Jason Yow

Oracle's acquisition of Sun has hit some European roadblocks, but if it goes through customers will have to prepare to negotiate with a new IT behemoth. The European Commission has objected to Oracle's pending acquisition of Sun, saying the combination of Oracle's database products with Sun's open source MySQL violates European competition laws. With Sun on board, Oracle will have the software and hardware it needs to compete against more well-rounded companies such as IBM, and could vault up to the top of the open source industry, according to Gartner. "Believe it or not, Oracle would become the most powerful open source vendor in the market today, bar none," analyst George Weiss told audience members at this week's Gartner Data Center Conference in Las Vegas.

But a compromise could still be worked out allowing the completion of the acquisition. These questions, Weiss says, including the following: • Will Oracle support IBM applications, such as WebSphere, on Sun's Sparc servers?• Will Oracle put most of its efforts into Linux or Solaris?• Will Oracle continue Sun's partnership with Fujitsu to design Sparc processors?• Will Oracle attempt to move existing database customers from IBM and HP servers to Sun's Sparc machines?• How much sales energy will Oracle focus on combating IBM, HP and Dell in the x86 market? The combination of Oracle, a software vendor with a proprietary history, with Sun, a hardware vendor with open source inclinations, raises many questions. In an electronic poll of the Gartner audience, a plurality of 46% took a positive view, saying they expect Oracle to bolster and develop broad new capabilities for Sun's hardware. Weiss offered several pieces of advice to customers as they wait to see what happens with the pending Oracle/Sun acquisition.

The rest believe Oracle's approach to Sun hardware will be either to sell it off to another vendor, reduce and minimize to bare bones capabilities, or barely pay attention to the hardware product lines. That advice includes: • Do not negotiate multimillion dollar, long-term contracts with Sun until the European review of the merger is complete.• Do not make a strategic long-term commitment to large Sparc servers until a long-term contract is signed between Oracle and Fujitsu.• Existing Sun customers should try to lock Sun into long-term maintenance deals, five years or more, before Oracle can change the terms of the deal.• Leverage Sun's poor x86 market share to obtain high server discounts.• After the Oracle/Sun deal closes, force Oracle to document its open source strategy, and how it compares with other proprietary and open source vendors.• Continue to use Sun's application infrastructure middleware for current projects, but postpone new commitments until a deal is done.• Retain Java as an open standard but expect Oracle to institute licensing changes. Key items to negotiate include hardware maintenance, pricing and contract periods, bundling, software support on competitive hardware, and lifetime support for Solaris. Because Sun licensing and pricing could change after an acquisition, customers must be aggressive in negotiations to minimize risks. Oracle likely didn't think winning European approval for an acquisition of Sun would be so difficult, and CEO Larry Ellison has made matters worse by acting somewhat belligerent toward European authorities, Weiss says.

While Oracle has refused to compromise on MySQL, the company also hasn't walked away from the deal. In the meantime, Sun is reportedly losing $100 million a month during the delay and competitors are swooping in. "IBM and HP are all over the Sun accounts and they're attempting to instill fear into you [the customers]," Weiss says. While the acquisition could fall through, Weiss says the most likely scenario is that Oracle will negotiate a compromise with European officials by the deadline in late January. Customers may also question whether they want Oracle playing an influential role guiding the open source community. If it drags out further, "everybody that has Sun systems and products is going to be languishing around that uncertainty," he says. "It's pretty untenable that this would go into a lengthier process, but it could happen." Even the completion of the acquisition likely would not reverse Sun's revenue decline because many customers have already decided to migrate away from Sparc and Solaris, he says.

Assuming Oracle does acquire Sun, the company would obviously place more resources behind some Sun technologies and products than others. Although Oracle has seemed to place more importance on Linux than Solaris, Weiss predicts that the company will be agnostic on the question of which operating system customers use. In a poll, respondents said they want Oracle to demonstrate commitment to Solaris and the independence of Java. Among Sun's hardware, the products with the best chance of long-term survival under Oracle are high-end servers running data warehousing and online transactional processing applications, followed by Sparc Enterprise M-series servers, Weiss says. Sun middleware such as the GlassFish Enterprise Server should have a bright future under Oracle, Weiss says.

Storage products and x86 servers won't be jettisoned, but will not receive the same level of support from Oracle, he predicts. But certain other software products, such as the Java Composite Application Platform Suite, will probably be supported with only minimal enhancement, he says. Follow Jon Brodkin on Twitter.

Indian outsourcer Wipro has designed a gateway that uses GSM (Global System for Mobile Communications) wireless technology to collect data remotely from medical devices such as blood pressure monitors, glucose meters, pedometers, and weighing scales available with patients. The design, which will be customized by Wipro for its clients in the medical devices business, has been designed using Intel's Atom processor. In remote areas in India, GSM coverage is better than that of broadband or fixed-line dial-up connections, said R. Manimaran, general manager of the medical devices unit of the Wipro Technologies business of Wipro.

