Developers on the "Shiretoko" track for Mozilla's new open source Firefox 3.5 Web browser now have very good reason to expect a ship date for the first round of bug fixes and vulnerabilities. A very big vulnerability has turned up in just the wrong place: a public site for posting exploits.

The problem is a new permutation of an old exploit technique that, ironically, was first brought to prominence in 2006 by a package called "Internet Exploiter." It's called a heap spray, comprised of shellcode that's set to be distributed into an area in blocks, a bit like spraying bricks into a wall. The resulting pattern may contain executable code that can be triggered through an overflow; and in this case, it's version 3.5's embedded font support, using the <FONT> tag, that's the trigger.

Continue reading →

Last night, Apple released the second iPhone OS 3.1 beta to developers, roughly two weeks after the first beta was released, adding several new features to the growing list of iPhone 3.1 features, but also terminating the popular IPCC tethering hack.

While the first SDK beta introduced a handful of new, but only moderately noteworthy features, such as Voice Control over Bluetooth, the second beta gives developers running Xcode the ability to wirelessly connect to their iPhones for development and testing purposes.

Continue reading →

Ballmer ... reacts ... to Chrome OS

Tuesday, July 14, 2009 • During yesterday's Worldwide Partner Conference in New Orleans, Microsoft CEO Steve Ballmer made his first public comments about Google's Chrome OS -- and to no one's surprised, he's not really moved by it, at least not to any degree he wants people to know about.

Continue reading →

Yesterday, in a go-for-broke strategy which could very well snatch victory from the jaws of defeat, satellite TV systems manufacturer EchoStar (partner and former owner of Dish Network) filed a motion in US District Court in Marshall, Texas, asking the court to suspend proceedings until the outcome of EchoStar's federal appeal is heard, in the patent infringement case brought against it by DVR manufacturer TiVo. An injunction against EchoStar is being stayed pending that appeal.

That's not a big deal in itself. What is big is EchoStar's assertion that sanctions being sought against it amount to as much as $1 billion -- the first time the proverbial math has alluded to TiVo's potential jackpot. This in addition to the $104 million that the Supreme Court decided EchoStar was liable for, in its refusal to hear EchoStar's first appeal.

Continue reading →

Dell may be in the doldrums, but Intel for one doesn't share that particular vendor's gloom. The chip giant on Tuesday turned in Q2 results that caused audible smiles from analysts participating in the company's quarterly earnings call.

Granted, the company did post its first quarterly net loss since 1986 for the quarter that concluded on June 27 -- a GAAP operating loss of $12 million, a net loss of $398 million, and a loss per share of 7 cents. But that's the European Union, not the market, at work, as the company's results absorbed a $1.45 billion antitrust fine from that quarter. Excluding that, the firm earned $1.4 billion in operating revenue, $1 billion in net income, and earnings per share of 18 cents.

Continue reading →

It's unusual for me to disagree with Microsoft's most infamous, anonymous employee blogger. Mini-Microsoft says that "Microsoft has turned the corner." In his dreams, or perhaps some Xbox 360 role-playing game, Microsoft has turned the corner and found a hallway and door to the outside sun. But in this universe, if Microsoft has turned the corner, it's into a wall.

Microsoft has got big problems for which there are no easy solutions; I'll get to those later in the post. Mini rightly identifies some things that Microsoft is doing right, and they are certainly commendable. They're just not enough. I'll give his shortlist with my perspective:

Continue reading →

Last night, I watched the 11 Microsoft videos introducing various Office 2010, Office Mobile and Office Web Applications features. I kept thinking: Microsoft is living in the past. The reaction was about the same for each video. Office 2010 will come five years late.

The past ultimately derives from Microsoft's application stack -- Office-Windows-Windows Server -- that the company desperately is trying to preserve. The new stack goes from mobile device to the cloud, which Microsoft cautiously embraces for fear of upsetting lucrative revenue streams tied to its established applications stack.

Continue reading →

Just last month, AMD began shipping its first 6-core, 45 nm Opteron server CPUs with "Istanbul" architecture, with the top-of-the-line 2.6 GHz, 4- and 8-way 8435 SE selling for $2,649 in 1,000-unit quantities ("trays"). Perhaps ahead of schedule, yesterday AMD cut the tape for a 2.8 GHz 4- and 8-way model 8439 SE model that one-ups its own June release. Its tray price: $2,649.

