery, archiving (including email archiving), storage replication, storage management, storage device management, storage infrastructure, file system, and "other".

The slowdown was not even across this storage software spectrum. Laura DuBois, IDC's storage software research director, said: "Predominantly affected were the Device Management, Replication, and Infrastructure markets, all segments closely aligned with the storage systems themselves. File System and Management software were able to grow amidst the current economic climate."

With that in mind it is not that surprising, but still creditable, that Symantec actually grew its revenues while all the storage hardware suppliers and a hardware-free CA saw declining storage software sales.

The top supplier was EMC with a 21.8 per cent revenue share of $612m, down 14.5 per cent from $716m in the same quarter last year. Next was Symantec with its $531m, up 2.5 per cent. IBM was third with $342m, down 7 per cent. NetApp was fourth ($233m) with a 4.7 per cent decline and CA fifth with a 5 per cent decline to $120m.

HP suffered the severest contraction in sales, being in sixth position with a 21.5 per cent fall to $97m. The remaining Others category rose 1 per cent to $870m. ®

by Chris Kanaracus

Businesses in North America and Europe remain broadly worried about the security of open source software, according to new data from Forrester Research.

Fifty-eight percent of the large companies surveyed said they had security concerns about open source, while the figure for small and midsized businesses was slightly higher, at about two-thirds. Within those groups, only 9 percent of enterprises said they were "very concerned," compared with 45 percent for the SMBs.

More than half of SMBs (57 percent) also expressed concern that open-source software would be complex and hard to adopt, but only 32 percent of enterprises expressed a similar sentiment. In addition, 68 percent of SMBs cited the availability of service and support for open-source software as a concern, compared with 47 percent of enterprises.

The findings are among a wide range of data Forrester collected for two reports, "The State of SMB Software: 2009" and "The State of Enterprise Software: 2009."

Meanwhile, security concerns over SaaS (software as a service) seem to be diminishing among companies large and small, according to Forrester.

The research firm polled a subset of SMB respondents who indicated they weren't interested in SaaS. Twenty-seven percent named security as a factor, compared to 57 percent in a 2007 survey. A similar poll of enterprises saw 31 percent cite security concerns with SaaS, down from 47 percent in an earlier study.

Overall, Forrester polled 2,227 IT executives and technology decision makers in the U.S., Canada, Germany, France and the UK between December 2008 and February this year.

by Dave Rosenberg

For all of its glory, Twitter is apparently not as sticky as many social media buffs would like it to be. A recent Harvard Business School study reported that 10 percent of the service's users account for more than 90 percent of tweets. (I wrote about Twitter's lack of loyalty back in April.)

However, I don't think it really matters. As with any service or piece of software, a rising tide lifts all boats, so a core user base can propel a service for quite a while. Somewhere down the line however, Twitter as a company will need to put programs and efforts into place to encourage people to actually use the service if it ever plans to monetize it.

The fact that 10 percent of users are driving 90 percent of the content is not dramatically different than what you see with sites like Wikipedia, or with personal blogs, which have an even lower rate of consistent publishing. According to a 2008 study by Technorati, 95 percent of the blogs they track hadn't been updated in at least four months.

Orphaned tweets, like orphaned blogs, are just as much part of the social fabric as anything else. The fact is that people abandon stuff all the time--TV shows, books, whatever. We shouldn't be remotely shocked that someone bails out of blogging or something else that could be considered work.

If you are not motivated in some way to make the effort to blog or use Twitter you will sooner or later realize you could be doing something else. That's the great thing about choice--but it's also the risk for companies like Twitter that haven't yet figured out how to make money.

There is another parallel to be drawn with open-source development. A core team of developers are typically paid by a company and write 90 percent of the code, while the last 10 percent or so may done by the community.

Any community or user-generated content falls into the traps-a mass of people need to be motivated to do things for some kind of gain. Without a core group of contributors there will be no momentum at all.

by Timothy Prickett Morgan

Sun Microsystems' OpenSolaris project has quietly announced the operating system that just added support for Sparc has now been ported to ARM - commonly used in embedded devices, handhelds and, increasingly, netbooks.

It is perhaps an indication of how just stressful things are at Sun these days, with the $5.6bn acquisition by Oracle hanging over it combined with what's shaping up as terrible fiscal fourth-quarter results coming ahead of the crucial July 16 vote by shareholders on the Oracle deal, that no one at Sun or OpenSolaris mentioned the ARM port was coming when announcing OpenSolaris 2009.06 last week.

The leader for the ARM port of OpenSolaris is William Kucharski, who leads the PowerPC and container development efforts for Solaris and who is also the leader of the port to IBM's System z mainframes.

IBM and Sun made some noise about this mainframe port last November when IBM finally and officially sanctioned the deployment of OpenSolaris on mainframe engines configured originally to run Linux. Since then, this Sirius variant of OpenSolaris has gone about as far as the Polaris port for Power iron: just this side of nowhere.

Late last year, Sun announced that OpenSolaris was supported on Intel's Atom processors.

It is hard to imagine there is a lot of room for OpenSolaris on the kinds of devices served bv Atom-based processors, a market where Linux is finding a home and Windows could extend its existing PC hegemony. Linux is being customized by many different projects - there's Google's Android and Intel's Moblin for netbooks and possibly for so-called "smartbooks" - plus the question of whether Microsoft will port the Windows client operating system commonly found on laptops and desktops to ARM. Windows Mobile already runs on ARM-based phones.

Then again, a good device can drive the operating systems' sale. Look at the iPhone. End users and consumers buying these new classes of computers don't really care what the operating system is, even if the vendor does. And that means OpenSolaris might have a better chance on netbooks and smartbooks and other devices than it does on the desktop.

Of course, this would have to be true by definition, since OpenSolaris has very little chance on desktops outside of the Solaris developer community.

One problem with OpenSolaris on ARM-based machines is the relative lack of applications. OpenSolaris 2009.06 has 1,700 applications, as this review of the operating system at Ars Technica correctly pointed out, a lot lower than the 26,000 packages in the Ubuntu repository, for example.

While the OpenSolaris repository has most of what developers need to create code as part of their day jobs or hobbies, ARM-based machines are all about end-user applications.

The OpenSolaris ARM port, as you can see from the updated OpenSolaris 2008.05 release notes, is actually based on the initial 2008.05 Project Indiana release of OpenSolaris, which is now two releases behind.

The ARM port is specifically for NEC's NaviEngine 1 multicore system-on-chip ARM processor and a reference board outlined in the release notes. There's no word on when the ARM port will catch up and be part of the standard releases, or when other ARM chips and products will get support. ®

by Tom Krazit

Google CEO Eric Schmidt, as one might expect, offered no public sense that Microsoft's new Bing search engine has him pacing the halls at night.

Google plans to review Microsoft's Bing tomorrow, but CEO Eric Schmidt isn't losing sleep just yet.

"It's not the first entry for Microsoft. They do this about once a year," Schmidt said Tuesday in an interview with Fox Business Network. "I don't think Bing's arrival has changed what we're doing. We are about search, we're about making things enormously successful, by virtue of innovation."

Bing has been well-received in its first trip around the Internet, but it obviously has an awfully long way to go before it makes a dent in Google's business. Still, with some in the search industry now wondering if Yahoo really intends to compete in search over the next few years, Bing may shape up as the only true alternative to Google.

Schmidt seemed to acknowledge those thoughts. "Google is about getting all the information and organizing it. Yahoo has a different strategy. We think ultimately Bing will evolve to a different strategy as well."

Earlier in the day, Google Chief Financial Officer Patrick Pichette said the company planned to hold "a review tomorrow on it with the executive committee," so it's not like Google is ignoring the possible threat, either.

Schmidt held forth on a wide range of topics during the interview, including:

• Yahoo: "As you know we got within an hour of doing a very deep partnership with Yahoo, but we were unable to do it because of the government and their concerns over various parts of the deal."

• Smartphones: "This is the year of mobile phones. What we like is every one of these has a powerful browser and every one is used to search."

• And Google's new plug-in for Outlook: "I grew up with Outlook as well, which is why we're doing these things. It's very important to bridge the new kind of customer, the young customer, with the existing customer that has grown up with the Microsoft infrastructure."

by Dan Frakes

When Apple quietly updated the 13-inch MacBook a couple weeks ago, giving the company's least-expensive – and previous-generation-design – laptop better performance than the more-expensive aluminum unibody models, it was a good hint that the aluminum models were due for a refresh. After all, what company wants to undercut its "premium" models by selling a better-performing product for less money?

Sure enough, just 12 days later, Apple announced updates to nearly the entire MacBook line. The MacBook Air gains faster processors; the 17-inch MacBook Pro gets a faster processor and a larger hard drive; and the 15-inch MacBook Pro sports faster processors, higher RAM capacity, a solid-state drive option, a longer-life battery, an improved display, and an SD memory-card slot (in lieu of the ExpressCard slot found on the previous version). All of these changes are accompanied by lower prices.

These are notable upgrades, but it's the changes to the 13-inch MacBook that are generating the most buzz. Keep in mind that Apple's consumer laptop line got a dramatic overhaul just last October, when the company switched all but the entry-level model to a new aluminum unibody enclosure, converted to LED displays, added a multi-touch trackpad, upgraded the graphics and processor performance, and even added the "pro"-level backlit-keyboard feature (albeit only to the most-expensive model).

As I pointed out at the time, these upgrades brought the MacBook models enticingly close to the 15-inch Pro line. For people who didn't need the large screen, the less-expensive 13-inch MacBook was mighty tempting. In fact, it appeared that Apple omitted FireWire from the MacBook models solely to differentiate them from the Pro line.

So it was interesting to hear, during Monday's WWDC keynote, Phil Schiller ask rhetorically, "What can we add to just make [the MacBook] a MacBook Pro?" Indeed, the 13-inch member of Apple's laptop line now includes most of the same features and technologies as its larger siblings: a longer-life, integrated (read: non-swappable) battery, improved display technology, 8GB RAM capacity, a 500GB hard drive or 256GB SSD, a backlit keyboard on all models, and an SD memory-card slot. It even includes...wait for it...FireWire 800.

The 13-inch model still can't match the 15-inch MacBook Pro when it comes to screen real estate and processing power - the 15-inch models start at 2.53GHz and can reach 3.06GHz, while the new 13-inch models start at 2.26GHz and max out at 2.53GHz. The 15-inch MacBook Pro is also available in a dual-video-card configuration. But the two lines are otherwise nearly identical. In fact, they're similar enough that Apple has officially bestowed "Pro" status upon the unibody 13-inch models - welcome, 13-inch MacBook Pro.

by Timothy Prickett Morgan

The Standard Performance Evaluation Corporation, or SPEC for short, has been providing benchmarks for PCs and servers for more than two decades, and in the past year, it has been adding power components to its benchmark suites. SPEC and server players AMD, Fujitsu, Hewlett-Packard, IBM, Intel, and Sun Microsystems have got together and created a new power-aware web serving benchmark called SPECweb2009.

This new test is a companion to the SPECpower_ssj2008 test that debuted in December 2007, and it's probably going to be the workload that is used to measure servers that get the Energy Star for servers seal of approval from the U.S. Environmental Protection Agency.
Advertisement

The SPECpower_ssj2008 test is meant to emulate a typical business-class Java application stack, and it exercises processors, cache, memory, and processor scalability in multiprocessor systems. Tweaks to the Java stack and the operating system can also help boost performance on the test, but this is true of all benchmarks.

The SPECweb2009 test, by contrast, is designed to emulate Web server performance, and it's actually comprised of three different workloads: an online banking application with SSL encryption, an e-commerce online store with a mix of encrypted and unencrypted transactions, and a tech support site with lots of downloads not using SSL encryption. This is the same set of applications used in the SPECweb2005 benchmark, but the addition of power measurements changes the nature of the test, so results are not comparable. SPECweb2009 also allows for either Java or PHP to be the language used on the Web application server.

Both SPECweb2005 and SPECweb2009 run all three workloads in sequence a box, but as is the case with the SPECpower_ssj2008 test, SPECweb2009 runs at different system loads - from the peak number of sessions (100 per cent capacity) down to idle (0 per cent, but still burning electricity just sitting there) in increments of 20 per cent of the peak sessions - and measures the power consumed and throughput at each loading. The final rating on SPECweb2009 can be either peak throughput (the average of the banking, e-commerce, and support workloads) or a power metric that is calculated by adding up the sum of the performance on the e-commerce workload and dividing it by the sum of the watts consumed in each band.

Let me give you an example so this makes more sense. Take the Fujitsu Primergy TX150 S6 server, which is a single-socket Intel box using a quad-core L3360 processor. Fujitsu configured this entry tower server with 8 GB of memory, six 146 GB 10K RPM drives, and Red Hat Enterprise Linux 5.3 with the ext2 file system and with Accoria Network's Rock Web Server 1.4.7. This puppy server could handle a maximum of 27,300 sessions on the banking application burning 188 watts at the system level; 32,300 sessions on the e-commerce application burning 185 watts; and 14,100 sessions on the support application burning at 176 watts. (See, power consumed really is dependent on the workload). So the official SPECweb2009_JSP_Peak rating for this box is the average of those three numbers, or 23,167 users at 183 watts.

