Microsoft slates first Windows 8, RT patches since launch

Microsoft today announced it will issue six security updates next week, including three for Windows 8 and its tablet spin-off Windows RT.

The half-dozen updates will patch 19 vulnerabilities in Windows, Internet Explorer (IE) and the .Net framework.

The four critical updates -- the highest threat ranking in Microsoft's four-step system -- will patch 13 bugs, including an unknown number in Windows Server 2012, Windows 8 and Windows RT, the operating system that powers Microsoft's own Surface RT tablet, according to the advance warningMicrosoft published Thursday.

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. While Microsoft had previously issued patches for the new OSes, all but a September "out-of-band" fix for IE tackled problems in its unfinished previews, not the final code.

But Andrew Storms, director of security operations at nCircle Security, downplayed the patches for Windows 8 and Windows RT.

"I'd be more worried if they didn't patch them right off the bat," said Storms. "They've had them in development so long, someone should have found a bug by now. And it shouldn't be surprising.... We all know that everything has bugs, even the newest software."

Another researcher agreed. "This may come as a surprise to many who expected that Windows 8 [would] be much more secure than legacy versions," said Marcus Carey of Rapid7 in an email. "The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues."

The update slated for IE is among the critical quartet, and will address one or more vulnerabilities in IE9, now the second-newest browser in Microsoft's stable. IE9 runs only on Windows 7 and Windows Vista.

IE6, IE7 and IE8 -- all which run on the 11-year-old Windows XP -- will not be patched; nor will IE10, the just-released browser bundled with Windows 8 and Windows RT.

"What did they add in IE9 that wasn't in the earlier versions?" Storms asked. "What went wrong?"

Although Storms held off predicting that the IE9 update will be the one to patch first next week -- he said he was concerned about Bulletin 4, which will address unknown bugs in the .Net development framework -- Carey was not hesitant to call a winner in that dubious sweepstakes.

"This will be the top priority for both businesses and consumers since an attacker would be able to compromise their system if the user visits a malicious Web page," Carey said.

According to Carey, the IE9 bug can be used in "drive-by" exploits, those that only require a user be tricked into browsing to an unsafe website.

Web metrics company Net Applications has estimated that IE9 accounted for about 38% of all versions of IE used last month, second only to IE8, which owned a 45% share of the Microsoft browser base.

Next week's IE update will be the first since Microsoft delivered a rush patch to stymie active attacksexploiting a bug. The Sept. 21 out-of-band update, which also included fixes for several other vulnerabilities, had been originally slated to ship two weeks later.

Another update, pegged "moderate" by Microsoft, will patch four flaws in Office's Excel spreadsheet. All still-supported versions of the suite -- ranging from Office 2003 to Office 2010 on Windows, and Office 2008 and Office 2011 on OS X -- will receive the update.

And Storms wondered what Microsoft would reveal next week about Bulletin 4, today's label for an update to the .Net framework within all versions of Windows. Windows RT's Bulletin 4 patch was rated "important," but fixes for all other versions, including Windows 8 and Server 2012, were pegged critical.

"Bulletin 4 could take the cake next week," said Storms. ".Net is so ubiquitous, used not only in software but also in Web services. And who knows where the bug is?"

Microsoft will release the six updates at approximately 1 p.m. ET on Nov. 13.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Google cleans up search page, eyes mobile users

Have you noticed a change in the look of Google's search results page?

Well, you might not have. Google tweaked the look of its search results page a few days ago, giving it a cleaner, simpler look. However, it's not a change that will jump out at you.

Google wants to optimize its search pages for its growing base of mobile users, and it's a pretty subtle shift.

"It does look cleaner. The text is bigger and I like that," said Ezra Gottheil, an analyst with Technology Business Research. "I didn't notice the change before but I do prefer it."

On Tuesday, Tamar Yehoshua, a search director at Google, wrote in a blog post that changes have been made to Google's search results pages.

"We've been working on ways to create a consistent search experience across the wide variety of devices and screen sizes people use today," Yehoshua wrote. "We started with tablets last year, got it to mobile phones a few weeks ago, and are now rolling out to the desktop."

With the new design, Google was trying to create "a bit more breathing room," she wrote.

