Dell puts RNA Networks assets to use in new product

Dell has released a new software product designed to make solid-state-drive caching on servers more efficient, resulting in improved performance of applications such as databases.

The company's Fluid Cache 1.0 technology is the first product to be released with the technology acquired from memory virtualization company RNA Networks in June 2011. Dell was expected to implement RNA technology when it introduced its 12G servers last year, but no announcement came.

Dell has since moved slowly with RNA, taking more than a year-and-a-half to incorporate its technologies into servers. More products based on RNA will come in the future, a Dell spokeswoman said.

The Fluid Cache 1.0 software technology sits between the Express Flash solid-state drives attached directly to the PowerEdge 12G servers. The software essentially is an application accelerator that creates a high-speed caching pool to facilitate quicker reading and writing of data from SSDs.

The software layer replicates data in cache, which improves response time without compromising the data. Dell in a blog entry claimed that the software can boost database response times by up to 95 percent, and allows for the addition of more concurrent users accessing the database.

Caching technology has been prevalent in the form of read-only cache, said Kishore Gagrani, senior product manager at Dell, in a video explaining the technology that was posted on YouTube .

"Fluid Cache... can also rewrite cache. With the write caching comes data protection. We make sure data in the cache is protected," Gagrani said.

The software can scale caching performance as more Express Flash SSDs are attached to multiple servers. Fluid Cache 1.0 works only with Linux servers for now, but the company plans to add support for more operating systems such as Windows, Gagrani said. The technology will also be expanded to network-attached storage products, and will also be optimized for Compellent, which virtualizes storage.

Customers do not need to learn any new management tools, and applications do not need to be rewritten to work with Fluid Cache, Gagrani said.

Pricing and availability information for Fluid Cache wasn't immediately provided by Dell.

Agam Shah covers PCs, tablets, servers, chips and semiconductors for IDG News Service. Follow Agam on Twitter at @agamsh. Agam's e-mail address is agam_shah@idg.com

IDC: Windows 8 a factor in lower 2012 PC sales

The final numbers are in showing that PC makers shipped fewer machines last year than in 2011, andWindows 8 is among several factors being blamed by IDC for the decline, which is expected to continue this year.

Looking back IDC found that in 2012 total worldwide shipments of PCs was down 3.7%, including desktop and portable PCs.

[ IN PHOTOS: Microsoft's Steve Ballmer said what?

TEST YOURSELF: The Windows 8 quiz

NAVIGATE: 12 essential Windows 8 keyboard shortcuts ]

The trend was worse in mature markets -- the U.S., Canada, Western Europe and Japan -- with a dip of 4%. Emerging markets -- Asia/Pacific, Latin America the Middle East and Africa -- were down 1.4%.

Limited interest in Windows 8 led last year to a dismal fourth quarter, IDC says in its latest Worldwide Quarterly PC Tracker. Volume dropped 8.3% in Q4 2012 compared to Q4 2011, wiping out a potential bump during the normally robust holiday sales quarter, IDC says. That's the largest drop ever recorded for a holiday season.

IDC described the reception of Windows 8, which launched in October, as "underwhelming." Also contributing to the slow fourth quarter were tight IT budgets and a continuing poor world economy.

Hurting the potential lift that Windows 8 might have provided was the lack of components for touchscreen devices -- the type of machine Windows 8 was designed to work best on. That makes the touchscreen devices that are available seem expensive compared to non-touch devices, IDC says.

Still, Windows 8 could help PC sales rebound somewhat late this year, says Rajani Singh, a research analyst at IDC. "IDC expects the second half of 2013 to regain some marginal momentum partly as a rubber band effect from 2012, and largely thanks to the outcome of industry restructuring, better channel involvement, and potentially greater acceptance of Windows 8," he says. But it still won't be enough to register growth; IDC projects worldwide PC sales in 2013 to drop another 1.3%.

The end of support for Windows XP should force more PC upgrades later this year as well, which could help bolster shipments later in 2013, Singh says.

The study doesn't include tablets because they aren't the functional equivalents of PCs, but their popularity among consumers helps siphon off dollars that otherwise might be spent on PCs, says Loren Loverde, vice president for Worldwide PC Trackers at IDC. "Growth in emerging regions has slowed considerably, and we continue to see constrained PC demand as buyers favor other devices for their mobility and convenience features," Loverde says.