Now, for the official SPECweb2009 power rating, you drill down into the e-commerce test. While for the peak number of users - which was 32,300 - the power consumed by the Fujitsu server was 186 watts, the machine burned 117 watts just sitting there with an idle operating system and middleware stack. At 20 per cent of peak (6,460 users), the machine burned 144 watts, and every additional 6,460 users added another 10 watts or so until it went a little wiggly above 60 per cent of load. The end result is a SPECweb2009_JSP_Power rating of 103 users per watt.

The only other machine tested using the new web serving benchmark so far is an HP ProLiant DL370 G6 rack server using two top-end Intel W5580 "Nehalem EP" processors (that's eight cores in total) with 96 GB of memory plus 29 15K RPM disks, all but two of them in external arrays. (The SPECweb2009 test has to measure the power used by external disk arrays, so there's no cheating there). This machine used the same software stack chosen by Fujitsu above.

While this two-socket Nehalem EP box from HP could do more work - it had a SPECweb2009_JSP_Peak of 95,634 users - it took an average of 725 watts of wall power to support that peak performance on the three workloads (this box idled at 496 watts). Still, the HP had almost the same performance to power ratios on the e-commerce test, and it came out with the same SPECweb2009_JSP_Power rating of 103 users per watt. ®

by Chris Kanaracus

Organizers of the upcoming OpenSource World conference broadened the event program and are offering free admission, hoping to attract more attendees in a time of slashed travel budgets and increased competition from similar shows.

The conference was previously known as LinuxWorld. This year's event is scheduled for Aug. 11-13 in San Francisco's Moscone Center.

Key topics will include Drizzle, a database project based on the MySQL codebase, mobile development, and security, said event chairman Don Marti. The CloudWorld and Next Generation Data Center events will run concurrently with OpenSource World.

But perhaps the most telling change is the decision to drop admission charges for qualified IT professionals and to instead gain revenue solely from sponsorships.

Organizers have implemented a qualifying process in order to weed out marketing staffers from vendors that aren't exhibiting at the show, but might be interested in attending to check out the competition, Marti said.

"The kind of people the program committee wants to reach are those hardcore sysadmins and working IT managers," he said.

"We want them to get something out of it that they can take back to the office," Marti added. "This is not just a high-level strategy show."

What's not yet clear is how many such individuals the event will attract, given that the global economic recession has put a damper on tech trade-show attendance overall in recent months.

Current attendance figures for the event, which is backed by IDG World Expo, a division of IDG News Service's parent corporation, weren't immediately available Thursday.

"Every show in the whole IT market is in trouble," Marti said. "Travel budgets are tight and training budgets are tight.... This show's affected by the same conditions as other shows."

There is also a great deal of competition from other open-source events, such as LinuxCon, he added.

But OpenSource World nonetheless has "a good long-term story," he said.

by Elinor Mills

Like many people, I'm worried about identity fraud. Not paranoid, just generally curious what the chances are that I could be victimized by things like mail theft. Sure, I could sign up for one of the fee-based identity fraud monitoring services like LifeLock or Debix, or I can get a credit report that might give me some clue that a credit card has been taken out by someone else in my name.

Now there is a Web site that offers an assessment of a person's identity fraud risk for free.

The My ID Score site was recently launched by ID Analytics, which offers corporations and consumers services to protect them against identity fraud.

The site scans the company's ID Network, billed as the largest identity fraud database in the U.S., to see what types of activities and transactions have been made in your name. It looks at hundreds of variables and data points and then looks for anomalies, such as credit card applications on the same day with different addresses or pre-paid cell phone purchases in a short period of time, said Thomas Oscherwitz, chief privacy officer at ID Analytics.

The site focuses on transactions that use your personal data and does not look at account fraud in which someone uses your stolen credit card or in which your credit card data was stolen in a network breach at a payment processing company, for example.

"We look at events within the network, such as whether someone is using your information to apply for credit cards," he said.

I tried the site out and am happy to report that my score was 63, indicating low risk. Most people fall within the range of 1-450, which is considered moderate risk, according to Oscherwitz. A score of 600 and above is considered high risk, he said.

The site asks for basic information such as name, address, phone number, and date of birth. It also asks for Social Security number but does not require it (I passed on that as I avoid giving out that most sensitive piece of personal data if I can).

The site then asked a series of multiple choice questions that the legitimate Elinor Mills would know, things like identifying cities I've lived in, addresses, phone numbers, and middle initial.

Once the score is displayed, the site offers information for how to obtain free copies of a credit report and offers links to other sites with information about identity fraud and companies that offer monitoring services.

For consumers whose score is high the site partners with the nonprofit Identity Theft Resource Center to provide more information about what underlying data triggered the score, Oscherwitz said.

by Cade Metz

Amazon's cloud was struck by lightning earlier this week. And that's the truth.

On Wednesday evening at about 6:30pm Pacific time, some Amazon cloud sitters saw their floating servers disappear - and yes, the company blamed the temporary outage on a lightning strike.
Click here to find out more!

According to a web post from the company, the strike zapped a power distribution unit in one of its data centers, taking out server instances in one - and only one - Availability Zone. Amazon's Elastic Compute Cloud (EC2) serves up on-demand processing power from two separate geographic locations - the US and Europe - and each geographic region is split into multiple zones designed never to vanish at the same time.

"A lightning storm caused damage to a single Power Distribution Unit (PDU) in a single Availability Zone," the company said in a web post at 7:33pm. "While most instances were unaffected, a set of racks does not currently have power, so the instances on those racks are down."

At 9:26, Amazon said power had been restored and the affected server instances were beginning to recover. By 1:20am, the company said the problem had been fully resolved.

While Amazon was correcting the problem, it told customers they had the option of launching new server instances to replace those that went down. But customers were also able to wait for their original instances to come back up after power was restored to the hardware in question.

This was a relatively minor issue compared to the two major outages Amazon's cloud suffered in October 2007 and February 2008. And it's nowhere near as amusing as the time an engineer accidentally deleted Flexiscale's infrastructure cloud. Well, not nearly as amusing except for the lightning bit. ®

by Juan Carlos Perez

Google has released an early version of a new type of database whose approach to data management will be revolutionary, according to an analyst who has studied the technology behind it.

On Tuesday, Google quietly announced in its research team blog a new online database called Fusion Tables designed to sidestep the limitations of conventional relational databases.

Specifically, Fusion Tables has been built to simplify a number of operations that are notoriously difficult in relational databases, including the integration of data from multiple, heterogenous sources and the ability to collaborate on large data sets, according to Google.

"Without an easy way to offer all the collaborators access to the same server, data sets get copied, emailed and ftp'd – resulting in multiple versions that get out of sync very quickly," reads the Google announcement, which has been largely overlooked, probably because it was made on the same day the company held a high-profile press event to launch its Google Apps Sync for Microsoft Outlook.

Under the hood of Fusion Tables is data-spaces technology, which will make conventional databases go the way of the rotary phone, according to Stephen E. Arnold, a technology and financial analyst who is president of Arnold Information Technology.

Data spaces as a concept has been around since the early 1990s, and Google, realizing its potential, has been developing it since it acquired Transformic, a pioneer of the technology, in 2005, Arnold said.

Data-spaces technology seeks to solve the problem of the multiple data types and data formats that reside in organizations, which have to scrub the data and make it uniform, often at great cost and effort, in order to store and analyze it in conventional databases.

Data spaces envisions a system that creates an index that provides access to data in its disparate formats and types, solving what Arnold calls the "Tower of Babel" problem.

In the case of Fusion Tables, the technology should allow Google to add to the conventional two-dimensional database tables a third coordinate with elements like product reviews, blog posts, Twitter messages and the like, as well as a fourth dimension of real-time updates, he said.

"So now we have an n-cube, a four-dimensional space, and in that space we can now do new kinds of queries which create new kinds of products and new market opportunities," said Arnold, whose research about this topic includes a study done for IDC last August.

"If you're IBM, Microsoft, and Oracle, your worst nightmare is now visible. Google is going to automatically construct data spaces and implement new types of queries," he said. "Those guys are going to be blindsided."

Fusion Tables is an early version of the product, as evidenced by its "Labs" label, which means Google considers it an experimental product. "As usual with first releases, we realize there is much missing, and we look forward to hearing your feedback," Google's blog post reads.

by Matt Asay

The Internet largely abolishes scarcity in digital goods, shifting competitive advantage to those that can profit from abundance, not scarcity, like Red Hat, Google, and Facebook. For this reason, the more Hadoop grows as a community, the better the business opportunity for Cloudera, the start-up that distributes a commercial version of Hadoop.

Let me explain.

As CNET's Tom Krazit explains, "Hadoop is essentially an open-source version of the software Google uses to run its Web indexing servers." Yahoo also uses it internally for roughly the same reason, and has released its own open-source version of Hadoop to nudge adoption by other firms and to encourage contributions to the Hadoop project.

As Savio Rodrigues points out, however, Hadoop is already getting significant contributions from outside Yahoo. While initially dominated by Yahoo employees, Rodrigues points to recent data that indicates that 70 percent of Hadoop's community isn't employed by Yahoo.

That's great progress for Hadoop, and it's also great for Cloudera, the company that aims to make Hadoop relevant and useful for companies that lack the scale of a Google or Yahoo. Cloudera actively contributes to the Hadoop project, but perhaps its greatest contribution is in providing a commercial distribution of Hadoop.

The more contributors to Hadoop and the more complex it becomes, the greater the need for a Cloudera to provide a conservative, trusted distribution of Hadoop for enterprise customers. In other words, the greater the abundance of community around Hadoop, the more enterprises need scarcity: one throat to choke for their Hadoop deployments, not many.

As Yahoo and others contribute heavily to Hadoop, in short, they're also contributing to the likelihood of Cloudera's success.

by Dan Goodin

A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned.

During the past week, the number of websites identified as infected have almost tripled, according to researcher Mary Landesman with real-time malware scanning specialist ScanSafe tracking the attacks since March. Normally, web compromises die out after a few weeks, as search engines and anti-virus programs grow wise to them. But that's not happening this time.

"The growth rate is very unusual for this type of compromise, and the fact that it's escalating so quickly is what has us concerned," Landesman told The Reg.

The exploit code is unique for every website, making it impossible to identify a compromised site until someone has accidentally surfed there. It uses obfuscated Javascript that's burrowed deep into a website's source code to exploit unpatched vulnerabilities in a visitor's Adobe Flash and Reader programs. Victims then join a botnet that manipulates their Google search results.

The malware also sifts through a victim's computer in search of FTP credentials that can be used to infect still more websites with the malicious Javascript. The combination of its stealth and ability to find new websites is allowing the infection to grow virally, Landesman said.

The goal of the malware appears to be to siphon dollars away from Google's highly profitable advertising franchises. By injecting ads and links into certain searches, infected users see results that are different than they would otherwise be.

The longevity of the mass compromise speaks to the resourcefulness of the attackers. When they first set out, they dropped static attack code into PHP, HTML and other scripts of infected websites, but in time, website owners learned how to detect and remove the infection. The miscreants soon started a second wave of attacks that installed dynamically generated malware on infected sites as soon as the static script was removed.

The source of the latest Javascript is gumblar.cn, which has a Moscow IP address that reverses to ukservers.com.

by Matt Asay

Eating dinner with Larry Augustin in London this weekend, we fell to talking about open source's relevance to the SMB (small- and medium-sized business) market. Augustin is currently CEO of SugarCRM, a company with over 5,000 customers, many of them SMBs.

But SugarCRM is the exception to the rule. Open source has long been billed as a savior for the SMB market, but the reality is that open-source adoption has largely been an enterprise IT phenomenon, despite other exceptions like KnowledgeTree, which recently updated its product suite to further appeal to this market.

Why aren't more SMBs adopting open source? Following recent Forrester data, Savio Rodrigues of IBM points out that many SMBs still cling to the perception that open source is not secure and is overly complex.

In many cases, it's not perception. While it's tough to generalize about open source at this point in its history, it's absolutely the case that some open source is complex, some open source is not secure, etc. Much open-source software mimics the enterprise software world it strives to leave behind.

Dell is trying to overcome these concerns by selling prepackaged open-source applications, and I would assume we'll see more companies following Dell's lead.

While some big vendors like Cisco already have significant SMB focus, others, like Oracle, SAP, etc., could use an open-source runway to the SMB market. Unfortunately, as noted, open-source vendors haven't necessarily penetrated the SMB market any better than the proprietary vendors have.

This suggests a strategy for open-source vendors, one that could lead to a big exit: figure out how to pitch to the SMB market, then sell to those big, proprietary vendors that need an entree to SMBs. The new hybrid model for open-source vendors might well be to make the "enterprise" version the one that is easiest to administer and use.

First, however, open-source vendors need to start making software easier to use, and not emulate all the wrong behaviors of the proprietary past. Fortunately, the way to make software easier for SMBs and to monetize it might actually be cloud-based computing.

