Windows 8 Update: Microsoft's Surface RT has a higher profit margin than the iPad

Microsoft stands to make $30.85 more per Surface RT tablet with keyboard than Apple does with a similar 32G iPad without a keyboard, according to iSuppli teardown analyses.

A Microsoft Surface RT tablet with a Touch keyboard costs $284 to manufacture; it sells for $599, iSuppli says. Without the keyboard it retails for $499. The keyboard itself costs $16 6o $18 to manufacture.

A similar New iPad costs $332.85 to manufacture, comes with no keyboard and retails for $599, according to an iSuppli teardown.

FIRST LOOK: Windows 8 Surface RT 

Not including the cost of software that means the profit margin on a Surface RT is $297 vs $266.15 for a similar iPad that comes without a keyboard.

So Microsoft is charging the same premium price for Surface RT, throwing in a keyboard and is still making more per device than Apple. Toss into the mix applications and services that customers might want to buy into and Surface becomes an even more potent revenue generator.

Windows 8 + tequila

Here's a link to a video of a woman exploring Windows 8 for the first time, having prepped for the experiment by downing a few tequilas. She's refreshingly honest but uses a few cuss words, so be warned. "That's really cute but can I actually just write the f@&*ing email?" she says.

Claim: Windows 8 cracked

French security research firm Vupen says it has found a way to execute code remotely on Windows 8 machines by exploiting vulnerabilities in both the operating system and Internet Explorer 10.

Apparently this means Vupen has found a way to get outside the sandbox IE 10 operates in to exploit a flaw it's found in Windows 8 itself, according to a story on CSO Online.

Microsoft didn't comment, saying Vupen hadn't shared details of the exploit, which makes sense since Vupen's business model is to sell the exploits it discovers to government agencies, businesses and the like.

Here's the explanation CSO offered about how Vupen broke Windows 8 security: "The exploit-mitigation technologies Vupen claimed to bypass were HiASLR (high-entropy Address Space Layout Randomization), AntiROP (anti-Return Oriented Programming), DEP (data execution prevention) and the IE 10 Protected Mode sandbox."

Despite this possible exploitation of Windows 8, the new operating system has a host of security improvements over its predecessors that make it a better security bet, experts say.

Oprah love

For what it's worth, Oprah Winfrey says she likes Surface RT well enough to place it on her annual Favorite Things list. She says she likes the kickstand, the keyboard, the inclusion of Skype and the weight of the device.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about data center in Network World's Data Center section.

Windows 8 gets first critical Patch Tuesday security bulletins

Windows 8 hasn't even been on sale for a month yet but is already the recipient of three critical securityupdates via Microsoft's monthly Patch Tuesday security bulletins, each of which will block flaws that allow remote execution of code on targeted machines.

That means flaws in the operating system can be exploited by an attacker without the user of the machine executing a program or opening a document.

LEARN: The Windows 8 FAQ 

WINDOWS 8 SECURITY: A no-brainer 

While the new operating system has been designed to be significantly more secure than its predecessors, it still contains legacy code from earlier operating systems, which may contribute to the problem, says Marcus Carey, a security researcher at Rapid 7.

Windows Server 2012 - another recent new Microsoft release - falls prey to the same vulnerabilities, according to the advanced notification the company issued about its November bulletins, which become available Tuesday.

"This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions," Carey says in a written statement. "The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues." Technical debt refers to outdated legacy code and in a security context it means vulnerable code.

In all there will be six security bulletins this month, four of them critical. Besides the three affecting Windows 8 and other Windows platforms, the fourth affects Internet Explorer 9 and could enable a man-in-the-middle attack leading to remote code execution. "Nothing is under active attack; however, this is a high priority update and should be considered the highest priority for those running Windows 7 or Vista," says Paul Henry, a security and forensic analyst with Lumension.

One of the critical bulletins deals with a vulnerability that exposes a system to remote code execution via the way the operating system kernel is used to render font types. Specially crafted fonts embedded in Web pages, for example, can generate exploits when they are rendered. Known as Windows True Type font parsing, these exploits have been described by US-CERT as part of Duqu malicious software.

Possible exploits include complete system compromise, installation of programs, viewing, changing, or deleting data, or the creation of new system accounts with full privileges, US-CERT says.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about wide area network in Network World's Wide Area Network section.