Using a standard platform like the Atom platform for embedded applications has helped drive down costs, making the technology affordable in emerging markets, Manimaran said. Indian outsourcers are increasingly focused on the development of intellectual property (IP) and reference designs that they expect will give them an edge in delivering product design and IT services to customers. The final price of the product will, however, be decided by the vendors, he added. Another Indian services company, MindTree, said in September that it was acquiring the Indian development subsidiary of Kyocera Wireless to do mobile handset design for Kyocera and other clients. It also supports video and audio conferencing for interactions between the patient and the doctor, and between doctors consulting with each other. The medical gateway designed by Wipro allows the transmission of real-time medical data to application servers, physicians' handheld devices, and hospital systems through GSM, broadband and dial-up connections.

In rural areas, where sometimes individual patients may not have the connectivity, they can come to rural health care centers where the information can be collected and communicated to larger hospitals in the city, Manimaran said. Medical devices can connect to the gateway through both wired technologies and wireless technologies such as Bluetooth to provide real time medical data, video and image transfer from a patient to doctor, and in turn from a doctor to doctor, Manimaran said.

The FCC voted unanimously yesterday to move forward with the debate in an effort to formalize net neutrality guidelines. In the wake of FCC chairman Julius Genachowski's initial announcement of his intent to pursue formal net neutrality rules, a group of GOP lawmakers already initiated a similar attempt. Senator John McCain followed up by introducing a bill that would prohibit the FCC from governing communications.

However, that amendment was retracted almost as quickly as it was filed. Basically, those in power or those who pay more will have better access. McCain's bill, the Internet Freedom Act, seeks to do the opposite of what its name implies by ensuring that broadband and wireless providers can discriminate and throttle certain traffic while giving preferential treatment to other traffic. Apparently we have different definitions of 'freedom'. According to the text of the McCain bill, the FCC "shall not propose, promulgate, or issue any regulations regarding the Internet or IP-enabled services." Isn't that what the FCC does? Oddly, the bill also contains text stating that any regulations in effect on the day before the Internet Freedom Act is officially enacted are grandfathered in and exempt from the provisions of the Internet Freedom Act.

Isn't that sort of like introducing a bill to prohibit the Treasury from printing money, or a bill to prohibit the IRS from collecting taxes? The implication seems to be that if the FCC can formalize net neutrality rules before McCain can get the Internet Freedom Act signed into law, the net neutrality rules would still apply. However, Comcast tried to throttle peer-to-peer networking traffic and only changed policy after the threat of FCC net neutrality rules. Net neutrality opponents claim that the free market can police itself and that any net neutrality restrictions will stifle innovation and competition. AT&T sought to block customers from using VoIP services from its wireless network, but changed policy out of fear of the net neutrality rules. What the FCC voted on yesterday is simply to start the debate.

The trend seems to be that these providers only do the 'right thing' when the net neutrality gun is pointing at their head. Its an open discussion, so what are net neutrality opponents afraid of? If there are valid issues that need to be resolved, then go ahead and bring them to the table. They have 120 days to gather information and collect data and present their case. Don't initiate legislation that seeks to pretend the table doesn't exist.

While Obama was attached surgically to his CrackBerry and his staff leveraged social media from their Macbooks, McCain admitted having little or no knowledge or interest in modern technologies like email or the Internet. During the Presidential election campaign last year the differences between the two candidates was stark. It seems suspicious that the Internet is suddenly a major concern for him. Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. Maybe he just missed seeing his name in the paper.

He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Sun Microsystems will lay off up to 3,000 workers over the next 12 months as Oracle awaits approval from European regulators for its acquisition of the company. In a filing with U.S. regulators Tuesday, Sun said it was making the cuts "in light of the delay in closing the acquisition." It said the move will "better align the company's resources with its strategic business objectives." Sun will take a charge of $75 million to $125 million for the job cuts, mostly for cash severance payments, it said. Sun is losing US$100 million a month while it awaits approval for the deal, Oracle CEO Larry Ellison said last month, so news of the layoffs came as no great surprise. It expects to incur most of the charges in the second and third quarters of its fiscal year, which means the current calendar quarter and the first three months next year.

Tony Sacconaghi, a technology analyst with Sanford C. Bernstein & Co., has said Oracle may cut up to 10,000 jobs once the deal is complete. Job cuts were a likely consequence of the deal in any case. Sun already announced plans last November to axe between 5,000 and 6,000 jobs to improve its financial position. The U.S. Department of Justice approved Oracle's $7.4 billion acquisition of Sun in August, but the European Commission has launched an investigation that could last until January. The cuts announced Tuesday, which amount to about 10 percent of Sun's workforce, are in addition to the earlier reductions, a Sun spokeswoman said. The regulators say they are concerned about the effect that Oracle's ownership of Sun's MySQL database will have on the open-source software market.

