Front End
- Bugging Out
- Online Content:Time to Pay Up
- Super Mario Hacking
- Infinibandoned
- Microsoft Locks Down Music
Forget malicious hackers. The errors that come bundled with your software are costing businesses plenty. According to a study by the Department of Commerce's National Institute of Standards and Technology (NIST), bugs have become so frequent and harmful that they cost the U.S. economy an estimated $59.5 billion annually.
More alarming, NIST—which surveyed vendors as well as end users—found that $22.2 billion of that cost could be eliminated through improved testing infrastructure, allowing for bug detection earlier in the development process rather than "downstream" or post-sale. But more testing is not the necessarily the answer. "In fact, 80 percent of software development costs are now allocated to testing activities, so expanding the amount of testing may not be a good objective or even a feasible one," says Greg Tassey, senior economist on the study. "Rather, improving the efficiency of the testing infrastructure by developing better test methods, which industry can adopt as standards, appears to be the logical direction of response."
While the hefty cost is certainly startling, the issue of overly buggy software is no surprise. It first gained government attention back in January when the National Academy of Sciences issued a report urging Congress to consider legislation to hold software vendors liable for security breaches.
Unfortunately, a stricter infrastructure will mean new costs, and while the bigger vendors have made strides lately to improve confidence in their products, smaller developers could suffer. "I could see it stifling innovation, and sometimes preventing better things from emerging. That would be the real downside to government doing anything," warns Norma Schroder, software industry analyst for Gartner. "I don't believe the software vendors want to write bad software. There's always a risk in anything. There will always be room to improve, but the risk will never go away."
—Annette Cardwell
Online Content: Time to Pay Up
The idea of paying for Internet content, once universally regarded as an outrage, seems to be inching closer to everyday acceptance. A recent survey by the Online Publishers Association found that American consumers paid $300 million for online content in the first quarter of 2002. That's an incredible jump from 2001, when $675 million was spent during the entire year. Still, it's not a case of the tide raising all boats. The top 50 of the 1,700 Web sites charging for content drew 85 percent of the revenue, while the top 100 drew 97 percent. These figures do not incorporate adult sites, although Playboy.com is ranked at number 13 in the top 25 for consumer content.
Many paid content sites only charge fees for portions of their Web services, such as for retrieving archived stories. The stinging failure of Slate and Salon to convert the majority of their readers into paying subscribers argues against anything more ambitious. But some publishers are still willing to give it a try. Freedom Communications, which publishes four newspapers, recently announced that it would charge $9 for monthly access to its Net-based news. "We felt there's value to the content, and we should get something for the value of the content," says CEO Sue Lutz.
While consumers may still express reluctance to pay for Net content, one online publisher predicts that paid content is inevitable. "In order for publishers to continue to pay journalists, they're going to have to start charging, and that's a good thing," Clare Hart, CEO of the news service Factiva, said in an interview with ZDNet Australia. "Valuable information has a price."
Hart predicts that consumers will be paying for all online media by 2004, although current statistics suggest this would be a tremendous leap. According to the Online Publishers Association, paid online content represents only 9 percent of the total $7.2 billion in advertising-based online revenue.
—Phil Hall
Super Mario Hacking
When is a Sega Dreamcast more than a toy? When a hacker gets inside your company and uses it to run malicious code that helps hack your network.
While working together at Lucent, Aaron Higbee, security consultant for California-based Foundstone, and Chris Davis, security consultant for Pittsburgh-based RedSiren, found that most clients had great external security for their network, but many weren't concerned about traffic that originated from the inside.
So they loaded up a Sega Dreamcast with software that can breach a company's firewall by tunneling from the inside out, thereby opening the door to intruders. They call it "180 degree hacking."
"We chose the Dreamcast because we wanted to challenge the concept of what a computer is," says Higbee. "Anything that's capable of running code has the potential to be misused."
Perhaps most frightening, Higbee claims that a real attacker would need only a few minutes to get the job done, something he learned while doing penetration tests for clients. "I only had to get in for two or three minutes to use the bathroom or drop something off, and then go home to join that internal network with my home system."
But, according to Matthew Miller of RedSiren, internal attacks are nothing new. "I've heard from 60 to 80 percent of all incidents happen on the inside. And as more and more devices are becoming networked, the number of attacks is expanding immensely. Now, attackers have a superset of devices to exploit."
