Industry News

Electronic Arts announced earlier this week an update to their beloved SimCity franchise. SimCity Deluxe for iPhone, due out this summer, promises not only more robust game features but also a complete visual makeover. Now, the civilization you keep on your mobile device will look even better and you'll be granted even more control over your Sims.

For those who were frustrated by the initial translation of the SimCity franchise to the iPhone's touchscreen interface, take heart. According to the press release, the UI will feature "larger buttons, better flow, and more accessible items." The graphics have been improved as well, looking more like SimCity 4 than SimCity 2000.

You'll also have more control. The beloved terrain editor is back, meaning you'll be able to plant trees and paint water with only the touch of your finger. Ever wanted to build a city in the middle of a lake? How about a city at the bottom of a valley? With the terrain editor, shaping the world in the image you want is only a few finger presses away.

Seven scenarios and seven new starter cities have been added to the game. If you don't want to build a city from scratch, challenging yourself with someone else's creation will keep you playing for hours longer.

SimCity Deluxe will also feature four distinct seasons and seasonal appropriate disasters. As mayor, how will you respond to the summer floods or an unforeseen snowstorm? SimCity Deluxe lets you find out.

The release date and pricing for the game have not been released, but amateur mayors should look for the app on the App Store in the summer and likely priced on the premiere side.

When evaluating cloud computing, organisations are of course concerned about security issues. Information is hosted elsewhere, often offshore. Legal aspects are important for wider security considerations, although reputational risk of a security breach can be more significant. The risk of security/privacy breach may be lower overall with cloud computing than applies in the status quo (for example on-site processing of data). In assessing whether to move to cloud computing, it is important to compare with the benefits and risks of the status quo. I outlined this in my earlier column CIO article, The Case against Cloud Computing revisited (See CIO August 2009 and http://cio.co.nz/cio.nsf/opin/9AD644B12571BCC0CC257610000176AA), picking up on the same theme in Bernard Golden's excellent CIO article, The Case against Cloud Computing.Privacy and security risks?It's not just about privacy legislation. People often discuss cloud computing as though the considerations stop and start with privacy legislation. There is general law that applies too, such as the law in relation to negligence, contract, confidentiality and so on. However, following the principles in the Privacy Act will often lead to compliance with other legal obligations as well. Privacy ActFor cloud computing, the key obligation is in Information Privacy Principle 5 in the Privacy Act. This requires:• The New Zealand organisation to protect information with such security safeguards as are reasonable in the circumstances; • If it is necessary to give information to a third party (for example a cloud computing service provider), that New Zealand organisation must do everything reasonable in its power is done to prevent unauthorised use or disclosure. For cloud computing, several conclusions flow from this:• 100 percent security protection is not required. What is called for is protection of information by such safeguards as are "reasonable in the circumstances to take". • Robust industry practice, codes, and so on, are likely to be relevant in determining the appropriate approach.• If the organisation (for example the New Zealand-based company using cloud computing services) gives information to a cloud computing provider, that organisation must "ensure ... that everything reasonably within [its] power ... is done to prevent unauthorised use or unauthorised disclosure of the information". This obligation applies whether the cloud computing provider is based in New Zealand or offshore.• That obligation also means that the New Zealand-based organisation often won't be able to rely solely on, for example, a supply contract under which the provider takes responsibility. This assumes that the provider does take responsibility. At present, many cloud computing providers do the opposite. So, further due diligence, systems, monitoring, and so on are likely to be required on the part of the New Zealand organisation in order to be Privacy Act-compliant.Offshore considerations Because the New Zealand organisation retains responsibilities, it should assess whether a particular service provider should be permitted to have the information in particular countries, some of which may have a weak privacy regime. It is one thing to send the data to Australia or Europe (each with a robust privacy regime). It is another to send it to a country without such law and practice.The EU provides useful guidance on the adequacy of protection of data in other countries (see http://tinyurl.com/2w47yu). Increasingly, cloud computing customers can require providers to limit the transmission of their information to certain countries. For example, it could be limited to Australia, to New Zealand itself, or even, in the case of government, limited to public sector networks and servers (the so called G-cloud).Reducing riskThe way contracts are framed can of course impose greater risk (for example, a contract term ensuring that all data will remain secure is risky for an organisation). Of course, just as the cloud computing provider will seek to limit its risk in its contract with the New Zealand organisation, so can the latter seek to do so with its customers. This may be achievable where the New Zealand organisation's customers are businesses. It is more difficult where the information is personal information and the customers are individuals. Standard form contracts from cloud computing providers currently tend to eliminate liability to a large degree. Increasingly over time, larger users of cloud computing services, in particular, may be able to negotiate more favourable terms.The public sectorThe public sector has additional considerations such as the Public Records Act and the Official Information Act, as well as certain security requirements specific to Government.When assessing the benefits and risks of cloud computing, the comparison should be with the real world (the status quo) not perfection.Michael Wigley is the Principal of Wigley & Company, a law firm specialising in ICT. He can be reached at michael.wigley@wigleylaw.com.

What will be the standout business and technology challenges in the post-recessionary environment? We canvass a panel of executives and analysts on what to do now for the organisation, the ICT team and your career. Deliver customer valueJonathan Iles, CIO, Carter Holt HarveyDuring the financial crisis that saw enterprises pulling the plug or holding off on key programmes, Jonathan Iles and his team were working on "fairly major projects"."In fact, there will be more this year," says the chief information officer of Carter Holt Harvey. As he tells his team, "We are sailing into the perfect storm. So let us batten down the hatches, get those ships ready so that when we go into this, we are highly motivated, we know what we are doing, and we manage to hold everything together."He says with the past year the focus of ICT at CHH was delivering customer value, and this will continue in the next 12 months. "2010 will still be very much moving into value and improving the relationships with our customers."The projects around this range from an ERP upgrade to what Iles calls "very basic things", like CRM and pricing and invoicing systems. "This means our customers, people who buy our wood products, our pulp paper, our packaging; they have a better experience for us so we go for greater market share. That is what really drives most value to the business."As well, the team is preparing for shifts throughout the year. "I expect to see some major structural changes in the business over the next 12 to 18 months and that is going to add to a lot of projects at the same time," says Iles. "We need to maintain the high quality of infrastructure delivery, despite the fact that we are containing costs.""We are driving really hard on infrastructure," he says. "We have made some major savings that allowed us to spend more money on ERP, without increasing the budget.""This is about, 'How do I align with the business strategy? Am I implementing the right strategy to fit the business?'"Like his executive colleagues, the past year has delivered a handful of lessons for Iles. Foremost is, "You need to be ruthless with your business cases." The second is the value of having flexible contracts with key vendors. "This flexibility should enable no-penalty changes to be made -- including the ability to terminate services at no cost," says Iles.CHH renegotiated several key contracts at the beginning of last year to introduce competition into the relationships, with the result that costs for several services dropped significantly. This exercise will be done this year. "When the economic climate changes quickly, having long-term, inflexible contracts can be a major burden," he says.Another key lesson during the economic slowdown was the importance of having variable costs. For instance, says Iles, if the company sells a business unit, there is no proportionate reduction in software and hardware maintenance. "We would like to reduce the cost proportionally. The only way you can do that is by variable cost," says Iles. "Most of our costs are fixed, but we certainly want to move to a more variable cost model," which he notes is the promise of cloud computing.As for post-recession plans, Iles foresees a busier period ahead. "For me, post-recession means a surge of activity and I can see that that is going to be coming."Interestingly, one of his major activities last year was far removed from ICT. Iles joined Pat O'Connell, CIO of Rank Group, of which CHH is a subsidiary, and Glenda Mullany of IT firm The Tango Group, to complete a series of endurance challenges to raise funds for charity. The group's "final challenge was scaling the four highest mountains in the North Island -- Tongariro, Ngauruhoe, Ruapehu and Taranaki mountains. They achieved this in November and raised more than NZ$22,000 for the Kia Timata Ano Trust, a women's refuge in Rodney. (See http://cio.co.nz/cio.nsf/spot/AFD817D770AAD3B6CC25767D007DE7A1?Opendocum...)For Iles, there is a message here that resonates with his full-on schedule at CHH. "It just shows our team we can cope with a heavy workload and still have time to give to the community." Strengthen ICT engagement with the business Paul Nickels, partner, business assurance, PricewaterhouseCoopers NZ Everything is up for review and challenged constantly. This is the "new normal" for today's enterprises, says Paul Nickels, partner, business assurance at PricewaterhouseCoopers New Zealand. Nickels is referring to the McKinsey Report on the restructuring of the economic order and the constant change that lies ahead for everyone.So what will this mean for CIOs? "Get out of their office, connect more with their peers in the business, understand what is going to drive that change," says Nickels. The CIO's task now is to consider how, "they will engage more with the business," he says, and "how do they become a business partner and what areas of value do they see that they can add with their ideas."He says pressure is being placed on CIOs, and all parts of the organisation, as enterprises look at the value of operations and where they might drive costs down.So these types of engagement are important in the coming 12 months. CIOs have to be engaged in those upfront discussions on business strategy, he says. "The more they are engaged in those discussions, the better their ability to influence the direction and the better their ability to really execute what the organisation requires."There is, he points out, always a "strong healthy tension between IT and the business" that some call business alignment. This is manifested in CIOs whose portfolios have expanded to areas outside ICT. "I can think of a handful or organisations now where the CIO is part of the change agent group of the organisation, they are involved in all of the big projects."This is the space Nickels says CIOs should be working on in the next 12 months. It starts with having a bond with business peers. "There has got to be a level of respect for each other's disciplines," says Nickels. "You have got to understand the strengths of the parties and what they will bring."He says CIOs who have achieved this have made time for themselves and their teams to connect within the organisation. They are able to answers questions in regards to their IT spend, benchmarking and cost of service.He says PwC works with CIOs to create a "story board" discussion with their peers. The process enables CIOs to articulate their views on key questions such as, "What is going on in technology at this point in time and what is your plan and what do you plan to do? What has been in your agenda in the last period of time? Where are your areas of focus?"With a CIO's busy schedule, "there is often no time for self reflection". But Nickels says this exercise is important, and CIOs should be able to articulate these points to the business. CIOs who have already reached this stage can then take a closer look at the business model, and see where they can add value. "They need to be braver in experimentation, try new things, and be a little bit more agile."Those who have achieved this have the respect of their peers and their teams have a very commercial view and understanding of the business. "They know where the pain points are. They will be on top of those, and are in a position to offer alternatives and solutions."Throw out the old rules Peter Macaulay, principal, end user practice, IDC New ZealandThis will be a year of frustrating shifts and crazy trends, says Peter Macaulay, principal, end user practice at IDC New Zealand. "Most of the issues we have been grappling with will continue to demand attention, and in some cases evolve into fearsome monsters. Many will mellow and some will fade away," says Macaulay.Of these diverse issues, he picks up three fundamental shifts CIOs will be forced to adjust to -- mobility going "mad", CIOs being "kidnapped" by social networking and the CIO career path demanding attention."The evolution of the CIO into a more effective strategist will increase the risk/benefit spread in the ways that these shifts are addressed," he says.His views were shaped by his discussions with senior CIOs and industry visionaries, and the following IDC New Zealand ICT Top 10 Predictions 2010 (see IDCresearch.co.nz):