Long-term shipments of PCs shows better but still modest growth, the report says, projecting a 9% increase between 2012 and the end of 2017.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Read more about software in Network World's Software section.

Evernote hack shows that passwords aren't good enough

Evernote revealed over the weekend that it was the victim of a data breach, emailing users and posting a notice on its Web site that attackers had gained access to usernames, email addresses, and encrypted passwords associated with Evernote accounts. As a precaution, Evernote forced all 50 million users to reset their passwords. That's a good step, but it's not really not good enough--so Evernote is accelerating its plan to roll out two-factor authentication.

Evernote wasn't originally designed as a business service, at least until the December release ofEvernote for Business. Evernote is primarily a note-taking and organizational tool similar to Microsoft's OneNote. Evernote provides a range of services--including Evernote Food, Evernote Peek, Skitch, Penultimate and more--as Web-based tools or apps across a range of operating systems and mobile platforms. Its capability to access and sync data across a broad range of devices makes it appealing as a business tool.

By its nature, Evernote is a prime example of a service where you stash both personal and professional data. Like any cloud-based service, it comes with some inherent risk. Any time you place business data in the cloud--particularly sensitive information such as customer names or addresses, banking or financial details, or proprietary company research--you are trusting the vendor to protect it. The big caveat, though, is that you are still ultimately responsible for what happens to your data.

One password to rule them all?

Evernote claims that the password data captured by the attackers was encrypted, but it still made all users select new passwords, just in case. As respected security authority Brian Krebs notes in his blog post on the Evernote breach, the standard hashing and salting algorithms used by vendors to encrypt password data offers trivial protection that can be cracked with relative ease.

One solution would be to use stronger passwords or passphrases, and to ensure that you don't use the same password for more than one service. When you do, a data breach at one vendor can expose your password, which could then allow the attacker to access all of your accounts instead of limiting the damage to the one that was breached.

Of course, remembering tens or hundreds of passwords is a bit of a Herculean task--especially if you're using strong, complex passwords. My PCWorld peer John Mello suggests a few options for simplifying password management, such as OneID, KeePass, and RoboForm.

The real lesson of the Evernote hack, though, is that passwords don't offer very good protection for your data. Unique passwords that are complex offer better protection than using your dog's name or no password at all, but ultimately all passwords can be cracked or guessed, given enough time and effort.

Moving to multi-factor authentication

With that in mind, Evernote is joining Facebook, Dropbox, Microsoft SkyDrive, PayPal, Gmail, and a growing list of online service providers by adopting two-factor authentication.

Multi-factor authentication provides an extra layer of protection to safeguard your data. Phone-based authentication, for instance, can dramatically boost security. You've probably encountered a prompt for phone-based authentication when you try to log on to a bank's website from a device you don't normally use.

With phone-based authentication, a random or one-time code is sent to a mobile phone, and must be entered in addition to the standard username and password. Some solutions use a mobile app to generate a one-time PIN. Either way, in order for an attacker to access the account they'd have to both crack your password and be in possession of your mobile phone.

There are many other options aside from phone-based authentication, such as access tokens, smartcards and email verification. The exact method varies widely. No matter the implementation, two-factor authentication provides an extra layer of protection, and Evernote should be commended for offering it.

Java security woes to stay with businesses for a long time

Zero-day vulnerabilities, delays in receiving patches and continuous cyberattacks are enough to make any large company want to toss the buggy Java plug-in from browsers. But that seemingly simple solution is not possible for the majority of businesses, which still use the platform for running Web-based Java applications, experts say.

Businesses were reminded of Java's problems on Monday, when Oracle released an emergency patch to fix two flaws in Java 7 and Java 6, including one hole that security experts warned last week was already being exploited by cybercriminals. Oracle acknowledged knowing about the more serious flaw since Feb. 1, but was unable to get a patch out sooner.

On the same day, a Polish security firm notified Oracle of five more vulnerabilities in the latest version of Java. Those flaws would be difficult to exploit, since they would have to be linked together to bypass Java's anti-exploit sandbox technology.

Nevertheless, Java has become a key target for criminals and a major headache for corporations. The fact that the technology is cross-platform has made matters worse, because malware can be written to infect Windows, Mac or Linux desktops and notebooks.