Huawei security chief: We can help keep U.S. safe from 'Net threats

ORLANDO, Fla. -- The chief security officer of Huawei, the Chinese company recently flagged by Congress as a national security threat, says the network equipment maker could actually help the United States defend itself against malicious Internet traffic.

BACKGROUND: U.S. House Intelligence report blasts Huawei, ZTE as national-security threats

HUAWEI: Separating fact from fiction

Andy Purdy, Huawei Technologies' CSO, spoke here today on a Cloud Security Alliance Congress panel of security experts from the U.S. government and industry that raised warnings about Chinese espionage across the Internet.

In representing the sole China-based company on the panel, Purdy said there are ongoing discussions between the U.S. and China on supply-chain safety, and private companies should be part of it. There should be "openness, transparency and freedom," he said.

"Part of the planning of the U.S. hopefully is collaboration with the private sector and part of the strategy should be planning how to block malicious traffic," said Purdy, adding ISPs could do that. He said: "It's disgraceful the government isn't doing anything to address the Internet underground."

Purdy pointed out that Huawei agreed with the U.S. administration about possible risks to the global supply chain. He noted that Huawei, with $32 billion in revenues, makes less than $2 billion in the U.S., but a third of its components come from the U.S., meaning thousands of U.S. jobs are supported.

Nevertheless, China has been stealing vast amounts of U.S. corporate intellectual property by breaking into networks, said Scott Borg, director and chief economist for the U.S. Cyber Consequences Unit, described as a research organization set up by the U.S. government specifically to look at the nature of cyberattacks and supply-chain safety issues.

"We're also finding malicious firmware in products from China," Borg said. "China and Chinese companies aren't playing by the same rules we are."

Borg said that research indicates that China, as a country rapidly climbing out of poverty into wealth, has done that largely by "copying the developed countries," and if someone doesn't hand you the basic technology to do this, you steal it. "Stealing is part of the national economic development model for China," he said. China has basically held its people hostage, encouraging them in this, in order to raise the standard of living, he continued.

However, Borg said other companies are tired of getting hacked and "taking it on the chin." He suggested there's now increasing interest in fighting back, and this would mean carrying out counter-strikes in some way.

Marcus Sachs, vice president for cybersecurity at Verizon, also on the panel, said the idea of hiring private armed guards to defend you is well-established in the physical world, and thus raises the question, "Why not do that in cyberspace?" But he pointed out that the armed guards in the physical world face limited distances in which to act, while in cyberspace you're across the planet within milliseconds. He said the idea of counter-strikes of any sort will come to deep consideration of policy issues.

John Streufert, director of the National Cybersecurity Division at the Department of Homeland Security, said offensive cybersecurity is the responsibility of the military in the U.S., and he said if citizens see specific threat problems they should report them.

But during a session later in the day, Streufert also described a long-planned DHS program called Continuous Monitoring. Coming soon will be a contract solicitation for managed security services called Continuous Diagnostics and Mitigation, including cloud-based services, to protect civilian federal agencies' data from stealthy attacks.

The Continuous Monitoring concept calls for a layer of sensors and scanners to check hardware and software used by the federal government for vulnerabilities.

A project expected to take the federal government a few years to complete, it would include a security dashboard view managed by Continuous Monitoring service providers that would likely be shared at the agency department level. Streufert called it a "cyberscope" for the federal agencies.

Streufert said the goal is to get the agencies away from the hugely expensive paper-based vulnerability reports they generate today that are seen as inefficient and untimely. The program could extend as well to state and local government agencies, he said, for an estimated total of up to 25 million seats.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Hottest Android news and rumors for the week ending November 9

It's been a busy week for Android news and gossip, with interesting information flying around about both hardware and software alike. Arguably the biggest news is the HTC Droid DNA - or possibly DLX - which is the first non-Motorola device to use the "Droid" moniker and the latest in the long-running series called "HTC is terrible at naming things."

ANDROID ASCENDANT: Samsung Galaxy S III is smartphone top seller - for the moment 

MORE MOBILE: Yawns may greet Microsoft Office port to iOS and Android

Unconfirmed but apparently widespread information posits that the DNA is going to be the U.S. release of HTC's high-powered J Butterfly smartphone, which was announced in Japan last month. If that's the case, the Android punditocracy is already predicting the Droid DNA will provide stiff competition to the Samsung Galaxy Note 2.