From an understood recession to an unknown future: Continued prudence amongst increased opportunities for 2010.

Consolidated buying to become the new government savings plan.

Deconstruction and reconstruction of the ICT industry for growth.

Use of ICT will become critical to CO2 reduction strategies.

The government's ultra-fast broadband initiative will need to be restructured.

Fibre for schools policy will put the use of ICT in education under the spotlight.

Technologies facilitating customer care and retention strategies will receive VIP treatment.

Mobility will enter a new growth curve.

The adoption of cloud computing will take baby steps amongst trophy wins.

2010 will see an increasing number of "managed business outcomes" contracts.

Macaulay says at least four of these predictions will contribute to the rapid shift of ICT to the edges of the business. He elaborates on three of these:Mobility goes mad: "We will see an increased number of personally owned devices with no employer control over brand, model or operating system," says Macaulay. "Just deliver the apps to my Inokberrydroid!"He says higher bandwidth and more capability will ensure that more than 60 percent of applications can be held in one hand. He points out security across diverse devices and platforms is already a headache. Vendors will deliver solutions, but for some external security will be deemed to be the responsibility of the device owner. He points out another trend, "The Disaster Recovery Manual could become two words -- 'Go home'."In many organisations, the decision has been made to pay for staff to provide their own personal computing devices. Often this is used to drive some standardisation. As this trend strengthens, organisations' ICT security and application delivery will become agnostic to operating system and brand. Moving into the cloud eases this issue as the responsibility for these components falls to the cloud application vendor. Says Macaulay, "As cloud applications are deployed the approach to transition becomes more mature, and is frequently easier than a traditional Windows major version upgrade."CIOs are kidnapped by social networking: It has happened, says Macaulay, as he points to the Queenstown Police running its own useful Facebook page (see http://www.facebook.com/pages/Queenstown-Police/36732244172?ref=ts)Enterprises use Trade Me to dispose plant and equipment, and for low volume procurement."The real business collaboration we have been muttering about for 15 years is being delivered out there," he says. "We need to get it in here and quickly for our customers [internal and external]. If we can't deliver, they will, using the tools they are already familiar with."The next demand, he says, is to use the same login and password and configuration tools they use everywhere else. "The shift in security and systems administration will initially be a complex matter, but will become clean and simple by the end of the year."The CIO career path demands our attention: "We need to identify the technical and strategy track leaders and provide the environment and tools to develop their skills. With the NZ Computer Society at last offering some useful qualifications, we have a wrapper to put around our training/mentoring/experience framework.""This year we will see several initiatives which will need CIO guidance to support these tracks," says Macaulay. "We must realign structure and offer better motivation to ensure we retain and develop leadership skills in both tracks while delivering real innovation and fresh thinking."2010 will pose a number of threats for the traditional Kiwi CIO yet an amazing opportunity for those willing to take risks, throw out the old rules and push more decisions out to the business units."Prepare for the new wave of business apps Sam Higgins, research director, LonghausIn discussing the key technology trends CIOs should keep an eye on, Sam Higgins, research director at Longhaus, interestingly starts his discussion on a topic many executives have put on the back burner during the economic crunch -- green ICT."What we saw last year is probably how it should have been -- green ICT is really just part of an overall business strategy, and so CIOs should really engage more broadly on that topic," says Higgins.The green ICT issue came out almost too late in the economic cycle, says Higgins. "The hardware refresh cycle peaked in 2007 according to our Technology Index. The fact that green was a hot topic in 2008 was almost a bit late. A lot of the people have already made their investments."But green technology does not always involve new and massive investments. Higgins notes that at the height of the focus on sustainability, a lot of the strategies cited were not particularly new. "Sustainability is almost a principle -- you should always be green," he says. There is, however, one thing that discussions on sustainability do not typically address -- that of rationalising business applications."CIOs have rationalised to less hardware, but they have not removed duplication within the application portfolio and that is not sustainable either," says Higgins. "You can't sustain multiple applications doing the same function in a business, so sustainability is as relevant in the business application portfolio as it is within the technology layer. CIOs should be looking at their application portfolio and asking the hard questions about what is their plan for renewal for business applications."An area that is also on the CIO radar is the increasing integration of business intelligence to what he calls "the information driven experience"."The modern application is a business intelligence-driven environment. It is information centric rather than process or transaction centric." He cites the case of an immigration case worker. In an information centric environment, the first screen will tell the worker how many applications are in the pipeline, whether there are applications that need to be picked up, or whether the department or business unit is meeting its service levels. For the worker, this means, "I know the context in which I am working, and I have data about the work that we are trying to achieve rather than a list of transactions or being given a hard copy file."He says the consolidation of business intelligence vendors in recent years was not just a competitive move to gain market share in BI. "What is actually happening inside a lot of those business application vendors, is the integration of business intelligence into the front end of the business application. "The information-centric experience is one CIOs need to learn more about because the applications [vendors like] Oracle, IBM and SAP are building today to roll out in the next three to five years will be in that flavour." An area for CIOs' attention is the "as a service" space. This includes infrastructure as a service, software as a service and platform as a service. "What CIOs should do is look for tactical opportunities to evaluate particular workloads and move workloads to the cloud."A migration to "as a service" is done by understanding what the workloads are and what tasks can be done in the cloud. "A lot of organisations are thinking of moving developing and testing in to the cloud. All the big platform vendors are offering those sorts of workloads," he says.This way, CIOs can learn about the business model with the cloud. "It is a great start because it is something the CIO can do in his own backyard and not upset the business. But it also has a direct impact on the business, because the CIO can reduce the time to make changes to the applications," says Higgins.He says people can then start to look at other areas of moving to the cloud like document management, portfolio management and business intelligence. "Anything that is spiky, that ramps up and then ramps down are all good workloads to start with," he says. "A good example I use is when there is a disaster relief. That is the situation where you need to get things up and running quickly."Cut IT 'MOOSE' costsTim Sheedy, senior analyst, Forrester"The CIO is at a point of exasperation about the terms and conditions dictated to them by vendors for the past 25 to 35 years. And they are looking at how do they take back control of the IT spending," says Tim Sheedy, senior analyst, Forrester.Sheedy says emerging sourcing and engagement models are providing a range of options for CIOs to do this. He cites at least three ways for enterprises to cut their IT MOOSE cost, otherwise known as spending to maintain and operate the organisation, systems and equipment.First stop is the cloud. "I believe the cloud has great technology delivery capabilities, as it is also about giving the control back to the CIO and back to the IT organisation, and giving them the buying power," he says. Sheedy does not see a wholesale shift towards the cloud in 2010. But he recommends: "Any CIO who is concerned about their operational spend should at least be piloting some cloud solutions within their business."He says the "real wins" from operational MOOSE are around virtualisation. "I think we are going to see virtualisation move beyond servers towards storage and the desktop in 2010. Some advanced CIOs would start to consider virtualising their desktop environments more so than they already do."Lean software, on the other hand, is basically just software that is fit for purpose and does the job it is required to do. "Typically you buy per component or per capability, so effectively it is suggesting a shift away from the big heavy application