Industry News

On Thursday, Synology introduced the new DS410 DiskStation, a four-bay network attached storage device for workgroups and small businesses. The unit, which will retail for approximately for $500, is built on Synology's DiskStation Manager firmware, DSM 2.3, and offers impressive features such as encrypted file sharing, automatic backup to the cloud, desktop and network backup, multi-media streaming, surveillance, print server, multi-media server, email and web hosting and more.

Synology's new DSM 2.3 firmware looks to vastly improve the drive's interface and usability, two areas the DSM 2.2 firmware struggled with in our review of the Synology Disk Station DS409slim.

The DS410 DiskStation holds an impressive 8TB of storage in four hard drive bays. Synology's press release boasts of the DS410's eco-friendly features including a smart fan, hibernation software, and scheduled power on/off.

The Synology DS410 Diskstation also looks to be faster than its predecessor. "In the Synology labs, the DS410 test results show that when configured in RAID 5, the DS410 reaches 110 MB/Sec reading speeds and 54.9 MB/Sec writing speeds within a 1 Gigabit environment," says Frankin Hua, technical product specialist at Synology America Corp.

Out of the box, the drives can easily be configured to the RAID arrangement that the user desires. Synology's volume management software, called Synology Hybrid RAID (SHR), "makes it very easy for customers with little knowledge of RAID to grow their storage capacity by adding new disks or upsizing the capacity of disks while automatically optimizing the storage capacity."

The DS410 also offers the ability to back up to the cloud using the integrated Amazon S3 service utility. For those small businesses particularly worried about their data, Synology boasts of the ability to protect the critical data by keeping one copy off-site in the cloud.

Synology regularly builds products with small businesses in mind. Designed to be competitively priced and fulfill many needs for a small business or workgroup, the DS410 looks like a product to watch.

QUESTION I'm still using Microsoft Money 2005, but would like to transfer my accounts to a more substantial package. The trouble is, I can't find any programs compatible with the .mbx file extension.

Sage, Accountz, TAS, Mamut, MYOB and Quicken haven't been able to help. Microsoft Accounting states that you can import Money, yet Mamut (which now maintains this product) says otherwise. R Johnson

HELPROOM ANSWER Frustratingly, Microsoft has discontinued the UK versions of its accounting packages. With the market being joined by larger, more affordable products, the company may have decided that catering for the pound simply isn't as cost-effective as producing a euro version that could be used by customers in more than a dozen countries.

Fortunately, Microsoft Money can export files in the Quicken (.qif) format (Microsoft gives instructions on Microsoft Money export and import here). Packages compatible with Quicken are far easier to find, including Accountz, Sage and MYOB.

You may have to perform a few tweaks to the export file before importing it to another program, but there is plenty of advice on how to do so at the various accounting packages' help sites.

Light-emitting diodes (LEDs) may be backlighting your television and mobile phone screens, but they have yet to come to lamps and lighting systems for homes and businesses. Now, new technology is whittling down costs, making them a more practical choice. The latest advancement comes from LED maker Bridgelux, offering a new LED light for just $20.

This is a big drop from the previous price point of about $50, according to Birdgelux CEO Bill Watkins. That said, it’s still much higher than prices for incandescent and compact fluorescent bulbs, which range from $2 to $10 in cost.

That’s why the company plans to go after the retail and commercial markets first. Because they keep closer tabs on energy costs and savings than homeowners, businesses are more likely to see how much energy and money they stand to save by installing super efficient LEDs. Watkins said the energy savings alone pay for the lights in about two years.

“We’re really trying to enable our customers to embrace LEDs,” said Jason Posselt, vice president of marketing. “It’s all a question of how to hit a cost point that get’s people to transfer over.” The company sees itself as competing more with traditional lighting makers than other LED companies like Cree or Luminus Devices.

Price isn’t the only thing that makes the new light, called the Helieon, special. It also comes paired with a special socket, made by socket-specialist Molex, so that it can be easily removed from fixtures and replaced, just like a regular light bulb.

This is another leap ahead for the LED industry, which has been churning out fixtures with permanent LEDs built in. In those models, when you want to change one of the lights — because its burnt out or you want a different color or intensity — you have to tear out the whole fixture.

With LEDs rapidly becoming even more efficient, every day, being able to easily swap individual units out is increasingly vital.

“New arrays in February were 30 to 60 more efficient and 20 to 30 percent lower in cost,” Posselt said. “When the price hits $10, it will be an obvious buy for everybody. We’ve given them the flexibility to evolve as the technology evolves.”

The basic Helieon emits the same amount of light as a 60-watt incandescent bulb, but uses a tiny amount of energy to run it by comparison. It is also available in a variety of brightnesses, beam shapes (more focused or diffused), and colors — a cool office white or a warmer living room white, for example.

The light-socket pairing also comes in different sizes. Right now, the diameter of the socket is 80 millimeters, but a 50-millimeter version is forthcoming, as well as larger editions, well-suited to big warehouses or outdoor municipal illumination like street lights.

But you’re not going to see the light on Home Depot shelves just yet. Instead, in May, the company will start marketing its new light to luminaire makers — the architects, contractors and manufacturers that actually build lighting systems. Once it catches on among the people who actually install lighting in stores and offices, the company may start selling direct, Watkins said.

Bridgelux already has a roster of 200 luminaire maker clients but is actively looking for more.

LEDs have been in the news recently due to a shortage in the materials used to make them. Apparently, television and other screen makers have been gobbling them up for backlighting purposes. While Watkins emits the market is tighter than it has been, he says Bridgelux isn’t concerned about the shortage’s impact on its operations.

“Not a lot of these companies are using the LEDs used for bright lights. We’re the only company that’s 100 percent focused on general lighting applications,” he said. “So we don’t really care about TVs or Christmas lights.”