While most of the J Butterfly's components are standard for a top-of-the-line Android phone - quad-core processor, 2GB RAM, 8MP camera - its screen is anything but. Packing a whopping 1920x1080 display (yep, that's full HD, for those keeping score at home) into a 5-inch package is a truly impressive feat of engineering. HTC already has some of the best mobile screens on the U.S. market, and bringing the J Butterfly to the U.S. - even if the new name is just as silly - could extend that lead even farther.

The Droid DNA, or whatever it's going to be called, should run Jelly Bean out of the box. A joint HTC/Verizon announcement scheduled for Tuesday is rumored to be the official rollout of the device, which is said to be exclusive to that carrier.

As ever, it's disappointing that yet another impressive HTC phone will be restricted to a single carrier, but that just seems to be the way of things for the Taiwanese company, which is struggling mightily to regain lost marketshare in the Android sector.

*

Samsung, on the other hand, isn't having a lot of problems on that score - just today, researchers crowned the Galaxy S III the best-selling smartphone of the third quarter of 2012, eclipsing even theiPhone 4S. Of course, given that the iPhone 5 moved 6 million units in the few days it was on the market during the quarter, it seems unlikely that the GS III will stay in the top spot for long. Still, it's an impressive achievement.

The South Korean giant is also getting ready to debut a new mid-range smartphone on AT&T called the Galaxy Express. The Express has a last-gen, 800x480 screen and other less-than-impressive features - but for $99 with a two-year contract, you can't expect all the bells and whistles. This sort of seems like a compromise on bringing the Galaxy S III mini to the U.S., since it has similar features and won't confuse people who think they're getting a real flagship device.

*

The Verge reported yesterday that it had screenshots of a version of Microsoft Office for Android and iOS devices, saying that an official release of mobile MS Office will take place in early 2013.

While I still have fuddy-duddy questions about the utility of Word and Excel for mobile devices, I get that mobile productivity is likely to be a fairly big deal. And despite the fact that some nascent office options exist for Android, a fully functional Microsoft Office coming to the platform could shut them down quickly. If, that is, Microsoft does a good enough job with it.

*

German-language Android blog Android Schweiz (or Android Switzerland) has photographs of what it says is an upcoming Sony 5-inch smartphone with the same 1080p screen resolution as the aforementioned Droid DNA.

The blog also says it's got the microSD slot that fans are always clamoring for, though it doesn't have a removable battery.

(Hat tip: Android Central.)

*

A report from the Guardian earlier this week has anonymous Google sources saying that Apple is unlikely to approve a revamped Google Maps app for iOS, though there's no word on whether they were laughing really hard while doing so.

*

Read more about anti-malware in Network World's Anti-malware section.

Online Casino for Players

casinopal.net Please visit the site to play the Online casino. I have played more than 30 games on the site. You just need to deposit a certain amount and you can get bonus of $3200 free as welcome package. Online casino games Australia has a very nice great deal. Now what do you think? These games are for both Australian citizens as well as international players and it is completely legal.

Cisco's new management system simplifies control of thousands of servers

Cisco this week unveiled a new management system for its UCS servers that is designed to simplify management of thousands of servers spread across geographies and data centers, from a single pane of glass.

UCS Central lets IT managers control a globally distributed UCS infrastructure comprised of multiple domains, with the ability to ensure service and configure service profiles, ID pools, policies and firmware, Cisco says. UCS Central also has an XML API for integration with third-party systems management and cloud orchestration tools.

DIRECTION: Guide to Cloud Management Software

Cisco's existing UCS Manger product governs a single domain, made up of UCS Manager and all the UCS server and network access components it manages. UCS Central requires UCS Manager for local domain management while UCS Central provides tiered management for the global infrastructure.

UCS Central also aggregates server inventory, fault information and notifications across multiple domains to facilitate service assurance of the UCS infrastructure. The XML API also integrates Cisco's Intelligent Automation application with UCS Central for the creation of global UCS service profile templates across data centers.

Third parties writing to the UCS Central API include Compuware, for control of application performance across data centers, private, public, and hybrid clouds; Cloupia, for the ability to replicate between multiple sites for disaster recovery; Zenoss, for discovery, monitoring and managing UCS performance and capacity utilization; ScienceLogic, for surveillance of multi-tenant data centers; and Splunk, for gleaning operational intelligence from Big Data generated by thousands of UCS servers.