How fortunate.

by Eric Lai

It seems Moore's Law doesn't apply to the next generation of Intel's Atom chips. The low-cost, power-sipping chips, codenamed "Pineview," will greatly improve upon both of those traits, but at the expense of any significant speed boost, according to authentic-looking specs leaked this month.

The trio of processors is expected to come in single and dual-core versions running at 1.66 GHz. For users, that would be an imperceptible increase over the 1.6 GHz speed of most of today's Atom chips.

Similarly, the graphics chip Intel is said to be planning to pair with the upcoming Atom CPUs will only be slightly faster than its existing one.

Publicly, Intel has all but conceded the lack of speed boost, saying that that the biggest change in Pineview is that the Atom CPU will be integrated with a single chipset that holds both the graphics processor and the memory controller.

This architecture change will bring these components closer together and nearer the CPU, enabling netbooks and net-top PCs running Pineview – or "Pine Trail," as the integrated platform will be called – to be a little faster than today's generation, says Nathan Brookwood, an analyst with Insight64.

Beside the longer battery life that comes with more efficient chips, lower heat also means some netbooks with the new Atom chips will not require a fan.

But more important to Intel, the chief benefit of Pineview is that it will be able to make tinier Atom chipsets for lower cost – a benefit it should be able to pass on to netbook makers.

Chips cool, competition heats up
Analysts say the strategy shows Intel is focused on countering the threat posed by ARM chips, which are cheaper and more energy-efficient than today's Atom processors, and are just starting to make their way into netbooks.

But by mostly ignoring performance, Intel could leave an opening for Nvidia to make inroads with its multimedia-savvy Ion platform.

"Intel wants to serve the broadest market it can, but I think that will leave room for a smaller player like Nvidia to find a niche it can serve very well," said Dean McCarron, an analyst with Mercury Research.

Nvidia's Ion platform bundles an Atom N270 processor with Nvidia's 9400M graphics chip, used in Apple's powerful MacBook Pro.

by Cade Metz

Updated A small army of security and privacy researchers has called on Google to automatically encrypt all data transmitted via its Gmail, Google Docs, and Google Calendar services.

Google already uses Hypertext Transfer Protocol Secure (https) encryption to mask login information on this trio of cloud-based web-based applications. And netizens have the option of turning on https for all transmissions. But full-fledged https protection isn't flipped on by default.

"Google's default settings put customers at risk unnecessarily," reads a letter lobbed to Google CEO Eric Schmidt by 37 academics and researchers. "Google's services protect customers' usernames and passwords from interception and theft. However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google's servers in the clear, allowing anyone with the right tools to steal that information."

Signatories includes Harvard-based Google watcher Benjamin Edelman; Chris Hoofnagle, the director of Information Privacy Programs at Berkeley Center for Law & Technology; and Ronald L. Rivest, the R in RSA.

In the past, Google has said it doesn't automatically enable https for performance reasons. "https can make your mail slower," the company explained in a July 2008 blog post announcing Gmail's https-session option. "Your computer has to do extra work to decrypt all that data, and encrypted data doesn't travel across the internet as efficiently as unencrypted data. That's why we leave the choice up to you."

But 37 researchers see things a differently. "Once a user has loaded Google Mail or Docs in their browser, performance does not depend upon a low latency Internet connection," they write. "The user's interactions with Google's applications typically do not depend on an immediate response from Google's servers. This separation of the application from the Internet connection enables Google to offer 'offline' versions of its most popular Web applications."

Even where low latency matters, they say, outfits such as Bank of America, American Express, and Adobe have protected their via https without a heavy performance hit. Adobe automatically encrypts Photo Express sessions.

Of course, another good example is...Google itself. The company does automatic encryption with Google Health, Google Voice, AdSense, and Adwords. "Google's engineers have created a low-latency, enjoyable experience for users of Health, Voice, AdWords and AdSense - we are confident that these same skilled engineers can make any necessary tweaks to make Gmail, Docs, and Calendar work equally well in order to enable encryption by default," the researchers write.

The problem, they say, is that everyday netizens don't realize the importance of encryption - and that Google fails to properly protect them from their own ignorance. Gmail now includes a setting that lets you "always use https." But the researchers complain that most users don't know it's there. And with Docs and Calendar, they point out, users can't use session encryption unless they remember to type https into their browser address bar every time they use the services.

They also take issue with Google's use of a single authentication cookie for all three services. Since users needn't reenter their usernames and passwords when they switch from one service to another, a miscreant who has captured a cookie on Docs can listen into Gmail - even when Gmail's "always use https" switch is flipped on.

"This makes Docs and Calendar sessions the weakest link in the chain of security, and attackers can use this cookie information to steal far more important data that would otherwise have been protected."

If Google refuses to turn on https by default, the researchers say, the company should at least make sure that users understand the risks of encryption-less transmissions. There are four things they suggest:

• Place a link or checkbox on the login page for Gmail, Docs, and Calendar that causes that session to be conducted entirely over https. This is similar to the "remember me on this computer" option already listed on various Google login pages. As an example, the text next to the option could read "protect all my data using encryption.'
• Increase visibility of the "always use https" configuration option in Gmail. It should not be the last option on the Settings page, and users should not need to scroll down to see it.
• Rename this option to increase clarity, and expand the accompanying description so that its importance and functionality is understandable to the average user.
• Make the "always use https" option universal, so that it applies to all of Google's products. Gmail users who set this option should have their Docs and Calendar sessions equally protected.

We have asked Google for a response to the letter, and once it arrives, we'll toss it your way. Odd are, it will be completely non-committal.

In defense of Google, the company does go farther than many other big-name web outfits. As the researchers point out in their letter, Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace don't even offer an https option. But the 37 hold Google to a higher standard. "Google has made important privacy promises to users, and users naturally and reasonably expect Google to follow through on those promises." ®
Update

Google has responded with a blog post. "Free, always-on HTTPS is pretty unusual in the email business, particularly for a free email service, but we see it as an another way to make the web safer and more useful. It's something we'd like to see all major webmail services provide," the company says. "In fact, we're currently looking into whether it would make sense to turn on HTTPS as the default for all Gmail user."

Like we said: non-committal.

by Elizabeth Montalbano

The company in charge of providing technology to the U.S. intelligence community has invested in an open source firm to provide enterprise search technology to the CIA and other intelligence agencies.

In-Q-Tel is investing in Lucid Imagination, which provides support, maintenance, training, and add-on software for the Apache Software Foundation's Lucene and Solr search projects. Lucene is an information retrieval library that can be used for full-text indexing and search. Solr is an enterprise-search server based on Lucene.

The companies did not disclose the nature of the investment but said that it is aimed at making Lucid's open source enterprise search software more prevalent in the U.S. intelligence community.

Lucid officially launched in February after securing initial funding in October of last year, said Anil Uberoi, chief marketing officer of the fledgling company.

"You can think of us as the Red Hat of Lucene," he said, providing support and maintenance to customers who want to use Lucene and Solr for enterprise search. In fact, many of the leading developers who commit code to those projects are the founding technical members of the company, he said.

In-Q-Tel handles technology requisitions for about 18 organizations, including the CIA and the U.S. intelligence community at large, Uberoi said. Many of these organizations have wanted to use the Apache Lucene and Solr projects to do enterprise search, but were hesitant to do so without official vendor backing, he said.

"They were very nervous about not having a commercial entity to support this," Uberoi said.

Indeed, search analyst Stephen Arnold in a blog post said that several intelligence organizations already have been using Lucene and Solr for enterprise search, and having Lucid to back their investments gives it the green light for more mission-critical applications.

"With Lucid imagination, a well-funded commercial entity offering certified distributions of Lucene and Solr, SLA-based support subscriptions, training, high-level consulting and value-added software, both new and existing users now have access to enterprise-grade support and services to optimize their enterprise search efforts," he wrote.

According to Lucid, the Lucene/Solr technology is downloaded more than 9,000 times per day, and more than 4,000 organizations are using the software for enterprise search.

by Dave Rosenberg

Widgets, portable pieces of Web code, have become synonymous with interactive Web page components, often Flash-based games and ads can stick out like a sore thumb. Functions are great, but they need to be seamless.

Instead of just offering a page function, the widget technology is turning out native applications that blend seamlessly with newsfeeds and spread virally through friend lists. Accordingly, the w-word had to go and this morning iWidgets became Transpond. Transpond, a word that actually doesn't mean anything, calls to mind words like "translate" and "respond," more positive connotations than the has-been widget.

Widgets have moved to the wrong side of the hype cycle while apps have their own catch phrase ("There's an app for that.") Meanwhile, the underlying trend that powers what Transpond founder Peter Yared calls the "the atomization of the Web" remains strong.

Transpond offers an easy-to-use platform for creating native applications for Facebook, MySpace, and iGoogle and it's been humming along since its launch (as iWidgets) last summer. The company has big-name customers including CBS, CNN, Lifetime Television, and Revision3, all of whom had turned to the platform to get their content onto social networks.

Content publishers, marketers, and businesses can no longer slap up a Web site and expect to have an audience. Content has to find its audience wherever they happen to be, whether it's hanging out on Facebook or fiddling with their iPhone. Be it via widget or app, delivering the right content in the right way (with a bonus for interactivity) is the only thing that really matters.

by Chris Mellor

Did a Hitachi Data Systems USP-V array controller failure cause the Barclay's ATM outage yesterday?

Yesterday, to its great embarrassment, Barclays' ATM network in the south of England crashed at 1pm, together with a lot of its online banking facilities. Functions were not restored until 4.30pm or later, and thousands of people were caused great inconvenience through not being able to get cash or manage their bank accounts online.

Barclays said it was due to a hardware failure at its data centre in Gloucester, which serves its ATM network south of the Wash. Various reports on the BBC, The Sun, The Mail and elsewhere said that a hardware component of a drive array had failed and that engineers were replacing cards.

What drive array was this? One that was involved in storing data relevant to cash machine operations and online banking? Also, given that the Gloucester data centre has a history of computing system failures (see here, here, and here) why wasn't there an adequate fallback mechanism in place?

We know that, in 2008, Barclays ordered a large, high-end USP-V storage array from Hitachi Data Systems, as part of a 4-year storage-on-demand contract for its Gloucester data centre. It was to provide storage for mainframe and Unix systems. The capacity would rise to 1PB and would start coming online in February this year. There was a separate mid-range AMS storage array supplied by HDS which provided file-based storage for Windows servers through a NetApp NAS head.

Apparently HDS had a similar USP-V contract in a separate part of the data centre.

Under the new contract there was a penalty clause for downtime with the penalty increasing as the downtime increases.

Some of the accounts of the Gloucester data centre's history of ATM crashes show that the mainframe system is involved in ATM operations and this indicates that the USP-V system could be the failed drive array in yesterday's outage.

This was confirmed by a source familiar with the situation from another IT supplier, who also said that HP/EDS have the maintenance contract for the affected system.

HDS recently announced failover clustering facilities for the USP-V. If a USP-V controller in a cluster fails then operations are automatically picked up by a second USP-V controller. Without such a High Availability Manager arrangement, a failed USP-V controller can cause the storage array behind it to be inaccessible until the controller is repaired.

Bastiaan van Amstel, the senior EMEA PR manager for HDS, said, regarding the outage: "A lot of due diligence is happening at the moment and, before it is completed nothing can be said." He added: "Many vendors are involved in the IT at Barclays." ®

by Brooke Crothers

Intel has spelled out its branding for the upcoming Core series of processors including the "Lynnfield" and "Clarksfield" chips. The chipmaker also said that "Centrino" will be phased out as a PC brand.

In a post Wednesday on Intel's Web site, spokesman Bill Calder wrote that the branding will be "simplified into entry-level (Intel Core i3), mid-level (Intel Core i5), and high-level (Intel Core i7)."

Calder added that it is "important to note that these are not brands but modifiers to the Intel Core brand that signal different features and benefits."

The upcoming Lynnfield chip (desktop) will be available as either Intel Core i5 or Intel Core i7 depending upon the feature set and capability, Calder wrote. Clarksfield (mobile) will have the Intel Core i7 name.
Deborah Conrad, vice president and director of corporate marketing at Intel, talks about new branding strategy via video on Intel Web site

Deborah Conrad, vice president and director of corporate marketing at Intel, talks about new branding strategy via video on Intel Web site

Arrandale (32-nanometer mobile) will appear as the Core i3 but will ultimately span the Core brand to include Core i3, Core i5, and Core i7. Clarkdale (32-nanometer desktop) will be available under the Core i3 and Intel Core i5 brands, Calder said.

The widely-used Centrino moniker will be phased out as a PC brand, according to Calder. Centrino "will be used as a name for Wi-Fi and WiMAX products" and "still be in market on mobile PCs into next year," he said. But eventually will be discontinued.

"In the back half of this year you'll begin to see Core i5 and more Core i7s coming to market. Then by the first part of next year you'll begin to see Core i3, and i5, i7," said Deborah Conrad, vice president and director of corporate marketing at Intel, speaking in a video posted on Intel's Web site. "Then the old names will get retired as those products get phased out," she said.

