Microsoft bends the knee to the EU regulators

Well, well. Telegraph report:

Since the ruling [by the European Court of First Instance], Microsoft’s chief executive Steve Ballmer has been in almost daily contact with Neelie Kroes, the European commissioner for competition policy.

Following these intensive discussions, Microsoft has agreed to change the way it provides rivals with information that allows them to write programmes that mesh with Windows.

Microsoft will now make information available to open source developers, with licensing terms that allow every recipient of the resulting software to copy, modify and redistribute it in accordance with the open source business model.

In a statement today Ms Kroes said: “The Commission’s 2004 decision set a clear precedent against which Microsoft’s anti-competitive behaviour could be judged.

“Now that Microsoft has agreed to comply with the 2004 decision, the company can no longer use the market power derived from its 95pc share of the PC operating system market and 80pc profit margin to harm consumers by killing competition on any market it wishes.”

Microsoft has agreed to slash its requested royalties for a worldwide licence, including patents from 5.95pc to 0.4pc – less than 7pc of the royalty originally claimed.

The software group has also abandoned its demand for a royalty of 2.98pc of revenues from software developed using licensed information…

Later: This from GMSV:

Apparently, the key to reaching a resolution was to clear away all the lawyers and turn to personal diplomacy. Microsoft CEO Steve Ballmer and EU Competition Commissioner Neelie Kroes became fast phone friends with daily calls over the past three weeks, and the deal was sealed in person over dinner at a little restaurant in the Netherlands (Ballmer had the crow en croute). “I sincerely hope that we can just close this dark chapter,” Kroes said later. “I feel a bit sad because it took so long, it took so many years, and during those many years consumers suffered from the fact that Microsoft didn’t go along with what the Commission asked it to do.” Microsoft mumbled something about continuing “to work closely with the Commission and the industry to ensure a flourishing and competitive environment for information technology in Europe and around the world.” There remain some outstanding issues, including how much of that accumulated fine the EU will impose, and in case Redmond starts backsliding, Kroes said, “Microsoft should bear this in mind. The shop is still open, I can assure you … there are a couple of other cases still on our desk.”

The message is meant for more than Microsoft. The EU continues to show a willingness to jump in where U.S. regulators won’t, and that has to be a sobering thought for companies like Intel, which looks like it’s getting a pass from the FTC, but has until January to answer EU charges that it violated antitrust rules by selling its chips below cost to strategic customers, among other things.

That “crow en croute” crack is nice.

The future of personal computing

According to Nicholas Carr, it’s captured in a single simple equation: Google plus Apple.

The future of personal computing was divulged by Mr. Eric Schmidt, the chief executive officer of Google, on March 23 of this year during an interview with Wired’s Fred Vogelstein. Vogelstein asked Schmidt why he had recently joined Apple’s board of directors, and Schmidt responded:

“Google’s architectural model around broadband and services and so forth plays very well to the powerful devices and services Apple is doing. We’re a perfect back end to the problems that they’re trying to solve. And they have very good judgment on user interface and people. They don’t have this supercomputer I’m talking about, which is the data centers.”

At this very moment, in a building somewhere in Silicon Valley, I guarantee you that a team of engineers from Google and Apple are designing a set of devices that, hooked up as terminals to Google’s “supercomputer,” will define how we use computers in the future. You can see various threads of this system today – in Apple’s iPhone and iPod Touch, its dot-mac service, its iLife and iWork applications as well as in Google’s Apps suite and advertising system, not to mention its vast data-center network. What this team is doing right now is weaving all those threads together into what will be, for most of us, the fabric of cloud computing. (This is so big, you need at least two metaphors to describe it.)