suite towards software that just does the job," says Sheedy. This shift in buying behaviours toward a more component-based [solution], as opposed to the suite solution, has been observed in North America and is starting to happen in New Zealand and Australia, he says.Lean software and software as a service (SaaS) go hand in hand, he says. "The idea of lean software means that you need to start looking at different types of ways of delivering and licensing software, and SaaS will become one of the ways that you could consider that."Another model CIOs should look at is managed outcome pricing for projects. Sheedy says in IT and business in general, the focus on contracts for projects is on price, at the risk of damaging the outcome. "You see projects delivering to original scope even though the business requirements have changed and business requirements change daily, weekly monthly, annually. So change is something that needs to be built into your contracts with your services provider," says Sheedy."With a fixed price engagement, you end up in either scope creep hell or you end up getting legal people, or paying extra charges within the contract." For instance, if the project is about decreasing customer churn, this should be the KPI for the service provider. "This model will typically cost more, but you get what you want out of it," says Sheedy. "You get what you want; you get what the business needs."There is incentive there for the service provider to ensure they continue to change the project as the business requirements change, to make sure they meet the final goal of reducing the customer churn.Big projects require a lot of cultural change, he says. "It is not just the IT bits they will deliver [but] the IT capabilities. But you have not made them responsible for driving cultural change. Whereas, if you're concerned about the business outcomes and that provider is also motivated in the same direction, then they will start to be concerned about the cultural change issues."Become the employer of choiceOwen McCall, chief information officer, The Warehouse GroupOwen McCall says when the economy turns around for the better, people will start looking for new jobs. And this has implications for business teams -- both positive and otherwise.Because job security has been "appalling" in the past year, "there have probably been a number of people who have stayed in jobs who have quite liked to leave." But they either couldn't or wouldn't risk making a move. "The positive aspect is when you have unengaged people, they may actually move on and find a job they like to do, and that is good," says McCall.Yet, as McCall points out, there is a downside to this because "you have talented and experienced and knowledgeable people in your business leaving".So what is a CIO to do? "If you haven't already done it, you need to start to build a culture that people want to work with so you can become an employer of choice," says McCall. This means, building a "highly engaged work environment"."It is really about a combination of being truly committed to a person's development. If a person sees that they are being developed, that sends all sorts of signals that they are being valued."He says this does not mean "throwing them on a whole bunch of courses, but really understanding who the people are and working from their strengths so they know where they want to go.""I'm not saying our model is perfect," says McCall. "So we are very focused on that development process on trying to understand people's strengths and aspirations and working on their strengths."The second important thing is recognising what staff actually do. "People won't necessarily admit it openly, but most people would like to be recognised and told that they did a good job.""We actively encourage a process of recognising and acknowledging your peers and the people who work with you, so we strive to get that right, we try to get that positive reinforcement culture," says McCall.At the Warehouse, he says, people can fill in recognition cards ("like little postcards") about a positive work of a peer or colleague. Within the IS team, Owen holds a monthly meeting with a morning tea and gets recognition notices from the rest of the business for the IT team. The Warehouse group also hands out a monthly award for a team that has done something notable. McCall says often it is project-related, but oftentimes it is also about operational improvement projects. He is proud to say the IT support office "has a very good track record" of getting these awards in the past two years. In discussions with his CIO colleagues, McCall says they have similar challenges on employee engagement, and some of them use the same tools and engagement surveys. A good way to start is to get feedback from staff, says McCall. But he has one caveat for CIOs who start this programme. "If you ask them and don't follow through, you are likely to cause more damage than if you never asked them in the first place."Gather more CIO successesRussell Jones, chief operations officer, ASB GroupRussell Jones, chief operations officer, ASB Group, is clear about what CIOs should strive to be better at. Foremost among these are customer engagement and people management. "It is about knowing your customers, service levels and management to support that," he says. "You need to recognise you are providing services to customers and you're providing those services through the efforts of the staff, the teams that work with you and the suppliers that support those teams. You have to have the appropriate levels of and understanding around customers and engaging with customers and providing those services," says Jones. "You can't go and buy a piece of hardware and get success. You have got to have the components and you have got to have the people to make components work. It is the people that are the biggest lever; they are the most important part.Vendor management is another important skill set. Jones notes it is unusual for a business today to do everything by itself, as a lot of the time they are using and working with third parties. "You need the ability to have good relationships [along with] good specifications and requirements, and to make suppliers work within your ecosystem as part of your team." Jones became chief of operations last year moving from the head of group technology position at the bank. "They are both about providing good quality, cost effective services in a systematic and well managed way to a set of customers within agreed service levels, and within agreed service levels and commitment."My role now is really about providing technology and back office support services to the rest of the bank," explains Jones. "Our customers are other parts of the ASB group and we need to provide services to them." The shift, he explains, came as the bank's new chief executive implemented a new management agenda, moving to a "value chain model as opposed to an organisation model of standalone business units".In a banking environment, he says, there is a need to understand risk management. "You need to be aware of good risk management practices, you need to have operational risk practices in place and you need to be able to organise around that and hold people accountable for that and have world-class practices in place."Speaking from the perspective of a head of technology branching into other areas of the enterprise, he says it is important to have "strategic agility"."If you only understand technology, then you are going to battle broadening your horizon. So it is better to have some kind of strategic agility. You can apply the same thinking to other [areas] than technology."Follow CIO New Zealand on Twitter @cio_n

Priced at $170 (as of March 15, 2010), the no-frills, lightweight Aluratek Libre Pro e-reader is a refreshing surprise. Dismissing the Libre Pro as just another e-reader in a sea of clones would be easy, but this device handles better than most--and it sports a bargain price, too.

The e-reader universe is evolving at a breakneck pace, and one thing that remains yet to be determined is what defines an e-reader. In the beginning, we saw models with electronic-paper screens; now in the mix are tablets with LCDs, as well as dual-screen electronic-paper and LCD products.

Another variant is the screen technology Aluratek employs here: The company uses a monochrome, non-backlit, 5-inch Toshiba LCD screen intended to achieve a result that, like electronic paper, is comfortable to read and kind to the battery. In practice, the Libre Pro's display succeeds in the former but not the latter. Though the display is small compared with that of a Barnes and Noble Nook or an Amazon Kindle 2, I found it very easy on my eyes for long reading engagements. Regrettably, when I tried the Libre Pro for a three-day weekend of mixed use and standby mode, the battery failed to last without needing a charge (Aluratek says the device will last for up to 24 hours of continuous reading, and 30 days standby time). The display has a greenish-gold coloration, much as monochrome screens of yesteryear had; it isn't quite as effective for the text to stand out, but it was tame enough to keep my eyes from tiring.

I found the Libre Pro intuitive and fast to use, and its construction was noticeably smooth. It weighs just 7 ounces, which makes it a joy to hold in one or both hands. All of the unit's buttons are soft to the touch and finger-friendly. That's unusual on e-readers: Many, such as the Interead Cool-ER, suffer from dreadfully stiff and hard-to-press controls.

