The transistor: The most important invention of the 20th century?

After 60 analysts ponder where computers, the economy and shopping would be without it


You can forget inventions like air conditioning, television, the computer and the Internet. The single most important invention of the 20th century was the transistor, according to some researchers and analysts.

Yes, that's right. The transistor. The little-talked-about transistor is the building block for the processor. Without the transistor, some say our servers would be three stories high, and laptops would be a prop on Star Trek. Our televisions would still use vacuum tubes, and our cars couldn't guide us to the nearest Indian restaurant.

Heck, without the transistor, what would the digital economy look like? Would Microsoft Corp. and Google Inc. have become giants? Would geeks have become cool, rich guys driving BMWs?

Probably not.

Sixty years ago -- on Dec। 16, 1947, to be exact -- the transistor was invented at Bell Labs, igniting a series of changes and advances that would change the way people listen to their favorite music, do their jobs, pay their bills, educate themselves and buy everything from books to used toaster ovens. Transistors inside pacemakers keep our hearts going. Computer chips run inside our cars, cell phones and even tiny, implantable LoJack-like devices that help find lost pets. The PC and the Internet have been phenomena, but how usable and ubiquitous would they be without millions of tiny transistors running inside laptops, desktops and servers?

• The first transistor was about the size of the palm of a hand, with a depth of two matchbooks stacked on top of each other.
• The first commercial device to use a transistor was the Sonotone 1010 hearing aid, created in 1953.
• The first transistor radio, the Regency TR-1, went on the market for $49.99 in 1954. The radio contains four transistors.
• Sony Corp. introduced the first portable, transistorized TV, the TV8-301, in 1960. It had a 5-in. screen and used 23 silicon and germanium transistors.
• Intel Corp.'s Gordon Moore in 1965 came up with what came to be known as Moore's Law, which stated that the number of transistors on a chip will double about every two years. Forty-two years later, Moore's Law still holds true.
• Busicom introduced the first single-chip, pocket-size calculator, the LE-120A HANDY, in 1971.
• In 1983, Motorola Inc. introduced the first commercial mobile phone, the DynaTAC 800X. It was powered by transistors and cost $3,995.
• Today, a 45-nanometer Penryn chip from Intel holds 820 million transistors.
• Intel estimates that about 10 quintillion (or a 1 followed by 19 zeros) transistors ship each year। That 10,000 times the number of ants on Earth.

"The invention of the transistor was probably the most important invention in the 20th century," said Risto Puhakka, president of VLSI Research Inc. "It has changed society. Look at transportation, computers, government, finance, manufacturing ... it's affected them all. Look at the change in the productivity of the whole economy. It's probably doubled from what it would have been without transistors."

Before transistors, vacuum tubes were turned on or off to represent zeros and ones. The tube would be turned off for a zero, and on for a one. It wasn't a very efficient technology, and [it] required a lot of tubes and bulbs and heat to do basic mathematically calculations. In fact, the term bug was coined when moths or other insects would light on the tubes and blow them out, according to Mike Feibus, an analyst at TechKnowledge Strategies Inc. By modern standards, tube-based computers were slow and enormously bulky. There was no need for a shoulder bag or a Wi-Fi connection in a hotel room.

Then the transistor hit the market. The transistor is made up of switches. As switches are turned on or off, current either flows or stops. Today's transistors can turn themselves on or off 300 billion times per second.

"The transistor allowed [electronic devices] to go from these light bulbs that represented a zero or one to these little transistors," said Feibus. "In the old days, you turned on a radio that used tubes, and you'd have to wait for it to warm up. When you got a transistor radio, you could walk around with it, and today you can put your whole record collection in your pocket. It was a huge leap forward.

"There's no overstating the importance of the transistor. It's even ahead of the George Foreman Grill," he said, laughing. "But seriously, I don't think any other industry has something equal to a Moore's Law or anything approaching it."

Despite many periodic cries that the pace of progress predicted by Moore's Law simply could not be maintained, it has so far held true. In recent years, however, some observers have predicted that leakage and energy consumption looked like significant roadblocks.

A new design was needed, and this fall Intel beat rivals including IBM and Advanced Micro Devices Inc. to the punch, coming up with a transistor redesign that enabled them to move from a 65-nanometer to 45nm processor technology.

The transistor is the most evolved piece of technology in history, contends Will Swope, a vice president at Intel.

"Before, we were making them one at a time. Now we're making them a billion at a time," said Swope. "The transistor has progressed from working by itself in a lab to effectively communicate with another 800 million of its closest friends on something the size of a dime. There's nothing else I could name that in that length of time has undergone that amount of technical sophistication. It certainly has evolved faster than any other technology that the world has ever created. It's been the basis of the entire computer economy -- PCs, mobile phones, Walkmans to iPods. It's changed nearly every aspect of our lives."