A smart people smack-down is set to start next week where thousands of university computer researchers will pit their brains and machines in a grueling battle of logic, strategy, and mental endurance. Layer 8 Extra: 15 genius algorithms that aren't boring During the competition, ten to twelve problems are attempted in a five hour period. The 34th annual IBM-sponsored Association for Computer Machinery (ACM) International Collegiate Contest (ICPC) pits teams of three university students against eight or more complex, real-world problems, with a nerve-wracking five-hour deadline. The problems are of varying difficulty and flavor.

The goal is that every team solve two problems, that every problem is solved, and that no team solve them all, according to ACM. Contests in the past have included problems that searched for a missing boat at sea, triangulated the location of a faulty transmitter, computed golf handicaps, stacked pipe of varying diameters in a fixed width bin, coded or decoded messages, printed braille, sought an exit to a maze, processed satellite images and solved a math problem. ACM says it wants two problems that could be solved in an hour by a first or second year student, two that could be solved in an hour by a third year student, and two that will likely determine the winners. Problems are presented with no more than a page of text, a helpful illustration, a sample input set with and accepted output set, ACM states. And judging is relentlessly strict, IBM says. Teammates collaborate to rank the difficulty of the problems, deduce the requirements, design test beds, and build smart software systems that solve the problems under the intense scrutiny of expert judges.

The students are given a problem statement, not a requirements document. Each incorrect solution submitted is assessed a time penalty. They are given an example of test data, but they do not have access to the judges' test data and acceptance criteria. The team that solves the most problems in the fewest attempts in the least cumulative time is declared the winner. Some problems require a knowledge and understanding of advanced algorithms.

For a well-versed computer science student, some of the problems require precision only. Still others are simply too hard to solve - except for the world's brightest problem-solvers, according to IBM. The Battle of the Brains is the largest and most prestigious computing competition in the world, with more than tens of thousands of students from universities in approximately 90 countries on six continents participating. Previously, the 2009 ACM-ICPC World Finals took place in Stockholm, Sweden, where a team from St. Petersburg University of Information Technology, Mechanics and Optics in Russia emerged as the world champion for the second year in a row. Since IBM began sponsoring the contest in 1997, participation has grown from 1,100 to more than 7,100 teams. Regional bouts will begin in the United States on October 18 and continue through December, sweeping from continent to continent.

Only 100 three-person teams will advance to the World Finals on February 5, 2010 hosted by Harbin Engineering University in Harbin, China. "The ACM-ICPC affords students the opportunity to showcase their talents and gain exposure among top recruiters," said Dr. Bill Poucher, ICPC Executive Director and Baylor University Professor. "The contest is also a forum for advancing technology in an effort to better accommodate the growing needs of the future."

Among Microsoft's trials and tribulations in the mergers and acquisitions space, a Microsoft official on Tuesday evening cited fear of dealing with the company as an obstacle Microsoft has had to overcome. Brown made the comments at a Churchill Club event in Mountain View, Calif., during a panel discussion on mergers and acquisitions that also featured representatives from Cisco, Google, and Accel Partners. [ Microsoft and Yahoo recently agreed to partner in an effort to better compete with Google. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. ] After the event, Brown said he was referring to a time when he started at the company years ago.  In general, people were just scared of Microsoft, he said. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 "[For a while] there was a fear of dealing with Microsoft and we've worked really hard to try to overcome that," said Marc Brown, managing director of corporate development at Microsoft. This fear existed with both the entrepreneurial and venture capital communities, said Brown. The three technology companies represented on the panel have made waves over the years with their acquisitions.  Cisco is known for numerous purchases, ranging from Scientific Atlanta to Grand Junction Networks; Microsoft has acquired companies such as Great Plains Software and attempted to buy Yahoo, while Google bought YouTube and others.

Panelists discussed their companies' mergers and acquisitions strategies. "The M&A and acquisitions strategy's pretty straightforward," Brown said. "We are a technology buyer. Panel moderator Steve Smith, senior managing partner with Arma Partners, noted Microsoft actually began with an acquisition. "[Founder Bill] Gates bought PC DOS for something under $100,000 and turned it into a thing called Windows and a company called Microsoft," Smith said. Most of our acquisitions are of earlier-stage companies."  Microsoft then leverages sales and distribution channels and processes to bring acquired technologies to the widest audience possible, he said. "What I would say is M&A  is not really the strategy. We start with the idea of what should be our growth strategy," said Carmel. M&A is the tool," said Charles Carmel, vice president of corporate development for Cisco. "The strategy is really about capturing innovation." Cisco realizes it does not have a monopoly on good ideas, he said. "We don't start with the idea of what company we should buy. When pondering an acquisition, Google looks at the caliber of leadership being brought over to the company from the acquired venture, along with factors including time to market and opening of new markets, said David Lawee, Google vice president of corporate development.