"Java has certainly moved to the forefront for many enterprises as far as patching and vulnerabilities are concerned," Wolfgang Kandek, chief technology officer for Qualys, said on Tuesday.

The reason businesses cannot remove the distressing Java from browsers is because many organizations run Web-based internal business applications that require the technology.

[Also see: Oracle speeds up Java patching cycle]

"Disabling Java in browsers would break access to these applications," said Chenxi Wang, an analyst for Forrester Research. "For that reason, not many have gotten rid of Java in their environment, despite the fact that Java has been the target of mass market malware exploits for years."

In addition, the technology IT administrators use for enforcing corporate policies does not include disabling or enabling Java for specific people in an organization. "This lack of enterprise controls is causing major heartburn for IT teams," said Andrew Storms, director of security operations for nCircle.

Besides not having an easy off-switch, some organizations are just plain slow at upgrading Java plug-ins. "Some have only just added it to their patching regimes,"said Glenn Chisholm, chief security officer of Cylance.

Many companies are starting to tackle the Java problem. Some are looking at application virtualization to provide Java in a browser for a single session, which is then destroyed and recreated when needed again, Chisholm said.

Security vendors are also providing help. Kandek recommends setting up whitelisting within Internet Explorer, so only pre-approved applications can run. Dan Guido, a consultant with iSec Partners, hasposted an hour-long YouTube video that shows how to automatically switch between Chrome for browsing the public Internet and IE for accessing internal applications.

Such creativity is the direction organizations will need to go to avoid a Java-caused security breach. "Java is proving to be the gift that keeps on giving for attackers," Storms said.

Read more about application security in CSOonline's Application Security section.

Google's latest Android browser promises faster surfing

Faster Web browsing and lower data use might be on the cards for Android mobile phone users if they download a new version of the Chrome Web browser offered by Google.

The latest Chrome Beta for Android, which was made available on Tuesday, includes an "experimental data compression feature" that Google said could reduce data loads by up to 60 percent on some sites.

The system works by sending most Web requests through a proxy server, which sits in between the user's browser and the destination Web server. The server is running SPDY, a Google-developed protocol designed to reduce the data size of Web content.

It does this through tricks such as compressing the text in pages, sending multiple simultaneous requests to a Web server and by transcoding images into a more efficient format called WebP.

WebP is a Google-developed image format that is said to reduce image size by 26 percent against PNG (Portable Network Graphics) images and by between 25 percent and 34 percent against the JPEG format. Support for the format is already in Chrome, Opera and Android from version 4.0 "Ice Cream Sandwich," and can be added to Internet Explorer with the Chrome Frame plug-in.

The system works on all non-secure connections to websites using the HTTP protocol. Connections to secure sites using the HTTPS protocol are handled as normal and don't flow through the SPDY proxy. As an added advantage, non-secure connections are encrypted using SSL between the phone and proxy. Google's Safe Browsing feature is also enabled, which helps guard against malware and phishing attacks.

Users can find the beta version of the Chrome browser by following this link. It won't appear through a search of the Play Store.

Once installed, the system needs to be enabled. That can be done by navigating the browser to "chrome://flags" and setting "Experimental Data Compression Proxy" to on.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address ismartyn_williams@idg.com

Facebook updates developer policy after Vine scuffle

Facebook has updated its policies for third-party application developers in a bid to explain why Twitter's new Vine video-sharing app is unable to access Facebook's friend-finder tool.

While the updated policies don't mention Vine by name, the biggest changes appear designed to explain why Facebook decided to block the app, a move that sparked a wave of criticism this week.

In a blog post Friday, Facebook's Justin Osofsky, director of platform partnerships and operations, said the "clarifications" were published after the site received questions about its policies over the past few days.

"For the vast majority of developers building social apps and games, keep doing what you're doing," he wrote. But a "much smaller number of apps" violate its policy by using Facebook to "replicate our functionality or bootstrap their growth in a way that creates little value for people on Facebook, such as not providing users an easy way to share back to Facebook."

Vine, which is owned by Twitter and launched Thursday, includes a tool that allows users to search for their Facebook friends and add them to their Vine network. Vine also lets users automatically share the videos they create with the app with their Facebook friends -- a function that remains intact -- as well as with their Twitter and internal Vine connections.

