Previews

27—30 January

Washington, D.C.

The COMNET Conference and Expo will convene at the Washington Convention Center. Presenters will discuss new technologies in security, web services, storage and wireless infrastructure. Selected topics include, "Storage Strategies for Disaster Recovery," "Wi-Fi (IEEE 802.11b) Networks: Now a Viable Solution for the Enterprise," and "Instant Messaging as an Enterprise Application." Contact: +1 508 424 4841; fax, +1 508 620 6690; e-mail, stephen_athan@idg.com; Web, http://www.comnetexpo.com/.

News

16 January 2003

Open-source books
Publisher Prentice Hall announced on 10 January that it plans to introduce a line of computer books with attached CD-ROMS called the "Bruce Perens’ Open Source Series." But in an effort to establish good will and gain readership among open-source programmers, the series will be published under the Open Publication License (OPL). Created in 1999 by Utah State University professor David Wiley, OPL allows people to copy, modify, and redistribute works. "If you want to take one of these books, put it on a photocopy machine and make copies, that’s cool, said Perens, a leading open-source software advocate, at a press conference.

If that wasn’t enough of a concession to the open-source philosophy, electronic versions of the books will be made available online for free shortly after the paper versions hit bookstore shelves. The delay, says Prentice Hall, is to prevent competitors from simply copying the material and rushing it into print at a lower price than the $50 it is charging for each of the books.

The online versions of the books, with titles such as "The Linux Development Platform" and "Embedded Software Development with eCos" [eCos is an open-source operating system for handheld wireless devices], are meant to be just as collaborative as work on the code for the GNU Linux operating system. They can be updated to include readers’ contributions and the authors’ responses.

Perens says the books are intended to encourage wider use of open-source software by documenting its advantages over proprietary software and supplying improved written instructions for programmers. Said Perens, "We’ve been saying we’ve got great software, but we don’t actually have very good documentation." That is, until now.

Single-Nanowire lasers
In applications ranging from microscopic surgery to lab-on-a-chip and more densely packed data storage, nanoscale lasers are in demand. Until now, lasers made from semiconducting nanowires have been unable to stand on their own, requiring, as they did, light from other lasers to run. But in the 16 January issue of Nature, a team of chemists and engineers from Harvard University (Cambridge, Mass.) announced the development of the first standalone electrically driven nanowire laser.

"This is technically very important because if you want to use [nanowire lasers], they have to be electronically driven," Peidong Yang, an assistant professor of chemistry at the University of California, Berkeley, told IEEE Spectrum. The real difficulties in building an electrically driven laser, Yang explains, have been in creating a contact and generating enough current. To achieve this, the Harvard group layered an n-type cadmium sulfide nanowire on a p-type silicon electrode to form an injection device. The resulting laser emits red and green light. Yang’s lab first proved that nanowires could be used as laser cavities and is working on the further development of electrically driven nanowire lasers.

The Harvard team used cadmium sulfide nanowires between 80-200 nanometers in diameter; their ends act as reflecting mirrors to form a natural laser cavity. Now researchers are working to build blue nanowire lasers out of wider bandgap materials like gallium nitride. The challenges they face are similar to those faced in the development of larger-scale blue lasers, such as finding the right materials and creating a design and generating the current necessary to produce a high-energy laser, says Yang.

Companies bridging digital divide charge high toll
On 9 January, the Center for Public Integrity (Washington, D.C.) released a report saying the $2.25 billion E-Rate program, aimed at closing the so-called digital divide by paying to connect thousands of schools and libraries to the Internet, is "honeycombed with fraud and financial shenanigans." The report is based on investigations by the U.S. Federal Communications Commission (FCC), which oversees the e-rate program.

The problem, says the report, is that the Universal Service Administrative Company (USAC), a nonprofit that runs the program for the FCC as part of its responsibility to ensure that every state and territory in the United States has access to affordable telecommunications services, has been unable to keep unscrupulous contractors from defrauding the program by charging inflated fees for services and equipment. Bob Williams, author of the report, said in a press conference, "It got so big and nobody was watching it all that well."

The report’s introduction follows the handing down of he first indictments of people attempting to exploit the program. In December, federal prosecutors charged Connect2 Internet Networks Inc. (Staten Island, N.Y.) and three of its employees with lying to USAC, telling it that schools in the poorest districts had paid 10 percent of the installation and service costs for Internet links when in fact the hardware was installed and the service turned on for free. This, however, was not largesse on the part of the company. Because the Internet installation costs were not tied to the schools’ budgets for Internet equipment purchases, the contractor convinced school officials to let them install the most expensive equipment and charge a premium for the monthly service. All of the costs–more than $9 million between 1998 and 2001–were, in fact, billed to the E-Rate program.

A report released by the FCC’s inspector general characterized the program as "subject to unacceptably high risk of malfeasance through noncompliance and program weakness" and called for tighter regulation and a bigger budget for auditing. One example of the difficulty E-Rate program administrators have had in assessing the problem is that the auditor in a review of 22 schools was Arthur Andersen, the accounting firm that collapsed last year in the swirl of controversy surrounding the Enron scandal. Before its demise, the accounting firm had identified several million dollars in inappropriate payments and unsubstantiated costs. Currently there are only two auditors responsible for monitoring the program. The FCC is investigating 26 separate cases of E-Rate abuse.

E-Rate, created by the 1996 Telecommunications Act, is paid for by "universal service fees" tacked onto consumer telephone bills.

There’s a hole in your browser
On 13 January, the Open Web Application Security Project (Owasp, Washington, D.C.), a volunteer open-source community project created to highlight lax security for online applications, unveiled a list containing what it sees as the 10 most critical Web application security problems. The authors of the report listing the security lapses said the flaws, which are quite common and well understood, allow unsophisticated attackers using readily available tools to exploit them. Building tougher security measures into Web application code is important, said the report, because http requests can harbor malicious code, giving it a free, unencumbered ride through port 80, which is not guarded by normal network security measures such as firewalls, filters, and platform hardening. Jeffrey Williams, chief executive of Aspect Security, a Web application security firm, said, "A stunning number of organizations spend big bucks securing the network and somehow forget about the applications."

The vulnerabilities include invalidated parameters, which let information be used by an application before it is validated; broken access control, where restrictions on what users can do are not properly delineated or enforced; and broken account and session management, where account information and data linking a specific user with a given login session are not properly protected. These and the seven other types of security loopholes allow attackers to access other users’ accounts, view private data, attack other machines, spoof content that fools the user (possibly inducing them to provide personal data), or take over an automated process.

The complete report is available at Owasp’s Web site: http://www.owasp.org/.

Nanotubes get a charge out of liquids
In a possible advance for the lab on a chip, scientists in India have built tiny nanotube sensors that can measure the flow of many types of liquid. The sensors are made out of bundles of carbon nanotubes, each slightly bigger than a nanometer in diameter. When placed in moving liquid, the bundles generate an electric current. The amount of current depends on the type of liquid and how fast it is flowing. Hydrochloric acid, for example, generates a voltage five times greater than that generated by water.

"The sensor can detect very very small velocities," Ajay Sood, a professor of physics at the Indian Institute of Science and a member of the research team, told IEEE Spectrum. He predicts that the sensor will be of importance to control electronics.

Since the sensors don’t incorporate any moving parts, scientists are also eyeing them as the basis for generators that will turn the kinetic energy of flowing liquid into electrical energy. "This energy conversion devise will have enormous applications in the biomedical field," says Sood.

The group published their research in the 16 January issue of Sciencexpress.