And while a new entry on the high end usually triggers a price drop for existing models, it may yet be too soon for AMD to drop the price of the 2.6 GHz model below its June price. In an interview with Betanews, AMD's Opteron product manager Steve Demski said that won't be much of a problem, since in this economy and with the current state of data center architecture, high wattage and higher performance are less of a factor than ever before.

Continue reading →

It's wonderful news for the Windows Mobile family as a whole, but yet another kick in the gut for Windows Mobile 6.5.

Microsoft's App Marketplace looked like one of the few reasons for Windows Mobile 6.1 users to look forward to the 6.5 OS update. Now, however, those millions of WM6 and WM6.1 users will be provided access to the app store by the end of 2009 as well, according to a Windows Mobile Team announcement today.

Continue reading →

The free ride ends this upcoming winter. The third week of November has been set as the official launch date for commercial services on Windows Azure, Microsoft's platform for deployment of .NET Services to the cloud. This news was delivered by the company's Server and Tools division president Bob Muglia, in an address to its Worldwide Partner Conference in New Orleans.

By stark contrast to other cloud services that utilize Windows, including Amazon EC2, Windows Azure is not the customer's server operating system relocated from the data center to the cloud. Rather, it's a hosting platform for .NET applications that reach global Web customers. Since its announcement last October, developers have been allowed to build and deploy test applications over Azure for no charge. The doors will close as soon as November 17, and developers will be courted to become paying customers.

Continue reading →

Blockbuster Inc. and Samsung jointly announced today that new Samsung HDTVs, Home theater systems, and Blu-Ray players will be equipped with Blockbuster OnDemand, the company's streaming rental service, by Fall 2009.

Blockbuster's streaming media service has been rushing to catch up with Netflix, which scored an early lead with critical placement on numerous popular brands of hardware, and has continued to dominate the streaming movie rental market. However, today's partnership announcement with Samsung marks the second time Blockbuster OnDemand will live alongside Netflix on Demand in the same machines. The first time the two were paired was last March, when TiVo announced Blockbuster OnDemand would be coming to broadband connected Series2, Series3, TiVo HD, and HD XL set-top boxes, where Netflix was made available three months prior.

Continue reading →

Many of the pundits claiming that Chrome OS will threaten Windows give the wrong reasons. They're not seeing the big picture. Likewise, those people asserting that Chrome OS is no threat to Windows are wrong altogether -- same can be said of those people calling the operating system vaporware. Google has got the right approach at the right time.

Microsoft certainly isn't doomed because of the Google operating system. But Microsoft is in a big heap of trouble, because:

Continue reading →

No, Windows 7 did not release to manufacturing yesterday, a fact that was once again repeated by Microsoft to Betanews late yesterday. As blogger Ed Bott accurately pointed out, those who drew conclusions about the multitude of zeroes in the build number were not taking into account the more esoteric meanings such numbers have historically held within Microsoft.

So yesterday's news of volume licensing discounts for Windows 7 beginning September 1 was not a delay. In fact, as a Microsoft spokesperson outlined for Betanews late yesterday, business customers are already eligible for upgrades to Windows 7 under their existing Software Assurance program, which will expire shortly after the new licensing program is set to begin.

Continue reading →

The European Commission yesterday announced that it has charged a number of LCD panel manufacturers as an illegal cartel that fixed the prices of LCD screens for televisions, mobile phones, notebook computers, digital watches and cameras, MP3 players, and other CE equipment.

While the EC did not list the companies it had charged by name, the parties previously under investigation by the US, EU, South Korea, and Japan included Samsung, LG/Phillips, NEC, Seiko, Sharp, Toshiba, Hitachi, and IPS Alpha. Phillips, which divested from its joint venture with LG Electronics last March said it will "vigorously oppose" the allegation that it was involved in a cartel. So far, it is the only company to come forth with a statement that confirms its involvement in the EU's claim.

Continue reading →

Microsoft held its tenth annual Research Faculty Summit on Monday, and the focus was on data en masse -- processing it quickly and helping scientists make sense of it once it's gathered. Three projects shared the spotlight in Redmond.

Two of the three, Dryad and DryadLINQ, are intimately related. Both support high-performance computing. Dryad itself is an engine for making it easier to implement distributed applications on Windows HPC Server 2008 clusters. As its information page explains, "A Dryad programmer can use thousands of machines, each of them with multiple processors or cores, without knowing anything about concurrent programming."

Continue reading →