Cisco also enhanced the single-domain UCS Manager with a new version of the product. Release 2.1 of UCS Manager allows for more simplified connectivity of Cisco C-series rack servers by adding features previously available only to blade form factors, such as reduced cabling and rapid application deployment, Cisco says.

UCS Manager 2.1 with the Cisco Virtual Interface Card (VIC) 1225 reduces the number of cables for virtual servers from nine down to two, Cisco says. The number of switches and adapters can also be reduced, the company says.

UCS Manager 2.1 also gives customers new storage topology choices, Cisco says. It supports multi-hop FCoE, for consolidation of LAN and SAN. FibreChannel zoning in UCS Manager 2.1 provides incremental scaling path with "pod" deployments requiring no SAN switches, Cisco says. And NetApp storage users can consolidate FCoE, iSCSI and NAS traffic on the same port and cable, the company says.

As of August 2012, there are more than 15,800 UCS customers, and more than half of the Fortune 500 have invested in the product, Cisco says.

Lastly, Cisco also enhanced its Intelligent Automation for Cloud management software with release 3.1. The 3.1 version of IAC features CloudSync, for cloud infrastructure discovery and resource tracking so administrators can assess resources and make necessary changes to optimize service delivery.

Another feature is Virtual Data Centers, designed for self-service provisioning and management of multiple virtual data centers -- not just virtual machines. These data centers span virtual and physical compute, through UCS Manager, and networking resources, and can be provisioned according to infrastructure consumption limits.

Version 3.1 also includes Network Services Manager, which lets customers order network resources -- like VLANs -- from a self-service portal. Cisco says NSM provides the foundation for network-as-a-service in future releases of IAC.

Version 3.1 of IAC is consistent with Cisco's intent to manage multiple cloud environments such as OpenStack, Amazon EC2 and VMware vCloud Director.

Read more about data center in Network World's Data Center section.

Google Earth 7 adds more 3D imagery to desktop app

Google has updated the desktop version of Google Earth with 3D imagery that was previously only available to mobile users of the mapping program. A new tour guide feature--also included in the Google Earth update--allows you to fly over given areas where Google has prepared guided tours.

Google Earth 7 now has 3D imagery of Boulder, Boston, Charlotte, Denver, Lawrence, Long Beach, Los Angeles, Portland, San Antonio, San Diego, Santa Cruz, Seattle, Tampa, Tucson, Rome and the San Francisco Bay Area (including the Peninsula and East Bay). The application also provides 3D coverage of metropolitan regions in Avignon, France; Austin, Texas; Munich, Germany; Phoenix, Arizona; and Mannheim, Germany.

These are the same areas with 3D imagery on Google Earth for iOS and Android. "The experience of flying through these areas and seeing the buildings, terrain and even the trees rendered in 3D is now consistent across both mobile and desktop devices," Peter Birch, Google Earth Product Manager, wrote in a Wednesday blog post. When zooming in, the viewing angle in the desktop version of Google Earth now tilts at a higher elevation in order to showcase 3D imagery.

The other new feature in Google Earth 7 is tour guide. Instead of searching for tours, thumbnails highlighting pre-created tours for any area you're viewing in Google Earth appear at the bottom of the screen. When you go on a tour, you get a flyover of historical and cultural sites nearby, whether it's Rome, the Great Wall of China, or Stonehenge. There are more than 11,000 of such guided tours, including for all the cities with 3D imagery. Guided tours also include factoid popovers pulled from Wikipedia.

Google Earth 7 is a free download for both Windows and Mac users.

Hottest Android news and rumors for the week ending Nov. 2

Although Google had to call off its formal Android event due to a historic hurricane slamming into the Eastern Seaboard, all of the major announcements it had been planning were nonetheless made online. In case you haven't been paying attention, that means the LG Nexus 4, Samsung Nexus 10, updated Nexus 7 and -- last but not least -- Android 4.2 were all released as predicted.

HAPPY BIRTHDAY, ANDROID: Android turns 5: A look back

STORMS: Hurricane Sandy shuts down Google's Android event

Probably the biggest news from that set of announcements, though, is the release of a brand-new Nexus phone -- from LG, no less, a company not noted for its Android updating prowess. The Nexus 4 is a hugely impressive phone, and would have quickly become a new standard for top-end Android devices, but for one major flaw -- it doesn't support 4G/LTE, and you can't use it on Sprint or Verizon. Given the amount of flak Android fans aimed at Apple for not introducing 4G until this fall's iPhone 5, this retrograde step is a serious embarrassment.