Rather than being concerned about the future, the company is looking ahead to a time when it can introduce more advanced functionality to its lighting systems. In the past, Watkins has said it would be possible to automate LEDs to turn on or off at certain times, or to track when people are present or not, to even further reduce energy costs. But this isn’t one of Bridgelux’s top goals for now.

“We are breaking through barriers: the first was getting a working light, now its about cost — after that we can start adding functionality like lighting controls and appearances,” Watkins said. “But the market isn’t there yet. The idea of having replacable lights is pretty revolutionary.”

Bridgelux also recently closed a funding round of $34.3 million, according to a filing with the SEC. Watkins says the new money came from existing investors, including Chrysalix Energy, VantagePoint Venture Partners and El Dorado Ventures, in addition to a few new undisclosed firms. The round will be used to grow business for the Helieon while continuing R&D to make LEDs more efficient.

The Heleion and Molex socket are currently being manufactured in the U.S., but these operations will probably be moved to China, Mexico or Malaysia.

Based in Livermore, Calif., Bridgelux has 138 employees.

Tags: LEDs

Companies: BridgeLux, Cree, Luminus Devices

People: Bill Watkins

QUESTION A little while ago I deleted my Windows PC user account and created a new one. I wrongly assumed that I'd still be able to access the files on the deleted account. Are they lost forever? Rob Mason

HELPROOM ANSWER When you delete a user profile you're invited to also delete its files and folders. If you can't remember agreeing to this, look in C:\users (where C is your main drive) for a folder containing documents from the old profile. If it's not there, it's been deleted.

All hope is not lost, however, and you may find that a free file-recovery utility such as Recuva can turn up your missing files. Use the 'Deep scan' option if the files have been missing for a while, but this will take some time to complete.

QUESTION My three-month-old Acer Aspire Z5610 all-in-one PC runs Microsoft Windows 7. I recently tried to install Apple iTunes, but AppleMobileDevice refuses to play ball. Acer blames Apple; Apple blames Acer. With my brand-new PC unable to run such a common application, I'm seriously considering returning it under the Sale of Goods Act. David Jackson

HELPROOM ANSWER The onus here is on Apple, not Acer, David. It's Apple's software that's failing to install, and Acer has no liability for fixing other company's problems. That said - and I have few details to go on - I suspect the problem may have arisen from you upgrading from one version of Windows 7 to another. The following tips may help you find a fix.

Uninstall iTunes and any Apple software currently installed on your system. Reboot.

Delete any Apple folders in Program Files. Check in the Program Files (x86) folder too if you are running Windows 7 64bit.

Download and install CCleaner. Run both the file and Registry cleaning applications. Reboot the PC again.

Next, head to apple.com/itunes and download the correct version of iTunes - you'll find separate downloads for x64 and x86 systems.

In this just-before-the-iPad-is-released edition of the Macworld podcast, I talk with two very special guests. The first is my daughter. She asks questions about one of our favorite pastimes--stop-motion animation--and I answer them. I'm then joined by Macworld's urbane ungulate, the Macalope, to discuss the state of Apple punditry, the iPad, and animal husbandry.

Download Episode #192

• AAC version (14.9 MB, 30 minutes)

• MP3 version (14 MB, 30 minutes)

Show Notes

The basis for our talk about stop-motion animation is my recently published Create Stop-Motion Animation article. If you have kids, a Mac, and a camcorder or digital still camera, creating these jittering movies will become one of your favorite family activities. If you're a kid at heart, ditto.

You can read the words of the Macalope each Saturday here at macworld.com. You can peruse additional news and analysis from this man/Mac/beast at The Macalope.com.

To subscribe to the Macworld Podcast via iTunes 4.9 or later, simply click here. Or you can point your favorite podcast-savvy RSS reader at: http://rss.macworld.com/macworld/weblogs/mwpodcast/

You can find previous episodes of our audio podcasts at Macworld's podcasting page.

Got any feedback on this podcast? Send me an e-mail; audio comments in the form of an AAC or MP3 file are particularly welcome. You can also leave us a message at 415/520-9761 if you'd like to have your comments included in a future podcast.

Sponsor

This episode brought to you by Macworld Superguides.

Breaking up is hard to do. And when it comes to IT outsourcing, it can be expensive and risky, too. But issues with an outsourcer--such as deteriorating service levels, lack of investment, excessive turnover, or even fraud--are potentially even more costly than the actual break-up.

Outsourcing relationships don't go south overnight. Customers are more likely to experience a series of subtle changes over time. And sometimes, the partnership itself may be relatively healthy but other changes--a merger or acquisition, for example--may make outsourcing less attractive than it once was. Here are nine signs it might be time to call it quits with your IT service provider--or at least get some counseling.

1. Supersized Growth

In the business world, growth is good. But when it comes to outsourcing, it's more complicated. Most IT outsourcing deals are optimized around the original scope of the deal plus or minus 50 percent, says Adam Strichman of Mechanicsville, Va.-based outsourcing advisory Sanda Partners. You sign a contract to manage 500 servers; when your environment gets to 1000-plus servers it's time to rethink your agreement.

"The deal has lost all its original economies and needs to be totally redone," Strichman says. "When you outgrow your house and need one that is three times bigger, you can't just keep fixing it by nailing a plywood shack to one side and calling it permanent. Totally new architecture and innovation is required."

The same thinking applies if your company grows through a merger or acquisition, and suddenly you're juggling multiple data centers: Your outsourcer will insist that he can take all of it over and lower your costs, says Strichman. But don't buy the pitch.

"Once a client reaches a certain scale, the original value proposition for outsourcing may evaporate," says Strichman. "If the value is gone at this point, you should listen to that little voice that says 'This just doesn't seem to make sense anymore.' That little voice is telling the truth."

2. Turnover of Key Staff

Whether the outsourcer's account managers are leaving voluntarily or the vendor is transferring them to other accounts, when key staff head out the door, "it's time to worry," says Scott Lever, managing consultant with PA Consulting Group. You want your outsourcer's best and brightest, and you want them for as long as possible so knowledge of your environment is not lost.