Two years ago, Google added a sidebar on the left side of the search results page, offering users shortcuts to News, Images and other options. That left-hand column has been replaced by similar tabs that sit above the search results.

So why such a simple change? Gottheil said Google is focused on making the search experience similar whether a user is on a desktop, smartphone or tablet. It's also an effort to provide busy mobile users with a clean screen.

"Mobile is critically important," Gottheil said. "Google's raw material is the total time people spend using the Web, and an increasing percentage of that time is spent with mobile devices. It needs to be cleaner. You can't waste the left margin on smaller screens."

Google isn't the only Internet company working on how to best handle its burgeoning base of mobile users.

Facebook has been struggling to harness its huge mobile base. In documents filed as part of its initial public offering this past summer, Facebook categorized mobile as one of the big risks facing the company.

The question most companies are dealing with is how to get ads in front of mobile users without alienating them with a cluttered screen and slow response time. That's an especially big problem with mobile users who are trying to get information while they're on the go.

Read more about internet search in Computerworld's Internet Search Topic Center.

VMware releases micro version of Cloud Foundry PaaS

Everything in the cloud seems to be getting bigger or smaller. VMware today went the small route, releasing a micro version of the company's popular open source platform as a service (PaaS), Cloud Foundry.

The claim to fame for Micro Cloud Foundry is that it can be deployed on a single virtual machine. In ablog post announcing the new version, VMware says it's ideal for developers who want to launch an application that's still under development to test it out, for example.

MORE VMWARE: VMware CTO: Adapt, enable choice, or die 

MORE CLOUD: Gartner's Magic Quadrant is a who's who of the cloud market 

Cloud providers seem to be constantly tweaking their offerings in an effort to expand their product portfolio and the easiest ways to do that are to take existing products and either give them added capacity, or shrink them down into smaller, bite-sized chunks. VMware took the latter approach with today's release.

In contrast, Amazon Web Services recently announced two new types of virtual machines instances for its cloud, both of which are high input/output versions of its popular Elastic Cloud Compute (EC2) offering. At the time, independent analyst Paul Burns noted that adding capacity to existing products not only allows businesses like Amazon to have more products, but it allows customers to have instance types that more closely align with their computing needs.

In that aspect, creating a micro instance of Cloud Foundry seems like a natural move. As a PaaS, Cloud Foundry is used by developers as a cloud-based tool for creating and deploying applications. Traditionally these PaaS deployments live on large cloud environments made up of multiple virtual machines. But a micro instance, like the one released by VMware today, gives another tool for a developer to more easily test and play around with Cloud Foundry on a single machine.

MORE VMWARE: VMware updates app data management tools 

VMware says Micro Cloud Foundry will have all the same features and functionality of the regular Cloud Foundry, the only limitation will be the power of the single VM that it runs on. In addition to announcing the micro version today, VMware also announced new features that will come with the Micro Cloud Foundry release. These include support for standalone apps, and enhanced support for various programming languages, including Ruby, Java and Node.js.

VMware says it will continue to update Micro Cloud Foundry on the same release cycle as its parent product, and promised to continue to improve Micro Cloud Foundry by further improving automation of tasks within the PaaS.

Cloud Foundry is used by a variety of cloud computing companies as a PaaS extension to their infrastructure as a service offering. Piston Cloud Computing, the OpenStack cloud platform, for example, uses Cloud Foundry to provide customers with a PaaS.

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.

Windows 8 Update: Microsoft's Surface RT has a higher profit margin than the iPad

Microsoft stands to make $30.85 more per Surface RT tablet with keyboard than Apple does with a similar 32G iPad without a keyboard, according to iSuppli teardown analyses.

A Microsoft Surface RT tablet with a Touch keyboard costs $284 to manufacture; it sells for $599, iSuppli says. Without the keyboard it retails for $499. The keyboard itself costs $16 6o $18 to manufacture.

A similar New iPad costs $332.85 to manufacture, comes with no keyboard and retails for $599, according to an iSuppli teardown.

FIRST LOOK: Windows 8 Surface RT 

Not including the cost of software that means the profit margin on a Surface RT is $297 vs $266.15 for a similar iPad that comes without a keyboard.

So Microsoft is charging the same premium price for Surface RT, throwing in a keyboard and is still making more per device than Apple. Toss into the mix applications and services that customers might want to buy into and Surface becomes an even more potent revenue generator.