And analysts expect the transistor to continue to drive digital products forward into the future.

Intel's latest 45nm Penryn processor holds 820 million transistors. Puhakka said he expects that within 10 to 15 years, semiconductor companies will be squeezing 10 billion to 15 billion onto a single chip.

Swope said that as nanotechnology progresses and devices are injected into people's bloodstreams to find and fix diseased cells or organs, transistors might be either embedded inside the devices or at least control them from outside the body. He added that he expects advancing transistors will allow cell phones to shrink down to devices that can easily be woven into the fabric of your clothing. Transistors also should enable automatic language translation to be built into telephones so people easily can communicate with each other regardless of what languages they speak.

Feibus said he doesn't think a new technology will replace the transistor anytime soon. "Moore's Law? Oh, we'll get a good 15 or 20 more years out of it," he added. "Who am I to argue with Mr. Law?"

Blogger presses Gates for IE8 answers

No 'deep secret' about browser, he says, but Web developers say secrecy's a प्रॉब्लम

Bill Gates was surprised to hear that Microsoft Corp.'s secrecy over the next version of its browser has alienated Web developers, a Web standards advocate and blogger said today.

Relations between developers and designers and the team working on the upgrade to Internet Explorer 7 have become increasingly rocky, but developers' simmering discontent has recently boiled over. In comments attached to posts on the Microsoft blog dedicated to the browser, developers have chastised Microsoft for not following through on browser-upgrade promises, for not supporting crucial Web standards and, most of all, for not keeping them in the loop.

Molly Holzschlag, one of 10 influential bloggers who met with the Microsoft chairman for an hour on Tuesday, pressed Gates to explain why the IE information spigot has been turned off. "Something seems to have changed, where there is no messaging now for the last six months to a year going out on the IE team," Holzschlag said, according to a transcript she posted on her blog. "They seem to have lost the transparency that they had. This conversation [between Web developers and the IE team] seems to have been pretty much shut down, and I'm very concerned as to why that is."

"I'll have to ask [IE General Manager] Dean [Hachamovitch] what the hell is going on," Gates replied. "I mean, we're not, there's not like some deep secret about what we're doing with IE."

"But they're not letting people talk about it," Holzschlag continued. "I do realize that there is a new engine, there is some other information, and this information is not being made public. We are being asked not to talk about it. So, I'm concerned about that."

"He was clearly surprised by the news," said Holzschlag today in a telephone interview. "You could see that from his reaction. And yes, he was angry. To me, he seemed very concerned that the message [between Microsoft and Web developers] got broken."

Gates defended Hachamovitch as the dialogue between Gates and Holzschlag continued. "There's a paradox about disclosure," Gates said, "which is when you're far away from doing something you're super open; when you're very close to doing something you're open; when you're making your cut list of what you can do and not do, then particularly because ... well ... "

"It sets expectations and that causes trouble?" asked Holzschlag।

"Yeah, and so I don't know where Dean is in terms of if he's willing to commit what's in IE8 and what's not in IE8. In terms of standards support, he'll see that it's a glass half-full. It adds a bunch of new stuff we didn't have before, it doesn't add everything that everybody wants us to do," said Gates.

Little post, big hostility

It may have been coincidental, but a day after the Holzschlag-Gates exchange, Hachamovitch disclosed on the team's blog that the next version would be called IE8. And at the end of the post, Hachamovitch hinted that the information drought may be coming to a close. "You will hear a lot more from us soon on this blog and in other places. In the meantime, please don't mistake silence for inaction," he wrote.

But the plea fell on deaf ears. As happened last Friday when another post received a chilly reception, Hachamovitch's post was slammed by frustrated Web developers and users. As of Thursday afternoon, more than 250 had left comments. The following is a small sampling:

"Maybe for you it's just a game, but for us developers, who have to spend 20% to 30% of our front-end dev time implementing work-arounds for your browsers' bugs and lack of standards support, it hurts to even try to smile at that post," said someone identified as Yann. "You really don't get it. This post makes it blatantly obvious."

"Please, just go ahead and close this blog," added Cal Jacobson. "I'm serious: There's no actual discussion here -- it's just a series of proclamations by the IE team member unlucky enough to pull the short straw this month, followed by reactions by Web developers, which apparently are ignored."

Dave had a different take. "Wow, that was poorly calculated. For months, interested parties (including former colleagues) have begged and pleaded Microsoft for information about IE8," he wrote. "Now, with everyone's attention and an opportunity to impress the Web development community with substance, this blog instead opens with a substance-free post about product's upcoming name. Did I miss the joke, or was the joke on me?"