Along the right side of the display sits a vertical set of buttons that work for cell-phone-keypad-like text and numeric input, as well as for selecting which option you want on screen. The effect is similar to--but more elegant than--the kludgy scrollwheel on the original Amazon Kindle. Along the left is an unusual slider bar for moving pages forward and back.

Beneath the screen, to the right, is a five-way navigation pad, neatly surrounded by four handy buttons for switching orientation, options (including jumping to a specific page in the book, by using the numbers alongside the screen), three choices for text magnification, and return. At left are the page-forward and page-back buttons, the former larger than the latter. These buttons are well situated for turning pages with your left hand, if you hold the device in your left hand or both hands; alternatively, if you hold the e-reader along its side in your left hand, you can easily press the buttons with your right hand.

The Libre Pro has an SDHC card slot and supports cards up to 32GB. You can load a variety of file formats, including text, Adobe ePub, PDF, FB2, MOBI, PRC, and RTF. You can download books manually or buy books from ePub-compatible stores (Aluratek is partnered with eBooks.com and Kobo). The device comes with 100 classics preinstalled--a nice way to get the ball rolling.

At the bottom of the Libre Pro are the power button (which is a little tough to press), the headphone jack, and a hand-strap loop. At the top, under a rubberized flap, are the SD slot and the mini-USB port; the flap feels sturdy, though I wish it didn't cover the USB port as well.

Although the Libre Pro lacks the Wi-Fi or 3G connectivity of some fancier e-readers, it keeps things basic and to the point. This little e-reader is a pleasure to use, and it can be a reasonable alternative to more costly, connected e-readers.

One of the things I love most about Firefox is its built-in spell checker, which displays a squiggly red line under misspelled words typed into Web forms, Google Docs, and most other data-entry areas.

However, like most spell-checkers, it constantly flags my last name. And various brand and product names it doesn't recognize. Depending on what I'm writing, I can end up with one seriously squiggly-heavy document.

Thankfully, it's a cinch to add unrecognized words to Firefox's dictionary. That way, it won't pester you by flagging words you know are spelling correctly. (Of course, it will flag them if they're spelled incorrectly.)

Just right-click any mispelled word, and then choose Add to Dictionary. Complicated, huh?

Now, if you accidentally add a misspelled word to Firefox's dictionary (hey, it happens to the best of us), you can take it out by manually editing the dictionary file. Lifehacker explains how.

A networking error has caused computers in Chile and the U.S. to come under the control of the Great Firewall of China, redirecting Facebook, Twitter, and YouTube users to Chinese servers.

Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.

The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com -- all of which have been blocked in China -- were being redirected to bogus addresses.

It is unclear how widespread the problem is. Ereche reported getting the bogus information from three network access points in Chile, and one in California, but on Thursday he said that the problem was no longer popping up. "The traces show us that we're not hitting the server in China," he wrote in a discussion group post.

This issue occurred because, for some reason, at least one outside ISP directed DNS requests to a root server based in China, networking experts say. This is something that service providers outside of China should not do because it allows China's censored network to "leak" outside of the country.

Researchers have long known that China has changed DNS routing information to redirect users of censored services to government-run servers instead of sites such as Facebook and Twitter. But this is the first public disclosure that those routes have leaked outside of China, according to Rodney Joffe, a senior technologist with DNS services company Neustar. "All of a sudden, the consequences are that people outside China may be subverted or redirected to servers inside China," he said.

By using a China-based root server, ISPs are essentially giving China a way to control all of their users' traffic over the network. That could mean big security problems for people whose network accepted the leaked routes, Joffe said.

The ISP that used the bad routes probably misconfigured its BGP (Border Gateway Protocol) system, used to route information on the Internet, according to Danny McPherson, chief security officer with Arbor Networks. "I don't think it was done intentionally, " he said. "This is an example of how easy it is for this information to be contaminated or corrupted or leaked out beyond the boundaries of what it was supposed to be."

In February 2008, BGP information from Pakistan -- which had just blocked YouTube -- was shared internationally, effectively knocking Google's video site offline for millions of users.

In an e-mail message, Netnod CEO Kurt Erik Lindqvist said his company is not hosting the bad routes on its server. They were most likely changed by machines somewhere on the Chinese network, McPherson said.

The incident shows that BGP remains a major weak link in the Internet, Joffe said. "It's really disconcerting form a security point of view and from a privacy point of view."

This is the first time that this type of behavior has been made public, but it has apparently been going on for some time. In a discussion group post on Wednesday, Nominet Researcher Roy Arends said that he has been studying this issue for a year.

Arends has compiled a list of 20 domain names that will trigger the kind of bad results, reported by Ereche. Arends is keeping the names of those domains secret, but he did publish some of his data in his discussion post.

"I wanted to keep this internal, however, the cat is out of the bag now," Arends wrote.

General Motors Corp.'s vision of the city driving future includes entails two-wheeled, two-seater electric cars that can automatically navigate through traffic while connecting passengers to their favorite social networks.

A concept car, dubbed Electric Networked-Vehicle or EN-V and showed off in Shanghai by the automaker yesterday, tops out at 25 miles per hour and uses Global Positioning System (GPS) technology and vehicle-to-vehicle communications to find the least congested and fastest routes. The vehicle can be run manually or driver-less, according to GM.

The company said it hopes such vehicles will be populating city streets by 2030.

"EN-V reinvents the automobile by creating a new vehicle DNA through the convergence of electrification and connectivity," said Kevin Wale, president of the GM China Group, in a statement. "It provides an ideal solution for urban mobility that enables future driving to be free from petroleum and emissions, free from congestion and accidents, and more fun and fashionable than ever before."

Automakers and academic researchers have been spending a lot of time coming up with ideas to make cars more energy efficient, safer, easier to drive and easier to maneuver through crowded city streets.

GM said it worked with Segway Inc., developer of a personal transportation vehicle, to develop the EN-V vehicle. Segway helped the auto maker develop a drivetrain platform and stabilizing technology for the concept car.

The EN-V is propelled by lithium-ion battery-powered electric motors installed in both of its wheels, according to GM. The motors can be recharged from a normal wall outlet and can travel nearly 25 miles on a single charge, the company said.

The five-foot long concept car weighs some 1,100 pounds, compared to today's average automobile's length of 15 feet and weight of more than 3,300 pounds.

GM calculates that five EN-Vs can fit into one of today's traditional parking spaces.

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld . Follow Lucas on Twitter at @lucasmearian , or subscribe to Lucas's RSS feed . His e-mail address is lmearian@computerworld.com .

Read more about development in Computerworld's Development Knowledge Center.

A $149 e-reader device was announced Wednesday by Kobo of Toronto during the CTIA show, although the company's chief executive said he recognizes how crowded the e-reader device market has already become.

"When I came to CES in 2009, there were two e-reader companies, and when I returned to CES earlier this year, the number of e-reader companies had grown to 160," said Michael Serbinis, CEO of Kobo, in an interview. Kobo is an anagram of "book," he explained.

Clearly, not all those e-readers will pass muster, and already some makers of e-readers that use black-and-white e-Ink are talking about adding color to their displays to keep up with color tablet computers that will support e-books , including the iPad .

Serbinis said part of the reason Kobo will be able to compete in a crowded market is because of its low price and because the e-book market will grow faster than some forecasters predict. Amazon's Kindle 2, for example, sells for $259, which is $110 more than the Kobo.

While many forecasts show that e-books will take up only 3% of the total market for books in five years, Serbinis said he has talked to several major book publishers who think that number will be closer to 25% in five years.

"The demand for e-books has recently accelerated tremendously," he said.

Another reason Kobo expects to do well is because it just announced a standard e-reading application called "Powered by Kobo" that will be used in an array of e-readers to be launched this year. Kobo already has provided e-reading applications for the iPhone, BlackBerry, Palm Pre and Android smartphones, and will have one for the upcoming iPad .

"Consumers want choice and the freedom to read on any device," Serbinis said.

The Kobo eReader will sell for $149 through Borders bookstores in the U.S. this summer, and will come pre-loaded with 100 classic books. Barnes & Noble, a larger competitor to Borders, began offering its Nook device late in the fall and is planning to offer an application to support the iPad , as will Amazon.com's Kindle e-reader .