Lever had one client whose provider kept rotating new people through its account team, leaving the customer's employees spending their time keeping the vendor up to speed, rather than doing their own jobs. "It turned out that the account staff had a significant proportion of their compensation based on new revenue generated and there weren't many new opportunities [at this customer]," says Lever. "Staff turnover is another signal that the service provider is not giving priority to your account or giving people incentive to stay. They're looking to greener pastures." So should you.

Look out for staff migration at lower levels, too. If project work, which you pay extra for, is being staffed with operational employees originally intended to do system maintenance or skilled staff are being replaced with less experienced employees, the relationship is headed in the wrong direction, says Scott Feuless, a principal consultant with Compass Management Consulting.

"If your outsourcer feels that meeting their transformational guarantees can be accomplished by replacing their showcase staff with 'B' or 'C' players, they're clearly gold diggers," says Michael Engel, managing partner of outsourcing consultancy Sylvan VI. "Send them packing."

3. SLAs are Green, but You Feel Red

Solid service level agreements are the cornerstone of a successful IT outsourcing arrangement. But SLAs don't measure everything. "When your service provider is meeting all of the contractually obligated SLAs, but the services don't come close to meeting your expectations, you've likely gotten married to the wrong partner," says Engel.

Similarly, you'll want to check into your termination rights if you find your vendor hiding behind SLAs that are based on average performance across your entire deal when service quality within specific business units is suffering, says Compass's Feuless.

On the flip side, if your outsourcer repeatedly misses service levels and opts to pay the penalties rather than fix the underlying problems, "you're probably already divorced and you just don't know it," says Engel.

4. The HP-EDS, Dell-Perot Factor

The last year has seen some interesting mergers between IT hardware makers and IT service providers. "If your service provider was acquired by a large hardware company that isn't your corporate standard," says Sylvan VI's Engel, "you may be in for a rocky relationship."

5. Extreme Profiteering

If your vendor rep is parking his Ferrari next to your Kia, jokes Randy Wiele, managing director of EquaTerra's IT practice, something is rotten in the state of IT services. "Outsourcing pricing is very dynamic and has a steep downward curve for some functions," Wiele says. "A dated contract can provide a very lucrative profit margin for the outsourcer."

If your prices are more than 20 percent the market rate, head back to the negotiating table or walk out the door.

6. The Transformation That Never Comes

For many outsourcing customers, "your mess for less" is not enough of a selling point; their outsourcing deals were predicated on some kind of transformation of the IT environment--whether that be server consolidation, the move to a virtual environment, or the retirement of legacy platforms or systems.

"I have seen deals that by year three still only have 25 percent of the transformation done, even though it was supposed to be complete," says Strichman. In such situations, parties tend to point fingers at each other, and "they are usually both correct to some extent," Strichman says. Unforeseen investments necessary for the transformation crop up, grinding change to a halt.

"By year three, if the transformation is 50 percent or more behind schedule, termination is a real option," says Strichman. But, he adds, such moves can get nasty.

7. Everything Costs Extra

If every time you ask for something, the vendor refers you to the letter of the agreement and says anything else will cost more, it's a bad sign, says Feuless. Chances are the provider is not getting the profit margin it needs on your deal, and you can expect to pay one way or another.

"If your outsourcing relationship was forged at a country club between two executives and the delivery team utters any of the following phrases: 'We are not making any profit on this deal,' 'This deal is a loss leader,' 'The executives underbid this deal,' or 'We bought this business,'" says Engel, "it's time to find a good divorce attorney."

Some other signs to watch for: the service provider drops regularly supporting activities such as disaster recovery testing, cuts back on training and development for staff on your account, delays upgrades to equipment and software, or stops regularly documenting and updating processes.

"These are signals that the service provider is trying to squeeze profitability and that they are taking a short term perspective," says PA Consulting's Lever. "Chances are that if they are changing the things you can see, they are certainly cutting the things you can't see."

8. The Project-Hours Fight (Again)

Every outsourcing customer and provider argues back and forth about project hours every month--what can be billed as extra and what's included in the contract, says Strichman. "It's a healthy check and balance for every relationship."

However, when these monthly discussions become heated fights that paralyze the deal, or the project hours being charged create significant budget or ROI problems on either side, "it's the best indicator, in my book, that expectations are clearly out of alignment and have been so for quite some time," says Strichman.

It's like a couple arguing about the toilet seat. Plenty of partners go back and forth on the issue repeatedly, but when the weekly fight leads to tears, name-calling and insults to the in-laws, it's not just about the up or down position anymore. Something more fundamental is wrong with the relationship.

9. The Satyam Scenario

If you discover your vendor doing anything shady that violates your contract, like altering metrics reports, it's time to call it quits. "They are not in it for the relationship," says Engel. "They are in it to survive."

And, adds Engel, if you just happen to have "tens of millions of dollars in business with a provider accused of systematically falsifying financial records and the outsourcer's CEO responds by saying, 'I am now prepared to subject myself to the laws of the land and face consequences thereof,' it's probably time to consider finding a new partner."

As expected, AT&T announced on Wednesday that it will offer its femtocell product, called MicroCell, across the continental U.S. beginning in mid-April.

The MicroCell, a tiny cellular base station, is designed to boost coverage in subscribers' homes. AT&T claims it is the only femtocell that can support both voice and 3G data traffic. The carrier has been selling MicroCells in trials in several states, beginning last September in North Carolina.

Femtocells can improve a consumer's cell coverage at home, but they may benefit service providers even more by reducing how much they have to invest in conventional cell towers. The devices use the consumer's own wired broadband, such as DSL (digital subscriber line) or cable modem, to connect to the Internet. Research released this week by the Femto Forum industry group said 60 percent of the economic value of a typical femtocell deployment lies in that investment break.