And finally, someone using the name "Irritated senior manager" pinned the blame on Hachamovitch. "In 12 months, your policy of silence has attracted more negative perception for the product that you manage than for any other product at any time in Microsoft's history.

"However good IE8 may or may not be, for the first time in the browser's history the result of your use of 'omerta' will mean that most developers won't really care," the post said. "Gaining acceptance will now be a great deal harder than it might otherwise have been, and much harder than should ever have been necessary."

Cisco warns of bug in desktop software

It could allow unauthorized software to run on a Windows PC

Cisco Systems Inc. is advising Windows users of its Cisco Security Agent software to upgrade the product because of a security bug.

The flaw lies in a driver used by the client software. By sending maliciously crafted data to the PC, attackers could create a buffer overflow condition in the Windows kernel, causing the system to crash.

Security firm Secunia rated the crash flaw "moderately critical," but the vulnerability could also be used by attackers to run unauthorized software on the Windows machine, Cisco warned.

Cisco released hot fixes for the bug Wednesday. A large number of Cisco products install this agent, including the Cisco Security Manager, Cisco Unified Communications Manager and the Cisco Voice Portal.

If attackers find a way to exploit this flaw to run code, it could become a serious security problem.

"Back in 2004, such a vulnerability would probably have led to a flurry of noisy network worms," wrote Daniel Wesemann, a handler at the SANS Internet Storm Center, in a blog posting. "Today, drive-by installs of spyware are more likely but at least as damaging. The bottom line is still the same: If you are using the vulnerable component, patch as soon as possible."

The buffer overflow can be caused by sending a malicious TCP packet to ports 139 or 445, the ports used by the Microsoft Server Message Block file-sharing protocol.

Google Docs easily tops online rivals in visitors, research firm says

Statistics show a sevenfold increase in traffic for Google's apps suite during October

Google Inc.'s Google Docs software has cemented its position as the leading suite of online office applications, based on unique-visitor statistics released Thursday by a Web-audience research firm showing Google holding a commanding lead over start-up rivals as well as Microsoft Corp.

The Web site for the free, still-in-beta Google Docs suite snared more than 1.4 million unique visitors in October, seven times more than it did in the same month last year, according to Boston-based Compete Inc.

Becky Bitzenhofer, a Compete analyst, wrote in a blog posting, that a "user interface overhaul and subsequent intense marketing in June seems to have ignited traffic" to the Google Docs site.

Bitzenhofer also attributed some of Google's gains to Microsoft's release of Office 2007 earlier this year. The new version of Microsoft's market-leading desktop suite includes "a whole new interface that is unfamiliar, and potentially frustrating, to the veteran Office user," she wrote.

Google Docs includes a Word-style document editor and an Excel-like spreadsheet application. Both store documents online, enabling multiple users to edit them, though not simultaneously. Bitzenhofer wrote in her posting that she counted users as unique visitors if they simply viewed a document or spreadsheet, thus not requiring that they actually create or edit one.

Google announced a PowerPoint-like application called Presentation last spring and made it available as part of Google Docs in September. But Bitzenhofer didn't include Presentation in her count of visitors to the Google Docs site.

Compete later released a broader set of statistics to the Web 2.0 news site Read/Write Web comparing the Google Docs visitor count with those of Microsoft's Office Live service as well as online rivals such as ThinkFree Inc., Zoho Inc. and Zimbra Inc., which now is owned by Yahoo Inc. Those numbers showed Google with a huge lead, commanding nearly 10 times the traffic of Office Live, its closest rival.

Although the usage of Google Docs has grown relatively quickly, the technology in all likelihood has made little dent in the customer base of Office, which Microsoft claims is used by more than 500 million end users worldwide.

Microsoft has yet to release any statistics on the number of copies of Office 2007 it has sold thus far. But financially, the new Office suite has been a huge boon to the software vendor.

The Office Live service that Microsoft is using to combat Google Docs and other online suites includes a beta product called Office Live Workspace, which complements but doesn't replace Office, as well as a set of applications designed for small businesses. There also has been speculation that Microsoft may convert its low-end Works software suite into an online, ad-supported service.

Western Digital NAS drive blocks full access to media files

Easy to circumvent would-be DRM, but would-be users are livid

Concerned about piracy of multimedia files, Western Digital has disallowed the sharing of multimedia files on its 1T-byte network-attached storage drive, the WD My Book World Edition.

Due to "unverifiable media license authentication," the remote desktop software embedded on the NAS device does not share audio and video files, including MP3, MPEG, AVI and DivX files, according to WD's customer support site .