Windows 8 + tequila

Here's a link to a video of a woman exploring Windows 8 for the first time, having prepped for the experiment by downing a few tequilas. She's refreshingly honest but uses a few cuss words, so be warned. "That's really cute but can I actually just write the f@&*ing email?" she says.

Claim: Windows 8 cracked

French security research firm Vupen says it has found a way to execute code remotely on Windows 8 machines by exploiting vulnerabilities in both the operating system and Internet Explorer 10.

Apparently this means Vupen has found a way to get outside the sandbox IE 10 operates in to exploit a flaw it's found in Windows 8 itself, according to a story on CSO Online.

Microsoft didn't comment, saying Vupen hadn't shared details of the exploit, which makes sense since Vupen's business model is to sell the exploits it discovers to government agencies, businesses and the like.

Here's the explanation CSO offered about how Vupen broke Windows 8 security: "The exploit-mitigation technologies Vupen claimed to bypass were HiASLR (high-entropy Address Space Layout Randomization), AntiROP (anti-Return Oriented Programming), DEP (data execution prevention) and the IE 10 Protected Mode sandbox."

Despite this possible exploitation of Windows 8, the new operating system has a host of security improvements over its predecessors that make it a better security bet, experts say.

Oprah love

For what it's worth, Oprah Winfrey says she likes Surface RT well enough to place it on her annual Favorite Things list. She says she likes the kickstand, the keyboard, the inclusion of Skype and the weight of the device.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about data center in Network World's Data Center section.

Windows 8 gets first critical Patch Tuesday security bulletins

Windows 8 hasn't even been on sale for a month yet but is already the recipient of three critical securityupdates via Microsoft's monthly Patch Tuesday security bulletins, each of which will block flaws that allow remote execution of code on targeted machines.

That means flaws in the operating system can be exploited by an attacker without the user of the machine executing a program or opening a document.

LEARN: The Windows 8 FAQ 

WINDOWS 8 SECURITY: A no-brainer 

While the new operating system has been designed to be significantly more secure than its predecessors, it still contains legacy code from earlier operating systems, which may contribute to the problem, says Marcus Carey, a security researcher at Rapid 7.

Windows Server 2012 - another recent new Microsoft release - falls prey to the same vulnerabilities, according to the advanced notification the company issued about its November bulletins, which become available Tuesday.

"This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions," Carey says in a written statement. "The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues." Technical debt refers to outdated legacy code and in a security context it means vulnerable code.

In all there will be six security bulletins this month, four of them critical. Besides the three affecting Windows 8 and other Windows platforms, the fourth affects Internet Explorer 9 and could enable a man-in-the-middle attack leading to remote code execution. "Nothing is under active attack; however, this is a high priority update and should be considered the highest priority for those running Windows 7 or Vista," says Paul Henry, a security and forensic analyst with Lumension.

One of the critical bulletins deals with a vulnerability that exposes a system to remote code execution via the way the operating system kernel is used to render font types. Specially crafted fonts embedded in Web pages, for example, can generate exploits when they are rendered. Known as Windows True Type font parsing, these exploits have been described by US-CERT as part of Duqu malicious software.

Possible exploits include complete system compromise, installation of programs, viewing, changing, or deleting data, or the creation of new system accounts with full privileges, US-CERT says.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about wide area network in Network World's Wide Area Network section.

Huawei security chief: We can help keep U.S. safe from 'Net threats

ORLANDO, Fla. -- The chief security officer of Huawei, the Chinese company recently flagged by Congress as a national security threat, says the network equipment maker could actually help the United States defend itself against malicious Internet traffic.

BACKGROUND: U.S. House Intelligence report blasts Huawei, ZTE as national-security threats

HUAWEI: Separating fact from fiction

Andy Purdy, Huawei Technologies' CSO, spoke here today on a Cloud Security Alliance Congress panel of security experts from the U.S. government and industry that raised warnings about Chinese espionage across the Internet.

In representing the sole China-based company on the panel, Purdy said there are ongoing discussions between the U.S. and China on supply-chain safety, and private companies should be part of it. There should be "openness, transparency and freedom," he said.