The traditional business model represented by femtocells such as AT&T's MicroCell is now only one of many potential uses of the devices, including use in medium-sized enterprises and in public areas. Femtocells are also expected to play a key role in the deployment of coming LTE (Long-Term Evolution) networks.

After AT&T's national deployment begins next month, the carrier will activate the offering in cities across the continental U.S. over the next several months, according to a press release. The MicroCell, developed with Cisco Systems and IP.access, can be installed by the subscriber and managed via a personalized Web portal.

The product costs US$149.99. With it, individual or family-plan subscribers can opt for a special rate plan that lets users make unlimited calls over the MicroCell without consuming minutes. Subscribers who sign up for that plan will get a $100 mail-in rebate on the device. There is also a $50 mail-in rebate for signing up for a new AT&T DSL plan with at least 1.5M bits per second, and eligible subscribers could combine the offers to effectively get a free MicroCell.

Yahoo released two new applications for the iPhone on Tuesday, both of which are unsurprisingly search-oriented.

The first is Yahoo Search, which allows you to retrieve information from Yahoo, such as local maps, news, sports results, stock quotes, and more. The results are presented in a clear, easy-to-read iPhone-optimized layout. And, as in the Google Mobile App and Microsoft's Bing app, Yahoo Search also allows you to speak your search terms instead of typing them.

The other app is called Yahoo Sketch-a-Search and it's definitely the more interesting of the two. Upon launch, it presents you with a map of your current location. You can then draw a shape--any shape--over the entire area and the app will bring up all the local restaurants in the area, allowing you to then select any of them and find out their hours and contact info. Yahoo plans to add more categories and expand to other countries in the future.

Both apps are free and are compatible with all versions of the iPhone and iPod touch running iPhone OS 3.0 or later. They join the ranks of other free apps from Yahoo such as Flickr, Inquisitor, Yahoo Fantasy Football '09, Yahoo Finance, Yahoo Messenger, and Yahoo Shopping.

Two recent court cases provide useful, and contrasting, examples of when website "terms of use" are enforceable. These cases emphasise that website operators should take care to ensure their terms of use are effective.

Online contracts, such as website terms of use (sometimes called "browse-wrap" contracts) are so common today that it may be assumed questions over their validity have been answered. However, situations still arise where they are found to be unenforceable.

The McAllister case

In Major v McAllister (23 December 2009, Missouri Court of Appeals), the plaintiff had used a website to find a tradesperson. The site required that she enter her details and click a submit button. Next to the button was a link to the terms of use, stating, "By submitting you agree to the Terms of Use."

The plaintiff clicked the submit button, without (she claimed) having read the terms of use.

The plaintiff was unhappy with the outcome of the service and brought a claim for negligence against the website. The website said its terms of use blocked the claim. However, the plaintiff argued the terms were not enforceable, for two reasons:

• The "notice" of the terms of use was inadequate (which is to say they were insufficiently brought to her attention); and

• There was no "I agree" checkbox confirming her assent to them.

The court rejected both of her arguments. It was not convinced that a user could not reasonably see the link to the terms of use -- in fact, it was plainly visible next to the submit button. It also rejected the argument that an "I agree" checkbox was necessary -- the link was sufficient. The court therefore ruled that the terms of use were enforceable, even though the plaintiff had not actually read them.

The Overstock case

In another US case, a court came to a different outcome based on different facts.

In Hines v. Overstock.com (8 September 2009, New York) the plaintiff returned a vacuum cleaner that she had purchased through a website. The website refunded her money, less a restocking fee. The fee was expressly mentioned in the terms of use. The plaintiff objected to the fee, saying that the terms of use were not binding.

The link to the terms of use was located at the bottom of each page. There was no specific prompt to read them in the site's sign-up or purchase process. The plaintiff said there was insufficient notice to scroll to the end of the page to see them. The court agreed. It said:

"[The plaintiff] lacked notice of the Terms and Conditions because the website did not prompt her to review the Terms and Conditions and because [the link] was not prominently displayed so as to provide reasonable notice".

For this reason, the terms of use were held to be unenforceable, allowing the claim against the website to proceed.

Reasonable notice and agreement

These two cases illustrate the importance of reasonable notice and agreement in online contracts. In short, a user must have "reasonable notice" of the terms, and there must be some form of agreement by the user, before a contract can be formed.

Although online contracts are a recent phenomenon, these requirements have long been recognised as fundamental in earlier, analogous situations.

For example, when a customer drives into a pay-and-display carpark, there is usually a sign at the entrance (in very small print) listing the terms and conditions of parking there. In such situations, the displayed terms form a binding contract, provided reasonable notice and agreement is given (and other legal requirements are met).

The same principles apply to online contracts. As the court said in the McAllister case:

"The legal effect of online agreements may be an emerging area of the law, but courts still apply traditional principles of contract law and focus on whether the plaintiff had reasonable notice of and manifested assent to the online agreement."

It is also relevant that:

• A contract can be made regardless of whether a party actually reads the terms or not; and

• No particular form of acceptance is required.

As long as the parties do something that signifies acceptance (for example, parking in the car-park; completing an online purchase), a contract can be formed.

What is "reasonable notice"?

In the McAllister case, the court said the label next to the submit button, which said "by submitting you agree to the Terms of Use", gave the user reasonable notice and an opportunity to review the terms in advance.

In contrast, in the Overstock case, the link to the terms (at the bottom of each page) was found not to be reasonable notice in those particular circumstances. There was no instruction to the user to read them prior to buying something on the site, and nothing to cause the user to scroll down to find them herself.

Does this mean that a link to terms of use at the bottom of website pages is inadequate? Not necessarily. Many websites put the link to their terms of use at the bottom of each page, and these have been upheld in a number of cases. For example, a recent UK case found that a disclaimer located somewhere within a website could be effective. There is no reason to conclude that a link to standard "disclaimer" terms of use, displayed with reasonable prominence somewhere on a page, is not sufficient.