Unlike some e-readers that connect to a wide area wireless network to download books, the Kobo device can connect to select smartphones through Bluetooth or will update with a USB cord connected to a desktop or laptop computer. While its size is similar to some other e-readers, it has an unusual D-pad navigation button for moving a cursor and making selections, similar to D-pads used on some cell phones. In addition, side buttons are provided for home, menu, back and display. It weighs 200 grams and is 184 x 120 x 10 mm in size (7.2 in. by 4.7 in. by .4 in). It also has 1GB of memory that can hold about 1,000 books.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld . Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed . His e-mail address is mhamblen@computerworld.com .

Read more about mobile and wireless in Computerworld's Mobile and Wireless Knowledge Center.

When is a wireless router not just a wireless router? Belkin's answer: When it's a total pain. That's why it introduced four new 802.11n Wi-Fi routers, ranging from $50 to $130, that come with a set of applications designed to help you use your wireless network for backing up, playing music and movies, setting up file transfers, and speeding up important Internet traffic without having to muck around in arcane menus

The new routers, called Surf ($50), Share ($80), Play ($100), and Play Max ($130) all include support for VPN passthrough, Wi-Fi Protected Setup, and pre-configured wireless security. Share and Play each have a USB port for hard drives or printers, while Play Max has two, and Play and Play Max both support 802.11n Dual Band (using both the 2.4GHz and 5GHz frequency spectrum for faster transfers and more bandwidth). Finally, only the high-end Play Max includes Gigabit Ethernet ports and UPnP server functionality.

Likewise, the new apps are distributed across the model line. Surf only includes the Self Healing app, which will automatically resolve certain network problems and run maintenance scans to help make your network more reliable. Moving up to the Share will get you Memory Safe (a network backup app) and Print Genie (a wireless printing app).

Play adds a set of music-related apps--Music Mover lets you play music from an external hard drive to your Xbox 360 or PS3, Music Labeler will identify and label your music, and Daily DJ will generate playlists based on three selectable "moods" (High Energy, Steady Groove, and Kick Back).

Shelling out for the Play Max, however, gets you Torrent Genie, which lets you download large files without leaving your computer on, and Bit Boost, an app that lets you prioritize your gaming/video/VoIP traffic as appropriate.

For more information on the Surf, Share, Play, and Play Max, check out Belkin's Web site--and stay tuned for further coverage. Also, check out our reviews of their home powerline networking and wireless networking equipment.

Microsoft introduced new features to its Bing search engine Thursday including Quick Tabs, an Answer box, and new mapping tools powered by Foursquare to deliver real-time data embedded in maps. Bing says the move represents a further departure from Google-style listing of search results and one toward what it calls a "decision engine" where Bing can intuitively deliver exactly the price, link, score, or weather forecast you are looking for.

The most striking changes to the Bing search results page is the removal of the Explorer navigation pane on the left-hand side of the Bing search results - replaced by the introduction of Quick Tabs (which are related to search queries). Another big change is the delivery of an Answer box that include a combination of reference data, most popular results, and real-time information culled from pricing engines, weather sites, and news sources.

The changes do not represent the introduction of new under-the-hood search technology. Rather, Bing representatives say, it is re-jiggering the way search results are delivered - hopefully in a more intuitive way. Bing says it will roll out all the new features in the coming month with only a small percentage of users seeing updates this week.

Quick Tabs

Microsoft wants to play around with the location of Quick Tabs, which provide fast access to subcategories of search such as news, events and weather. In its current state, Bing puts these categories in a sidebar to the left, but screenshots of the new format show the tabs on top of your basic search results. I think the success of this feature will depend on how quickly the user can toggle between tabs, and whether the search page they're on in one tab is preserved if they temporary move to another.

More Real-Time Search

Bing inked some major deals with Facebook and Twitter in October, and now we'll start seeing some new features with real-time search results. One of the things Bing will do is show the most popular shared links from news Web sites, such as the New York Times, but Microsoft provides no other examples. Hopefully, there are more.

Foursquare Meets Bing Maps

We got acquainted with Bing Map Apps in December, when Microsoft introduced a bunch of new mapping features in beta. Now, Bing's jumping into the location-based craze with an app for Foursquare, a social game based on visiting real-world places. Turning on the Foursquare Map App shows you who has unlocked specific badgets, and where people have become "mayor" of certain locations. Even if you don't play Foursquare, Microsoft says the app can be used like an "interactive day planner" that tells you what's popular in an unfamiliar city.

The board of directors at Mobile Telecommunications Company, also known as Zain, completed the due diligence process on Wednesday for Bharti Airtel's proposed acquisition of its African operations.

The parties are finalizing definitive agreements, which are expected to be signed in the coming days, Zain of Kuwait said in a statement on Thursday. After signing, the parties will move towards getting any required approvals, it added.

The sale of Zain Africa BV does not include Zain's operations in Sudan or its investment in Morocco, the company said.

Bharti Airtel, India's largest mobile carrier, said last month that it was in exclusive discussions to buy the African operations of Zain, in a deal with an enterprise value of US$10.7 billion. The period for exclusive discussions ends Thursday.

The bid for Zain's operations came after Bharti Airtel failed twice to arrive at an agreement with MTN Group in South Africa. That plan was rejected by the South African government, which wanted to maintain MTN's separate identity.

Bharti Airtel earlier this week said it had tied up the entire financing of $8.3 billion needed for the proposed acquisition of Zain Africa.

The expansion into Africa, where less than 50 percent of the people have mobile phones, presents a good growth opportunity for Bharti Airtel, according to analysts. The Indian market is already saturated with far too many players, and average revenue per user is falling as a result of a tariff war, they added.

In Africa, Zain offers telecommunications services in Burkina Faso, Chad, Democratic Republic of the Congo, Republic of the Congo, Gabon, Ghana, Kenya, Madagascar, Malawi, Niger, Nigeria, Sierra Leone, Tanzania, Uganda and Zambia, according to the company's Web site.

By expanding its business outside the country, Bharti Airtel will also gain the economies of scale needed to become more cost-efficient, Kamlesh Bhatia, a principal research analyst at Gartner, said in February.

While Africa provides a tremendous growth opportunity, analysts agree, entering 13 countries with different market dynamics in one go will create a number of challenges. The company will have to build up brand equity characterized by reliability very quickly. The company will also have to show itself to be innovative as well, in order to be able to compete favorably with other regional operators.

Bharti Airtel is acquiring Zain Africa operations at a time when the company is facing network problems and accusations of lack of transparency in the billing system, so the new owners will have to work hard to improve the network and its billing system.

"We expect the network to improve in a shortest possible time as Bharti Airtel is India's largest telecom operator with enough financial resource to make the change," said Edith Mwale, an analyst with the African Center for ICT Development.

In addition, Econet Wireless Holdings is still disputing control of Zain units in Nigeria, the company's largest single source of revenue in Africa. Econet Wireless CEO Strive Masiyiwa said last week that there has been no agreement or settlement in the dispute over its Nigerian operation.

Econet is seeking to overturn a 2006 deal in which Celtel bought a 65 percent stake in Vmobile, later renamed when it was sold to Zain. Econet, with a 5 percent stake in Zain Nigeria, said it was not consulted when Vmobile was sold to Zain. The case is still being arbitrated by the court of arbitration and until the process is completed, the Zain Nigeria operation transaction cannot be completed.

(Additional reporting by Michael Malakata in Zambia.)

After announcing that it would support Nintendo’s Wii this past January, Netflix has finally started shipping out instant streaming discs to lucky Wii owners.

E-mail alerts regarding the discs went out today, and Netflix subscribers will start receiving them as early as tomorrow. Just like with Netflix’s Playstation 3 instant streaming offering, subscribers need to request the disc at netflix.com/wii before it gets mailed out.

The Wii is the last gaming system to receive support for Netflix’s instant streaming service. Microsoft was the first to jump on the service for the Xbox 360 in July  2008, and that offering remains the best user interface for instant streaming on a console. PS3 users finally gained access to it in late 2009.

We don’t know much about what Netflix’s user interface will look like on the Wii, aside from what we can tell in the tiny screenshot above. It’ll likely have support for browsing with the Wii remote, and I’m hoping that there’s also some interesting gesture integration for browsing your Netflix queue. I’m also hoping that the interface is less clunky than the PS3’s instant streaming interface, which is often slow and a chore to use.