Yes, it's incredibly difficult to negotiate the carrier minefield. Yes, Google's had huge issues getting Verizon to update its phones as quickly as it should. But to simply step back and say "screw it, we're not even going to try" seems like an admission that the Nexus program isn't a serious attempt to showcase the virtues of Android as a platform.

Of course, the argument could be made that Google doesn't really need to sell anybody on pure Android anymore, given its enormous market share in the smartphone sector. And with the increasing omnipresence of Wi-Fi, it's debatable how much is actually lost by not including 4G. Even so, this doesn't feel like a great step forward for Android.

*

The Nexus 10 doesn't have 4G either -- or any mobile data, for that matter -- but it seems like a much more positive development for Android, for two simple reasons: It has a bigger, higher-resolution screen than even the latest iPad, and it's cheaper. My take on tablets has always been that the display accounts for about two-thirds of what makes them good or bad, given that they're primarily entertainment devices at this point, and Samsung has really pushed the envelope with the Nexus 10. To put it another way, it would need to have something else very wrong with it to make it a less attractive option than the iPad, given the low price and slick display.

Then again, Android phones maintained a small but meaningful technological lead over the iPhone for months before the iPhone 5 came out, but that didn't stop Apple from selling its products by the million. It'll be important for Android developers to close the gap on iOS in terms of tablet-ready applications.

*

As expected, Google also refreshed the Nexus 7 lineup, adding a 32GB model and optional HSPA+ connectivity. The prices also changed -- a 16GB Nexus 7 is now $199, the 32GB Wi-Fi-only model is $249, and the 32GB with cellular data retails for $299. By comparison, a 16GB Wi-Fi-only iPad Mini is $329. Ouch.

*

Android 4.2, or "not Key Lime Pie," is an incremental update that nonetheless provides some cool new options. The introduction of built-in gesture typing -- which should be very familiar to anyone who uses Swype -- is a major plus, as are the improvements to Google Now and performance tweaks. Photo Sphere is undeniably impressive, even though I don't see it getting a lot of day-to-day use, and actionable notifications are very slick, as well.

*

Samsung just does not stop launching new phones -- this week's entry is the Galaxy Premier, which is basically a Galaxy S III with slightly watered-down internals and Jelly Bean out of the box. Unfortunately for U.S. consumers who might be interested in a cut-price Galaxy S III, the Premier is currently only available in Eastern Europe, and no plans for a North American release have been detailed.

*

Samsung may also be preparing to release a 7.7-inch Galaxy Note tablet, according to documentscited by The Droid Guy. Little is known about the device or its potential capabilities, however, and The Droid Guy notes that it may not even be slated for release in the U.S.

*

I'm hoping Intel's new foray into the Android world -- in the form of the Motorola RAZR i -- will continue, if only because I'd really like to have a phone with this 48-core monstrosity of a processor powering it. As the folks quoted in the article point out, however, making sure there's software out there that can take advantage of such a processor is easier said than done, and the whole thing is pretty much still on the drawing board anyway.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about anti-malware in Network World's Anti-malware section.

Dell testing 64-bit ARM server with chip from AppliedMicro

Dell has built a prototype server based on a 64-bit ARM processor from Applied Micro Circuits, which showed the system at a conference in Silicon Valley on Thursday.

Dell has already said it was testing servers based on 32-bit ARM chips from Marvel and Calxeda, but this is the first time it has shown any hardware based on a 64-bit ARM processor. Sixty-four-bit chips are generally better suited to server use than 32-bit parts.

Proponents say ARM chips will be more energy efficient than x86 processors that Intel makes for certain cloud and analytics workloads, but the market is in its early stages, with plenty of hardware and software development work to be done. Analysts estimate the first 64-bit ARM servers won't actually hit the market before 2014.

AppliedMicro hosted a session on Thursday at ARM's TechCon conference, where it tried to illustrate how various elements of the 64-bit ARM server "ecosystem" are coming together.

It was joined by representatives from Red Hat and Cloudera, both of whom said they'll have software ready for testing on 64-bit ARM chips next year. Oracle was also there, pledging a version of Java SE for 64-bit ARM processors, though it didn't give a timeframe.

AppliedMicro CEO Paramesh Gopi, in full showman mode, pulled away a black cloth cover to reveal the Dell server at the end of his talk. He didn't describe it in any detail but it appeared to be a two-rack-unit chassis with four or five individual servers, or "sleds," that slide into the frame.