A strong argument can also be made that including a link to online terms of use on each page (usually at the bottom) is so prevalent and well-known, that it may be considered a "customary practice" in e-commerce. Common law legal systems (which include New Zealand, the UK, the US and Australia) have long recognised "customs of merchants" in applying and shaping the law. On that basis, website users could be taken as agreeing to reasonable terms (such as common disclaimers) as conditions of using a site.

In practice, however, most websites selling goods or providing services require users to expressly accept terms of use as part of a sign-up process (for example, as in the McAllister case). This remains a good practice, in particular when the terms of use applicable to registered users are more extensive than those necessary for unregistered users.

Reasonable terms

Another factor in determining whether terms of use are enforceable is the content of the terms themselves. In the absence of a signed contract, the common law (and legislation in some countries) provides consumers with some protection against "onerous" terms. For example, website terms saying "every person who views this site must pay $10" would not be enforceable without special notice (and even then may be questionable) or express acceptance.

In the Overstock case, the restocking fee in the terms may have been a factor counting against the court finding them enforceable.

Key requirements for online terms

Four guidelines for general website terms (available via a terms of use link) are that:

• The link should be prominently displayed on all relevant pages;

• It should be easily identifiable as a link to terms of use (for example, don't hide the terms in an "About Us" link);

• There should be sufficient documentation so it can be proved at a future date that a certain form of terms and conditions (and notice of them) was in place; and

• The terms and conditions themselves should be "reasonable" in the circumstances.

It is good practice to require users to expressly agree to additional terms, covering the additional services provided to registered users, in a registration process. Having the additional terms in a separately agreed contract has the benefits of:

• Recording the express agreement;

• Allowing the inclusion of terms which may otherwise be considered "onerous" if they were simply included in general "disclaimer" terms of use; and

• Under contract law, enabling a court to interpret disclaimer terms more favourably to the website operator than if they were contained in general website terms.

There has yet to be a New Zealand court case directly on this issue. However, as the cases discussed show, the legal principles relating to online contracts are generally settled. By being aware of those straight-forward principles, website operators can take steps to ensure their online terms are enforceable.

This article provides general information and does not constitute advice. Professional advice should be sought on specific matters. Burgess is a lawyer specialising in IT law at Clendons barristers and solicitors.

He can be reached at guy.burgess@clendons.co.nz

When the White House tapped industry veteran Howard Schmidt as President Obama's cybersecurity coordinator in December, some were skeptical that he was the right choice. He had already fought the same battle in the last administration, and the cybersecurity czars who followed didn't last long.

Some also fretted that Schmidt's thinking was too old-school. Forrester Research senior analyst Andrew Jaquith, for example, declared that Schmidt needed to "clue up" in terms of his current thinking. Pointing to concerns Schmidt raised in a 2010 predictions article late last year, Jaquith said, "He said 'we're concerned about social networking.' Well, sure, we've known that for awhile. 'We're concerned about smart phone malware.' Good for him for expressing an opinion about something that's been expressed before. To me, though, there just wasn't much by way of real forward-looking predictions. I think he's fighting many of the last wars in 2010, and I'm hoping we can get a little more vision out of Mr. Schmidt."

In this interview with CSOonline, Schmidt addressed those concerns and explained how this time, things are different.

For starters, he said, the position he finds himself in is far different from the last stint. The position is brand new and the chain of command a lot shorter than what previous so-called cyber czars had to contend with. And President Obama himself is far more tech and cybersecurity savvy than previous presidents. The fact that he gave a major address on that one topic last May is proof of that, he said. It was in that address that Obama announced the creation of a cybersecurity coordinator who would operate from the West Wing.

"From my perspective, and you know I've been in this business a long time, it was unprecedented to hear the President, in the speech he gave last May, not only using terms like botnet, worms, viruses and Trojans but also understanding what they are and what the effects are," Schmidt said.

Since starting the job, Schmidt has found that Obama likes constant updates and asks a lot of questions. He asks for constant updates on where the public and private sectors stand, what are the economic impacts of what the agencies are doing and, perhaps most importantly, what does Schmidt's office need for additional resources?

Asked how often he meets with Obama, Schmidt said there's no set schedule. They talk on an as-needed basis. Meanwhile, he's working closely with people from across the White House staff on a daily basis, including people from the Office of Management and Budget (OMB) and National Security Advisor James L. Jones Jr.

"What's refreshing to me is not just his breadth of understanding, but his intense focus on IT vulnerabilities and how they impact critical infrastructure," Schmidt said, noting that Obama frequently tells him to speak up when he needs more resources. "He says, 'Let me know when you need me to intercede,'" Schmidt said.

Schmidt said that feedback was instrumental in the decision to declassify part of the administration's Comprehensive National Cybersecurity Initiative (CNCI) and outline 12 key initiatives, which Schmidt did during the RSA security conference earlier this month. The initiatives, available on the White House website, include:

The Trusted Internet Connections (TIC) initiative. Headed by the Office of Management and Budget and the Department of Homeland Security, this involves the consolidation of the Federal Government's external access points (including those to the Internet). This consolidation will result in a common security solution which includes: facilitating the reduction of external access points, establishing baseline security capabilities; and, validating agency adherence to those security capabilities. Agencies participate in the TIC initiative either as TIC Access Providers (a limited number of agencies that operate their own capabilities) or by contracting with commercial Managed Trusted IP Service (MTIPS) providers through the GSA-managed NETWORX contract vehicle.

IDS and IPS across federal agencies. DHS is deploying, as part of its EINSTEIN 2 activities, signature-based sensors capable of inspecting Internet traffic entering federal systems for unauthorized accesses and malicious content. The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. government networks.