"Part of the planning of the U.S. hopefully is collaboration with the private sector and part of the strategy should be planning how to block malicious traffic," said Purdy, adding ISPs could do that. He said: "It's disgraceful the government isn't doing anything to address the Internet underground."

Purdy pointed out that Huawei agreed with the U.S. administration about possible risks to the global supply chain. He noted that Huawei, with $32 billion in revenues, makes less than $2 billion in the U.S., but a third of its components come from the U.S., meaning thousands of U.S. jobs are supported.

Nevertheless, China has been stealing vast amounts of U.S. corporate intellectual property by breaking into networks, said Scott Borg, director and chief economist for the U.S. Cyber Consequences Unit, described as a research organization set up by the U.S. government specifically to look at the nature of cyberattacks and supply-chain safety issues.

"We're also finding malicious firmware in products from China," Borg said. "China and Chinese companies aren't playing by the same rules we are."

Borg said that research indicates that China, as a country rapidly climbing out of poverty into wealth, has done that largely by "copying the developed countries," and if someone doesn't hand you the basic technology to do this, you steal it. "Stealing is part of the national economic development model for China," he said. China has basically held its people hostage, encouraging them in this, in order to raise the standard of living, he continued.

However, Borg said other companies are tired of getting hacked and "taking it on the chin." He suggested there's now increasing interest in fighting back, and this would mean carrying out counter-strikes in some way.

Marcus Sachs, vice president for cybersecurity at Verizon, also on the panel, said the idea of hiring private armed guards to defend you is well-established in the physical world, and thus raises the question, "Why not do that in cyberspace?" But he pointed out that the armed guards in the physical world face limited distances in which to act, while in cyberspace you're across the planet within milliseconds. He said the idea of counter-strikes of any sort will come to deep consideration of policy issues.

John Streufert, director of the National Cybersecurity Division at the Department of Homeland Security, said offensive cybersecurity is the responsibility of the military in the U.S., and he said if citizens see specific threat problems they should report them.

But during a session later in the day, Streufert also described a long-planned DHS program called Continuous Monitoring. Coming soon will be a contract solicitation for managed security services called Continuous Diagnostics and Mitigation, including cloud-based services, to protect civilian federal agencies' data from stealthy attacks.

The Continuous Monitoring concept calls for a layer of sensors and scanners to check hardware and software used by the federal government for vulnerabilities.

A project expected to take the federal government a few years to complete, it would include a security dashboard view managed by Continuous Monitoring service providers that would likely be shared at the agency department level. Streufert called it a "cyberscope" for the federal agencies.

Streufert said the goal is to get the agencies away from the hugely expensive paper-based vulnerability reports they generate today that are seen as inefficient and untimely. The program could extend as well to state and local government agencies, he said, for an estimated total of up to 25 million seats.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Hottest Android news and rumors for the week ending November 9

It's been a busy week for Android news and gossip, with interesting information flying around about both hardware and software alike. Arguably the biggest news is the HTC Droid DNA - or possibly DLX - which is the first non-Motorola device to use the "Droid" moniker and the latest in the long-running series called "HTC is terrible at naming things."

ANDROID ASCENDANT: Samsung Galaxy S III is smartphone top seller - for the moment 

MORE MOBILE: Yawns may greet Microsoft Office port to iOS and Android

Unconfirmed but apparently widespread information posits that the DNA is going to be the U.S. release of HTC's high-powered J Butterfly smartphone, which was announced in Japan last month. If that's the case, the Android punditocracy is already predicting the Droid DNA will provide stiff competition to the Samsung Galaxy Note 2.

While most of the J Butterfly's components are standard for a top-of-the-line Android phone - quad-core processor, 2GB RAM, 8MP camera - its screen is anything but. Packing a whopping 1920x1080 display (yep, that's full HD, for those keeping score at home) into a 5-inch package is a truly impressive feat of engineering. HTC already has some of the best mobile screens on the U.S. market, and bringing the J Butterfly to the U.S. - even if the new name is just as silly - could extend that lead even farther.

The Droid DNA, or whatever it's going to be called, should run Jelly Bean out of the box. A joint HTC/Verizon announcement scheduled for Tuesday is rumored to be the official rollout of the device, which is said to be exclusive to that carrier.