Unlike the Xbox 360 or PS3, the Wii won’t be able to play high-definition streaming content. That will have to be something reserved for a next-generation Wii console — something that many hope to see Nintendo announce soon.

Tags: instant streaming, Watch Instantly, wii

Companies: Netflix, nintendo

Oracle has adopted what amounts to an "all or nothing" hardware support policy, according to a document the vendor has posted on its Web site.

The policy, which went into effect March 16, states that "when acquiring technical support, all hardware systems must be supported (e.g., Oracle Premier Support for Systems or Oracle Premier Support for Operating Systems) or unsupported."

It includes all systems running Solaris version 10.9 or later, those running Enterprise Linux and Oracle VM, as well as "all hardware systems for which you have applied services received under a technical support contract for another hardware system (including sharing of updates, patches, fixes, security alerts, work-arounds, configuration/installation assistance or parts)."

Customers who don't purchase support for hardware systems aren't allowed to obtain "maintenance releases, patches, telephone assistance, or any other technical support services."

Machines that have reached the end of their useful life, or which are registered as "retired," are not affected by the policy.

The policy also lists costs that will incur in the event a customer's hardware support contract lapses for longer than 90 days, or if one was never originally purchased.

These systems must be determined "service ready" by Oracle, which requires customers to "acquire the Premier Support Qualification Service (at the then current fees) and meet all requirements set forth by the service team to obtain a qualification certificate for your hardware system."

A reinstatement charge also applies. The fee amounts to "150% of the last-paid support fee, or 150% of the list technical support price for the covered hardware system, prorated from the date technical support is being ordered back to the date technical support lapsed (or the hardware order date if technical support was never purchased)."

Customers also must buy the "Premier Support Qualification Service" when they want to move up from operating system support to Premier Support for Systems.

Citing time constraints due to Oracle's quarterly earnings report, which will be released Thursday, an Oracle spokeswoman said she could not immediately provide comment on the new policy. Pricing information for the support tiers was also not available Thursday.

Since Oracle moved to acquire Sun Microsystems, observers have speculated about how it will derive more revenue from the hardware business it gained, as hardware has lower profit margins than Oracle is used to making on software licenses and maintenance fees.

The hardware support policy is "an indication to us that Oracle is starting to inject its discipline in the Sun business," JMP Securities analyst Patrick Walravens said in a research note.

"Our view is that Oracle is likely to take a harder line in terms of enforcing its support policies than Sun did, particularly in the small to medium-sized business market," Walravens wrote. "Our checks suggest that some of these customers sometimes used patches from supported machines on unsupported machines."

SMBs might look to alternatives as a result, but Oracle's move may prove effective with bigger customers, Walravens added. "To avoid the hassle of registering each machine, larger accounts may increasingly move to site license arrangement. In the end, our checks suggest Oracle is focused on the higher-end customers who want support and are willing to pay for it on every machine."

Oracle is pushing a vision of soup-to-nuts systems spanning storage and servers to applications, saying the tight integration of all those components will pay big dividends for customers.

"The question is, can Oracle deliver such amazing performance by owning the [entire] stack that the big customers will want to stay with them?" Walravens said in an interview.

But enterprises are also looking for "a single point of accountability," instead of the finger-pointing that can occur over problems when multiple vendors are involved in a system, Walravens said.

Well, here we are, just a couple of days away from the deadline for cities and towns to make the pitch to Google as to why they should be selected to participate in the Google Fiber for Communities effort.

Google Fibre draws another bid

If you haven't heard about the project, the intention is to provide competitively priced fiber to the home much like Verizon's FIOS except at 1Gbps in both directions (FIOS currently supports 50Mbps downstream and 25Mbps upstream). Google's plan is to wire up something around 500,000 consumers, businesses and local governments in a select number of cities.

There's much speculation as to what Google's end game might be. The only theory I've heard that makes sense is that it will be a major political statement on net neutrality because the service will, of course, have no traffic shaping or service restrictions that some of the major ISPs quite obviously would love to have in their own networks.

Here in sunny Ventura, Calif., a classic Southern California beach town, a number of us geekier folks jumped on this project within a few hours of its Feb. 10 launch. Along with a handful of fellow geeky citizens, I immediately made my personal appeal and then started contacting everyone I know to get involved.

Ventura City staff was already on it and within a few days we had the first action committee meeting in the Ventura Ventures Technology Center (V2TC).

I must make a quick digression here to explain that V2TC is a high-tech incubator created by the city of Ventura and the Ventura Chamber of Commerce. As far as I know, Ventura Ventures is unique in being a venture fund formed by the city in partnership with a private fund, DFJ Frontier, to invest in local ventures.

Ventura Ventures and the incubator are already producing some interesting new companies, including Lottay, an online donation service, Geodelic, a location aware service that lists useful information about your current location, and a handful of stealth-mode start-ups.

Anyway, following the meeting, city staff developed a presentation for the city council session on the following Monday (Feb. 22). A number of us spoke and encouraged the council to support the initiative and so they did. The mayor noted that passing the motion at 07:32 p.m. made Ventura the first city in California to commit to responding to the Google Request For Information (the only city to beat Ventura to the punch in the whole U.S. was, so I understand, Philadelphia).

Since then there has been a huge amount of activity. Ventura now has a Google Profile, a Facebook presence, a Google Group, and a Twitter account.

Various groups and individuals have published videos on YouTube petitioning Google (you can see our mayor, Bill Fulton, pitching) and hundreds turned out with "Ventura [hearts] Google" signs at the St. Patrick's Day parade. The city's response is about to be sent in about, as of this writing, two days before the deadline.

Needless to say, when it comes to trying to seduce Google, Ventura has a lot of competition. But why would Ventura be an ideal choice? Well, the population is the right size (just over 106,000), it has an excellent existing fiber infrastructure which can be enhanced with minimal fuss and politics, and the public interest is enormous.

Whether Ventura gets Google Fiber or not, the whole response process has been a fantastic way to get citizens enthusiastic, engaged and motivated. Ventura is on its way to becoming a 21st Century city with a comprehensive online city presence and a thriving high-tech sector. Google Fiber would be the icing on an already well-baked cake.

Gibbs is happy to be in Ventura, Calif. Tell backspin@gibbs.com how much you'd like to be there.

Read more about lans and wans in Network World's LANs & WANs section.

The meeting was proceeding well. The client we were advising had assembled a team from across IT: systems, applications, network, storage… "Where is security?", we asked. "We didn't invite them – they just say no to everything and slow the meeting down. We'll pass the proposal by them later".

FBI details most difficult Internet scams

This was a classic case of the CSO having a reputation of being the CS-NO. If you're the kid who spits on everyone, eventually you are banned from the playground. Never mind that multiple studies show that the sooner you involve security, the more secure and cheaper the outcome.

If only this was the first or last time we heard this sentiment. Across the board, in some of the most important emerging transformational technologies, the security people are uninvited: virtualization, unified communications, social media etc.

Before we start heaping blame on the groups that uninvited security, the irresponsible people who are risking the security of the company, let's look a bit closer to home. There's a reason why the security people get uninvited – we often have our priorities upside down.

What is the priority of a chief security officer? Is it to secure the company, above all else? Absolutely not. A narrow focus on security above all else may perhaps be the prerogative of the security engineer, but at the C-level the priority as always running the business. The CSO's job is to enable the business by finding ways to say "yes" to innovation and "yes" to productivity while balancing the risk and reward of each decision. 

A good CSO needs to be able to say "yes, but…" and offer solutions that mitigate the risk of a new technology. For example: "Should we allow and even encourage the use of social media?", "CSO: Yes, but lets have some acceptable use policies and protect against web-based malware". It's a lot harder than just saying "No".

If security is seen as the barrier to innovation, then security will always lose. Every single time, business imperatives will override difficult-to-measure risks. Every time you say "no", you reduce the credibility and relevance of the security organization until you are left with none.

Of course, there are always circumstances where "no" is the right answer. But those circumstances are pretty rare and they are usually quite easy to support. The vast majority of CSO decisions should be about mitigating controls to enable innovation and productivity and should start with "Yes".

So let's practice, all together now: social media – YES, instant messaging – YES, mobile devices – YES, teleworkers – YES, collaboration – YES, virtualization and cloud – YES. Start with "yes" and then work out how to make it happen without unnecessary risk – That's the job of the CSO.

Read more about wide area network in Network World's Wide Area Network section.

The only researcher to "three-peat" at the Pwn2Own hacking contest said today that security is such a "broken record" that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software.