Intel also disclosed other branding. "We will still have Celeron for entry-level computing at affordable price points, Pentium for basic computing, and of course the Intel Atom processor for all these new devices ranging from netbooks to smartphones," according to the post. "For PC purchasing, think in terms of good-better-best with Celeron being good, Pentium better, and the Intel Core family representing the best we have to offer," he wrote.

"We are focusing our strategy around a primary 'hero' client brand which is Intel Core. Today the Intel Core brand has a mind boggling array of derivatives (such as Core 2 Duo and Core 2 Quad, etc). Over time those will go away and in its place will be a simplified family of Core processors," Calder wrote.

Calder continued: "This will be an evolutionary process taking place over time, and we acknowledge that multiple brands will be in the market next year including older ones, as we make the transition."

by Ellen Messmer

More than 40,000 Web sites have been hit by a mass-compromise attack dubbed Nine Ball that injects malware into pages and redirects victims to a site that will then try to download Trojans and keylogger code, Websense said today.

According to Websense, which has tracked Nine Ball for a week and a half, the compromised Web site, loaded with malware, will first try to identify a Web visitor by IP address to discover if it's a repeat visitor. To evade security researchers and investigators who would likely be among any repeat visitors, the Web page will dump a repeat visitor onto the search engine site Ask.com.

"Ask.com is nothing malicious, you're just sent there if they've seen you before," says Stephan Chenette, manager of security research at Websense. This type of inspection and re-direction is becoming commonplace in Web attacks as a way to evade investigation, he points out.

If a Web visitor is new, the victim is pushed through a few more re-directions to land at the site www.nine2rack.in, which may sound like a site in India, but is in Ukraine, Websense believes. The URL inspired Websense to name the attack method Nine Ball.

The final stop for a Web victim includes a drive-by download attempt after the malware checks for vulnerabilities in the browser, Adobe or Quicktime software on the user's desktop. If it succeeds, the attack will download a Trojan with a keylogger component that many anti-virus software packages do not yet identify, according to Websense.

"These Trojans have a very low detection rate," Chenette says. "Many are polymorphic or created on the fly."

There are a number of security failures that can help Nine Ball to compromise so many Web sites, including SQL-injection attacks on susceptible Web sites as well as bots that have stolen user passwords and logins for administrators of Web sites.

The Nine Ball exploit is distinct from two other mass-compromise methods observed of late - Beladen and Gumblar - but it's possible the same instigators are behind them, Chenette says.

by Timothy Prickett Morgan

Just after Oracle closes its acquisition of Sun Microsystems in about a month's time, one of the things it's going to have to sort out is a hodgepodge of virtualization products that Oracle and Sun have amassed. But in the meantime, Sun's VirtualBox development team is still at it, rolling out the first beta of VirtualBox 3.0.

According to the announcement made by Frank Mehnert, who heads up the VirtualBox product at Sun and who used to get his paycheck from Innotek before Sun acquired the small German software development company in February 2008, VirtualBox 3.0 will be "a major update."

The most significant change in VirtualBox 3.0 is support for multiple processors within guest virtual machine partitions riding atop of the VirtualBox hypervisor. The 3.0 release will, according to Mehnert, support guest partitions that span as many as 32 virtual processors on x64 processors. (A virtual processor in the VirtualBox lingo is one core, no matter how many threads it has it it supports simultaneous multithreading). The virtual SMP support for VirtualBox partitions coming in the 3.0 release will require VT-x features on Intel's Core and Xeon processors and AMD-V features on Advanced Micro Devices' Athlon and Opteron processors.

VirtualBox 3.0 also has experimental support for Direct3D 8 and 9 graphics support for applications and is particularly useful for games. If the phrases "experimental support" in a "beta program" are not a strong enough caution to you, Mehnert reminds everyone in the announcement that the beta release "should be considered a bleeding-edge release meant for early evaluation and testing purposes."

So by all means try this at home, but maybe not at the office where you are trying to get work done (presumably). VirtualBox 3.0 will support OpenGL 2.0 graphics for Windows, Linux, and Solaris guests as well. (The host OS and machinery has to support OpenGL 2.0 graphics for the guests to be able to use it). The updated VirtualBox also includes a bunch of bug fixes, which are detailed in the release notes. You can download the binaries of VirtualBox 3.0 beta 1 here.

The latest production-grade version of VirtualBox is 2.2.4, which was release on May 29. This was a maintenance release fixing bugs, not adding features. The last major release of VirtualBox was 2.2.0, which was delivered in early April as all of the IBM-Sun-Oracle shenanigans were going on. That release supported Windows 7 and Mac OS X "Snow Leopard" guests as well as expanding memory for VMs to 16 GB (up from 3.5 GB).

The 2.2 release also added Open Virtualization Format (OVF) to the VM formats already enabled in VirtualBox, which include VMware's VMDK and Microsoft's VHD virtual machine disk formats along with VirtualBox's own VDI native format. Sun has promised that live partition migration would be coming in a future release this year, but it is not clear if that will be with VirtualBox 3.0.

The big question, of course, is what Oracle will do with its Oracle Enterprise VM and Virtual Iron hypervisors and tools as well as Sun's xVM Server (based on Xen) as well as VirtualBox on x64 iron as well as LDoms and Solaris containers on Sparc iron. With Red Hat's KVM coming on strong, there may be another one that Oracle has to add to the list, which also includes both Oracle and Sun support for XenServer and ESX Server. There's a lot of overlap in there, and it is hard to believe that everything will make the cut. ®

by Denise Dubie

Successful server virtualization deployments lead many IT managers to believe desktop virtualization would provide the same benefits. While that is partly true, companies need to be aware of how the two technologies differ, industry experts caution.

"Desktop virtualization is a very different beast and should not be treated as simple enhancements to the server strategy," says Natalie Lambert, principal analyst at Forrester Research. "The drivers are entirely different and the environment will present new challenges to those experienced with server virtualization."

Seven tips for succeeding with virtualization Seven things that will sink virtualization

For instance, desktop virtualization doesn't offer the near-immediate cost benefits many cite with virtual server rollouts. And while virtual servers present new security and management challenges, many argue that in the desktop realm, virtualization improves security and manageability for IT departments. In addition, the sheer numbers involved can be strikingly different.

"IT managers could be taking on 500 virtual servers, and that is a lot, but it is nothing compared to 10,000 desktops," Lambert says.

According to industry experts and IT pros, there are some similarities and many differences between virtual servers and virtual desktops. Here we highlight key factors that could help avoid major headaches when moving virtualization to the desktop.

Complexity intensified
Most IT departments at enterprise companies have exponentially more desktops to support than servers, virtual or otherwise. The sheer volume of desktops should be one of the first criteria IT managers consider when making a move to a virtual platform.

With more than one billion PCs in the world, there's a huge opportunity for virtualization, but "all the requirements of the PC world need to be maintained as you migrate into the datacenter," says Mark Margevicius, vice president and research director at Gartner. "The desktop realm represents a lot more moving parts, considering all the uniqueness that happens on a PC needs to be maintained."

Server virtualization teams are unlikely to be responsible for the desktop infrastructure, beyond the servers that host the virtualization platforms. That means desktop groups need to rethink patch management, software distribution and other functions when applying them to a centralized system rather than a slew of disparate desktops.

"Desktop teams know how to manage 100,000 machines, so the practices and policies are completely different. In the virtual realm, the desktops come back to the server environment but cannot be thought of in the same terms," Forrester's Lambert says.

by Josh Lowensohn

Google is working on an update to its Google App Sync software, the latest version of which breaks Microsoft's Windows Desktop Search along with several plug-ins found in Outlook.

A post by Google on its enterprise blog late Tuesday details some of the broken plug-ins, which include Adobe's Acrobat PDF Maker toolbar, as well as Microsoft's Office Outlook Connector and Outlook change notifier. As a fix, Google is recommending that users with Google App Sync installed, and who need to use these tools and plug-ins simply uninstall the program until a fix can be made.

While the plug-ins may not be as important to some users, the crux of the problem is that Google's add-on disables Windows Desktop Search, and some other third-party search tools. It's not doing this maliciously though; Google says it does it to keep them from endlessly attempting to index the sync files the special software creates. Getting those programs to stop doing that will take cooperation from the companies that make them (including Microsoft), which Google says it's working on.

Google introduced its App Sync software earlier this month as an optional tool to its Premier and Education Edition users. It lets them sync up messages, calendar appointments, and contacts between Outlook and Google's hosted office services.

by Rik Myslewski

Intel demoed this fledgling tech this morning at its seventh annual Research@Intel event in Mountain View, California. As Intel researcher Byung-Gon Chun told The Reg, the Clone Cloud is designed - as its name suggests - to create a clone of your smartphone's data and apps and run them in a cloud environment where they can take advantage of far more computing power than could ever be squeezed into a pocketable device.

Thanks to a stack living on your smartphone and another on a host device - which could either be dedicated hardware or a virtualized instance - your phone (or netbook, nettop, MID, or whatever) could live a schizoid life, existing both in your pocket and in the cloud.

When you ask your handheld to perform a computational task that would benefit from more horsepower, the device and the cloud could negotiate at run-time to determine how best to satisfy your request. If the cloud can help, it will - delivering the results back to your handheld.

Of course, offloading computationally expensive operations from clients to hosts is not new. The Clone Cloud is different, however, in that the client/host relationship dissolves into the cloud. The smartphone isn't getting data from an application running in the cloud. The smartphone itself is running in the cloud in clone form.

The cloud, by the way, doesn't have to live on big iron in a data center. The Clone Cloud concept is designed to scale down to a point where the host could be your laptop or desktop machine.

To demonstrate the power of the Clone Cloud, Chun ran an image-processing task that took a minute and a half on a smartphone. On the smartphone's clone, the same task took a second and a half - including the transmission time - and the process was seamless. To the user, it simply looked like one hella-fast smartphone.

Chun sees five major types of usage for the Clone Cloud:

Primary: In this most-basic implementation, the handheld manages user interface and other "low-octane" tasks, and offloads more computationally intensive processes to the cloud. Communication between the devices is done in real time, transparent to the user.

Background: This scenario is designed to allow processes that don't require immediate user interaction - virus scans, for example - to take place on the clone of the device that resides in the cloud, and then communicate back to the device when they're complete.

Mainline: A cross between the Primary and Background scenarios, in this implementation the clone checks in with the handheld at predetermined intervals during the running of an application. It could, for example, be used for debugging, where the clone could "rewind" at a given checkpoint if a bug appeared.

Hardware: In this scenario, the clone calls on other hardware resources and file systems to drastically boost the clone's capabilities. For example, instead of running a process on an ARM emulator in the clone, it could instead dig directly down to its underlying hardware. In effect, you could have a Xeon 5500, InfiniBand smartphone.

Multiplicity: Finally, multiple clones of the same handheld could be created to enable parallelization of tasks. While Chun refers to this as an "extravagant" use of compute power in terms of the energy used, it could provide a decisive computational boost in, for example, critical parallelized statistical analyses in emergency medical use.

You can find more information on the Clone Cloud concept in Chun's detailed paper (PDF), "Augmented Smartphone Applications Through Clone Cloud Execution", co-authored by fellow Intel researcher Petros Maniatis. ®

by Robert X. Cringely

It isn't quite up to the New York Post's gold standard – "Headless Man Found in Topless Bar" – but the Post's "Fear Grips Google" story over the weekend certainly got some attention, if only for its over-the-top headline.

According to "insider sources" the Post conveniently declines to describe, let alone identify...

Sergey Brin is so rattled by the launch of Microsoft's rival search engine that he has assembled a team of top engineers to work on urgent upgrades to his Web service, The Post has learned.

Well, duh. If Google weren't paying attention to Bing, it wouldn't be Google. But "rattled"? Please. When you own 60 to 80 percent of the search market, depending on who's counting, I don't think a 2 point percentage gain by a distant-third-place competitor is worth pulling the covers up over your head at night.

(Though I have to admit that Hannibal Lecterish graphic the Post ran of Ballmer is kind of frightening. He looks like he's about to bite Larry Page on the face. I'm gripped with fear just looking at it.)

SearchEngineLand's Greg Sterling has a somewhat less adrenaline-fueled take on what's likely happening over at the Googleplex:

Bing is probably better than Google anticipated and early indications are favorable in terms of user adoption; however not on any scale to threaten Google's position. I wouldn't be surprised if Google is taking Bing seriously and trying to carefully assess its algorithm.

My take: This is Rupert Murdoch's way of jabbing his poison pen into Google, which newspaper publishers have loudly (though somewhat inaccurately) blamed for the demise of their industry. Or maybe he sees it as a competitor to MySpace, or maybe it's just cuz Al Gore is on their board, and we all know how Rupe feels about green pinkos (or is that pink greenos?). In any case, it's a hit piece, and it's not the first one the Murdochians have aimed at Google.

by Matt Asay

Google blew the minds of developers with the introduction of its innovative Google Wave, a new approach to real-time content collaboration, but its odds of breezing into enterprise computing anytime soon remain remote.

Within enterprise IT departments, starved for compelling ways to collaborate on application development, however, Google Wave may find a ready audience.