As ever, it's disappointing that yet another impressive HTC phone will be restricted to a single carrier, but that just seems to be the way of things for the Taiwanese company, which is struggling mightily to regain lost marketshare in the Android sector.

*

Samsung, on the other hand, isn't having a lot of problems on that score - just today, researchers crowned the Galaxy S III the best-selling smartphone of the third quarter of 2012, eclipsing even theiPhone 4S. Of course, given that the iPhone 5 moved 6 million units in the few days it was on the market during the quarter, it seems unlikely that the GS III will stay in the top spot for long. Still, it's an impressive achievement.

The South Korean giant is also getting ready to debut a new mid-range smartphone on AT&T called the Galaxy Express. The Express has a last-gen, 800x480 screen and other less-than-impressive features - but for $99 with a two-year contract, you can't expect all the bells and whistles. This sort of seems like a compromise on bringing the Galaxy S III mini to the U.S., since it has similar features and won't confuse people who think they're getting a real flagship device.

*

The Verge reported yesterday that it had screenshots of a version of Microsoft Office for Android and iOS devices, saying that an official release of mobile MS Office will take place in early 2013.

While I still have fuddy-duddy questions about the utility of Word and Excel for mobile devices, I get that mobile productivity is likely to be a fairly big deal. And despite the fact that some nascent office options exist for Android, a fully functional Microsoft Office coming to the platform could shut them down quickly. If, that is, Microsoft does a good enough job with it.

*

German-language Android blog Android Schweiz (or Android Switzerland) has photographs of what it says is an upcoming Sony 5-inch smartphone with the same 1080p screen resolution as the aforementioned Droid DNA.

The blog also says it's got the microSD slot that fans are always clamoring for, though it doesn't have a removable battery.

(Hat tip: Android Central.)

*

A report from the Guardian earlier this week has anonymous Google sources saying that Apple is unlikely to approve a revamped Google Maps app for iOS, though there's no word on whether they were laughing really hard while doing so.

*

Read more about anti-malware in Network World's Anti-malware section.

Online Casino for Players

casinopal.net Please visit the site to play the Online casino. I have played more than 30 games on the site. You just need to deposit a certain amount and you can get bonus of $3200 free as welcome package. Online casino games Australia has a very nice great deal. Now what do you think? These games are for both Australian citizens as well as international players and it is completely legal.

Cisco's new management system simplifies control of thousands of servers

Cisco this week unveiled a new management system for its UCS servers that is designed to simplify management of thousands of servers spread across geographies and data centers, from a single pane of glass.

UCS Central lets IT managers control a globally distributed UCS infrastructure comprised of multiple domains, with the ability to ensure service and configure service profiles, ID pools, policies and firmware, Cisco says. UCS Central also has an XML API for integration with third-party systems management and cloud orchestration tools.

DIRECTION: Guide to Cloud Management Software

Cisco's existing UCS Manger product governs a single domain, made up of UCS Manager and all the UCS server and network access components it manages. UCS Central requires UCS Manager for local domain management while UCS Central provides tiered management for the global infrastructure.

UCS Central also aggregates server inventory, fault information and notifications across multiple domains to facilitate service assurance of the UCS infrastructure. The XML API also integrates Cisco's Intelligent Automation application with UCS Central for the creation of global UCS service profile templates across data centers.

Third parties writing to the UCS Central API include Compuware, for control of application performance across data centers, private, public, and hybrid clouds; Cloupia, for the ability to replicate between multiple sites for disaster recovery; Zenoss, for discovery, monitoring and managing UCS performance and capacity utilization; ScienceLogic, for surveillance of multi-tenant data centers; and Splunk, for gleaning operational intelligence from Big Data generated by thousands of UCS servers.

Cisco also enhanced the single-domain UCS Manager with a new version of the product. Release 2.1 of UCS Manager allows for more simplified connectivity of Cisco C-series rack servers by adding features previously available only to blade form factors, such as reduced cabling and rapid application deployment, Cisco says.

UCS Manager 2.1 with the Cisco Virtual Interface Card (VIC) 1225 reduces the number of cables for virtual servers from nine down to two, Cisco says. The number of switches and adapters can also be reduced, the company says.