Access to multimedia files is allowed only by the primary user registered on WD Anywhere Access, the remote desktop client embedded on the NAS device, said Brian Miller, director of marketing at Western Digital.

Anywhere Access is based on the MioNet remote desktop client, which allows users to access, read, edit and share files on remote desktops. The Anywhere Access client allows remote users access to Word documents, PowerPoint presentations and other files, Miller said. Files on the My Book World Edition NAS device can be accessed either through MioNet client software or through Web browsers.

However, it doesn't allow sharing of multimedia files.

The client was built to make file-sharing easy, and the company had no intent to inconvenience customers, Miller said. Miller said multimedia file-sharing might be added to the drive in later generations of the drive, but he wouldn't comment directly on future products.

The problem came to light in a post on the boingboing.net Web site. Author Cory Doctorow quoted a contributor named Gary who attacked Western Digital's move, calling it an extreme attempt to "cripple data devices in order to please Hollywood."

"Just wondering -- who needs a 1 Terabyte network-connected hard drive that is prohibited from serving most media files? Perhaps somebody with 220 million pages of .txt files they need to share?" Gary said in the post.

A workaround is possible for sharing multimedia files, said a user nicknamed Sparrowhawk, who left a comment on the post. "Simple. Just name the file filename-mp3.txt."

"Rename all my thousands of media files due to ridiculous and bogus limitations? No thank you," responded Eain.

Western Digital's Miller declined to comment on the possible workaround.

Iranians claim to have built Opteron-based supercomputer

Use of processors by research center would run afoul of U.S. trade sanctions; AMD says it hasn't authorized any shipments to Iran, 'directly or indirectly'


Despite federal antiterrorism trade sanctions that bar the sale of U.S.-made computer technology to Iran, a computing research center in Tehran claims to have used Advanced Micro Devices Inc.'s Opteron Processor to build the Middle Eastern country's most powerful supercomputer.

The Iranian High Performance Computing Research Center (IHPCRC), which is located at Tehran's Amirkabir University of Technology, said in an undated announcement on its Web site that it has assembled a Linux-based system with 216 Opteron processing cores. That's a relatively small supercomputer, with a claimed peak performance level of 860 billion floating-point operations per second, or gigaflops. But the research center said that the system, which will be used for weather forecasting and meteorological research, is the fastest built in Iran to date.

This isn't the first time that the Iranians have used U.S.-developed processor technology to build high-performance systems, according to a history posted on the research center's Web site. For instance, the history says that in 2001, prior to the formation of the IHPCRC, researchers at Amirkabir University built a 32-node PC cluster based on Pentium III processors from Intel Corp. A year later, they used Pentium IV chips in another cluster, this one with eight nodes.

But how did the IHPCRC get Opteron processors for the new supercomputer if U.S. technology can't be sold in or shipped to Iran? The research center may have provided a clue, though perhaps inadvertently, in a photo gallery that also can be found on its Web site.

The gallery includes a series of photos dated this year, showing workers assembling what the research center describes as the "cluster of IRIMO." That acronym refers to an Iranian meteorological organization, which would be a perfect fit for the planned uses of the Opteron-based supercomputer.

The first picture in that series of photos (see below) shows a staffer using a screwdriver on what appears to be the components of a server. Behind him, on a table, is a stack of similarly sized boxes, all of which appear to have the word "Thacker" and the initials "U.A.E." written in hand on their sides.

Thacker FZE is an authorized distributor of AMD products that is based in the United Arab Emirates, in the state of Dubai. The company is also listed under the name Sky Electronics on AMD's Web site. Sky Electronics, whose managing director is named Manoj Thacker, says on its Web site that it is a business partner of Intel, Microsoft Corp., Nvidia Corp. and several other technology vendors in addition to AMD.

Although the server components are exposed in the photograph on the IHPCRC's Web site, no lettering or brand names can be made out on what appear to be two processing units. The faces of the two devices are blank, even after the clarity of the photo was enhanced by Computerworld's design staff.

After a copy of the photo was e-mailed to Thacker/Sky Electronics, Anil Clifford, a Dubai-based spokesman for the firm, said Thursday that he didn't understand the image because the company doesn't have any customers in Iran. "It is an embargo [situation] for us," he said.

Clifford said that boxes the size of the ones in the photo could include a variety of components, including server casings and power supplies – all of which are made in Taiwan.

Western Digital launches power-efficient disk drives

Suppliers of data center products are endorsing the company's new power-efficient line of "green" drives


- Western Digital Corp. has announced new hard drives that use up to 40% less power than competing drives.

The serial ATA drives are part of a new GreenPower-branded line (RE2-GP), with 500GB, 750GB and 1TB capacities. They use on average 4 to 5 watts less than similar-size drives from Hitachi GST, Fujitsu, Seagate and other major suppliers.