Enterprise computing remains in the Stone Age, by modern standards, a topic nicely addressed by the Financial Times recently. While the consumer Internet offers diverse ways to connect (via Facebook, Twitter, Gmail, and other services), the enterprise remains somewhat buttoned-down, relegated to Microsoft Exchange and the occasional fling with IBM's Lotus.

Pardon me while I stifle a yawn.

This isn't necessarily Microsoft's or IBM's fault, of course. Both offer other products that push the envelope on enterprise computing. But it's hard for enterprises to easily digest rapid-fire innovation, and it's not exactly easy for software vendors to recoup investments in groundbreaking innovations, either, as RedMonk's Stephen O'Grady noted in his review of Google Wave:

We don't see a lot of dramatic leaps forward in software, I'd argue, both because it's exceedingly difficult to develop and launch revolutionary products, and because the economics act against it.

It's difficult, of course, to produce them: how many vendors can afford the indulgence of turning high-quality resources loose on a multiyear project with no clear revenue plan in place? But it can be even more difficult to market (or sell such revolutionary products) because, well, they're not what people are used to, and they take some explaining.

So, given that Google Wave may have moved much further than most enterprises are able to willing to accept, at least for now, what good is it?
Most of the world's software is...written by enterprises for internal use.

Equitas IT Solutions' Ryan Cartwright suggests an answer. He indicates that Wave offers "the chance to...make a big improvement in the way we develop free software."

He's absolutely right, but why stop there?

Most of the world's software is not written by open-source software developers, nor is it written by Microsoft or other traditional software vendors. It's written by enterprises for internal use. As such, if Google Wave has the potential to facilitate software development by facilitating real-time collaboration on code-and it does-then why not unleash its potential within enterprise application development?

Google Wave may well crash on the shore of enterprise adoption, but I suspect that it may well roll into the enterprise, anyway, as a code collaboration tool deployed by enterprise IT for its own use. Eventually, that "personal" consumption should trickle out to business users clamoring for their enterprise-computing experience to catch up with their consumer-computing world.

This could be Google's game to lose.

by Bill Ray

Apple has rejected a licensed Commodore 64 emulator application for the iPhone, citing its own rules that forbid virtual environments - something aimed more at Java developers than nostalgic gamers.

Publisher Manomio thought it was on to a good thing; cashing in on all those iPhone users still desperate to hear the congratulatory speech at the end of Impossible Mission, but despite apparently having the vocal support of Apple Europe, the completed application fell foul of the iTunes rules and won't be available.

The iPhone application rules are pretty clear on the subject of virtual environments, preventing anything that might download and execute code sourced from somewhere other than the Cupertino-controlled repository that is iTunes:

"An Application may not itself install or launch other executable code by any means, including without limitation through the use of a plug-in architecture, calling other frameworks, other APIs or otherwise. No interpreted code may be downloaded and used in an Application except for code that is interpreted and run by Apple's Published APIs and built-in interpreter(s)."

by Paul Krill

Providing an assist to IT shops looking to implement an enterprise architecture, The Open Group on Monday is offering is offering a tool to help with putting TOGAF (The Open Group Architecture Framework) 9 into action.

Donated by Capgemini, the TOGAF Customizer tool is a free, open source technnology based on the Eclipse Process Framework. Users can more easily align enterprise architecture practices with TOGAF 9 and develop organization-specific versions, Open Group said.

"One of the things that we wanted to do in The Open Group community was really to augment the traditional Open Group [publication] mechanisms with a tool that would allow a user of TOGAF to really pick up the TOGAF method" and customize it, said Mike Turner, enterprise architect at Capgemini.

Plugging into the Eclipse IDE, the tool contains TOGAF 9 content in a structured and editable form, including guidelines and checklists as well as materials accommodating the Architecture Development Method in the framework. Users also can use the tool to integrate TOGAF with other enterprise architecture frameworks such as Zachman.

The tool is a desktop client that publishes HTML output that can be edited; it will generate a Web site for user reference.

Specific features of the tool include:

• Constructs and tasks to enable processes to be defined with related content such as outputs, inputs and roles.
• A supporting editor to make changes to the standard framework.
• A content management system for group collaboration, editing and versioning.
• A plug-in architecture for adding content packages such as document templates.

TOGAF 9 was launched in February.

by Dave Rosenberg

As the world pushes ahead with cloud computing and business users demand software-as-a-service (SaaS) applications, many IT departments are struggling to keep legacy applications on life support. Many of these zombie applications are there only for storage and audit purposes, not for real-time data interaction.

Even if applications have been "turned off" the data continues to live on in databases and file stores, continuing to take up storage space and software licenses. The result is a state of paralysis, with application retirement merely a dream.

U.K.-based Clearpace recently unveiled a cloud-based data archiving service called RainStor. RainStor's technology is being used to solve a completely overlooked problem domain: application retirement. I spoke via e-mail with RainStor CTO Andy Ben-Dyke to understand how the service works and why it makes sense.

RainStor's Instant Application Retirement service works in 3 steps:

1. Send-Structured data from any RDBMS is automatically compressed by 40x or more, encrypted and sent to the cloud using a client-side software appliance. The extreme compression that is applied significantly reduces the time to transfer large volumes of data to the cloud.

2. Store-The encrypted data is stored in a private archive on Amazon's highly available and secure storage cloud (S3). Though compressed, the original schema format is preserved and RainStor is able to layer on additional archives which reflect any schema changes (e.g. add or delete of columns).

3. Search-Running on Amazon's highly scalable compute cloud (EC2) RainStor allows you to query data through any industry-standard reporting or BI tools over ODBC or JDBC with lightning speed. Providing "point-in-time" query capability based on its ability to store schema evolution changes.

The RainStor service can be had for as little as $1 per GB of data stored per month with no commitments, including Amazon storage and resource costs. Clearpace is also offering a 90 day free trial.

Given that there is a untold fortune of hardware and software tied up in legacy apps waiting to freed up, turning off those apps and sending the data to "heaven" in the clouds just seems like a no-brainer.

by Timothy Prickett Morgan

The annual International Supercomputing Conference kicked off this morning in Hamburg, Germany, with the announcement of the 33rd edition of the Top 500 supercomputer rankings. While petaflops-scale machines are far from normal, they soon will be.

Not surprisingly, HPC vendors and academics are gearing up to try to push performance up by three orders of magnitude to break through the exaflops barrier - something that will take radically different server and network fabric designs and plenty of time to accomplish. But in the meantime, everyone is trying to show they can break the petaflops barrier, and soon, they will be breaking the 10 petaflops barrier.

With the June 2009 ranking, the home team in Germany - which has two monster machines in the top ten this time around - will be celebrating. Well, as much as supercomputer nerds celebrate. (We know you are really using the new Jugene and Juropa supers to play video games, at least when the administrators aren't looking. Let's hope the game is not global thermonuclear war).

The Forschungszentrum Juelich (FZJ) has been on a buying binge this year, upgrading its two supercomputers so it can lay the claim of being the floppiest supercomputer center in Europe. The Jugene BlueGene/P system that FZJ bought from IBM packs together 294,912 PowerPC 450 cores running at 3.4 GHz, using a proprietary BlueGene interconnect to deliver 825.5 teraflops of oomph for various research projects, giving it the number three position on the Top 500 list. It runs SUSE Linux - as if you expecte anything else.

Down the hall at FZJ is a hybrid machine made by Bull and Sun Microsystems, called Juropa, which is comprised of a mix of Bull NovaScale R422-E2 rack servers and Sun's X6275 blade servers, all linked together using the new quad data rate InfiniBand switches from Mellanox. It's ranked at number ten on the list. (Those Mellanox switches were the final nail in interconnect maker Quadrics' coffin, since the Juropa prototype used its products and the final machine did not).

The Juropa nodes all use Intel's quad-core Xeon 5500 processors (formerly known as "Nehalem EP" or "Gainestown" if you track code names) and run SUSE Linux. The combined bits of the Juropa machine have 26,304 cores in total and were rated at 274,800 on the Linpack Fortran test, which means 89.1 percent of the peak theoretical performance of the processors was delivered when the Fortran test was run. The Jugene machine has an efficiency of about 82.3 percent on the Linpack test.

The Top 500 supercomputer list comes out twice a year, giving food for thought to the two major HPC events of the year, Supercomputing in North America and ISC in Europe. The list is maintained by Erich Strohmaier and Horst Simon, computer scientists at Lawrence Berkeley National Laboratory, Jack Dongarra of the University of Tennessee, and Hans Meuer of the University of Manheim. The ranking is based on the installed machine running the Linpack Fortran benchmark test created by Dongarra and colleagues Jim Bunch, Cleve Moler, and Pete Stewart back in the 1970s to gauge the relative performance of computers of all stripes and sizes on numerical calculations.

The two machines at the top of the June 2009 ranking are exactly the same as they were on the November 2008 list. Number one is IBM's hybrid Opteron-Cell "Roadrunner" machine, which the U.S. Department of Energy has installed at Los Alamos National Laboratory. The machine is currently using dual-core 1.8 GHz Opteron chips and 3.2 GHz PowerXCell 8i co-processors, delivering 1.1 petaflops of number-crunching power (the same performance it had last November). Roadrunner has 129,600 processor cores in total and runs at about 75.9 per cent of peak theoretical throughput. (Moving up to faster 40 Gb/sec InfiniBand switches would probably boost performance on Roadrunner without adding cores to the box).

Number two on the Top 500 is the "Jaguar" Cray XT5 cluster installed at the DOE's Oak Ridge National Laboratory, which is made from 37,538 of Advanced Micro Devices' quad-core "Shanghai" processors running at 2.3 GHz and delivering 1.06 petaflops of oomph. It too had the same ranking late last year. (That's because the heavy workload that Jaguar has been under has not allowed it to be retested, according to Strohmaier).

The "Pleiades" Altix ICE 8200 cluster made by Silicon Graphics (the old one, not the new one that is really Rackable Systems with the old SGI product line added in) for NASA's Ames Research Center is ranked at number four on the list, with 487 teraflops, the same as six months ago but Jugene bumped it down. The number five box on the ranking - IBM's BlueGene/L massively parallel box installed at Lawrence Livermore National Laboratory and the number one machine on the November 2007 list when it debuted - was still rated at 478.2 teraflops.

There are two more BlueGene/P systems in the top ten, which are kickers to this BlueGene/L and siblings to the larger Jugene machine at FZJ.

Number six on the Top 500 list this time around is a sibling machine nicknamed "Kraken" that is also an XT5 machine from Cray that is installed at the University of Tennessee. It has 66,000 cores, is rated at 463.3 teraflops, and is the most powerful supercomputer installed at a university anywhere in the world.

Number seven on the list is a BlueGene/P box installed at Argonne National Laboratory, which was upgraded a smidgen to 458.6 teraflops but which still fell two spots in the ranking. Number eight on the list is the the parallel machine built by Sun Microsystems using its X6420 blade servers with quad-core Shanghai Opterons running at 2.3 GHz and linked by Sun's "Magnum" InfiniBand DDR switches. The Ranger cluster has a total of 62,976 cores and it's rated at 433.2 teraflops.

Rounding out the top ten is "Ranger," at number nine on the list, is a machine named "Dawn," a companion BlueGene/P box that sits next to that BlueGene/L box at Lawrence Livermore National Laboratory. It's rated at 415.7 teraflops.

Other new and notable machines on the list include a 185.2 teraflops BlueGene/P super sold by IBM to the King Abdullah University of Science and Technology in Saudi Arabia, ranked number 14 on the list, and a 180.6 teraflops cluster called "Magic Cube" at the Shanghai Supercomputer Center, the largest machine on the list equipped with Microsoft's Windows HPC Server 2008 operating system. This system was built by Chinese server maker Dawning and was on the list as of last November.

by Paul Krill

Recognizing that developers these days must program for multicore processors, Sun Microsystems on Tuesday is releasing an upgrade to its native development tools package geared to this new responsibility.

Sun, though, would not comment on what Oracle's impending acquisition plans might mean for the product, called Sun Studio 12 Update 1, thus leaving its fate up in the air similar to other Sun technologies.

Built for programmers developing applications in C, C++, and Fortran, Sun Studio 12 Update 1 is "focused on really unleashing application performance on multicore processors as well as simplifying parallel development on those processors," said Dan Roberts, director of product management for the data center software group at Sun.

But Roberts, asked what the impending purchase of Sun might mean for the tool, instead deferred to Sun statements on the merger. Sun on that page said Solaris has been the leading OS for the Oracle database. But no specific statement pertaining to Sun Studio could be found. An Oracle representative, when asked about the fate of the product, merely responded that the transaction had not closed yet.

Sun Studio is commonly used for building transactional applications as well as telecommunications, government, and military applications. It also is being used in retail and manufacturing application realms. The package consists of tools such as parallelizing compilers, debuggers, and libraries.

Developers, Roberts said, must deal with parallelizing code. Conditions that can crop up if an application does not accommodate parallel development include race conditions, with two commands waiting for the other complete. Thread locking also is an issue. Included in Sun Studio 12 Update 1 are improved tools for dealing with such maladies as race detection, thread lock assistance, and application profiling.