Instead Charlie Miller will show the vendors how to find the bugs themselves.

Miller, who yesterday exploited Safari on a MacBook Pro notebook running Snow Leopard to win $10,000 in the hacking challenge, said he's tired of the lack of progress in security . "We find a bug, they patch it," said Miller. "We find another bug, they patch it. That doesn't improve the security of the product. True, [the software] gets incrementally better, but they actually need to make big improvements. But I can't make them do that."

Using just a few lines of code, Miller crafted what he called a "dumb fuzzer," a tool that automatically searches for flaws in software by inserting data to see where the program fails. Fuzzing is a common technique used not only by outside researchers, but by developers to spot bugs before they release the software. Microsoft , for example, has long touted , and used, fuzzing as part of its Security Development Lifecycle (SDL), the term for its in-house process of baking security into products as they're created.

Miller's fuzzer quickly uncovered 20 vulnerabilities across a range of applications as well vulnerabilities in Apple 's Mac OS X 10.6, aka Snow Leopard, and its Safari browser. He also found the flaws in Microsoft's PowerPoint presentation maker; in Adobe's popular PDF viewer, Reader; and in OpenOffice.org, the open-source productivity suite.

Today, Miller was to take the floor at CanSecWest, the Vancouver, British Columbia-based security conference that also hosts Pwn2Own, to demonstrate how he found the vulnerabilities. He hoped Apple, Microsoft and other vendors would listen to what he has to say.

"People will criticize me and say I'm a bad guy for not handing over [the vulnerabilities], but it actually makes more sense to me to not tell them," Miller said. "What I can do is tell them how to find these bugs, and do what I did. That might get them to do more fuzzing." That, Miller maintained, would mean more secure software.

What really disappointed Miller was how easy it was to find these bugs. "Maybe some will say I'm bragging about finding the bugs, that I can kick ass, but I wasn't that smart. I did the trivial work and I still found bugs."

He went into the project figuring that he wouldn't find any vulnerabilities with the dumb fuzzer. "But I found bugs, lots of bugs. That was both surprising and disappointing." And it also made him ask why vendors like Microsoft, Apple and Adobe, which have teams of security engineers and scores of machines running fuzzers looking for flaws, hadn't found these bugs long ago.

One researcher with three computers shouldn't be able to do beat the efforts of entire teams, Miller argued. "It doesn't mean that they don't do [fuzzing], but that they don't do it very well."

By refusing to hand over technical information about the vulnerabilities he uncovered, Miller is betting that Microsoft, Apple and others will duplicate his work, and maybe, just maybe, be motivated to do better. "I think they'll feel some pressure to find these bugs," he said.

Miller used one of the flaws he found by dumb fuzzing yesterday to exploit Safari on a MacBook Pro, walking off with the notebook, $10,000 and a free trip to Las Vegas this summer to the DefCon hacking conference.

Miller also won cash prizes at Pwn2Own in 2008 and 2009, each time by exploiting a Safari vulnerability on the Mac.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Hacker mastermind Albert Gonzalez was sentenced Thursday in U.S. District Court to two concurrent 20-year stints in prison for his role in what prosecutors called the "unparalleled" theft of millions of credit card numbers from major U.S. retailers.

U.S. District Court Judge Patti B. Saris announced the concurrent sentences in two 2008 cases against Gonzalez, 28, a Cuban-American, who was born in Miami, where he lived when the crimes were committed.

Gonzalez and co-conspirators hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster's, among other online retail outlets, in one of the largest -- if not the largest -- cybercrime operations targeting that sort of data thus far. They then sold the numbers to other criminals. Gonzalez pleaded guilty to conspiracy charges in two cases related to those thefts last December and the following day entered a guilty plea in a third case involving hacking into computer networks of Heartland Payment Systems and the Hannaford Supermarkets and 7-Eleven chains. The Heartland hacking was particularly damaging because the company processes transactions for major credit and debit card companies Visa and American Express.

He is scheduled to be sentenced in the third case Friday in U.S. District Court for the District of Massachusetts. Gonzalez was indicted in New York, New Jersey and Massachusetts, with the cases eventually moved to the same federal court. Under terms of the plea deals, the U.S. Department of Justice agreed to seek sentences of no more than 25 concurrent years in prison in all three cases. After reviewing the cases following established sentencing guidelines that take into account various factors, including the effects of the crimes, the DOJ sought the maximum in two cases and 20 years in the other.

However, because the judge could decide to impose a lower sentence, defense attorney Martin Weinberg had argued that Gonzalez should be sentenced to 15 years for the two cases heard Thursday. While the government referred to the cases as "identity theft," they were instead thefts of data that did not involve stealing victims' identities to "invade their bank accounts, withdraw money, and ruin their credit," according to a court filing Monday in response to the DOJ's sentencing memorandum, which was filed last week.

Furthermore, Gonzalez "did not hack into government computer systems, he did not crash computer systems by spreading viruses or inundating them with spam, and he did not invade the privacy of individuals' computers to steal such data as passwords to compromise their financial life and invade their personal property," Weinberg wrote.

What's more, tens of millions of the stolen credit card accounts in the cases before Judge Saris Thursday "had expired and would therefore have no longer ... had credit limits at all," said the sentencing document.

The defense had further argued that Gonzalez was a substance-abusing, Internet addict with Asperger's syndrome -- a form of autism -- at the time of his crimes, so he should merit fewer years in prison. Also, one of the three unrelated cases cited by the DOJ in making its argument for longer sentences -- because there should be parity in sentencing similar crimes -- was much worse than what Gonzalez did, Weinberg said in the filing.

While noting that it sought sentences that would be "the longest ever imposed in an identity theft case and among the longest imposed for a financial crime," federal prosecutors said that sending Gonzalez to prison for that long is justified because he was "at the center of the largest and most costly series of identify thefts in the nation's history. He knowingly victimized a group of people whose population exceeded that of many major cities and some states -- certainly millions upon millions, perhaps tens of millions. He did so at the cost of hundreds of millions of dollars to businesses ranging from small banks and credit unions to Fortune 500 companies. And he did so while on pretrial release from an earlier federal case and while intentionally obstructing justice," the DOJ argued in its sentencing memorandum.

The full financial damage of the crimes committed by Gonzalez and his co-conspirators, who were in the U.S., Turkey and Russia, is difficult to assess. Weinberg argued in court filings that because Gonzalez and his cybercrime gang stole data that they then sold to others, the government's estimates far exceed the real total in damages, particularly given that many of the stolen credit and debit card numbers were expired.

The government countered that the potential for loss had to be taken into account, with the credit limits available on so many stolen numbers factored in. Additionally, in victim impact statements TJX said that the hacking cost it at least $171.5 million that has already been paid out or will be in the future, the DOJ noted. Heartland has said it lost almost $130 million. The company has agreed to multimillion dollar settlements with Visa and American Express for damages in the hacking thefts.

As for Gonzalez's mental health, a psychiatric evaluation performed for the prosecution countered an evaluation conducted for the defense, finding that while Gonzalez was indeed prone to abuse substances, that was no excuse for the crimes he committed, and that his role in the hacking suggests he does not have Asperger's, whose sufferers are not usually leaders. Furthermore, even if Gonzalez did spend enough time online to constitute Internet addiction, which is not a clinical diagnosis, the fact remains that he was engaged in cybercrime.

In perhaps the most bizarre and complicated twist, Gonzalez was "for a significant portion of the time ... (purportedly) assisting the Secret Service to investigate others," the DOJ said in its sentencing document, referring to a deal Gonzalez cut to avoid prison in a separate cybercrime case. "During this time, however, Gonzalez simultaneously was using sensitive investigative information he learned from the Secret Service to obstruct justice by ensuring that his co-conspirators escaped detection. ... Gonzalez even callously laundered tens of thousands of dollars in currency through his parents' line of credit, and stashed another $1.1 million in a hole in their backyard."

Gonzalez, who punctuated Internet messages with smiley faces when he was pleased to hear that the cybercrime ring was raking in huge sums of money selling stolen credit and debit card numbers, told one of the co-conspirators via ICQ that he wanted to make enough money to buy a yacht and retire from criminal activity. By the time he was arrested, Gonzalez had acquired a condominium in Miami, a 2006 BMW 330I, multiple computers, a Glock 27 gun and $1.65 million, all of which he forfeited as part of the plea agreement. That money was on top of more than $20,000 seized when he was arrested on May 7, 2008.