Controversy broke out when users discovered later on Thursday that the Facebook friend-search tool had been disabled. Facebook has yet to say whether it intentionally blocked the feature, but the clarified policies it published Friday explain where the site stands on matters related to competitors using its social graph.

One of the amended sections reads: "You may not use Facebook Platform to promote, or to export user data to, a product or service that replicates a core Facebook product or service without our permission." The policies don't say what, exactly, constitutes a "core" Facebook product.

The new policies retain similar language about permissions, but give additional guidance about data-sharing with third-party apps. On the topic of reciprocity, for instance, the policies say developers can build their own social network via Facebook's API (application programming interface), but only if the app allows users to share their experiences back with Facebook users. Vine does offer this functionality.

Asked whether Facebook blocked the search tool or if there was a technical issue on Twitter's end, Twitter has said it has no comment beyond the error message users get when they try to perform the search.

The new guidelines also say that if Facebook disables an app, the developer of the app must delete all the user information it collected through Facebook's API, unless it is basic account information or it receives consent from the user to retain it.

Finally, the policies clarify that developers are responsible for "providing users with a quality experience and must not confuse, defraud, mislead, spam or surprise users."

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

BitTorrent invites testers to help fine tune its new Sync file-sharing program

BitTorrent will crowd source ideas from its 170 million users for its new Sync program for file sharing across multiple computers.

Of course, the company is best known for its slightly less legal uses: Many a pirated movie has been passed around over the peer-to-peer file-sharing client. But BitTorrent opened its virtual doors to the public Thursday, with an invitation to crowdsource innovative products that build on BitTorrent's technology. Sync is the first effort.

BitTorrent Sync is in such early stages of development that the company considers it a pre-alpha product. But for early adopters wanting to get in on the ground floor, the invitation-only programlets you sync files across multiple machines, similar to Dropbox and cloud-storage services offered by Amazon, Microsoft, and Google.

It's unclear exactly how Sync is (or will be) different from its competitors but, so far, BitTorrent is targeting home users "to help manage personal files between multiple computers," the company said in a blog post. So if you want copies of home movies on both your laptop and desktop, Sync may be where it's at. (Note: peer-to-peer backup has been in discussion since at least 2009.)

Background

The new file-sharing program follows on the heels of Mega, another major file-sharing product released this month. Mega, the brainchild of MegaUpload founder Kim Dotcom, encrypts your files before you upload them to the company's servers and offers 50GB of free storage.

Dotcom has been the target of a federal piracy investigation, which makes the future success of Mega a somewhat dicey prospect. But BitTorrent, whose users have also been targeted in piracy investigations, is trying to move away from the unsavory side of file sharing. The company last year launched a revenue-sharing program to compensate musicians with advertising dollars.

Sync is part of BitTorrent Labs, which the company calls its "test kitchen" and a "not-so-secret fort," which is where it opened up its alpha projects to developers, testers, and the general public.

Other concepts available to experiment with in the Lab are BitTorrent Live, a beta streaming client; Surf, a torrent discovery extension for the Chrome browser; and Beam It Over, a Facebook file-sharing plug-in.

BitTorrent and its client uTorrent have about 170 million active users to draw upon for crowdsourcing ideas and solutions, which could make the public release of Sync a better product than other cloud-storage services.

IBM to beef up content management, analytics in Connections enterprise social product

IBM will launch before mid-year several new and improved collaboration and communication products, including a new suite for human resources tasks and a major upgrade of its Connections enterprise social networking product.

The company, which will unveil the products at its Connect 2013 conference in Orlando on Monday, will also announce improvements to its enterprise social suite for marketers.

The upgrade to its IBM Connections enterprise social networking platform will feature new analytics features so that administrators can monitor usage, such as collaboration trends among employees and engagement with customers in social media services like Twitter and Facebook.

IBM Connections 4.5, which will be available in March, will also feature new document and content management capabilities, as well as an "ideation" tool to manage brainstorming processes. This new version will also feature deeper integration with Microsoft Outlook, so that users can access IBM Connections features within their Outlook interface.

"This 4.5 version is a momentum announcement," said Rob Koplowitz, a Forrester Research analyst. "IBM continues to grow, add functionality to and improve Connections."