A government-wide cyber counterintelligence (CI) plan. The plan establishes and expands cyber CI education and awareness programs and workforce development to integrate CI into all cyber operations and analysis, increase employee awareness of the cyber CI threat, and increase counterintelligence collaboration across the government. The Cyber CI Plan is aligned with the National Counterintelligence Strategy of the United States of America (2007) and supports the other programmatic elements of the CNCI.

Increase the security of classified networks. Successful penetration or disruption of these networks could cause exceptionally grave damage to our national security, the report said.

Schmidt also reiterated the need for public-private partnerships. Most of the work that needs to be done to secure cyberspace is in the private sector, but private enterprise and government agencies have not been on the same page in the past. That's starting to change, but he said it's going to take time for all the starts to align.

"Nobody should expect a complete turnaround overnight," he said. "This is a long, hard struggle, and everyone who uses the Internet has a role to play."

Schmidt's comments specifically on cyber warfare will follow next week.

Read more about data protection in CSOonline's Data Protection section.

Microsoft unveiled its updated unified communications software that the company says will help customers move off PBX systems, but industry watchers wonder if the previewed Communications Server "14" will integrate with more than just Microsoft-approved software and hardware.

Vendors ally with Microsoft at VoiceCon

"Obviously this release has been much-anticipated. The industry was waiting for the release when OCS became a full PBX replacement," says Zeus Kerravala, an analyst at Yankee Group. "Microsoft has a good vision of where they want to take this industry, and it is similar to other vendors like Cisco, except Microsoft will argue they don't make the hardware. Yet the company does dictate with which hardware the unified communications software will work, and it's only a handful like Polycom."

Microsoft Wednesday introduced its updated Office Communications Server – code-named Communications Server "14" -- at VoiceCon Orlando 2010, and company executives demonstrated during a keynote presentation there how the next version of Microsoft Office Communication Server integrates with applications such as SharePoint, Exchange and Office. Gurdeep Singh Pall, corporate vice president of Microsoft's Unified Communications Group said during the keynote address that the company's updated unified communications software, Communications Server "14," will provide IT organizations with the next-generation platform on which to collaborate with voice and video applications as well as a simple, cost-effective alternative to aging PBX systems.

"This system works with the communications systems you have in place, and it will sit next to it and work well with it, because you may not want to throw away the PBX," Pall said. "But this product, when ready to move, will be ready to carry the entire load that your PBX is carrying."

According to Pall, in the next three years more than 75% of new business applications will include embedded unified communications and standard business calls today will become outdated with more than 50% of VoIP calls incorporating more than just voice. Industry watchers agree companies and consumers are moving away from traditional voice systems and embracing collaboration tools that are tied to social media and other technologies. But the transition might not be as quick.

"People are using other forms of communications, that's true, but the move away from voice won't happen as quickly as Microsoft thinks it will, but then Microsoft doesn't make money on phones," Kerravala says.

Microsoft's demonstration at VoiceCon lacked a few things for Kerravala. The company didn't go into great detail about branch office survivability solutions or 911 services, for instance, but Microsoft also didn't explain how it would work with third-party systems. Polycom, HP and NET, and several others, announced earlier in the week that they would separately be expanding relationships with Microsoft to better integrate with OCS and the company's UC products.

Competing with Cisco, Avaya, Siemens and IBM, Microsoft will need to differentiate itself, Kerravala suggests, with customer examples of how the Communications Server "14" changed the way they worked and helped them to cut costs in the process."Cisco and Microsoft will compete most directly because they are both trying to do everything, going after the whole suite, they both have e-mail packages, but Microsoft will say it doesn't do hardware, it just dictates the hardware specifications," Kerravala says. "If Microsoft is going to win in this market, it will have to depend on developers, they are what makes the company successful."

Do you Tweet? Follow Denise Dubie on Twitter here: http://twitter.com/DDubie

Read more about software in Network World's Software section.

Restraint of trade cases are common at the highest levels of the IT industry in the US.

There, restraint of trade is called non-compete, and two recent cases illustrate the seriousness with which employees jumping ship to competitors is regarded.See also: Account manager held to restraint of trade clauseLast year, former EMC executive David Donatelli left to work for Hewlett-Packard. He was the one taking the issue to court, filing a lawsuit asking a California court to negate his employment contract with EMC, which stated he couldn’t work for a competitor for a year after leaving EMC.

EMC filed a counter-suit, seeking to have the terms enforced. The matter was resolved when a court in Massachussets, where Donatelli lived, ruled that he could work for HP, but not in the storage filed where he had worked at EMC, for a year.

Donatelli possibly took the original case in California, home of much of the US high-tech industry, because non-compete clauses are more difficult to enforce there.

In a similar case, also last year, former IBM executive Mark Papermaster took a job running Apple’s iPod and iPhone engineering group.

IBM went to court to enforce the terms of an agreement it said prevented Papermaster working for rivals for a year after leaving IBM.

The case was settled with Papermaster refraining form working at Apple for six months, and being required, after starting, to sign declarations that he had not disclosed any confidential IBM information, nor intended to.

Mozilla patched more than one vulnerability in Firefox when it updated the browser to version 3.6.2 on Monday, the company confirmed today.

A total of 10 flaws were fixed in Firefox 3.6.2, according to Mozilla's security advisory page , but details of at least three that also affect the older Firefox 3.0 and Firefox 3.5 browsers have been released before the company has patched those versions. Mozilla is scheduled to ship the updates, Firefox 3.0.19 and Firefox 3.5.9, next Monday, March 30.

Mozilla accelerated the release of Firefox 3.6.2 because a Russian researcher had announced a critical vulnerability in how the browser decodes the Web Open Font Format (WOFF), a Web-based font standard. Only Firefox 3.6 supports WOFF.

However, four of the vulnerabilities already patched in Firefox 3.6.2 also apply to older editions of the browser. One of the 10 fixed flaws that Mozilla ranked as "low" in its four step scoring system, one tagged as "high" and two marked as "critical," also affect the unpatched Firefox 3.0 and 3.5.