Western Digital said four branded technologies boost the power efficiency of the new drives:

• IntelliPower balances spin speed, transfer rate and caching algorithms to avoid always spinning at top speed. And less current is used during start-up, which allows more drives to spin up simultaneously, resulting in faster system readiness.
• IntelliSeek optimizes seek speeds to lower power consumption, noise and vibration.
• IntelliPark automatically unloads the recording heads during idle mode to reduce aerodynamic drag and disables read/write channel electronics.
• Active Power Management monitors a drive's workload and automatically puts the drive in idle mode whenever possible to reduce unnecessary power consumption. Drive recovery time from idle mode is less than one second.

Western Digital said that large data centers could save up to $100,000 annually if they replaced 10,000 standard drives with GreenPower drives. At a PC level, users might save $10 a year per drive.

Tom McDorman, general manager of Western Digital's enterprise business unit, said the new enterprise line of hard drives allows users to "expand their storage needs, reduce their total cost of ownership and improve the environment all at the same time."

Data center suppliers already selling more power-efficient products were quick to endorse Western Digital's new line.

Tony Gaughan, Rackable Systems Inc.'s chief products officer, said Western Digital's new RE2-GP hard drives "are an excellent choice for customers deploying Rackable Systems' newest generation of Eco-Logical storage systems, enabling even greater efficiency and performance."

David Driggers, Verari Systems Inc.'s chief technology officer, said, "By utilizing [Western Digital's latest] GreenPower technology, Verari is able to provide enterprise customers with a solution that delivers one of the most energy-efficient systems available today."

The new drives are available from Western Digital's online store, with suggested retail prices of $149.99, $249.99 and $349.99 for the 500GB, 750GB and 1TB drives, respectively.

Nokia lays plan for more Internet services

Company wants to move beyond cell phones to Web services

(IDG News Service) -- Nokia Corp. today unveiled an ambitious plan to move beyond cell phones and deeper into the world of Internet services, where it will compete more directly with Google Inc., Apple Inc. and Microsoft Corp.

The plan centers on its Web site at Ovi.com, which Nokia will market as a "personal dashboard" where users can share photos with friends, buy music and access third-party services like Yahoo's Flickr photo site.

The idea is to offer a single location where people can manage the content, services and contacts they accumulate when surfing the Internet on their phones and PCs, said Anssi Vanjoki, general manager of Nokia's multimedia group, at the company's Nokia World conference in Amsterdam.

Ovi.com will offer a single sign-on for the services, so people don't have to remember numerous log-ins and passwords on the Web, Vanjoki said. Nokia is also developing Ovi desktop software for organizing content offline.

Espoo, Finland-based Nokia began talking about Ovi in August, and one part of the service, an updated version of Nokia's mobile gaming platform, N-Gage Arena, is going live this month, Vanjoki said. The service worked in the past only with Nokia's N-Gage mobile game consoles, but the company said it will soon work with other devices.

The games service is only the start. Nokia has said that an online music store will follow, and the company today provided more details of other services it will offer. They include mapping services, a video store and a photo service that allows users to upload photos from a phone and link them to maps, much as Google allows people to do with its Picasa service.

"Ovi will enable people to access social networks, communities and content. It's the foundation from which we'll expand Nokia in new directions," said Olli-Pekk Kallasvuo, Nokia's president and CEO.

Nokia holds more than one-third of the world's mobile phone market, and it hopes that Internet-enabled devices like its N95 mobile phone will become the primary way people access the Web in future. At a time when the average price of cell phones is falling, online services could help it build new business.

Nokia faces several challenges, including turning Ovi into a brand that can compete with established online companies like Google and Facebook. Kallasvuo acknowledged the challenges while answering questions after his speech, which was webcast.

"In addition to being a device company, we have to become more like an Internet company as well, and combine the two worlds," he said. "That's a great challenge, but at the same time a great opportunity."

Nokia's Ovi initiative will have a greater chance of success if more people start using Internet-enabled phones. It estimates that 3 billion people worldwide have a mobile phone, but only 300 million have advanced multimedia handsets, and only about 200 million of those are from Nokia. The devices also need to be easier to use, Vanjoki said. "A lot of improvement needs to take place," he said.

Ovi.com is being tested internally and will be rolled out for public beta next year, when the desktop software will also be released, Vanjoki said. The company demonstrated the software, which has snazzy interface elements, including a tool for organizing videos, photos and other files that makes them appear to be floating in three-dimensional space.

The service is likely to include an online storage component to make it easier to share files online. "We haven't yet announced the media-sharing service, but that will be part of the Ovi.com sales offering," said Nokia spokesman Kari Tuutti.