Damn. I’m going to have to get an iPhone…

In millions of Windows, the perfect Storm is gathering | Business | The Observer

This morning’s Observer column

Storm has been spreading steadily since last January, gradually constructing a huge botnet. It affects only computers running Microsoft Windows, but that means that more than 90 per cent of the world’s PCs are vulnerable. Nobody knows how big the Storm botnet has become, but reputable security professionals cite estimates of between one million and 50 million computers worldwide. To date, the botnet has been used only intermittently, which is disquieting: what it means is that someone, somewhere, is quietly building a doomsday machine that can be rented out to the highest bidder, or used for purposes that we cannot yet predict…

TrueGrain

This is interesting to anyone who — like me — muses on the aesthetic differences between digital and analogue photography.

TrueGrain is a creative tool for accurately recapturing the aesthetics of black and white film with digital imagery.

TrueGrain takes the form of a stand-alone image processing utility that imposes the physical characteristics of a real-world film stock onto a digital image. The synthesis is done through measured and sampled data gathered from the actual film and development process being reproduced…

Here’s the workflow:

1. Prepare a color digital photograph as a TIF file

2. Load the TIF file into TrueGrain

3. Choose a film stock

4. Save the resulting image

It’s ingenious, but expensive. A single licence costs $300. Having just taken delivery of a batch of chemicals for processing some recent films, I’ll stick with chemistry for the time being.

There’s a nice irony in using sophisticated digital processing techniques to create an analogue effect!

Many thanks to Boyd Harris for spotting it.

Halloween mania

I detest Halloween. Here are two reasons why.

Seen in a local Tesco store. Er, shouldn’t that read “this store has agreed to…”?

A newspaper ad.

Of course none of this will stop Tesco commercialising it.

Neat work, AP

Associated Press have done a really neat piece of detective work to investigate rumours of dirty tricks by Comcast, a US ISP.

NEW YORK (AP) – To test claims by users that Comcast Corp. was blocking some forms of file-sharing traffic, The Associated Press went to the Bible.

An AP reporter attempted to download, using file-sharing program BitTorrent, a copy of the King James Bible from two computers in the Philadelphia and San Francisco areas, both of which were connected to the Internet through Comcast cable modems.

We picked the Bible for the test because it’s not protected by copyright and the file is a convenient size.

In two out of three tries, the transfer was blocked. In the third, the transfer started only after a 10-minute delay. When we tried to upload files that were in demand by a wider number of BitTorrent users, those connections were also blocked.

Not all Comcast-connected computers appear to be affected, however. In a test with a third Comcast-connected computer in the Boston area, we were unable to test with the Bible, apparently due to an unrelated error. When we attempted to upload a more widely disseminated file, there was no evidence of blocking.

The Bible test was conducted with three other Internet connections. One was provided by Time Warner Inc.’s Time Warner Cable, and the other came from Cablevision Systems Corp. The third was the business-class connection to the AP’s headquarters, provided by AT&T Inc. and Cogent Communications Group Inc.

No signs of interference with file-sharing were detected in those tests.

Further analysis of the transfer attempt from the Comcast-connected computer in the San Francisco area revealed that the failure was due to ”reset” packets that the two computers received, carrying the return address of the other computer.

Those packets tell the receiving computer to stop communicating with the sender. However, the traffic analyzer software running on each computer showed that neither computer actually sent the packets. That means they originated somewhere in between, with faked return addresses…

It seems that Comcast uses Sandvine traffic-shaping hardware to limit the effectiveness of BitTorrent seeding. The goal is to manage BitTorrent traffic without tipping off mainstream users that it’s being done. This source cites Robb Topolski’s explanation of how it’s achieved:

“The Sandvine application reads packets that are traversing the network boundary. If the application senses that outbound P2P traffic is higher than a threshold determined by Comcast, Sandvine begins to interrupt P2P protocol sequences that would initiate a new transfer from within the Comcast network to a peer outside of the Comcast network. The interruption is accomplished by sending a perfectly forged TCP packet (correct peer, port, and sequence numbering) with the RST (reset) flag set. This packet is obeyed by the network stack or operating system which drops the connection.”