Graphical capabilities have been added and more issues can be detected than before. A visual profiling tool based on Dynamic Tracing technology in Solaris is featured.

The tools package, which is offered free of charge with optional support plans available, can be used to build applications for OpenSolaris, Solaris, and different forms of Linux on Intel, AMD, and Sun Sparc chips.

Also featured is improved performance and optimizations for delivering optimized code for Solaris. The update also supports libraries and tools from the OpenMP 3.0 API specification, featuring capabilities for scheduling and synchronization to control code execution.

A stand-alone GUI debugger is included, called dbxTool.

by James Urquhart

Software development "in the cloud" has been one of the really interesting developments to come out of the cloud computing market so far. While many early players, such as Zimky and Coghead died on the vine, there is a pretty robust Platform as a Service (or "PaaS") market out there today, with Google App Engine taking the most visible lead, and a pretty solid stable of Ruby on Rails-based hosting providers telling a compelling story of their own.

Such success is driving some new players to seek the spotlight, however. I wanted to highlight two that I found most interesting. They are very different from one another, but those differences highlight the breadth of opportunity that remains in the PaaS market.
(Credit: CNET News)

Take AppScale, for instance. From RACELab, the same computer science lab at the University of California, Santa Barbara that brought you EUCALYPTUS, comes a completely open-source implementation of Google AppEngine cloud interface. Much more than another client-side implementation of the development tools alone, AppScale is a complete platform that allows you to run your App Engine applications on a virtualized cluster in your own data center equipment, or-get this-on Amazon EC2.

AppScale is likely most useful for those who want to save a buck or two by using existing software development and testing labs to build, test, and stress App Engine applications before paying for the Google service, and for those wishing to get an idea of how the underlying platform might make decisions relative to their application's performance. The platform also promises to provide a "way out" of App Engine should the economics, performance, or existence of that platform come into question.

App Engine, though, is a framework generally limited to building high scale Web applications. What if you are trying to build out your complete enterprise architecture in a cloud centric fashion? In that case, you might want to take a look at TIBCO Silver. A complete development, integration, and operations platform for service-oriented enterprise architectures, Silver takes a very unusual tack towards providing development to the clouds.

First, it's a three-element architecture:

1. An Eclipse-based software development tools that you load onto your desktop (much like the App Engine developer tools) and use to write code, integrate systems, utilize governance, and so-on.
2. TIBCO's "secret sauce": the management systems and middleware that work together to coordinate composition and governance, integration and orchestration, and automated performance management for your application.
3. A third-party cloud provider (today limited to Amazon EC2), on which to deploy and run your application. What is really cool here is that you create the instances you want to use, but Silver will install the software agents and configurations that need to be in place for it to deploy and manage your application-automatically.

Did you get that last bit? Silver is a cloud development environment that automatically manages your applications in a cloud data center-just not TIBCO's data center. I still haven't decided if that qualifies as PaaS or not. Given that the automation systems do run in TIBCO's data centers, I'm tempted to say it is-what do you think?

If you choose the TIBCO route, you are certainly committing to their platform in some ways. However, everything is done entirely on open standards, so in theory (with significant work, I'm sure), you could port your systems (or components of a system) to another standards-based environment, should you so choose.

Both of these new options give me new hope for software development in the cloud, though each for a different reason. AppScale represents the power that open source has in creating options for what might otherwise be a "lock-in" risk. Silver, on the other hand, represents the first stab at a complete enterprise software architecture in the cloud that I've seen to date. I'd be interested in your reaction to either or both of these tools. Are either compelling to your situation?

by Timothy Prickett Morgan

The second-generation InfiniBand switch that Sun Microsystems has been showing off since last November made its debut this morning at the International Supercomputing Conference in Hamburg, Germany. The new switch - coupled to new servers based on Intel's "Nehalem EP" Xeon 5500 processors as well as existing quad-core "Shanghai" Opterons (and soon to be six-core variants) - is the core of the upgraded Constellation HPC clusters that Sun has been pushing for two years as a means of getting back into the supercomputing space.

The new "Project M2" 648-port modular quad data rate InfiniBand switch - as well as two low-end fixed-port switches that run their ports at the same 40 Gb/sec speed - are all based on new InfiniBand protocol chips made by Mellanox. (That vendor launched its own line of switches that span up to the same 648 ports running at QDR speeds yesterday ahead of ISC '09). Sun was previewing its QDR InfiniBand switches as well as its Nehalem EP blade servers and some integrated storage (with solid state drives) aimed at HPC customers, and now, it is ready to start shipping boxes.

According to Michael Brown, marketing manager for HPC at Sun, the company has sold over 2 petaflops of Constellation machinery and about half of that is based on the new Nehalem machines that were announced two months ago and the new QDR InfiniBand switches. "That's a pretty big chunk of business," says Brown with a certain amount of satisfaction.

To be fair, the Constellation boxes have been a bright spot for Sun, which is finally getting some play on the Top 500 list of supercomputers. About a quarter of the petaflops that Sun has shipped or that are on order for Constellation boxes come from one machine, the "Ranger" Constellation box at the University of Texas, with a few other big deals contributing tens of teraflops on top of that. Constellation needs a lot more sales, as do Sun's generic rack and blade servers for customers who don't want to adopt InfiniBand and who might prefer cheap Gigabit Ethernet or alternative 10 Gigabit Ethernet switching.

A single Constellation rack has 48 full-height or 96 half-height blade servers, plus the switching and storage, for a maximum of 768 cores using Nehalem EP Xeon or Shanghai Opteron processors. Various labs that are thinking well below the petaflops performance level that IBM, Cray, Silicon Graphics, and Sun are chasing (and to a lesser extent, so are Dell and Hewlett-Packard) and are looking at buying Constellation machines that span only one or two racks. The adoption of the six-core Istanbul Opterons sometime in the next quarter in the X6240 and X6440 blade servers, which will only require a BIOS update on the blades, certainly won't hurt sales of smaller racks, allowing customers to pack 1,152 cores in a rack.

Brown says that Sun's HPC business is more than just Constellation boxes, but was not at liberty to say what percentage of Sun's HPC sales come from outside of Constellation setups. As an example, he says that the University of North Carolina at Chapel Hill has bought seventeen of Sun's X4600 Opteron servers (which each have 16 cores) plus some storage and its Grid Engine gridding software to make a baby cluster. This setup at UNC includes 45 Sun workstations as well as a mix of storage, and it harkens back to the kinds of deals Sun used to do all the time back in the 1990s, deals that made it a name in academic computing right beside Digital Equipment.

by Ted Samson

Green IT has flourished in datacenters across the United States and beyond over the past couple of years, driven primarily by organizations' desire to cut costs on energy, cooling, new hardware investments, and facility expansion or construction projects. A new driver for honing datacenter efficiency is now looming, however, and datacenter operators should pay heed: Governmental regulation is coming, and the industry needs to prepare.

Such is the argument laid out by Mike Manos, senior vice president of technical services at Digital Realty Trust. Manos – formerly the general manager of Microsoft's datacenter division – argues in his blog that political leaders will soon shine a legislative spotlight on datacenters in the name of reducing carbon dioxide emissions to prevent global warming. "Whether you view this to be a good thing or bad thing, it's something that you and your company are going to have to start planning for very shortly. This is no longer a drill," he cautions.

Moreover, Manos makes the case that datacenter operators need to get involved now in helping develop the aforementioned regulation, unless pencil-pushers who don't understand datacenters crank out unreasonable or unsuitable rules.

Already we've seen governmental bodies paying special attention to the technology industry – specifically datacenters. Manos points to the United Kingdom's Carbon Reduction Commitment, introduced as part of the Climate Change Act 2008. "The main purpose of the CRC is a mandatory carbon reduction and energy efficiency scheme aimed at changing energy use behaviors and further [incentivizing] the adoption of technology and infrastructure," Manos writes. "While not specifically aimed at datacenters (it's aimed at everyone), you can see that by its definition, datacenters will be significantly affected."

U.K. organizations can expect a carbon cap-and-trade system to be implemented in 2010. They'll face limits on how much CO2 they can emit. Companies that are able to produce fewer emissions than they're allowed will be able to sell their extra CO2 emissions permits to companies that can't keep their emissions within bounds. Organizations that fail to comply face fines (not to mention bad PR).

Why do datacenter managers specifically need to take heed? Organizations that consumed more than 6,000 MWh (megawatt hours) in 2008 need to participate in the program, and as significant consumers of energy, datacenters will not escape scrutiny.

by Gordon Haff

There's a bit of an anti-Netbooks meme making the rounds in blogs and on Twitter and the expected push-back from their fans. From where I sit, this is fueled partially by the conflating of product and product category, partially by competitive sniping, and partially by genuine consumer confusion. Let me try to tease those threads apart.

I've been skeptical from pretty much the beginning that there was a bright line distinction between Netbooks and other inexpensive, small form-factor notebooks. And it's this lack of a truly standalone category that analyst Michael Gartenberg is writing about in his provocatively titled "Netbooks R.I.P."

"What's in a name?" Shakespeare asked, adding "a rose by any other name would smell as sweet." While some perceive the netbook as a new product category – a class of device that's never existed – I would have to beg to differ. A netbook is merely a laptop with the pivotal axis based on price first and foremost... Sure, my price-oriented definition might sound heretical to those who view the netbook as an ode to cloud computing, ubiquitous usage scenarios, and freedom from Microsoft OS tyranny, but that's not how the market has shaped out.

The current generation of Netbooks tends to have certain defining characteristics--specifically Intel Atom processors and the Windows XP (or Linux). But, as Gartenberg notes, a 7-inch screen also used to be a defining characteristic. Now many Netbooks come with 10-inch screens. Come Windows 7 and future processor generations from Intel (and AMD), I expect any clear distinctions that exist today to rapidly blur.

That's not to say that analysts and product managers won't create a bucket for small, price-focused notebooks. They may call that bucket "Netbooks." They may call it "Value Ultraportables." They may call it "Fred."

IT industry people like to chop markets into named categories for reasons of their own, even if as a fellow analyst said at a recent meeting: "the average consumer calls everything a laptop anyway."

One reason that the nomenclature fight around Netbooks is more intense than such battles tend to be is that the distinction between Netbooks and other ultra-portable notebooks is also a fault line in a competitive battle between Intel and AMD.

For Intel, Netbooks have been the big product category win for its Atom processor. (If a somewhat serendipitous win. Atom was originally more focused on a new class of "Mobile Internet Devices" (MID), a product category that so far hasn't taken off.) For its part, AMD has focused on an incrementally higher price and processing power point with its Athlon Neo platform (found in the HP dv2).

As a result, it's in Intel's interests to promote Netbooks as something new that is both apart from and incremental to the notebooks that use higher-end (and higher dollar) Intel parts. At the same time, it's in AMD's interest to denigrate Netbooks as underpowered and not real PCs.

Finally, there is a continuing trickle of evidence, such as this NPD Group report, suggesting that consumer satisfaction with Netbooks isn't all that great.

Like James Robertson, this latest report struck me as a bit curious. Many of the people I know with Netbooks are almost excessively fond of them. However, it's fair comment that most of the people I know as also geeks, are attracted to the new and different, and understand what a Netbook class of device can do--and what it can't. It doesn't stretch credulity to imagine less educated consumers taking a $300 notebook home and then being dissatisfied because it's not a general replacement for a $1,000 notebook.

Highly portable notebooks without the road warrior premiums historically associated with portability are a great advance for consumers. But I'm also excited about the devices that new screen technologies and widespread wireless connectivity could enable. The possibilities in this space are great. Netbooks are just a flavor of notebook

by Alex Goldman

If you're an IT manager, cloud computing will fundamentally change your job, said Hal Stern, Sun vice president of engineering, in a speech at the technology management conference of the Securities Industry and Financial Markets Association (SIFMA) here Wednesday.

"With services, we are leaving the hardware world," Stern said.

He meant that system administrators will monitor the network and not its hardware components. "We still need sysadmins but we don't need them running around the datacenter with a socket wrench," he said. "Instead, they will use telemetry and tools to assess capacity, security, and performance."

But what is the cloud? According to Gartner, the cloud has five attributes. It is service-based. It is scalable and elastic, able to add and remove infrastructure as needed. It uses shared infrastructure to build economies of scale. It is metered and users pay according to usage. Most importantly, of course, it uses Internet technologies.

Some companies don't want to share the infrastructure, so they build what is called private clouds. Others focus on price, and are willing to share the cloud infrastructure with other companies in cheaper public clouds.

"In Sun's view, there will be many clouds. There will be private clouds and public clouds and a spectrum of clouds in between them, even though at the moment the distribution of clouds is barbell shaped," Stern said.
Tension between developers and deployers

For IT managers in general and system administrators in particular, cloud computing can solve one nagging headache, Stern said. "Cloud computing can help solve the tension between developers and deployers. This tension has existed since the Garden of Eden. Why would the apple be there if not for developers to play with it," he joked, inferring that IT administrators are God.

He said, "IT administrators ask: why are users so needy? How can I audit what they're doing? Why do they need so many versions?"