Access to Ovi.com and the desktop software will be free, Tuutti said. The software will be delivered on a CD with Nokia phones and offered for download over the Web.

Ovi is the Finnish word for "door," and the name is intended to imply that Nokia opens doors to the Web.

Privacy alert: Cookie variants can be used to skirt blockers, anti-spyware tools

Maintaining privacy is getting harder for Web surfers

- Just because your Web browser is set to block third-party tracking cookies that doesn't mean all of them are being blocked.

A growing number of Web sites are quietly resorting to the use of "first-party," subdomain cookies to skirt anti-spyware tools and cookie blockers and allow third-party information gathering and ad serving, according to some privacy advocates and industry analysts.

Though the cookies are not fundamentally different from other third-party cookies, they are very hard to detect and block, said Stefan Berteau, research engineer with CA's anti-spyware research team. The result: companies could theoretically use the cookies to quietly gather and share consumer information with little risk of detection, he said.

So far, the use of first-party, subdomain cookies appears to be less prevalent than standard third-party cookies, Berteau said. "But it's the kind of thing that might catch on quickly."

The growing, but largely hidden, issue of online consumer-tracking and information-sharing burst into the open in recent days because of the controversy generated by Facebook's Beacon ad-serving technology. In that case, the use of tracking technology was acknowledged by the company, though it has been blasted for not allowing users to easily opt out and for failing to disclose how extensively it was being used.

First-party, sub-domain cookies are those that appear to be served up by the primary Web site a user is visiting; in reality, they are being issued by an external third party. For example, a company whose primary domain name is xyz.com could create a sub-domain called trackerxyz that falls within the xyz.com domain so it would look like this: www.trackerxyz.xyz.com

This subdomain actually points to a third party's server. But because the parent domain names are the same, the user's browser sees that server as belonging to the parent -- and treats cookies from both equally.

Web sites that allow such cookies are taking advantage of the fact that the standards used to categorize cookies rely on domain names, not IP addresses, Berteau said. In other words, whether a cookie is seen as a first-party cookie or a third-party cookie depends on the domain from which the cookie was served up, not on the IP address of the server itself. "Basically a sub-domain can be pointed to any IP address" while still having its cookies treated as first-party cookies, he said.

In many cases, first-party, sub-domain cookies serve legitimate purposes, said Carolyn Hodge, marketing director for TRUSTe. For instance, a bank might have a relationship with an external bill pay vendor, and might set cookies that appear to come from the bank but actually have been set by the bill pay vendor.

"Where it becomes an issue is if there are any sort of secondary uses" associated with those cookies such as activity tracking or ad serving that are being done without notice, she said. In such cases, it would be incumbent on the Web site to disclose that it is using such cookies, she said.

Concerns about the practice could soon prompt a review of TRUSTe's policies surrounding the acceptable use of such cookies, Hodge added. "Our program does not disallow the use of third-party cookies, but we have strict requirements for privacy" related to them.

TRUSTe basically certifies and monitors a Web site's privacy and e-mail policies; Its TRUSTe privacy seal is used by more than 2,500 companies in 56 countries.

The use of first-party, sub domain cookies is relatively new and seems to be a response to the widespread blocking of third-party cookies that is done routinely by anti-spyware tools and Internet browsers, said Alain Zidouemba, senior research engineer at CA.

CA's own anti-spyware tools look at the domain from which a cookie is served to decide whether a cookie is third-party or not. The tools then use a score card method to decide whether to block or allow the cookie. The decision is based on self-disclosed information that each third-party cookie is required to have in the form of a compact P3P statement. That statement basically comprises a series of 3-letter tags representing a particular statement about that cookie's privacy policies, which are used to pass or fail a cookie.

In a test of 205,000 randomly selected unique URLs earlier this year, CA discovered more than 20,000 URLs setting nearly 24,300 third-party cookies that were classified as a threat to privacy. More than half of those third-party cookies were issued by tracking networks such as advertising.com, specificclick.net, 2o7.net and spylog.com. The tracked information ranged from a user's IP numbers, to data on queries to a search engine, logs of account activity, information generated by the purchase of products and services and demographic data such as gender, age and income.

Detecting such cookies would be a lot harder if they are served up as first-party sub domain cookies, Zidouemba said.

For users, blocking them could get more difficult. "So far, we are not aware of a simple way for users to protect themselves, because it is relatively difficult to automatically detect them when they occur," Zidouemba said. "Particularly advanced users could manually investigate each of their cookies, and then use their browser to block the ones which are being redirected to sites they do not approve of."

But that can be a time-consuming and fairly tedious process, "not at all something which an everyday user would be able to undertake, he added.