The hardware was a prototype, and it's still unknown if Dell will actually sell an ARM-based server using AppliedMicro technology. Dell is experimenting with ARM components from several suppliers, and it was also at AMD's event Monday when it announced plans to build ARM-based server chips.

"We don't have any plans to make generally available an ARM-based server right now -- that includes the Applied Micro-based prototype you saw," Dell spokeswoman Erin Zehr said via email. "We're currently focused on ecosystem enablement -- giving developers access to clusters so they can test or write to ARM," she said.

The processor inside the Dell system, which AppliedMicro called an "X-Gene" processor, was also an early prototype. Gopi said X-Gene parts will be ready for customers to begin testing in the first quarter next year, with commercial products coming later in 2013.

But AppliedMicro does now have actual prototype silicon, which is a step up from the HotChips conference in August, when it showed a server board with a mock-up chip.

It demonstrated its hardware in action Thursday. It showed a website running on what Gopi said was a prototype X-Gene server built by AppliedMicro and located in a remote data center. He streamed a trailer for the new James Bond film, which appeared to run smoothly.

"We are literally months away, ladies and gentlemen," he said. "In Q1 next year, you'll have not only silicon but also the software I just showed you and systems to go around it." He was still referring to prototype systems, however.

Gopi also unveiled three server reference designs that AppliedMicro has come up with, to show server makers what they can build. They're dubbed X-Memory, X-Compute and X-Storage, depending on the target application.

The X-Storage system is aimed at Hadoop-type analytics applications, and combines a sea of hard disks with a single X-Gene server board. It had a total 36TB of storage, Gopi said.

ARM offers two types of licenses for its chip designs. Companies can buy an architectural license, as AppliedMicro did, and design their own processor from scratch. That allows for greater customization, but takes more time and money. They can also buy a license for a finished processor design.

ARM unveiled its 64-bit architecture, ARMv8, at last year's TechCon. The news earlier this week was that ARM has now released its first 64-bit processor designs, the Cortex-A57 and A53. Chips based on those designs could appear by the end of this year.

James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James's e-mail address is james_niccolai@idg.com

China's Baidu and Qihoo 360 sign pact meant to resolve dispute

Chinese Internet giant Baidu and its rival Qihoo 360 signed an agreement on Thursday to compete fairly in China's search engine market, following a dispute between the two companies over search indexing.

The two companies, along with ten other Internet search providers, signed a "self-regulation pact" sponsored by the Internet Society of China, an industry trade group, which received support from Chinese government regulators for drafting the pact.

Qihoo 360's new search engine was launched in August and is now competing with Baidu's search services, which have long dominated the market with over 70 percent share.

A key section of the pact requires the Chinese Internet firms to abide by a robot exclusion protocol, a convention widely used by companies to prevent others from accessing certain parts or the entirety of a website.

Baidu alleges Qihoo 360's search engine has violated its robot exclusion protocol by indexing its Web pages, such as its encyclopedia and question-and-answer sites, without its permission.

To fight back, Baidu filed a lawsuit against Qihoo 360 last month, claiming that the company is illegally using and reproducing its content, and asking for 100 million yuan (US$15.9 million) in compensation. In its defense, Qihoo 360 has said it should be given access to Baidu's product pages, equating them to a public resource.

The pact signed by the two companies, however, is limited in scope and power. If a company is found in violation, the Internet Society of China will issue a warning and make a public condemnation in the media.

The agreement is more of a symbolic effort to tone down Baidu's dispute with Qihoo 360, which risked escalating, said Zhao Zhanling, an expert on China's information technology law.

The language in the pact does not side with Baidu or Qihoo 360 in their dispute, Zhao said. It states the Internet firms must observe the robot exclusion protocol, but also aims to ensure that the protocol is used to fairly promote the free flow of information.

"I think the pact is trying to find a balance," Zhao said. "The pact has no power backed by law, it's more about trying to get everyone on the same page."

Both Baidu and Qihoo 360 said they support the self-regulation pact.

"(It) has for the first time highlighted the critical role that the Robots protocol plays in regulating the Internet search industry, and its significance to the healthy development of the search sector," Baidu said in a statement.

Qihoo 360 said in an email, "We believe the agreement is positive for China's search market. The move will create a more open and fair competitive landscape, which will benefit the smaller guys over time."