UCS Manager 2.1 also gives customers new storage topology choices, Cisco says. It supports multi-hop FCoE, for consolidation of LAN and SAN. FibreChannel zoning in UCS Manager 2.1 provides incremental scaling path with "pod" deployments requiring no SAN switches, Cisco says. And NetApp storage users can consolidate FCoE, iSCSI and NAS traffic on the same port and cable, the company says.

As of August 2012, there are more than 15,800 UCS customers, and more than half of the Fortune 500 have invested in the product, Cisco says.

Lastly, Cisco also enhanced its Intelligent Automation for Cloud management software with release 3.1. The 3.1 version of IAC features CloudSync, for cloud infrastructure discovery and resource tracking so administrators can assess resources and make necessary changes to optimize service delivery.

Another feature is Virtual Data Centers, designed for self-service provisioning and management of multiple virtual data centers -- not just virtual machines. These data centers span virtual and physical compute, through UCS Manager, and networking resources, and can be provisioned according to infrastructure consumption limits.

Version 3.1 also includes Network Services Manager, which lets customers order network resources -- like VLANs -- from a self-service portal. Cisco says NSM provides the foundation for network-as-a-service in future releases of IAC.

Version 3.1 of IAC is consistent with Cisco's intent to manage multiple cloud environments such as OpenStack, Amazon EC2 and VMware vCloud Director.

Read more about data center in Network World's Data Center section.

Google Earth 7 adds more 3D imagery to desktop app

Google has updated the desktop version of Google Earth with 3D imagery that was previously only available to mobile users of the mapping program. A new tour guide feature--also included in the Google Earth update--allows you to fly over given areas where Google has prepared guided tours.

Google Earth 7 now has 3D imagery of Boulder, Boston, Charlotte, Denver, Lawrence, Long Beach, Los Angeles, Portland, San Antonio, San Diego, Santa Cruz, Seattle, Tampa, Tucson, Rome and the San Francisco Bay Area (including the Peninsula and East Bay). The application also provides 3D coverage of metropolitan regions in Avignon, France; Austin, Texas; Munich, Germany; Phoenix, Arizona; and Mannheim, Germany.

These are the same areas with 3D imagery on Google Earth for iOS and Android. "The experience of flying through these areas and seeing the buildings, terrain and even the trees rendered in 3D is now consistent across both mobile and desktop devices," Peter Birch, Google Earth Product Manager, wrote in a Wednesday blog post. When zooming in, the viewing angle in the desktop version of Google Earth now tilts at a higher elevation in order to showcase 3D imagery.

The other new feature in Google Earth 7 is tour guide. Instead of searching for tours, thumbnails highlighting pre-created tours for any area you're viewing in Google Earth appear at the bottom of the screen. When you go on a tour, you get a flyover of historical and cultural sites nearby, whether it's Rome, the Great Wall of China, or Stonehenge. There are more than 11,000 of such guided tours, including for all the cities with 3D imagery. Guided tours also include factoid popovers pulled from Wikipedia.

Google Earth 7 is a free download for both Windows and Mac users.

Hottest Android news and rumors for the week ending Nov. 2

Although Google had to call off its formal Android event due to a historic hurricane slamming into the Eastern Seaboard, all of the major announcements it had been planning were nonetheless made online. In case you haven't been paying attention, that means the LG Nexus 4, Samsung Nexus 10, updated Nexus 7 and -- last but not least -- Android 4.2 were all released as predicted.

HAPPY BIRTHDAY, ANDROID: Android turns 5: A look back

STORMS: Hurricane Sandy shuts down Google's Android event

Probably the biggest news from that set of announcements, though, is the release of a brand-new Nexus phone -- from LG, no less, a company not noted for its Android updating prowess. The Nexus 4 is a hugely impressive phone, and would have quickly become a new standard for top-end Android devices, but for one major flaw -- it doesn't support 4G/LTE, and you can't use it on Sprint or Verizon. Given the amount of flak Android fans aimed at Apple for not introducing 4G until this fall's iPhone 5, this retrograde step is a serious embarrassment.

Yes, it's incredibly difficult to negotiate the carrier minefield. Yes, Google's had huge issues getting Verizon to update its phones as quickly as it should. But to simply step back and say "screw it, we're not even going to try" seems like an admission that the Nexus program isn't a serious attempt to showcase the virtues of Android as a platform.