The content management functionality makes Connections a stronger competitor to Microsoft's SharePoint, which in turn is encroaching further into the Connections territory with its upcoming integration with the Yammer enterprise social networking software.

The suites for human resources and marketing departments are designed to give employees collaboration tools like microblogging, IM, video conferencing, activity streams, employee profiles, document sharing, content rating, wikis and discussion forums.

The new IBM Employee Experience Suite will include existing IBM enterprise social and communication software along with human resources management applications from Kenexa, a company IBM acquired in December for $1.3 billion. This new suite will be available in this year's first half.

Meanwhile, the existing IBM Customer Experience Suite, designed for marketing departments, will gain a new capability to let marketers push content, like ads and promotions, to social networks "with one simple click" and without requiring IT involvement.

IBM also plans to ship in March an upgrade of its Notes-Domino email and collaboration software, called IBM Notes and Domino Social Edition 9.

"We have an enterprise social business platform that is for social networking, content management, analytics, and can be leveraged across all business departments," said Jeff Schick, vice president of social software at IBM.

Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at@JuanCPerezIDG.

Google faces legal action in the UK over Safari cookies

A group of Internet users in the U.K. are seeking damages, disclosure and an apology from Google for its alleged undermining of the security settings on Apple's Safari browser to track online usage covertly.

Members of the group, described as informal, have instructed a technology and media law firm, Olswang, to begin action against Google, the group said.

The claims center around tracking cookies, which were allegedly installed in secret by Google on computers and mobile devices of users of the Safari browser, Olswang said in a statement on Sunday. The legal firm has been retained by the group to coordinate claims.

The U.S. Federal Trade Commission said in August last year that Google agreed to pay US$22.5 million civil penalty to settle charges that it misrepresented to users of Safari that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.

FTC charged that Google placed advertising tracking cookies on consumers' computers, in many cases by circumventing Safari's default cookie-blocking setting. A court accepted the consent decree. Google however denied wrongdoing.

The group has also set up a Facebook page, called "Safari Users Against Google's Secret Tracking", to provide information for anyone who used the Safari internet browser between September 2011 and February 2012, and "who was illegally tracked by Google."

Any users in the U.K. may have a claim against Google for this breach of their privacy, according to the group. Other users, who have set up this group, are taking action against Google to hold them to account, it added.

This has the potential of being the biggest ever group action filed in the U.K., with millions of potential claimants, privacy advocate Alexander Hanff said in a Twitter message.

Google did not immediately comment.

New bug makes moot Java's latest anti-exploit defenses, claims researcher

Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.

The news came in the aftermath of several embarrassing "zero-day" vulnerabilities, and a recent commitment by the head of Java security that his team would fix bugs in the software.

The Java security provisions that can be circumvented were introduced last December with Java 7 Update 10, and let users decide which Java applets are allowed to run within their browsers. The most stringent of the four settings is supposed to block any applet not signed with a valid digital certificate. Other settings freely allow most unsigned applets, execute unsigned applets only if Java itself is up to date, or display a warning before unsigned applets are allowed to run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker.

"What we found ... is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings," Gowdiak wrote in a message posted Sunday to the Bugtraq mailing list.

In an email reply to questions Sunday, Gowdiak said there was a single vulnerability that makes the bypass possible. "It could be used to successfully launch unsigned Java code on a target system regardless of the security level set by the user in Java Control Panel. [The] 'High' or 'Very High' security [setting] does not matter here, the code will still run," he said.

After discovering the vulnerability and creating a proof-of-concept exploit that worked on Java 7 Update 11 -- the version released two weeks ago -- running on Windows 7, Gowdiak reported the bug to Oracle.

His discovery makes moot -- in theory at least -- Oracle's latest security change. When it shipped an emergency update on Jan. 13 to quash two critical Java browser plug-in vulnerabilities, including one that was actively being exploited by cyber criminals, Oracle also automatically reset Java to the "High" security level. At that setting, Java notifies users before they can run unsigned applets.

Although there's no evidence of hackers exploiting the newest vulnerability, Gowdiak hinted that it wouldn't be difficult for them to do so. "It should be considered in terms of a big miss by Oracle," Gowdiak said. "We were truly surprised to find out how trivial it is to bypass these new security settings."