All of this is easier in the cloud. Applications can be monitored and deployed better, depending on a company's needs.

"Startups see the cloud as a way to spend money on salaries, developers, and beer – and not on infrastructure," Stern said.

The cloud makes it easier to monitor usage, but paying according to use isn't always cheaper, Stern warned. He noted that if you drive a car every day, you should buy one, but if you drive a car occasionally, it should make financial sense to rent one.

Sometimes, business managers use the cloud to avoid IT. Stern pointed to the story of New York Times data architect Derek Gottfrid who used Amazon's AWS and the Hadoop parallel data processing architecture to turn 70 years of newspapers into the TimesMachine archive.

"Eyebrows were raised when Gottfrid did an end run around the IT department," Stern said."

Stern noted that it makes sense to use the cloud to process this quantity of data (810,000 PNG images (thumbnails and full images) and 405,000 JavaScript files) if and only if you're not doing it every day.

by John Leyden

An SSL security guru is urging incentives to promote website certificate upgrade in response to problems with a widely-used digital-signature algorithm.

Collisions in the MD5 hashing algorithm mean that two different inputs can produce the same output. Last year independent researchers showed how the cryptographic flaw might make it possible to forge counterfeit digital certificate credentials.

The trick might be used to set up phony websites with bogus certificates that, as far as a visiting surfer's browser is concerned, are indistinguishable from the real thing.

Dr Taher Elgamal, chief security officer at Axway, who is credited as the inventor of Secure Socket Layer (SSL) technology, told El Reg that solving the problem means moving onto digital certificates that use a more secure SHA-1 or SHA-2 hash function. However, progress has been far too slow, according to Elgamal. Although he didn't have figures the distinguished cryptographer was adamant that the digital certificate refresh process was p[proceeding only at snail's pace, and needed to be pushed along.

"Web servers need to discontinue MD5," Elgamal told El Reg. "VeriSign, which is fully aware of the problem, should offer discounted SHA-1 and SHA-2 certificates."

MD5 was fine in the past but is now simply not sophisticated enough. Indeed even SHA-1 is beginning to show itself as potentially vulnerable to the same sort of collision problems, albeit to a lesser extent than MD5.

"Algorithms don't stay secure forever, it's an issue of computing," Elgamal explained.

Much has been written, since the discovery of a serious vulnerability in the nets addressing system by Dan Kaminsky last year, about the need to move from DNS to a more secure version, DNSSec.

The SSL protocol, by contrast, remains robust and workable, according to Elgamal. "The protocol needs no big change, it's how it integrates with browser that needs to be improved," he explained.

For one thing, the trust model of browser makes it easy for consumers to add new trusted digital roots (Certificate Authorities). "Browser just randomly trust the root. There's not enough checking on the browser side."

Browser security came across as one of Elgamal's key concerns. He praised Google's developers for adopting a robust security model with Chrome, which used sandboxing to isolate any malware that does come through the browser from the rest of a system while adding that this is "the right model but it's not there yet". More generally, Elgamal said browser developers should "avoid trying to compete on trust", instead working more closely together on security.

Such co-operation is commonplace in cryptography but harder (though not impossible) to imagine between rival development teams at Microsoft, Google and Apple, of course.

Elgamal also said more needed to be done to address the potential danger of man-in-the middle attacks, where hackers sit in the middle of a conversation between a surfer and a bank, impersonating one to the other.

"This breaks the trust model, not the encryption, as such," Elgamal said. He added that two-factor authentication - while not complete - offered a way of mitigating risk. Two-factor authentication technology means, in practice, that users use a token that generates a variable electronic code in addition to their login credentials in order to gain access to an online banking site, for example. ®

by Julie Bort

One-third of 1,200 organizations plan to convert their application environments away from a traditional, client-server model to one based on virtualization and cloud computing over the next two years, according to a study commissioned by Microsoft and released today. The study sought to broadly determine global IT spending priorities.

While the survey was far from comprehensive, it did uncover a few silver-lining facts. IT spending budgets will not be cut, with 98 percent saying they will generally maintain or increase their planned investment. Nearly 2/3 say the economy has created reason to invest more in one or more areas of technology. And of those, virtualization, security, systems management and cloud computing are the areas of choice. Specifically:

• 42 percent plan increased investment in virtualization
• 36 percent plan increased investment in security
• 24 percent plan increased investment in systems management
• 16 percent plan increased investment in cloud computing

Given today's economic climate, much of the study produced results on spending priorities that you might expect. Security remains the top challenge, with 73% saying protection of consumer and customer data as the top priority. Additionally:

• 55 percent indicate that the economy has changed the role of IT in their organization
• 51 percent say that budget cuts are the biggest barrier to innovation
• Innovation is taking a back seat to maintenance. In 2009 companies on average worldwide will allocate 37 percent of their budget to innovation and 63% toward "keeping the lights on"

However, one of the more surprising areas was that U.S. companies were allocating less budget toward "innovation," and more toward maintenance than their international counterparts, said Microsoft's Bob Kelly, corporate vice president of infrastructure server marketing in an online press conference. In the U.S. the breakout was innovation 29 percent vs. maintenance 71 percent. This compares to the U.K. and Japan's 41 percent / 59 percent ratio and Germany's 35 percent / 65 percent.

With respect to U.S.'s lower ratio, Kelly says, "The U.S. was the hardest hit in some respects from the economic downturn but also has the opportunity of coming back faster. Nearly 70 of the IT pros we surveyed believe that their investments in IT will drive revenue growth and become a competitive advantage over the next three years."

One area that won't be seeing the greenbacks is green IT, the study found. While most of those surveyed (84 percent), said they considered green factors when making decisions about datacenters, when push comes to shove, a technology's green-ness is only a factor for 44 percent when deciding what to spend on. In other words, the study suggested that people like to think about eco-conscious IT options, but these have a reputation of costing more and they aren't willing to spend more for so-called green technologies, at least not in this economic climate.

by John Leyden

Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.

Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com and, even security sites including ftp.mcafee.com and ftp.symantec.com along the extensive list of more than 68,000.
Advertisement

Other login credentials refer to the Bank of America, one of the few organisations PrevX has had time to notify directly at the time of writing.

Initial investigations suggest the logins were swiped during the last two weeks and that at least some remain valid. The breach therefore opens the door for hackers to upload drive-by download scripts and other nasties onto compromised sites. PrevX is running scans to detect rogue iFrames on potentially vulnerable sites, and is yet to see any evidence that this has actually happened.

Erasmus explained that the FTP login data is getting uploaded by a variant of the zbot Trojan onto a server hosted in China, where they are stored in plain text and thus potentially open to all and sundry to find and abuse. PrevX has filed an abuse complaint against the site with the hosting provider.

"The data is harvested from users' machines, when they get infected," Erasmus explained. "A typical scenario might be that a web designer for one of the organisations gets infected, his stored ftp login details gets compromised, and so the attacker in this case is able to log in to the ftp site and compromise the website pages."

"It's the biggest compromise of its type I've seen," Erasmus told El Reg. ®

by Jon Brodkin

New survey results cast doubt on whether cloud computing adoption will ramp up in the next 12 months, with only 15 percent of corporate customers having adopted or considering adopting cloud technology over the next year.

A survey of 300 corporations worldwide found that 38 percent are undecided or unsure about whether they will adopt cloud services, and another 47 percent said they are not considering implementing cloud in the next year. Security is the biggest roadblock.

"An overwhelming 85 percent majority of corporate customers will not implement a private or public cloud computing infrastructure in 2009 because of fears that cloud providers may not be able to adequately secure sensitive corporate data," writes Information Technology Intelligence Corp., principal analyst Laura DiDio in a new report.

The ITIC survey participants ranged from businesses with 100 users to large enterprises with more than 100,000 end users, in many types of industries. Companies in 19 countries were surveyed but 85 percent were based in North America.

The findings may be surprising given the industry's current obsession with cloud computing, but the numbers aren't too far off the findings of other surveys. Forrester recently found that 25 percent of enterprises with at least 1,000 employees are using or plan to use hosted virtual server offerings such as Amazon EC2, and that fewer than 20 percent of smaller companies plan to do so. Earlier this year, Gartner said that cloud application infrastructure technologies are not yet mature and that adoption right now is limited mostly to "pioneers and trailblazers."

DiDio says current cloud adoption is lagging behind the hype, but that is to be expected.

"When you hear the next big buzzword or hype, whether it's SOA or SaaS or the new version of Windows, the adoption will be slower than what the press, analyst and vendor community leads you to believe," she says. DiDio's poll calculated usage of both private and public cloud technologies in the aggregate. About 8 percent of respondents have already implemented either a public or private cloud service, she says.

Companies with at least 3,000 end users are moving faster on the cloud than their smaller counterparts, the survey found. Twenty-one percent have already adopted or plan to adopt cloud computing in the next year, and another 36 percent are considering doing so.

Vendors have not yet offered a clear roadmap on how they plan to secure data in the cloud, DiDio says. Therefore private clouds may end up as the model of choice for many businesses.

"I actually think private clouds are going to be more popular than their public cloud counterparts, particularly for mid-sized businesses anywhere in that 500 to 3,000 employee range," she says. "Folks are very risk-averse and that won't change."While private clouds don't introduce the same security risks as public ones, adoption is going slow because IT managers are still getting up to speed on the technology, DiDio says. There is also considerable up-front expense in buying new hardware and other services and products needed to build a private cloud, she notes.

While security was the top concern cited by survey respondents, customers are also worried about availability risks in the public cloud model.

One IT manager in the survey said "the idea that I would trust my e-mail, financial transactions, or other day-to-day business operations to cloud computing is just asking for trouble. I do not even want to imagine all my users being dead in the water because my link to the Internet is down."

by Tom Krazit

It happens time and time again: when news breaks, the Internet slows.

It's quite obvious at this point that the Internet has muscled its way into the lives of anyone who needs information. And Michael Jackson's death Thursday had as great an impact on the Internet as anything in the history of the medium that didn't involve the World Trade Center.

The statistics are amazing: Akamai said worldwide Internet traffic was 11 percent higher than normal during the peak hours between 3 p.m. PDT and 4 p.m., when news of Jackson's death was breaking. That traffic forced even Google to its knees for a brief period of time Thursday afternoon.

Can a system that has trouble keeping up with ever-increasing demand for its services be considered a reliable source of information when a true crisis emerges? After an editor banished a budding argument between CNET News' Tom Krazit and Declan McCullagh from a company-wide mailing list, we decided to let them fight it out here.

Tom: How can any system that doesn't work precisely when people need it the most be considered the future of communications?

In a way, it took the death of perhaps the greatest entertainer of the last century to expose a key truth of this century: our new favorite communications tool, the Internet, buckles in times of crisis. News sites, including this one, were sluggish or completely offline at the peak of demand for information, forcing many to go back in time and flip on the television.

What if something really happens? How can companies trying to build information-related businesses on the Internet ever hope to supplant existing communications networks if they fail at the moment of truth? CNN's telecast didn't go down Thursday.

Declan: I think it's a little unfair to say the Internet "buckles in times of crisis." Sure, a few Web sites-Google News, The Los Angeles Times, TMZ, Yahoo, MSNBC-had slowdowns or outages. (That list includes our own CNET and CBS Interactive sites, which experienced serious problems for about half an hour.)

Some news Web sites slowing down or becoming unreachable for 30 minutes is not the same thing as the Internet "buckling." If an earthquake were to take out the trans-Pacific cable landings in California's Morro Bay, San Luis Obispo, and Grover Beach, if car bombs knocked out MAE East and MAE West, and if a hurricane laid low the cable landings in Long Island and New Jersey, that might-might!-qualify.

In fact, yesterday's sad news about Michael Jackson demonstrated not the vulnerability, but the resilience of the modern Internet ecosystem. True, a few sites were having problems. But The Los Angeles Times' report about Jackson's coma, and its subsequent report about his death, were picked up and mirrored widely. Even if you couldn't get through to the Times, you could get through to innumerable blogs and others news sites citing it. Or you could just wait a few minutes for the traffic to die down.

Was this really such an inconvenience?

Tom: Ok, I'll concede the point about the broader Internet: near as I could tell, ICanHazCheeseburger.com was performing like a champ yesterday.

But this is a systemic problem with the Internet, or perhaps put more accurately, the Web. The more people who demand the service provided by an information Web site, the harder it gets for that site to provide that information. CNN/MSNBC/et al don't buckle when millions of people change the channel to watch O.J. meander down a Los Angeles freeway or the opening salvos of the Iraq War.

In an online world where businesses are spending billions trying to shift information consumption patterns onto the Web, how can these outages be tolerated? You're right, it's very easy to navigate elsewhere if you can't find what you are looking for on Site A. But if you can't depend on Site A in times of crisis, you're not going to go back there in future times of crisis, hurting the reputation of that site as a reliable source of information.

Even Google was unable to handle the load. And if Google can't, nobody can. This is a serious problem for online businesses, especially as people continue to come online in emerging economies and with mobile devices.