Malware samples doubled in one year, F-Secure says

So far this year, it's collected 250,000 examples of malicious software
- Finnish security vendor F-Secure has collected twice as many malicious software samples this year as it has over the last 20 years, a trend that highlights the growing danger of malicious software on the Internet.

Through the end of 2006 and 20 years prior, F-Secure counted a total of 250,000 samples, said Mikko Hypponen, F-Secure's chief research officer. This year alone, 250,000 samples have been counted, he said.

Statistics on malware from antivirus companies can vary since the data is often derived from what their customers experience while using their software, and it depends on how widely that software is used.

But other security vendors have also noted the flood of new malware on the Internet over the last few years. Symantec said earlier this year that it detected 212,101 new malicious code threats between January and June, an increase of 185% over the same period a year prior.

The astounding increase shows that hackers "are generating large number of different [malware] variants on purpose to make the lives of antivirus vendors more difficult," Hypponen said.

A variant is a piece of malware that has a unique look but belongs to a known family of malware, sharing common code and functions. Hackers use techniques such as obfuscation, which jumbles up code and makes it hard to determine what the program is, and encryption, to trick security programs.

"Genuine innovation appears to be on the decline and is currently being replaced with volume and mass-produced kit malware," according to F-Secure's report, which focuses on the second half of 2007.

Higher numbers of malware samples put more pressure on vendors to ensure they have fine-tuned products. To handle the surge, F-Secure has hired more security analysts and is continuing to develop automated tools to evaluate malicious software, Hypponen said.

Any new malware must first undergo an analysis. Then most security software vendors create a signature, or an indicator, that allows its software to detect the malware.

Automation makes the task of analyzing malware somewhat easier, but "in the end, a human makes the decision where we add detection [signatures]," Hypponen said.

Users, Web developers vent over IE7

Microsoft blog about the browser's success draws scores of complaints

- Users of Internet Explorer 7 (IE7) turned a blog post by a Microsoft Corp. program manager into a complaint free-for-all that took the company to task for not following through on browser upgrade promises and alienating Web developers.

In the posting to the IE team's blog, Tony Chor, the group program manager, used the passing of IE7's first year to tick off several milestones for the browser, including a claim that its user base recently reached 300 million. "This makes IE7 the second most popular browser after IE6," Chor said in the post. "IE 7 is already No. 1 in the U.S. and U.K., and we expect IE7 to surpass IE6 worldwide shortly."

Chor also said that IE7's integrated antiphishing filter stops an estimated 900,000 phish attempts each week, and that the support call volume for Microsoft's browser line is down 20% from a year ago. "This is typically a sign that the product is more stable and has fewer issues than the previous release," Chor said.

But while Chor was loquacious about IE7, he gave short shrift to news about the next edition. "While we're happy with how well IE7 is doing, as always, we continue to listen to our customers and find ways to further improve Internet Explorer. Look for more news on this front in the coming weeks."

That drove some users to question Microsoft's commitment to a statement made by Bill Gates last year that the company would upgrade Internet Explorer more frequently. In March 2006, Gates acknowledged that the six years between the release of IE6 and IE7 was too long an interval, then said Microsoft would crank out a new edition of Internet Explorer every nine to 12 months.

"Congratulations. In the same time frame [since IE 7's debut], Firefox went 2.0 and launched 3.0 beta, Safari has gone to 3.0, including a version for Windows," said someone identified as Paul. "Let's see ... six years for IE7, so you guys are on track to have IE8 by what, 2012? Your problem is you think in terms of years."

Others took exception to Chor's statistics on IE7's uptake and the number of security issues found in it during the last year. But it was developers who seemed to bash Microsoft the hardest. "Instead of wasting our time with crazy back-patting uselessness, will Microsoft please just admit defeat and close up development of IE and hand [it] over to people who care about the Web and handle it properly?" said Ryan G. "I have wasted so many hours developing sites to work in this browser that work without further modification in every other browser."

"Another post on this blog, and not a single word about being open with the community, IE8, bug fixes, new features, transparency, public bug tracking, etc., except by every developer/manager/tester/designer/user/security expert commenting on this blog," said a user identified as Bradley. "What's the issue here? If [Microsoft] is not going to commit any time, resources, material to any of this, ISSUE A POST indicating such (preferably with a reason)!"

But the most pointed comment came from someone labeled only as dk. "You all continue to underestimate the dramatic spillover effect this poor developer experience has had and will continue to have on your other products and services. Let me drive this point home. I am a front-end programmer and a co-founder of a start-up. I can tell you categorically that my team won't download and play with Silverlight ... won't build a Live widget ... won't consider any Microsoft search or ad products in the future.