I love the idea of using the Bible as the test file. Reminds me of Larry Lessig’s report of coming into his office in Stanford one morning to find the network police waiting for him, grimly announcing that it had been discovered that he had P2P software installed on his computer. Larry explained that he used P2P as a way of distributing his own publications — intellectual property that he owned. The idea that there might be legitimate uses for P2P had clearly never occurred to the management.

And that’s in Stanford!

Later: Ed Felten has also commented on Comcast’s traffic shaping practices.

“Hi darling, I’m on the plane”

Oh no. BBC NEWS | Technology | Mobile phone use backed on planes

Passengers could soon be using their mobile phones on planes flying through European airspace.

Plans have been developed across EU countries to introduce technology which permits mobile calls without risk of interference with aircraft systems.

Regulators around Europe are calling for consultation on the potential introduction of the technology.

If given the go ahead, the service would allow calls to be made when a plane is more than 3,000 metres high.

Individual airlines would need to decide if they wanted to introduce the technology, if the green light is given by national regulators.

Bah!

Bogus email ‘agreements’

I’m perpetually irritated by the ludicrous legalese that organisations force employees to tag onto the end of email messages. Here’s a typical example:

This e-mail and all attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender and delete the e-mail and all attachments immediately. Do not disclose the contents to another person. You may not use the information for any purpose, or store, or copy, it in any way.

Up to now, my standard reaction has been to mutter “Oh Yeah! You and whose army?” But I’ve just noticed that Cory Doctorow, Whom God Preserve, has had a better idea. He has decided that ridicule is the best defence against this nonsense. His boilerplate legalese reads:

READ CAREFULLY. By reading this email, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (“BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

I’m going to add this to my email signature options so that anyone who signs off with legalese will have the compliment returned, in spades.

Later: Hmmm… I’ve obviously touched a chord here. Lovely email from James Cridland pointing me to his personal legalese:

Terms and conditions of receipt of email

These terms and conditions apply to emails sent to the above email addresses or any containing ‘james’ before the @ sign and ‘cridland.net’ after the @ sign. Unsolicited email is herein defined as email which is not the result of demonstrable prior contact using or quoting such an address. No guarantee of confidentiality is given, or honoured, on receipt of unsolicited email, irrespective of any terms and conditions block contained therein. It is illegal to send EU citizens unsolicited commercial email without the users’ explicit (opt-in) permission, according to The Directive on Privacy and Electronic Communications (2002/58/EC). This site owner reports all such mail direct to your ISP.

That’s the stuff! I feel better already.

The Storm ‘worm’

Bruce Schneier has a sobering briefing on what he calls “the future of malware”.

Although it’s most commonly called a worm, Storm is really more: a worm, a Trojan horse and a bot all rolled into one. It’s also the most successful example we have of a new breed of worm, and I’ve seen estimates that between 1 million and 50 million computers have been infected worldwide.

Old-style worms — Sasser, Slammer, Nimda — were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins, and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.

Storm represents the future of malware. Let’s look at its behavior:

1. Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while hides much more easily.

2. Storm is designed like an ant colony, with separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.

3. Storm doesn’t cause any damage, or noticeable performance impact, to the hosts. Like a parasite, it needs its host to be intact and healthy for its own survival. This makes it harder to detect, because users and network administrators won’t notice any abnormal behavior most of the time.

4. Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn’t have a centralized control point, and thus can’t be shut down that way…

There’s more, and none of it is pretty.

Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it. Inoculating infected machines individually is simply not going to work, and I can’t imagine forcing ISPs to quarantine infected hosts. A quarantine wouldn’t work in any case: Storm’s creators could easily design another worm — and we know that users can’t keep themselves from clicking on enticing attachments and links.

Redesigning the Microsoft Windows operating system would work, but that’s ridiculous to even suggest. Creating a counterworm would make a great piece of fiction, but it’s a really bad idea in real life. We simply don’t know how to stop Storm, except to find the people controlling it and arrest them.

This is the other side of the end-to-end coin.