"Albert Gonzalez was motivated by ego, challenge and greed and was proud of the national attention his computer intrusions and data thefts drew," the DOJ said in its sentencing filing. "They drew that attention because they victimized more people than anyone had ever done before in this country, caused hundreds of millions of dollars in losses, and shook the public's trust in the security of credit and debit card transactions at some of the country's largest institutions.

"Gonzalez already has been given a second chance. He used that second chance not to straighten out his life, but to provide cover as committed ever more brash and destructive crimes."

Microsoft unveiled some interesting new features to it’s Bing search engine today at the Search Engine Strategies conference in New York City. While the new features are available to some, the company said the majority of users will see the roll-out happen over the next couple weeks.

The company continues its push to develop a true decision engine, one that tries to determine the searchers request and give responding results, rather than the traditional Google like search results. Bing will now host some appealing upgrades, including Quick Tabs, real-time search, and an integrated map with Foursquare.

To help the user find the most relevant information, Quick Tabs work to organize and arrange the most robust information upfront. A search on Boston, for example, provides upfront information on weather, attractions and flight deals (see image below). Recently signed deals with Twitter and Facebook, help to put more real-time information within search results. And, finally, a map integrated with Foursquare is available that when activated shows local check-in locations and their “mayors” — users who are most active at any one location.

Among the major search engines, Microsoft’s Bing continues to nibble its way up the charts according to recent research by comScore. The question that remains is will these new features continue to help Bing gain market share by pulling in users from other engines, or will they just be a few nice bells and whistles for current users.

Tags: Bing, search engines

Companies: comscore, Google, microsoft

You thought "Avatar" was long? James Cameron joked that his next movie may stretch to five hours.

Speaking on stage at the CTIA conference in Las Vegas, the filmmaker said that the only thing holding back the same kind of widespread piracy that decimated the music industry in the film industry is that it takes a long time to download high-quality copies of movies. He jokingly said that his strategy is to make longer and longer movies as a way to fight piracy.

Cameron sat on a panel discussion with Biz Stone, Twitter's founder, and Aneesh Chopra, the U.S. chief technology officer. They discussed a wide range of topics including ways that the use of Twitter on low-cost mobile phones leads to social change, the possibility of future phones displaying 3-D content and ways that the government can harness the latest technology trends.

"When a farmer in a rural village in a Third World nation can get the simplest of news over SMS, a weather report or whatever, it can have a dramatic impact," Stone said. "We're always excited that Twitter can work as effectively over SMS than over a fancy broadband connection in New York City."

He pointed to some situations where people have used Twitter to organize protests and report on governmental abuses. "The fact that we're allowing people to communicate with each other openly can have a positive and dramatic impact," he said. "You raise awareness halfway around the world and in doing so create a bit of empathy, and when you do that you have more of a sense of yourself as a global citizen. When you have that we're moving forward. That's what's exciting."

CNBC reporter Michelle Caruso-Cabrera, who moderated the conversation, said that in her coverage of Latin America she discovered one such instance of global empathy via Twitter. She said that she noticed a lot of sympathy between the people of Venezuela and Iran via their Twitter messages, she said.

She asked Stone if he thought Twitter has the power to topple an authoritarian regime. He laughed but said, "I think if you enable people to communicate, they're capable of anything."

He jokingly said that the future of Twitter is 3-D messages.

That might not be too far off if Cameron has his way. Following the buzz around 3-D televisions at the Consumer Electronics Show earlier this year, he said that laptops and mobile phones are next. One upside to doing 3-D on a screen as small as a cell phone is that a user doesn't have to wear glasses to see the 3-D special effects, he said.

While Cameron was joking when he said that he planned to make longer and longer movies, he did say that his move to 3-D was also designed as a way to fight piracy. "Our thing is, let's reinvigorate the cinema experience because you can't fight this," he said about piracy. If people have a reason to watch a movie in the theater, they will. But he also said that he learned something interesting with "Avatar." The movie became both the highest-grossing and also the most pirated film in history, meaning that people still wanted to watch it at home. "That means that people are discriminating between the two experiences and they want both," he said.

While Chopra didn't say much about how the government might use Twitter or 3-D, he did say that it is trying to figure out ways to use the latest technologies. There are grassroots ways that people use technologies like Twitter and then there are traditional tools of diplomacy used by governments. The Obama administration is looking at ways to marry the two, he said.

One example is a project that the U.S. is working on with Russia to establish a collaboration platform between the two governments, he said. The idea is "to enable more of this grassroots connectivity," he said.

Over the past few years, many companies have taken the first steps in setting up an IT Vendor Management Office (VMO), but many are still very much in the early stages of refining what exactly the role of the VMO is within the organization. And the definition of a VMO can vary widely across companies - ranging from a broad marketing term used to describe the process or a specific term used to refer to a dedicated group of staff who oversee and manage suppliers.

The Vendor Management Bible

The scope of the dedicated team's responsibilities also varies. In organizations where sourcing and purchasing teams are not actively involved throughout the life cycle or where there is a low level of process maturity, the VMO can take on a more holistic role. The VMO's responsibilities can span from RFP creation, vendor evaluation, negotiation, contract management, vendor relationship, to ongoing performance management.

When this is the case, Forrester's research has found that the VMO does not necessarily own the pre-contract steps but is a driving force behind promoting best practices, providing contract and negotiation templates, facilitating communication, and helping define the vendor key performance metrics. This is becoming particularly prevalent as companies realize it's nearly impossible to govern vendors effectively if they haven't included the appropriate terms and requirements into the selection and contracting - pushing VMOs to participate actively in these steps early on.

CIOs and other sourcing professionals charged with measuring the efficacy of their companies VMO offices should do the following:

• Provide guidance during the RFP creation project. One of the most important services a VMO can provide is high-quality guidance during RFP creation. By getting involved early on, the VMO can not only provide templates and best practices but also help bridge the requirements silos between multiple business units. Look to gather stakeholder feedback specifically on how well the VMO helps ensure consistency and transparency throughout the process, performs vendor risk assessment, brings industry research to bear to identify competitive candidates, identifies existing vendor relationship to leverage - all while not adding unnecessary cycle time to the sourcing event.

• Develop a more structured approach to negotiations. Companies that might have previously treated vendor negotiations as more of an art than a science are starting to appreciate the value a formal negotiation methodology can bring. And many of these companies are looking to the VMO for help. Have stakeholders assess how well the VMO enables a more formalized negotiation approach, leverages existing performance metrics for renegotiations, collaborates across finance and legal to put the right set of SLAs in place, and ultimately realizes vendor concessions that would not otherwise have been achieved.

• Help put better contracts in place. VMOs can also play a significant role in contract review and ongoing management. Initially, the VMO should be a source of templates that have been vetted and are written in favor of your company. Survey stakeholders on how effective but also flexible these contract templates are, as well as the VMO's contract review methodology itself. Once the contract is in place, look to gather feedback on how well the VMO is effectively monitoring key contracts for compliance issues and resolving conflicts with the vendors - again, while not adding unnecessary cycle time to the contract review and management process.

• Regularly evaluate relationship and performance management. By having a VMO own the negotiation and contract management process, business managers can report that their day-to-day working relationships with the vendors improves. Look to measure your own business leaders' perspectives on this, as well as how effective the VMO is on reporting potential performance issues in a consistent and transparent way, responding quickly to vendor questions, and ultimately driving out higher quality at a lower cost from suppliers. VMOs should also be measured on how well they improve key vendor relationships with initiatives like vendor recognition programs.

• Solicit feedback on VMO performance. To better understand stakeholder perception and actively solicit feedback during and after each sourcing event, Forrester recently assembled a 40-question survey (registration required) to measure the level of internal user satisfaction. Companies can use the entire survey if the VMO is involved throughout the sourcing life cycle or scale it back to include only post-contract activities as needed. Similarly, this survey can be used to gauge the performance of a broader sourcing group that has responsibility for the full life cycle. The key is the set of responsibilities, not the title of the group. In the early stages of VMO development look to roll out frequent feedback surveys and interviews. As the VMO matures, quarterly or even yearly should be sufficient.

Patrick Connaughton is a Senior Analyst at Forrester Research, where he serves Sourcing & Vendor Management professionals. To download a copy of the survey mentioned above, please visit www.forrester.com/ciovmosurvey.

Read more about business/management topics in CIO's Business/Management Topics Drilldown.