Miller's top piece of advice is to make sure your company has a comprehensive security plan—both technical and physical—in place. "The point is to put as many obstacles out as you can to reduce the risk of someone being successful in an attack. This is a process, not a project. It's something you have to take a daily tactical view on."
—Annette Cardwell
Infinibandoned
Among debutante I/O technologies—HyperTransport, InfiniBand, PCI Express, PCI X, and RapidIO—market perception determines viability as much as theoretical performance. So when the doyens of the tech world are seen snubbing a promising protocol, followers of geek fashion begin to talk.
In late May, Intel let slip that it would no longer be developing controller chips for InfiniBand. Some two months later, Microsoft added insult to injury by disclosing that InfiniBand management capabilities would not be included in its upcoming Windows .Net Server operating system. Is the technology dead on arrival?
Following Wintel's snub, the Yankee Group in August cut its forecast for the InfiniBand server market from $1.7 billion to $851 million by 2005; the company also reduced its prediction for the InfiniBand storage market that year from $450 million to $351 million. In his initial report on the technology last May, Yankee analyst Jamie Gruener made his optimism conditional on whether the market could "overcome the challenge of adopting a new technology in a challenging economic climate." As it turns out, the market couldn't.
While even the companies doing the shunning have nothing but kind words in public for InfiniBand, the specter of economic uncertainty is stifling the spin. "We remain very committed," insists Allyson Klein, marketing manager for Intel's InfiniBand initiative. Still, she acknowledges, "This is a very different market than it was a few years ago." She cites economic reasons for her company's decision to rely on industry partners to bring InfiniBand to the Intel platform.
Similar words sound forth from Redmond. "In the current economic climate, IT managers are gravitating toward evolutionary technologies that leverage existing infrastructure and staffing," explains a Microsoft spokesperson. "The emphasis today is on efficiency and not expansion, incremental growth and not wholesale replacement. Ethernet is ubiquitous from the desktop to the server. Gigabit Ethernet technologies, while not as fast today as InfiniBand, are now able to address the demands of a higher range of server capabilities with no additional software or management expense."
Perhaps InfiniBand still has a future shuttling bits in high-bandwidth data center applications, but its role now seems to be that of a pricey bit player rather than a popular rising star.
—Thomas Claburn
Microsoft Locks Down Music
After three years and $500 million in development, the flashy Hollywood unveiling of Microsoft's Windows Media 9 Series beta on September 4 revealed that the software giant has cast its lot with the entertainment industry, at the expense of consumers and independent content companies.
While there is no great surprise in the company's latest attempt to elbow aside MPEG-4 as the digital media industry standard in favor of the Windows-only Media 9 Series (formerly code-named Corona), more than a few eyebrows are being raised at the new digital rights management (DRM) features of the software. In a blatant attempt to curry favor from Hollywood corporations anxious to assert control over their copyrighted content, the Media 9 Series beta launch included a lengthy and elaborate presentation of the software's Pressplay functions, with rapper LL Cool J recruited to demonstrate how Media 9 keeps downloaded music safe from unauthorized duplication.
Within the tech and music industries, however, there is little confidence that Media 9 will achieve its DRM goals. "There will still be a vast horde of surfers who will treat Media 9 the way we treated high school driver's ed and sex ed classes," joked Charles Pappas, online industry analyst and commentator for the Alexa.com portal, "we'll ignore their piracy warnings completely and still use services or software that let us search for and download copies of songs, like Kazaa—which has been downloaded more than 115 million times from Download.com. Media 9 will be what teetotaling was during Prohibition: a front for what we really do!"
Thom Soriano, president of the independent label Big Sleep Records, adds that Microsoft's attempt to kiss up to Hollywood clearly shows the company does not understand how the music-buying public thinks. "People check out music, then either buy it or don't," he says. "A couple of copies here and there equals killer word of mouth marketing that my bands can't refuse. And 128kbps/44KHz just doesn't sound like a CD. If you fall for a record, then you purchase it, period." The beta version of Media 9 Series is now available for download at Microsoft's Web site and a final release (in twenty-six languages) is tentatively scheduled for year's end, although no specific date has been set. Soriano predicts the beta period will provide some fun for those less-than-impressed with Media 9's security features. "One of those Swedish hacking groups will find a way around it in the beta and flood Gnutella with patches, anyway," he says.
—Phil Hall