Technical details of three of the four vulnerabilities -- the one rated low and the two ranked critical -- are available on Mozilla's Bugzilla change- and bug-tracking database. Information on the bug rated high has been blocked, however, and cannot be viewed by the public.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla stated in the advisory accompanying the two critical bugs that also affect older, as-yet unpatched, versions of Firefox.

Typically, software makers omit information, or restrict access to that information, until patches have been released, knowing that attackers might be able to use the details to craft exploits that would put users at risk.

Information on some vulnerabilities will not be published until next week, Mozilla said.

Mozilla has rushed out fixes before, although -- like rival browser maker Microsoft -- it does so rarely. Last March, for example, Mozilla updated Firefox 3.0 to patch a pair of vulnerabilities, including one that had been used the week before by a German college student to hack the browser and take home $5,000 for his efforts at the Pwn2Own contest.

The bug quashed Monday -- and for a day, the only one for which information was published -- was disclosed by Russian researcher Evgeny Legerov in February. Initially, Legerov refused to provide proof of his exploit claims to Mozilla, prompting some to question his motives or wonder whether it was a hoax. According to Mozilla's Bugzilla change- and bug-tracking database, Legerov finally verified the vulnerability with the company's developers on March 13.

Mozilla has been under pressure to provide a patch. Last Friday, for instance, the German government's computer security agency urged users to abandon Firefox until a fix is available. Buerger-CERT, part of the Federal Office for Security in Information Technology, which is known by its German initials of BSI, retracted that recommendation yesterday, after Mozilla released Firefox 3.6.2.

Later today, Firefox -- as well as Microsoft's Internet Explorer, Google 's Chrome and Apple 's Safari -- will face several notable hackers at Pwn2Own, a contest that pits researchers against four notebooks running the browsers. Among those eager to go for the $5,000 cash prizes are two former winners, including a German college student who successfully exploited Firefox last year.

Next week's Firefox 3.0.19 will be the last security update for the 2008 browser, Mozilla has announced previously. Users running that edition have been urged to update to Firefox 3.6.

In other news from Mozilla, the company will probably ship "Lorentz" with the next iteration of its standard Firefox security releases, Firefox 3.5.10 and Firefox 3.6.3. Lorentz is the codename for an in-place upgrade that will add several features to the browser. The most notable change will be to separate external plug-ins, such as Adobe's Flash, from Firefox's other processes so that if the plug-in crashes, the browser won't follow suit.

Mozilla has not set a release timetable for the release of Firefox 3.5.10 and Firefox 3.6.3.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Does your laptop battery die out right before you hit send on that important email? With scientists at MIT, Intel and other facilities researching microstructures (i.e. micro- or nano-scale pieces of computing hardware) it may be only a matter of time before nano-scale ultra-powerful capacitors challenge lithium-ion batteries.

Intel researchers have been working on “ultracapacitors with a greater energy density than today’s lithium batteries," according to EE Times. Intel is looking into producing these nano-scale ultracapacitors in high-volume manufacturing, meaning that if successful, they may be potentially capable of powering gadgets like smartphones and laptops.

Typically capacitors are used for short-term electrical storage (for example, on a solar powered calculator, a capacitor will collect and store electricity in case you go somewhere without light for a short period of time; depending on the storage capacity of the capacitors in the calculator this will typically be for a few minutes); however ultracapacitors are essentially the higher end models, capable of holding energy for longer periods of time thus competing with batteries.

Capacitors are often lighter-weight than batteries and maintain a longer overall physical lifespan. For example, capacitors seen on printed circuit boards (PCB) may last a lifetime. However, they typically do not maintain a charge for very long and this is why batteries are used to power most gadgets. But with ultracapacitors, this may change.

MIT’s Laboratory for Manufacturing and Productivity is working on a multitude of micro- and nano- scale manufacturing techniques. For example, researchers at the Precision Compliant Systems (PCSL) Laboratory at MIT are looking into multi-axis nanopositioning systems.

The PCSL describes nanopostitioners as “electromechanical systems...that position and orient components with [nanometer]-level accuracy.” While not directly related to the manufacture of nano-scale ultracapacitors, this technology may be able to include Intel’s nano-scale ultracapacitors on smaller-scale circuit boards, making your electronics smaller.

Nobody knows for sure what the full potential of these nano-scale ultracapacitors are--maybe they’ll drastically increase the lifespan of your laptop or smartphone--but the future sure looks bright.

[via EE Times]

Follow GeekTech on Twitter or Facebook.

Best Buy has the Gateway ZX4800 All-in-One Desktop PC on sale for $650--that's $50 off the list price of $700.

This all-in-one desktop is ideal in a communal area of your home to provide easy access to photos, movies, and music. It sports a 20-inch LCD touchscreen with multitouch capabilities and ships with a keyboard and mouse that are both wireless. It runs on Windows 7 (64-bit) Home Edition, but keep in mind that it also runs on notebook components.

Intruder alert. Intruder alert. The new Gmail feature launched by Google won't have any cool audio alert blaring out "intruder alert", but it will alert users when suspicious activity indicates a potential compromise of the e-mail account. Google hopes to help users combat e-mail fraud and identity theft with the new feature.

Pavni Diwanji, Engineering Director for Gmail, described the following scenario in a post on the Official Gmail Blog. "A few weeks ago, I got an email presumably from a friend stuck in London asking for some money to help him out. It turned out that the email was sent by a scammer who had hijacked my friend's account."

Many small and medium businesses--as well as an increasing number of larger companies--rely on the Web-based Gmail as their primary messaging platform. A sharp rise in socially-engineered attacks and identity theft make Gmail account compromises a quickly growing concern.

Google has long had a security feature which displays the last login time for the account and whether or not the account is currently open in another location. That information should be sufficient for users to identify most compromises or suspicious activity, but apparently it is not overt enough and many users don't pay attention to it.