Of course, the argument could be made that Google doesn't really need to sell anybody on pure Android anymore, given its enormous market share in the smartphone sector. And with the increasing omnipresence of Wi-Fi, it's debatable how much is actually lost by not including 4G. Even so, this doesn't feel like a great step forward for Android.

*

The Nexus 10 doesn't have 4G either -- or any mobile data, for that matter -- but it seems like a much more positive development for Android, for two simple reasons: It has a bigger, higher-resolution screen than even the latest iPad, and it's cheaper. My take on tablets has always been that the display accounts for about two-thirds of what makes them good or bad, given that they're primarily entertainment devices at this point, and Samsung has really pushed the envelope with the Nexus 10. To put it another way, it would need to have something else very wrong with it to make it a less attractive option than the iPad, given the low price and slick display.

Then again, Android phones maintained a small but meaningful technological lead over the iPhone for months before the iPhone 5 came out, but that didn't stop Apple from selling its products by the million. It'll be important for Android developers to close the gap on iOS in terms of tablet-ready applications.

*

As expected, Google also refreshed the Nexus 7 lineup, adding a 32GB model and optional HSPA+ connectivity. The prices also changed -- a 16GB Nexus 7 is now $199, the 32GB Wi-Fi-only model is $249, and the 32GB with cellular data retails for $299. By comparison, a 16GB Wi-Fi-only iPad Mini is $329. Ouch.

*

Android 4.2, or "not Key Lime Pie," is an incremental update that nonetheless provides some cool new options. The introduction of built-in gesture typing -- which should be very familiar to anyone who uses Swype -- is a major plus, as are the improvements to Google Now and performance tweaks. Photo Sphere is undeniably impressive, even though I don't see it getting a lot of day-to-day use, and actionable notifications are very slick, as well.

*

Samsung just does not stop launching new phones -- this week's entry is the Galaxy Premier, which is basically a Galaxy S III with slightly watered-down internals and Jelly Bean out of the box. Unfortunately for U.S. consumers who might be interested in a cut-price Galaxy S III, the Premier is currently only available in Eastern Europe, and no plans for a North American release have been detailed.

*

Samsung may also be preparing to release a 7.7-inch Galaxy Note tablet, according to documentscited by The Droid Guy. Little is known about the device or its potential capabilities, however, and The Droid Guy notes that it may not even be slated for release in the U.S.

*

I'm hoping Intel's new foray into the Android world -- in the form of the Motorola RAZR i -- will continue, if only because I'd really like to have a phone with this 48-core monstrosity of a processor powering it. As the folks quoted in the article point out, however, making sure there's software out there that can take advantage of such a processor is easier said than done, and the whole thing is pretty much still on the drawing board anyway.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about anti-malware in Network World's Anti-malware section.

Dell testing 64-bit ARM server with chip from AppliedMicro

Dell has built a prototype server based on a 64-bit ARM processor from Applied Micro Circuits, which showed the system at a conference in Silicon Valley on Thursday.

Dell has already said it was testing servers based on 32-bit ARM chips from Marvel and Calxeda, but this is the first time it has shown any hardware based on a 64-bit ARM processor. Sixty-four-bit chips are generally better suited to server use than 32-bit parts.

Proponents say ARM chips will be more energy efficient than x86 processors that Intel makes for certain cloud and analytics workloads, but the market is in its early stages, with plenty of hardware and software development work to be done. Analysts estimate the first 64-bit ARM servers won't actually hit the market before 2014.

AppliedMicro hosted a session on Thursday at ARM's TechCon conference, where it tried to illustrate how various elements of the 64-bit ARM server "ecosystem" are coming together.

It was joined by representatives from Red Hat and Cloudera, both of whom said they'll have software ready for testing on 64-bit ARM chips next year. Oracle was also there, pledging a version of Java SE for 64-bit ARM processors, though it didn't give a timeframe.

AppliedMicro CEO Paramesh Gopi, in full showman mode, pulled away a black cloth cover to reveal the Dell server at the end of his talk. He didn't describe it in any detail but it appeared to be a two-rack-unit chassis with four or five individual servers, or "sleds," that slide into the frame.