Panelists also cited increasing interest in potential overseas acquisitions in places such as China. "There's nothing to prevent us from being as aggressive internationally," Lawee said. The company's acquisition of Urchin resulted in the Google Analytics platform while Keyhole, also bought by Google, became Google Earth, Lawee said. But panelists declined to make any predictions when asked whether the European Union should approve the planned acquisition of Sun Microsystems by Oracle. Tuesday's event was held at Microsoft's Silicon Valley offices. They also would not discuss what impact this acquisition would have on their own businesses. "Everybody's got their own twists and turns to their M&A activities," Carmel said. "No comment," Brown added.

This story, "Fear of Microsoft subsides in mergers and acquisitions arena," was originally published at InfoWorld.com. Follow the latest IT news at InfoWorld.com.    

Standards play a critical role in information assurance. Standards also provide a basis for demonstrating due care and diligence in fulfilling our fiduciary responsibilities to stakeholders. Given the impossibility of defining a deterministic model that includes billions of users, millions of computers, and thousands of programs and protocols potentially interacting with each other unpredictably, we have to rely on human consensus about best practices if we are to progress in our field. In this first of four articles about the latest revision of a landmark Special Publication (SP) from the Joint Task Force Transformation Initiative in the Computer Security Division of the Information Technology Laboratory of the National Institute of Standards and Technology (NIST), Paul J. Brusil reviews the key recommendations and strategic guidance offered in Recommended Security Controls for Federal Information Systems and Organizations, Rev. 3, which has been prepared by a panel of experts drawn from throughout the U.S. government and industry.

Traditionally, the Department of Defense (DoD) and the civilian federal agencies independently develop their own standards. Everything that follows is Brusil's work with minor edits. * * * From the furthest corners of the U.S. Defense and Intelligence communities to every civil office in the U.S. federal government, a single new security standard applies to all government information systems – including national security systems. Harmonizing the security needs of all government agencies has been a long time coming; but, for the first time ever, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Rev. 3 dated August 2009 does just that. It is the harbinger of other soon-to-appear, cross-government, security recommendation collaborations in areas including certification and accreditation, risk assessments, security control assessment procedures and others. SP 800-53 provides a unified information security framework that applies across the entire federal government. SP 800-53 is part of an extensive library of guidelines, recommendations and standards NIST publishes and continually updates to help organizations protect their information systems and data.

The SP 800-53 standard, titled "Recommended Security Controls for Federal Information Systems and Organizations", was co-developed by the Computer Security Division of NIST, DoD and the U.S. Intelligence Community, as well as the Industrial Control System community. Protected information systems include all constituent components – local and remote – for processing, storing and transmitting information. It benefited by extensive public review and comments. The purpose of SP800-53 is to achieve information system security and effective risk management, in part, by providing a common information security language for all information systems and by providing consistent and repeatable guidelines for selecting and specifying standard security controls. It represents the best practices and guidance available today, not only for the government but for private enterprises as well.

With the aid of SP 800-53, organizations are able to select appropriate security controls to meet security requirements, to implement the selected controls correctly and to demonstrate the confidence and effectiveness of selected controls in complying with security requirements. Office of Management and Budget (OMB) policies mandate all federal agencies, their contractors and their external service providers use SP 800-53. The existence of SP800-53 as a government regulation has many benefits beyond the stipulation of security best practices. SP 800-53 guides security managers, security service providers, security technology developers, system developers, system implementers and system assessors. For one, it elevates security awareness to senior management. SP800-53 is a living document updated periodically.

Correspondingly, security funding can be positively impacted. The just-released Revision 3 supersedes the previous revision released 18 months earlier. In the next part of this four-part series, Brusil discusses the risk management section of SP 800-53 Rev. 3. * * * Dr Paul J. Brusil, PhD, MD graduated from Harvard University with a joint degree in Engineering and Medicine. It contains or amplifies a risk management framework, a security control catalog, a security control selection process, traceability of security controls to underlying security requirements, assurance requirements for security controls, and extensions for use in communities outside the U.S. government. He has authored more than 100 papers and book chapters in his distinguished career and worked in a wide range of industry and government sectors as a respected security, network management and program management consultant. He is on the editorial boards of several journals including the Journal of Network and Systems Management and is a Lead Instructor for the Master of Science in Information Assurance at Norwich University.