The two companies declined to comment on the lawsuit.

The Launch of Joomla 3.0: Another Progressive Jump

The developers of Joomla have launched Joomla version 3.0 of CMS. This is noticed to be the progressive jump for open source CMS and is justified on the basis of the new and exciting features Joomla 3.0 is offering.

Moreover, there are templates for administration interface and many websites which conform to responsiveguidelines for web designs and generate fine results on mobile devices and large screens as well.

Joomla Platform

The Joomla Platform was upgraded to 12.2 version. The installation at web site is a simple three step process and easy to utilize. It also comprises of numerous sets of data which are there at the time of installation and utility.

Administrator Template of Joomla 3.0

Detectibly different in looks and style from that of the forerunners, the innovative administrator template is called Isis, named after goddess of Egypt. This administrator template and interface of Joomla 3.0 can function on the mobile devices as well with a smaller screen display, whereas this wasn’t the case with Bluestork template of Joomla 2.5.

The Bootstrap HTML5 Framework

There is a new inclusion of sidebar with items of menu as Joomla 3.0 has employed HTML5 Bookstrap framework and there is a flexible lattice draft and layout. The menu items are harmonized by drop down lists from display at the page top.

The settings of global system can be accessed by clicking the configuration tab. The useable settings are arranged together and many options are displayed in the sidebar. There are small buttons for different new features which can be seen when the items and categories are edited.

Other than Protostar, there is a standard template offered by Joomla 3.0 which is usable for the mobile devices as well.

Backward Compatible Joomla 3.0

Joomla 3.0 has backward compatibility and for this Mootools JavaScript framework has been included in it. However, it might be excluded from Joomla.

Upgrading to Joomla 3.0

Joomla 3.0 necessitates PHP 5.3.1 and MySQL 5.1. The PostgreSQL is also used. With the use of feature of backend’s auto-update, upgrade from Joomla 2.5.x is done simply.

Basically, there aren’t any complications due to upgrading in the installation of Joomla. But this might occur when the extensions and templates are installed.

It is important to have slow and steady update. Like, there can be auto updating of versions1.6 and 1.7 to 2.5.x and after that to version 3.0. With JUpgrade extension, the Joomla 1.5.xcan be firstly updated to 2.5 version.

• Read about Joomla 3.0 Requirements here.

The Major Progress for the Open Source CMS

There are no improvements and progression expected for Joomla 2.5 by the developers and security linked updates will be released only, but this will start in June 2014 because there is a long standing support of 18 months for version 2.5.

The Joomla 1.5 support has come to an end due to Joomla 30 release. However, the developers suggest the users to remain with 2.5 version if they don’t specifically want new features of Joomla 3.0.

Can Citrix Make Any Windows App or Desktop a Cloud Service?

Citrix is focused on helping enterprises deal with the challenge of running desktops and applications in a new mobile-centric world where tablets and smartphones proliferate.

"The technologies that we have, including application and desktop virtualization, allow companies to deliver applications to any type of device with control and security," says CTO Martin Duursma.

The Company: Citrix Systems

Headquarters: Santa Clara, Calif.

Employees: 6,936

2011 Revenue: $2.21 billion

CEO: Mark Templeton

What They Do: Citrix offers products for virtualizing desktops, servers and applications, along with products for building private or public clouds. The lineup includes XenDesktop for desktop virtualization, NetScaler for cloud networking, and CloudPlatform for cloud computing. Its portfolio also includes GoTo collaboration services.

In addition, Citrix will be rolling out Project Avalon, which aims to transform any Windows application or desktop into a cloud service that's delivered across any network, to any device. It will also offer integrated management.

"Just like cloud platforms allow enterprises to industrialize the way that enterprises do compute and storage workloads, Avalon is bringing some of that technology to Windows applications and desktops," says Duursma.

The Catch: Complexity

Citrix's biggest strength is that it offers multiple delivery models for applications and desktops. But that flexibility comes at a cost, since enterprises have to use multiple consoles to manage those technologies. That is Citrix's biggest weakness, according to Brett Waldman, an analyst at IDC (a unit of CIO's parent company).

Nathan Hill, an analyst at Gartner, agrees: "The feedback we are getting is that it can still be quite complex to configure and deploy a Citrix architecture."

Project Avalon aims to fix this. A recent IDC report said that the cloud offering "will finally bring a unified interface to managing the different client virtualization products Citrix has created or acquired." But it remains to be seen how well Citrix can execute that vision.