Declan: I was using Google News pretty frequently during the time that Michael Jackson's fate was uncertain, and noticed no problems. Others, including some of our colleagues, did. I suspect that Google is using a different set of servers for Google News vs. its main search engine. So it's not so much that Google couldn't design a system to handle an unusual spike in traffic, but that it chose not to do so.

Let me put this argument another way: You said that the Internet "fail[s] at the moment of truth" but lauded "existing communication networks" that supposedly work just fine. Well, existing communication networks fail too. If more than a small fraction of telephone customers try to get a dial tone at once, there's a problem. Ever try to make a call on Mother's Day or with a cell phone at a conference? You're likely to get a fast busy signal or "all circuits are busy" message. Telephone companies could design for higher usage, but have chosen not to. They've figured out that the costs outweigh the benefits.

(Similarly, printed newspapers sell out very, very early on days like Election Day. Is this "fail[ing] at the moment of truth?")

It's really more of an economic than an engineering problem. Is it worth it to add an extra, say, threefold server and bandwidth capacity for that hour or so a year when it's needed? Or pay Akamai's overage charges? Probably not; the revenue may not cover the fees. So if your average rate is 100 users/sec, you might build for 1,000 users/sec max and then not be able to handle those once-a-year occasions when the rate is 5,000 users/sec.

An economist might say the solution to this situation is to ration by price. News pages might normally be free, but under times of high load, a micropayment would be charged. That way, the people who want or need the information the most would get it. Of course this means we need a micropayment infrastructure; I'm not holding my breath...

Tom: We're talking about how to respond to instant demand for information in the modern era. You're right, telephone networks can get overwhelmed. That's why we haven't used the telephone as the primary information source since "Thriller" was released.

Television doesn't get overwhelmed in these situations. The entire state of California could turn to CNN right now and nothing would flinch. If the entire state of California clicked on this story right now, our building might explode.

The Internet has choke points that will limit its ability to be the primary source of information to the world. Yet, companies continue to build businesses around the idea of the Internet as a dominant source of information to the world, neglecting the thorny networking problems that will only continue to get worse as traffic grows and our demand for real-time news increases.

Declan: Aha! I think we're nearing agreement.

We know that providing servers and purchasing bandwidth to handle millions of people an hour is expensive, and may not always scale well. One way to deal with this is to make it much easier for ad-supported news organizations to purchase overflow capacity; perhaps the additional revenue would justify the additional expense. If there's sufficient demand, I'm sure someone will come up with it if Akamai doesn't offer it already. Or news organizations could strip extraneous graphics off of their sites for that hour or so of peak usage--basically entering an emergency text-only mode. (Anyone still using the Lynx Web browser would love it!)

Another option is to recognize the limitations of the medium. Because radio and TV are broadcast, they'll always be more efficient at reaching hundreds of millions of people at once. So maybe CNN.com can't compete with CNN Headline News right now. But if the worst that happens is major news Web sites get a little slow for some 30 minutes a year, I'm not going to worry about The Death Of Online News; the Internet is robust and distributed enough that sufficiently important information about the next 9/11 attack will be distributed one way or another.

In other words, until we achieve technocratical perfection, there's nothing wrong with a bit of redundancy in our lives: keep that old transistor radio and some spare batteries around for a backup.

Tom: Seriously, we didn't even talk about the real Achillies Heel in this whole system: the power grid.

by Timothy Prickett Morgan

In the wake of the launch of the OpenSolaris 2009.06 release earlier this month, the open source Solaris project has packaged up a bunch of Amazon Machine Image (AMI) virtual machines based on OpenSolaris so they can be deployed on the ECS compute cloud.

A few days after the release, the project put out a 32-bit AMI image for EC2, as you can see from the blog dedicated to EC2 and Sun software. In this AMI package, ZFS is the default root file system and as is the case in other OpenSolaris AMIs, the package update comment (which updates the kernel and ramdisk) is disabled because Amazon does not, for security reasons, allow for the operating system kernel to be messed with on the EC2 cloud.
Reg Event

Just as OpenSolaris 2009.06 was being readied at the end of May, the OpenSolaris project also announced a security-hardened 32-bit implementation of OpenSolaris 2008.11 (the November release from last year). Sun has been working with the US National Security Agency and Defense Information Systems Agency, along with the Center for Internet Security, to lock down and benchmark the security of the commercial-grade Solaris 10 compiled version of Sun's Unix, and Sun and the CIS have taken the settings developed with Uncle Sam's spook and military IT departments and applied them to OpenSolaris 2008.11 to create the hardened implementation. (The details in the hardened Solaris setup can be found here.)

In recent weeks, the OpenSolaris project has rolled out AMIs for Ruby on Rails 2 for application development, WordPress 2.7 for Web content management, and MediaWiki 1.14 for wikis. In April, Sun put a 64-bit version of OpenSolaris 2008.11 out for EC2, and it seems likely that a 64-bit version of the more recent 2009.06 release is due any day now. The most recent addition to the AMI jukebox for OpenSolaris running on Amazon's EC2 is an OpenESB v3 stack, all licensed under Sun's Common Development and Distribution License (CDDL).

This stack of middleware includes the OpenESB runtime and the JRuby and POJO SE component service engines as well as the necessary binding components, shared libraries, and aspect framework; this AMI also includes the Apache Derby database and the Apache Felix services framework.

All of these OpenSolaris AMIs are now available to customers in the United States and in Europe, who are sequestered from each other even if they might be served from the same physical cloud infrastructure. Amazon doesn't talk about its underlying hardware or virtualization layer, but it is believed to be a home-tweaked implementation of the open source Xen hypervisor running on the bare metal, but possibly running in guest mode atop Linux.

EC2 supports Red Hat Enterprise Linux and its Oracle Enterprise Linux clone and its Fedora development release. Novell's openSUSE development release has also been packaged up for EC2, but not SUSE Linux Enterprise Server 10 or 11 (the latter which was announced in May). Debian, Ubuntu, and Gentoo Linux distros are packaged up as AMIs and supported on EC2, as is Microsoft's Windows Server 2003. There's a bunch of databases, middleware, and other systems programs that are also pre-packaged into AMIs so companies can deploy the code in the cloud.

Sun's own third-generation, utility-style computing offering, called simply the Sun Cloud, was previewed back in March on the same day that the rumors of IBM's attempted acquisition of Sun broke, leading to Oracle's eventual takeover bid for Sun. The status of the Sun Cloud is still up in the air until Oracle closes the deal on July 16, and maybe even after that, too.

While Sun's Project Kenai, a set of APIs for programmatically managing the Xen hypervisors and OpenSolaris instances created by the Sun Cloud, are interesting, Amazon is setting most of the standards in cloud computing these days. That can change quickly, particularly if Oracle ponies up some cash and chases cloud computing in as serious a manner as it has application software and middleware.

Those are some pretty big ifs, of course. And in the meantime, if OpenSolaris sees any play in commercial cloud computing, it will be on EC2. ®

by Eric Knorr

Most IT pros I know think cloud computing is a joke. There are some good reasons for that. But lately I've noticed the laughter is ringing a little hollow, as if tempered by a secret fear: Is it possible the business side might go behind my back and replace chunks of IT at lower cost? Or maybe get some big projects done faster than I can?

It's true. Cloud services – generally divided into software-as-a-service applications, on-demand infrastructure, and Web-based dev platforms – may soon form the greatest threat to IT since offshoring. Businesses are increasingly frustrated at the cost and pace of internal IT operations even as fluffy cloud options multiply like rabbits. The buzz is overwhelming. Last week I went to the GigaOm Structure '09 event in San Francisco, subtitled "put cloud computing to work," and it was packed even in this awful economy.

You may be philosophically opposed to cloud computing, but the last thing you want is for the business side to adopt cloud services without involving IT. Left to their own devices, the business guys will inevitably pick an unwieldy cloud service or jettison an internal system of unique value.

So point one: Engage with management on this topic preemptively and create your own hierarchical list of applications, environments, and/or infrastructure that could be replaced by commodity cloud services with the least pain and risk and the greatest cost savings. Point two: Sketch out an architecture that would allow you to get the maximum benefit from those services.

On that latter point, Miko Matsumura, vice president and chief strategist at Software AG, offered some interesting advice when we spoke at Structure '09. "The critical skill in the cloud age is the ability to integrate and combine on- and off-premise infrastructure and applications," he said. "This skill is supported by a service-oriented architecture."

by Ina Fried

There's a funny video making the rounds that mocks Microsoft's huge Bing ad campaign.

In the video, embedded below, CollegeHumor.com suggests that folks start "Googling with Bing."

It's a funny parody of the Bing ads, but it also shows how big Microsoft's challenge is in search.

Bing, it says, lets you Google photos, Google maps, and more. After months of development and testing, Microsoft's revamped search engine made its public debut about one month ago.

On the one hand, typing in Bing.com is just as easy as typing in Google.com (it's actually two characters shorter). In that sense, the bar for changing search engines is low.

At the same time, Google has become synonymous with search. I have been making a concerted effort to try Bing for some of my searches and even made it the default in my search bar in Firefox. I still find myself performing more than half my searches in Google--just because I type Google.com by habit.

On the plus side, Bing has made modest gains in its first couple of weeks. But the real question is whether people will keep Googling with Bing. (and of course, maybe some day just Bing with Bing.)

by Chris Mellor

Intel is expected to bring forward the projected doubling of its SSD capacities to as early as next month.

The current X18-M and X25-M solid-state drives (SSDs) use a 50nm process and have 80GB and 160GB capacities with 2-bit multi-level cell (MLC) technology. A single level cell (SLC) X25-E has faster I/O rates and comes in 32GB and 64GB capacities.
Click here to find out more!

But reports say that, as indicated in January, Intel will move to a smaller 34nm process and double the capacities with the 1.8-inch form factor X18-M and 2.5-inch form factor X25-M (M meaning Mainstream) moving to 160GB and 320GB capacities. The X25-E (E meaning Extreme) will grow to 64GB and 128GB capacities.

Back in 2008 when Intel first launched its SSD range it said it could hit a 256GB capacity this year. That looks to be exceeded.

The upgrades, if they happen, should be reflected by Intel's SSD OEMs, and resellers in their products, meaning Dell/EqualLogic, Hitachi GST, Infortrend, Pillar Data, Panasas and reseller Kingston Technology. There's no indication of what will happen to pricing. ®

by Paul Krill

JetBrains is offering a milestone release of the upcoming IntelliJ Idea 9 IDE for Java application development, featuring capabilities ranging from OSGi backing to improved performance and PHP support.

The Milestone 1 release, unveiled late last week, is a precursor to the general release due this fall, JetBrains said. OSGi application development support includes automatic project configuration, coding assistance and inspections, and syntax and error highlighting.

Other capabilities in the IDE include on-the-fly detection of dead code, Java Enterprise Edition 6 support, and capabilities for Google's Android mobile platform and the Google App Engine cloud platform. Applications can be deployed from IntelliJ Idea to App Engine.

Usability also has been improved. Also featured is initial support for the PHP language and improvements for using UML (Unified Modeling Language).

"We want to demonstrate the progress we've made toward IntelliJ Idea 9 and show developers what it has in store for them," said Max Shafirov, IntelliJ IDEA project lead, in a statement released by the company. "A milestone release is also a great chance for our users to voice their opinions and provide input on areas that still need improvement. We will carefully evaluate and utilize all feedback. Developers, in turn, can already start using the latest features we've implemented."

JetBrains offers capabilities for Adobe Flex, including offering Adobe AIR support. Google Web Toolkit 1.6 is supported as well. A JavaScript debugger in the IDE is implemented as a Firefox plug-in, for debugging from within the Firefox browser.

The latest build can be downloaded at the JetBrains Web site. It can be downloaded for a free trial for 30 days.

by Matt Asay

The Wall Street Journal recently opined that "the inconvenient truth is that the earth's temperatures have flat-lined since 2001, despite growing concentrations of CO2," causing a greater number of scientists to question the science behind global warming. Whatever your opinion in the matter, it's certainly true that the world would be better off if we wasted less energy, which is what makes open-source Ecobot so useful.

While programs like Amee help businesses measure their carbon footprints, Ecobot offers a personal "carbon trainer" for Mac users.

Designed by Taxi, a Canadian corporation, Ecobot is derived from Taxi's participation in the "Green for Green" competition. The program "calculates your carbon footprint by measuring the fuel, power, and paper you use," and, importantly, does a lot of this data aggregation automatically. ("Automatically" is good - heck, if we weren't so lazy, we probably wouldn't need all these vehicles to power us from Point A to Point B.)

Not only does Ecobot keep track of how many pages you print from your laptop, but it also tracks the wireless networks to which you connect and works with you to figure out how you got from one to the other, and calculates the carbon emissions required to make the journey.

Pretty slick.

Even if you're not a tree-hugging, carbon-footprint-obsessed member of the Greenimati, Ecobot is an easy-to-use, unobtrusive way to monitor how much carbon your lifestyle requires. Of course, it only works if you're a Mac user.

Even so, despite Dell's insistence that Apple's Macs aren't as green as Apple claims, Ecobot lets you be as green as you want to be...and brag about it to anyone patient enough to listen to you.