"And the reason is because of IE -- because Microsoft disregards its most important relationship with us. Until this relationship is repaired, nothing else stands a chance."

Microsoft: Ancient Windows flaw could steer IE to hackers

DNS-related glitch first reported and patched in 1999
-- Microsoft Corp. said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced, and could expose some customers to online attacks.

The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect victims to a malicious Web site.

Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and subsequently publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client-side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.

The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.

Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.

Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix, it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.

WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.

To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk.

And that's where the problem lies. By looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.

Reavey says that this problem only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.

Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge -- a "man in the middle" attack." An victim might think he was visiting his bank's Web site, but in reality, he could be sent to a phishing site.

"It's particularly insidious because a lot of people don't realize that this is happening," said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.

Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.

Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz, domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.

Adobe upgrades Flash Media Server, slashes entry-level price

Video-friendly upgrade comes as competitors move on juicy market

- Adobe Systems Inc. on Tuesday announced a new, more video-friendly version of Flash Media Server that also introduces a less expensive single-server edition.

Flash Media Server 3, which can help Web publishers deliver Flash applications and Flash-encoded video, can handle about five times the number of streams and amount of bandwidth as version 2, according to the San Jose, Calif. software company.

FMS 3 will come in an interactive server edition that costs $4,500, which Towes says is comparable to FMS 2's original and edge-server package, which are aimed at large publishers and content delivery networks (CDNs) and list for a combined $60,000.

But customers can also buy a license to deploy FMS 3 just on a single server -- an option not previously available in FMS 2 -- for $995. That, he said, compares to FMS 2's professional edition, which cost $4,500 and allows between 150 and 2,500 simultaneous connections.

"The cost of deployment was too high, so we addressed that and also improved performance so you can stream more video using less CPU," said Kevin Towes, Adobe's product manager for Flash Media Server.

Everybody wants to get in on the act

Adobe claims that Flash is used to encode three-quarters of the video on the Web today. For instance, YouTube videos are encoded and streamed to viewers using Flash.

But staying on top requires effort in this space. To drive adoption of its competing Expression publishing platform, Microsoft Corp. is offering much of the software cheaper than its Adobe equivalents -- or, in the case of Expression Media Encoder, for free. Expression Media Encoder offers many of the same features as FMS.

Other cheaper alternatives such as Wowza Media Systems Inc., which offers server software that also streams Flash content and video, also threaten.

During its MAX conference earlier this fall, then-Adobe CEO Bruce Chizen said that Flash's market share today "is a clear indication that our pricing is competitive now."

But the company also said that if enough customers look like they might defect, it would be wiling to cut prices.

"If the cost of Flash Media Server comes in the way of Flash adoption, we will adjust that," said Shantanu Narayen, Adobe's president, at the time. Narayen took over as CEO on December 1 after Chizen's resignation in November.

FMS 3, which will be available in January, improves upon FMS 2's video quality and compression by using the H.264/MPEG-4 standard.

"It takes us closer to HD," Towes said.

FMS 3 also adds the ability for music and other audio to be compressed with the AAC format used by Apple Inc.'s iTunes software.

When deployed in tandem with its in-beta Adobe Media Player, FMS 3 also adds advertiser-friendly features, such as the ability to track and measure up to 30 different user behaviors, and digital rights management (DRM) that can allow publishers to charge for access or ensure that ads be played before, during and after a video, Towes said.

Unsung innovators: 10 people who shaped the computer industry

- Their names are so familiar that they roll off your tongue like a song that keeps rattling around in your head: Steve Jobs, Andy Grove, Bill Gates, Vint Cerf. We could go on, but we wouldn't want to mislead you.

Instead, this time out, we've put together a list of names you probably haven't heard of. (No fair peeking at the Table of Contents quite yet!) From the pair who started the VLSI chip revolution to the man who received the first software patent to the guy who put the 'at' sign in your e-mail address, we searched high and low for people we're betting you didn't already know.

Without these innovators, even those whose work you may question -- like the first to send out a spam message -- we would all be experiencing a very different industry today.

Speaking of, we discovered the true father of the Internet. It isn't Al Gore, and it isn't Vint Cerf, though the latter got close.
And yes, now's a good time to jump over to the Table of Contents and get to know these folks.

When you're done reading, please let us know -- in the comments field below -- who else we should have included on this list. And keep in mind our criteria: giant industry contribution, low name recognition.

And if you're itching to know more about some of those household names and what they're up to now, there's something for you, too. We tracked down seven tech giants, including Mitch Kapor, Dan Bricklin and Steve Wozniak, and can bring you up to date with their newest ventures in Second acts: Seven tech titans today.