While there is a lot of customer interest in running desktops in the cloud, software licensing has to change. "One of the big barriers to any service provider trying to offer a virtualized desktop service is how Microsoft licenses access to a Windows OS," Hill says.

Project Avalon Gets Personal

Citrix claims that Project Avalon will allow CIOs to rapidly deploy personalized Windows applications and desktops in a private cloud across multiple sites, and to use public clouds in a capacity-on-demand fashion to support business initiatives such as business continuity, offshoring projects, or integrating mergers and acquisitions.

And unlike vanilla desktop-as-a-service offerings, Citrix says, Project Avalon will deliver a personalized workspace to end users by ensuring that user profiles, settings and application data are securely delivered to every user.

"I saw a demo of Project Avalon and thought it was pretty cool," says Chris Moses, CTO at independent broker-dealer E.K. Riley Investments.

Running cloud-based desktops is an attractive proposition. Desktops require a lot of IT infrastructure, and being able to leverage cloud vendors' IT capacity and robustness would be a huge benefit, according to Moses.

However, security requirements will make it hard for a firm like E.K. Riley to move its desktops to the cloud, he cautions. "So while I like the Project Avalon concept, it's going to be hard for us to fully embrace something like that," Moses says.

VMware beefs up its app data management tools

Seeking to firm its position in the budding application data management space, VMware today released the latest upgrade to its vFabric GemFire product that enhances administrative controls, provides a new interface and aims to make it easier for applications to handle larger amounts of data faster than previous versions.

GET YOUR GEEK ON: The Geek Skills Challenge: 9 talents worth mastering

VMware is perhaps best known for its virtualization products, including vSphere and its ESX hypervisor. Dave McJannet, a director at VMware, says the company's cloud application services group is another big focus for VMware. Today's update to vFabric GemFire 7.0 fits in with the company's other application management initiatives, such as Project Serengeti, which focuses on optimizing Hadoop clusters to run on virtualized environments, and around it's vFabric SQLFire product, which is an accompanying tool to vFabric GemFire. "It really underpins the investments VMware is making in data management, which we see as a significant to our business group's focus," McJannet says.

SANDY'S AFTERMATH: Hurricane Sandy takes websites down

MORE HADOOP: updates from Cloudera, MapR, Splunk

VMware acquired the GemFire product line from Gemstone Systems in 2010. It's classified as an in-memory data grid (IMDG), which is basically an all software distributed in-memory, NoSQL database management tool. SQLFire is similar but for structured data. The key part about IMDGs is that data is stored in the main memory of one or multiple computers on a network. "This is all about how to get data in and out of apps quickly," McJannet says. "It's very good at processing data quickly."

Getting lots of data quickly is exactly what big data analytics apps need, as well as apps that store large amounts of transient data that may be latency-sensitive. Credit card processing apps use IMDGs, as do e-commerce apps to store users' "shopping cart" information. It's also used in online gaming, trading, banking, fraud detection and "other applications with demanding performance and scalability requirements," says Gartner VP Massimo Pezzini. It could grow from a $260 million market to reach $1 billion by 2016/2017, he predicts.

VMware's not alone in it, though. Oracle with Coherence, IBM with WebSphere eXtreme Scale, Software AG and others compete in the market. The predominant IMDG tool, though, Pezzini says, is the open source Memcached, which is a bare-bones version that does not provide replication of data across a computer network or transaction management capabilities.

That's where companies like VMware and others look to step in to offer proprietary versions of IMDG tools that provide a simpler interface, administrative tools and monitoring services. Those are two of the biggest areas VMware has improved upon in the 7.0 release of GemFire, Pezzini says. The simplified administration "is important because monitoring, management and administration are nightmares in large scale IMDG deployments."

The 7.0 release also provides improved support for replication over wide-area network, Pezzini says. "This is critical for disaster recovery across multiple data centers, synchronization between on-premises and cloud and to support around-the-clock, around-the-world operations," he notes. VMware also added further support for JSON and Spring, which are used widely in mobile app development communities. And perhaps most impressive, VMware has scaled up GemFire's capacity. "We really wanted to address requirements of scale," McJannet says, noting that some users question if IMDGs are ideal for large-scale data uses. GemFire 7.0 has been tested with up to 4TB of data in memory, he says.

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.

Read more about data center in Network World's Data Center section.