The hardware was a prototype, and it's still unknown if Dell will actually sell an ARM-based server using AppliedMicro technology. Dell is experimenting with ARM components from several suppliers, and it was also at AMD's event Monday when it announced plans to build ARM-based server chips.

"We don't have any plans to make generally available an ARM-based server right now -- that includes the Applied Micro-based prototype you saw," Dell spokeswoman Erin Zehr said via email. "We're currently focused on ecosystem enablement -- giving developers access to clusters so they can test or write to ARM," she said.

The processor inside the Dell system, which AppliedMicro called an "X-Gene" processor, was also an early prototype. Gopi said X-Gene parts will be ready for customers to begin testing in the first quarter next year, with commercial products coming later in 2013.

But AppliedMicro does now have actual prototype silicon, which is a step up from the HotChips conference in August, when it showed a server board with a mock-up chip.

It demonstrated its hardware in action Thursday. It showed a website running on what Gopi said was a prototype X-Gene server built by AppliedMicro and located in a remote data center. He streamed a trailer for the new James Bond film, which appeared to run smoothly.

"We are literally months away, ladies and gentlemen," he said. "In Q1 next year, you'll have not only silicon but also the software I just showed you and systems to go around it." He was still referring to prototype systems, however.

Gopi also unveiled three server reference designs that AppliedMicro has come up with, to show server makers what they can build. They're dubbed X-Memory, X-Compute and X-Storage, depending on the target application.

The X-Storage system is aimed at Hadoop-type analytics applications, and combines a sea of hard disks with a single X-Gene server board. It had a total 36TB of storage, Gopi said.

ARM offers two types of licenses for its chip designs. Companies can buy an architectural license, as AppliedMicro did, and design their own processor from scratch. That allows for greater customization, but takes more time and money. They can also buy a license for a finished processor design.

ARM unveiled its 64-bit architecture, ARMv8, at last year's TechCon. The news earlier this week was that ARM has now released its first 64-bit processor designs, the Cortex-A57 and A53. Chips based on those designs could appear by the end of this year.

James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James's e-mail address is james_niccolai@idg.com

China's Baidu and Qihoo 360 sign pact meant to resolve dispute

Chinese Internet giant Baidu and its rival Qihoo 360 signed an agreement on Thursday to compete fairly in China's search engine market, following a dispute between the two companies over search indexing.

The two companies, along with ten other Internet search providers, signed a "self-regulation pact" sponsored by the Internet Society of China, an industry trade group, which received support from Chinese government regulators for drafting the pact.

Qihoo 360's new search engine was launched in August and is now competing with Baidu's search services, which have long dominated the market with over 70 percent share.

A key section of the pact requires the Chinese Internet firms to abide by a robot exclusion protocol, a convention widely used by companies to prevent others from accessing certain parts or the entirety of a website.

Baidu alleges Qihoo 360's search engine has violated its robot exclusion protocol by indexing its Web pages, such as its encyclopedia and question-and-answer sites, without its permission.

To fight back, Baidu filed a lawsuit against Qihoo 360 last month, claiming that the company is illegally using and reproducing its content, and asking for 100 million yuan (US$15.9 million) in compensation. In its defense, Qihoo 360 has said it should be given access to Baidu's product pages, equating them to a public resource.

The pact signed by the two companies, however, is limited in scope and power. If a company is found in violation, the Internet Society of China will issue a warning and make a public condemnation in the media.

The agreement is more of a symbolic effort to tone down Baidu's dispute with Qihoo 360, which risked escalating, said Zhao Zhanling, an expert on China's information technology law.

The language in the pact does not side with Baidu or Qihoo 360 in their dispute, Zhao said. It states the Internet firms must observe the robot exclusion protocol, but also aims to ensure that the protocol is used to fairly promote the free flow of information.

"I think the pact is trying to find a balance," Zhao said. "The pact has no power backed by law, it's more about trying to get everyone on the same page."

Both Baidu and Qihoo 360 said they support the self-regulation pact.

"(It) has for the first time highlighted the critical role that the Robots protocol plays in regulating the Internet search industry, and its significance to the healthy development of the search sector," Baidu said in a statement.

Qihoo 360 said in an email, "We believe the agreement is positive for China's search market. The move will create a more open and fair competitive landscape, which will benefit the smaller guys over time."

The two companies declined to comment on the lawsuit.