The new Google approach monitors certain criteria and considers a range of user behaviors to try to identify activity which should raise red flags. Diwanji explains "To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we don't have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert."

Diwanji summed up by reminding users to "Keep in mind that these notifications are meant to alert you of suspicious activity but are not a replacement for account security best practices."

That is sage advice--particularly for IT administrators, and small and medium businesses that rely on Gmail. The new suspicious activity alert is a nice feature, but it is not a comprehensive defense and does not enable customers to let their guard down. It is no silver bullet.

Businesses should ensure that users are aware of the new Gmail feature so they are not caught off guard if they see it. A process should be established for escalating the notification to management, or responding to suspicious activity alerts.

By developing a plan for what to do with the information, businesses can capitalize on the feature to augment existing security controls and protect Gmail accounts from fraud and identity theft.

Tony Bradley is co-author of Unified Communications for Dummies. He tweets as @Tony_BradleyPCW. You can follow him on his Facebook page, or contact him by email at tony_bradley@pcworld.com.

GoDaddy.com, the world's largest domain name registrar, will stop registering .cn domains in China after the government there has demanded personal information about people who have purchased domain names from GoDaddy in the past, the company said Wednesday during a hearing in the U.S. Congress.

GoDaddy's decision, announced at a Congressional-Executive Commission on China (CECC) hearing, comes after the Chinese government has demanded that the registrar provide photo identification, business identification and physically signed registration for all .cn domains registered through GoDaddy.com in the six years the company has been operating in China, said Christine Jones, executive vice president, general counsel and corporate secretary for the Go Daddy Group, GoDaddy.com's parent company.

"We're concerned about the security of the individuals affected by [the] new requirements," Jones said. "Not only that, but we're concerned about the chilling effects we believe the requirements could have on new domain name registrations, and therefore, the free exchange of ideas on the Internet."

Previously, China's domain-name authority, CNNIC, had only required GoDaddy to collect the name, address and e-mail address of .cn customers, and that information is commonly provided when people register domain names worldwide, Jones said. CNNIC requested the additional personal information for all domain owners in February, and it appeared to GoDaddy that the Chinese government was trying to gain more control over who registers domain names, she added.

CNNIC told GoDaddy that if it did not provide the additional information, "the domain names were going to stop working," Jones said. "We have 40 million domain names under management. We've done this a lot. This is the first time any registry has ever asked use to retroactively obtain information on individuals who have registered domain names through our company."

GoDaddy.com's decision to scale back its Chinese business comes two days after Google stopped censoring search results, news information and photos in China. Members of the CECC praised both companies for taking a stand against Chinese censorship and surveillance.

GoDaddy will continue to offer service to its past .cn customers but will register no new .cn domains out of concern for the safety of customers, Jones said.

Google's decision to stop censoring its search results in China is a "remarkable, historic and welcomed action," said Representative Chris Smith, a New Jersey Republican. "Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people."

GoDaddy has several other complaints about doing business in China, Jones said. The company fought off "dozens" of denial-of-service attacks originating from inside China this year, she said.

In addition, an "overwhelming majority" of Web sites promoted by spam e-mail are hosted in China, and the Chinese government seems to be encouraging spamming as a business model, Jones said.

Senator Byron Dorgan, a North Dakota Democrat, said China wants global respect, but respected countries don't censor ideas or lock up citizens without trials.

"China wants to participate in the marketplace -- the marketplace of goods -- but to keep the marketplace of ideas outside of their country," he said. "Respected countries ... don't fear ideas or people or speech."

There were busy signals during multiple calls to the press office at the Chinese Embassy in Washington, D.C., Wednesday afternoon.

Random House, the world's largest publisher by sales volume, is still holding out on including its titles in the iPad's iBookstore. At issue, apparently, are fears that Apple's business model will spark a price war among publishers, ultimately hurting profits.

According to the Financial Times (registration and/or paywall warning), Random House CEO Markus Dohle claims that the company is still negotiating with Apple and that a deal could be reached before the iPad goes on sale on April 3.

However, he also warned that iBookstore sales will cause significant shifts in the company's revenue streams, and that its stakeholders would need to be consulted before a decision can be reached on whether Random House titles will be made available on the iPad.

Interestingly, Random House's main competitors don't seem to have had much of a problem with Apple's business model, which turns traditional publishing distribution on its head by allowing publishers to set prices for their books, with Apple keeping 30 percent of sales as a commission. Hachette Book Group, Penguin, HarperCollins, and Macmillian were all confirmed as iBookstore partners during Apple's iPad launch event in January.

This makes Dohle's claims sound more like posturing in an attempt to clinch a better deal for his company than genuine concern for its authors and their agents over an arrangement that, if anything, gives them more control over how and for how much their products are sold.

QUESTION Can you tell me how to permanently delete cookies from my PC? A day after I think I've done it, they're always back again. Carol

HELPROOM ANSWER Cookies will always be left on your system unless you specifically tell your internet browser not to store them. Although you've successfully deleted the old files, you'll collect more every time you browse the web.

In Internet Explorer 8.0 you should go to Tools, Internet Options, Privacy, Advanced. Tick the box next to 'Override automatic cookie handling', then choose Block under 'First-party Cookies' and 'Third-party Cookies'. Also tick the box next to 'Always allow session cookies' - these are necessary for some sites and services, such as online banking and shopping sites, to operate, so they will still be left on your computer. Click ok to save the changes.

Mozilla Firefox, Google Chrome, Opera, Apple Safari and other web browsers will all have similar cookie-handling options for you to investigate.

It's worth pointing out that although they can be a security risk, cookies are not in and of themselves bad things. A cookie (also known as a 'tracking cookie', 'browser cookie' or 'HTTP cookie') is a tiny piece of text stored on a user's computer by a website via a web browser. Typically they are used by websites such as PC Advisor to track users who have previously visited, so they can remain logged in, for instance.