Hackers have stepped up their attacks against Java and its browser plug-in, with some security firms estimating that they account for more than half of all attempted exploits. Most often, Java exploits are used to conduct "drive-by" attacks, or ones that install malware on PCs and Macs after their owners simply browse to compromised or malicious websites.

Gowdiak published his claim just days after Oracle released a recording of a conference call between Milton Smith, the senior principal product manager who oversees Java security, and Java user group leaders, to discuss the recent vulnerabilities and steps Oracle was taking.

During the call, Smith touted the security enhancements to Java 7, including the introduction of the settings in Update 10, and the change of the default from "Medium" to "High" in Update 11. "[They] effectively make it so that unsigned applets won't run without a warning," Smith said of the security settings. "Some of the things we were seeing were silent exploits, where people would click on a link in an email and unwittingly compromise a machine. But now those features really prevent that. Even if Java did have an exploit, it would be very hard to do it silently."

According to Gowdiak, that's exactly what the newest vulnerability could let attackers do. "Recently made security improvements to Java 7 don't prevent silent exploits at all," Gowdiak wrote on Bugtraq.

When asked how users who must run Java in their browser should protect themselves against possible exploits, Gowdiak repeated his earlier suggestion that people turn to a browser with "click-to-play," a feature that forces users to explicitly authorize a plug-in's execution. Both Chrome and Firefox include click-to-play.

"That may help prevent automatic and silent exploitation of known and not-yet-addressed Java plug-in vulnerabilities," Gowdiak said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

How wireless charging can drive near-field communications growth

At CES 2013, the Wireless Power Consortium displayed dozens of devices that were designed to the Qi wireless charging standard, suggesting that 2013 may be the year wireless charging becomes a feature consumers expect to come standard in new smartphones.

Nokia and HTC already offer smartphones with Qi technology integrated directly, such as the Lumia 920 and Droid DNA. For more popular smartphones that were not developed with Qi compatibility, including Apple's iPhone 5 and Samsung's Galaxy S3, third-party manufacturers have developed smartphone cases with integrated Qi technology. The cases themselves plug into the phone's power dock and relay a charge received when the encased phone is placed on a wireless power source.

Further facilitating the rise of wireless charging is the Qi standard's compatibility. Although manufacturers can build wirelessly charging devices on their own, the standard dictates that all Qi-enabled devices are compatible with all Qi-enabled power sources. That means a wireless charging pad developed by Nokia could charge a smartphone built by HTC, and so on. Best of all, it means smartphone users will never again need to scramble for a power cord that fits into the custom-designed power dock on their phones.

[ALSO AT CES: 10 wireless charging technologies on display at CES 2013

MORE ON NFC: What IT needs to know about near-field communications]

But what does the impending rise of wirelessly charging smartphones have to do with the growth of near-field communications (NFC) technology?

At CES, the WPC booth also displayed several new components designed to facilitate the integration of the Qi wireless charging technology. One component on display, developed by TDK, integrated both Qi wireless technology and NFC into a single chip.

As these components become smaller, cheaper, and easier to integrate into devices, Bas Fransen, chief marketing officer at ConvenientPower, says manufacturers will ship more smartphones featuring both wireless charging and NFC.

Read more about anti-malware in Network World's Anti-malware section.

Microsoft waived hearing in EU browser ballot antitrust caseMicrosoft waived its right to a hearing before European antitrust regulators to further answer charges that it failed to offer customers a browser choice screen, according to documents filed with the U.S. Securities and Exchange Commission (SEC).

Microsoft waived its right to a hearing before European antitrust regulators to further answer charges that it failed to offer customers a browser choice screen, according to documents filed with the U.S. Securities and Exchange Commission (SEC).

The company faces fines in the billions for the blunder.

In a Jan. 24 filing with the SEC, Microsoft noted the ongoing investigation by the European Commission, the EU's antitrust arm, and gave a short status update of the case.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

iPhone 6 rumor rollup for the week ending Jan. 25

The combination of intense cold gripping much of the U.S. and feverish iPhone speculation is creating extreme rumoring conditions, threatening to drive the iOSphere into epistemological collapse.

Apple is planning to announce one, two, three (or more?) iPhones, none of which may be "iPhone 6" unless they are, with screen sizes between 4 and 6 inches, and an equally wide, or weird, range of prices, sometime between now and the end of 2014.

