As we bid 2006 goodbye, I'm wishing we could also wave away at least some of the software patent absurdity that filled the year. From the NTP vs. Research In Motion wars that raged in January to the patent FUD-mongering surrounding Microsoft's and Novell's late-year collaboration agreement-and all of the billable hours in between-2006 was probably a bonanza for intellectual property attorneys. Not coincidentally, it was also a year in which nearly everyone in IT burned way too much time dealing with the effects of the U.S. Patent Offices too-hazy understanding of the word obvious.
Here's hoping 2007 is brighter-the Supreme Court has been hearing arguments in the patent case of KSR International v. Teleflex, which might result in a saner definition of what's too obvious to patent.
New Virus Vectors: Part I
Back when software was delivered via 5.25-inch and 3.5-inch floppy disks, the fulfillment house producing the disks would occasionally introduce a virus.
The software vendor would then unknowingly ship virus-laden disks to thousands of customers. Now, it's MP3 players that are the vector of opportunity for viruses and spyware when vendors outsource production to manufacturing partners.
This scenario originated in the fall of 2005, when Creative Labs shipped 3,700 Zen MP3 players carrying the Wullik-B virus. This year, consumer heavyweights McDonald's and Apple Computer followed suit: As part of a prize promotion, McDonald's Japan distributed self-branded MP3 players with a surprise-the QQpass spyware Trojan. Apple's gaffe involved video iPods that carried the RavMonE.exe virus.
New Virus Vectors: Part II
I called out Google last year after it was forced to put the brakes on its Google Web Accelerator application following a slew of privacy and security concerns.
The search giant didn't learn its lesson.
Google came under fire-and rightfully so-in 2006 after it distributed e-mails containing the Kama Sutra worm to users of the Google Video Blog group. Apparently, three posts were made that contained the W32/Kapser.A@mm mass mailing virus-a worm that began circulating on the Internet in early 2006. More than 50,000 members received e-mail containing the worm from Google.
Luckily, the Kama Sutra worm requires user interaction to do significant damage and is easily removed by anti-virus software. And since the incident, Google has adopted new procedures to prevent a similar incident from happening. The search giant also apologized in a written statement.
I hope Google means it this time because I don't want to write about it in this space again next year.
Out, Damn Spot
Hewlett-Packard's wireless "Memory Spot" data chip, disclosed in July, squeezes a remarkable number of mistakes into a space about the size of a grain of rice. This little device-integrating a capacitor array, modem, loop antenna, microprocessor and memory subsystem into a single component-is a dandy science project, but it demonstrates practices that an enterprise IT architecture should have long since left behind.
The Memory Spot represents the minimal case of the data silo. Every device holds its own distinct collection of data, and the wireless link requires a probe to be within about a millimeter of the integral antenna. You won't be able to take an album of photos and catalog them quickly, and you won't be able to take a drawer of medical files, each with a Memory Spot on its cover, and swiftly identify patterns of drug interaction or post-operative infection.
Enterprises should look at their operations to see how many places data is being captured-creating opportunities for error or loss or inconsistency-and try to shrink that number rather than merely shrinking the hardware.
He Said, CentOS Said
In March, the City of Tuttle, Okla., got its 15 minutes of fame when City Manager Jerry Taylor discovered a mysterious new Web page where the city home page should have been. Thinking a default Apache boilerplate screen was actually a sign of malfeasance, Taylor sprang into action. Armed with some bad information from his hosting provider, Taylor initiated a fiery exchange with folks supporting the open-source CentOS Linux distribution, accusing them of hijacking Tuttle's Web site.
Rather than listening to reasonable explanations from CentOS lead developer Johnny Hughes that CentOS was nothing more than an operating system and that the Web server was misconfigured, Taylor instead boasted of his tech cred and threatened to call the FBI. After much back and forth, Hughes posted the entire e-mail exchange on the CentOS Web site.
Taylor quickly came under fire from open-source aficionados and, in Taylor's words, "freaks out there that don't have anything better to do." Since few things are more entertaining to rubberneckers than a self-righteous individual being very wrong in an (albeit unexpectedly) public forum, Taylor was resolutely lambasted in Web forums as well as via his personal e-mail and voice mail. All's well that ends well, however-Taylor received a raise in June, according to the Tuttle Times.
Cut and Run
In September, Accenture pulled out of a $3.73 billion contract to revamp IT for the United Kingdom's National Health Service. The project, called the National Program for Information Technology, is aimed at modernizing the way the NHS stores and manages medical records, appointments and prescriptions.
Accenture walked away from the $12-billion-over-budget program that has been plagued by outages, flailing confidence and critical delays from supplier iSoft for its Lorenzo software suite. Computer Sciences will be taking over Accenture's contract in January 2007.
Aside from the wasted taxpayer dollars and reshuffled deck of consultants and suppliers, perhaps the most damaging fallout-at least for Accenture-may come from an increasingly skeptical user base. Regaining support of its user base will be a daunting task.
Ripping into RFID
During this holiday season, as you stand in long lines at crowded malls, think about the fact that someone in the crowd could be recording your name, number and expiration date from your new swipeless credit card-all without you taking your card out of your wallet. And as you plan your overeas travel for the new year, think about how planned new passports will make it possible for strangers to remotely read your name and nationality as you walk out of the airport.
All these "benefits" are made possible by the rush in 2006 to include RFID (radio-frequency identification) technology in areas where it has no business. Worse, while RFID makes credit cards and passports less secure, it provides almost no real benefit in return.
Load 26 million personal records on a laptop. Take laptop home. Lose laptop during home robbery. Win an eWeek Labs' Stupid Technology Trick award.
As the result of the May 2006 theft of a Veterans Administration laptop, millions of U.S. veterans were forced to take measures to protect themselves from the possibility of identity theft. The VA sealed its lock on the Stupid Technology Trick award when the events of May were repeated-albeit on a much smaller scale-in August. At that time, 16,000 VA patient records-including Social Security numbers, addresses and insurance carrier information-were lost.
The FBI determined that the thefts were motivated by a desire to steal the laptop and external hard drive, and not the data the devices contained. While that's nice to know, the question remains: Why was the personal data of 26 million-plus people allowed to be carried home by a VA employee?