You read it here second.

__________

__________

iPhone 6 will be one of two (2!!) iPhones released in 2013

Loquacious "industry sources" tell DigiTimes that Apple will release two 4-inch iPhones in 2013, both with in-cell display technology (introduced in iPhone 5, helping to create a thinner and lighter phone).

[ MORE RUMORS: iPad5 rumor rollup for the week of Jan. 21 ]

This is an improved rumor, because "Previously it was said that Apple would release a lower-cost version of its iPhone with a bigger screen in 2013. But the sources claimed that Apple is indeed developing an iPhone with a bigger [apparently meaning 'bigger than 4 inches'] screen, but that will not be among the models to be launched this year."

One of the two will be aimed at the "midrange market segment" otherwise known as the cost-conscious or economical or frugal or stingy segment.

Bliss is two new iPhone models. But. There may not be many of them around because "the sources noted it is still yet to be determined if Apple will have adequate supply of in-cell touch panels in 2013 for a lower-cost version of the iPhone due to mass production issues from the technology in 2012."

At this past week's earning call, Apple CEO Tim Cook acknowledged that supplies of the iPhone 5 fell short of demand until very recently, but he didn't say why. The iOSphere Consensus Rumor, copy/pasted by DigiTimes, is that the reason was "poor yields for in-cell technology."

So Apple might announce two iPhones and release them. But you won't be able to actually buy one.

iPhone 6 will be one of three (3!!!) new iPhones released in 2014

Business Insider's Jay Yarrow industriously tracked this rumor from its source, Commercial Times, Taiwan, to its proliferation in the iOSphere, such as AppleInsider. 

"So, yeah," Yarrow wrote. "Treat this one lightly for now. Though, a lot of accurate information has come from Asian supply chain sources in the last few years." We think we'll treat THAT assertion lightly. Because a lot more inaccurate information has come from the Asian supply chain sources in the last few years.

But let's not quibble.

"According to the reports, Apple will release a 4-inch iPhone 5S and a 4.8-inch iPhone before the end of June," Yarrow reveals. "The report calls the 4.8-inch phone, the 'iPhone Math,' which is, um, odd."

So take that lightly, too, we guess. Repeatedly calling a rumor a "report" lends baseless speculation an air of authority.

AppleInsider also picked up on these rumors. First it dutifully cautioned readers that "It should be noted that AppleInsider cannot vouch for the veracity of the sources' claims and offers the following information for purposes of discussion only." And then it repeated every scrap of veracity-challenged "information" it could glean: "at least" a 4.8-inch screen, 8 megapixel camera with lenses from Largan Precision, and component shipments starting in March for production lines swinging into action in April.

But there's something interesting about this report, something apparently only Yarrow perceived.

"What's interesting about this report is that it comes one week after The Wall Street Journal and the Nikkei reported Apple was cutting iPhone screen orders," he points out.

Think about that. One week. Just one.

"When those reports rolled out Apple's stock was hit hard," he explains. "So were the stocks of Apple's suppliers. ... We could be over thinking it, but it sure sounds like suppliers started leaking Apple's plans to let the market know that they are not totally hosed."

Thank heavens for the iOSphere and its dedications to rumors. How else would the stock market know what's happening?

"Whether that makes this report more or less trustworthy is up to you," Yarrow concludes, not very helpfully. "However, this is not the first time we've heard about Apple reportedly developing a much larger iPhone. So, we wouldn't just cast the report aside."

We may be overthinking it, but it sure sounds like Yarrow is saying that you can believe the "report" and that you can't, or like whatever. But it's not the first time we've heard this kind of analysis. So we wouldn't just cast it aside.

iPhone 6 will be one of four (4!!!!) new iPhones to be released in 2013

According to midstream sources in the Asian supply chain, Apple will be releasing four iPhone models in 2013. It should be noted that the Rollup cannot vouch for the veracity of the sources' claims and offers the following information for purposes of discussion only. But if Apple can be rumored to be planning two or three iPhones, it's not much of a stretch to think, "Hey. Heck. Why not four?"

According to the sources, one will be a 4-inch phone, one will be a low-cost 4-inch phone, one will be 4.8-inch phone, a third will be 5.3 inches.

OK: we made that up.

But iMore.com's editor in chief, Rene Ritchie, has an intriguing, lengthy and nearly exhaustive post ("Imagining a 5-inch iPhone," complete with illustrative examples) that speculates in depth on "what steps could they take to get to 5-inches" for the iPhone.

The most likely option, he writes, is increasing the number of pixels by some multiple: by 2, 3 or 4. He even considers a 5-inch model that uses the iPad mini display with a 4:3 aspect ratio, and 4.5 and 4.8 inch models.

But there are a range of tradeoffs. Bigger displays with more pixels will require even more graphics processing power, more light, and more battery to be effective, Ritchie notes. And depending on how the larger screen size is actually implemented, it can make life especially difficult for software developers.

During Apple's Q1 earnings report, Apple CEO Cook was asked if there was a case to be made for a larger screen size or larger variety of screen sizes. His reply suggests that Apple won't be taking that route any time soon. "The iPhone 5 offers a new 4-inch retina display: the most advanced in the industry. ... And it offers a larger screen size without sacrificing the one-handed use that our customers love. We put a lot of thought into screen size and we think we picked the right one."

That statement doesn't preclude a still-larger iPhone, but it does underscore two things Apple takes seriously: the convenience of one-handed phone use and what customers "love."

In his post, Ritchie notes that Apple has addressed one-handed use "in hardware" -- keeping the phone at a physical size that ensures most people can still use it with one hand. But it could be done "in software," he says. That's how RIM -- in its new BlackBerry 10 phones due to be unveiled next week -- is addressing one-handed use: the BlackBerry Flow UI is "using corner gestures to allow for more navigation with less thumb travel."

Finally: speculation worthy of the name.

iPhone 6 or iPhone Something will be released between Jan. 28 and Dec. 31, or in 2014

The blizzard of Next iPhones is creating enough conflicting dates to require a scheduling app (for example, Schedule Planner, from Intersog) to keep track of everything. Even the iOSphere is starting to sound confused.

"So when will the IPhone 6 release date be?" asks TechRadar's Dan Grabham, just before making it clear he has no real idea what the answer is.

"Some analysts and observers are predicting that it could be as early as summer 2013," he writes. "We think it's more likely we'll see a new iPhone release in September."

Then he references "[Technorati] Blogger Ed Valdez [who] cites six reasons why we can expect an iPhone 6 announcement by June 2013 -- a mere nine months after the iPhone 5." So Ed doesn't agree with Dan. "But it's still quite likely there will be an iPhone 5S instead of iPhone 6," Dan adds, making it sound as if even Dan doesn't agree with Dan.

We think Grabham is saying that his belief, conviction, gut feeling, hope, hunch, intuition, and opinion is that it's "quite likely" that the Next iPhone will be the iPhone 5S and it will be announced in September.

Some, actually much, of the confusion depends on how one defines "iPhone 6" and "iPhone 5S." Or even "iPhone Math." DigiTimes this week echoed rumors from "industry sources" that 2013 will see the release of two Next iPhones, only neither of them will be "Phone 6."

SlashGear's Eric Abent sounds almost plaintive commenting on the DigiTimes post. The previous DigiTimes rumor of a 5-inch iPhone "seemed at least relatively easy to believe," he writes, clarifying the iOSphere criteria for rumor credibility. "That rumor came from DigiTimes, but today the site is going back on what it previously said - according to the most recent word from sources, there won't be a 5-inch iPhone in 2013."

Oh, woe. "DigiTimes is now saying that while it's in development, the 5-inch iPhone won't be launching until sometime in 2014," Abent continues. "Apparently, there are some production issues with the new 5-inch panels, meaning that Apple has decided to hold off while those problems get sorted out."

Abent might have sounded even more plaintive if he realized the latest DigiTimes rumor contradictedlast week's rumor, launched by Jefferies Group stock analyst Peter Misek in a Note To Investors, wherein he predicted that the 2013 iPhone will be only a "minor iPhone 5 upgrade," and the 2014 iPhone, the "iPhone 6," will have a screen size of 4.8 inches, not 5 inches.

John Cox covers wireless networking and mobile computing for Network World. Twitter: @johnwcoxnww Email: john_cox@nww.com

Read more about anti-malware in Network World's Anti-malware section.