Oracle released Oracle Call Interface (OCI8), and the code used to write it, Tuesday to a PHP community conference in San Francisco hosted by Zend Technologies, a developer of Web application based on the PHP script.

The new driver fixes a problem faced by PHP-based Web applications trying to access Oracle databases, overwhelming the databases with requests, says Mark de Visser, chief marketing officer for Zend.

"So many sessions meant that it consumed resources on the server every time a new Web user would come in. Databases would just go to their knees on scalability issues like that," de Visser says. "Everybody in the industry who uses Oracle and PHP knows what this is about."

The solution is better connection pooling on the server and a high-performance driver built into the PHP application, de Visser says.

With OCI8, Oracle says, a single industry-standard server can support tens of thousands of database connections and provide higher availability than without it.

"We expect to further strengthen PHP as a tool of choice and expand use of Oracle databases for Web 2.0 and ... enterprise application deployments," said Ken Jacobs, Oracle's vice president of product strategy for server technologies, in a prepared statement.

Not everyone in the open-source community has welcomed Oracle's involvement. Late last year, Oracle announced plans to offer support for Red Hat Enterprise Linux at half the price of what Red Hat was offering. That rankled Red Hat executives, who at one point claimed Oracle was exaggerating the number of Red Hat customers it won over to Oracle support.

De Visser declined to compare Oracle's level of open-source commitment with that of other companies but said that by open-sourcing OCI8, Oracle is endorsing PHP as the scripting language used for one-fourth to one-third of Web applications on the Internet.

"They have been criticized by some for their role in Linux, but at the same time, from the viewpoint of the world of PHP ... they are a very good collaborator," de Visser says.

Network World is an InfoWorld affiliate

Scheduled to speak on the issue later today, Zend's Eddo Rotman, senior PHP engineer, cited PHP's object-oriented nature as a good fit for agile processes in which software is developed in short iterations rather than being mapped out in advance.

With agile, developers work on smaller pieces of an application. After a requirement changes, developers can change the code internally as an object.

Zend has used agile development to build Zend Platform, which is the company's application server. Developers, though, should examine whether agile is a good fit for their organization, Rotman said. Agile depends a lot on whether it will be accepted internally, he said, and might seem a bit disorganized to some.

"If your organization can't handle that, you shouldn't fight to put Agile in," Rotman said.

Meanwhile, an Adobe official at ZendCon Wednesday cited use of PHP at the company in a presentation on RIA (rich Internet application) development.

"I've never written a line of ColdFusion in my life and we use PHP all the time at Adobe," said Lee Brimelow, Adobe platform evangelist. Intended for building Internet applications, ColdFusion is Adobe's server-side Java application partnered with a markup language.

RIAs, Brimelow said, are browser-based Web applications that offer features and functionality of a traditional desktop application. He cited several popular client-side RIA technologies, including Adobe's Flash and Flex, AJAX (Asynchronous JavaScript) and XML and the Silverlight and JavaFX technologies under development by Microsoft and Sun Microsystems, respectively.

JavaFX, he said "is something that Sun is working on that's pretty much largely being ignored."

RIAs offer a much richer UI than is possible with HTML and CSS (Cascading Style Sheets), Brimelow said. But there are potential disadvantages, such as accommodating RIAs in search engines.

"This is something that still hasn’t been figured out properly," Brimelow said.

Brimelow compared Adobe's Flex to PHP. Whereas Flex is client-side, PHP is a server-side technology, but both are object-oriented. The Flex Builder and Zend Studio IDEs are based on Eclipse.

There is no right or wrong way to integrate PHP and Flex; using XML is the simplest way, Brimelow said. JSON (JavaScript Object Notation) serialization also can be used.

Brimelow also touted Adobe's AIR (Adobe Integrated Runtime) technology, now in development, for building Internet applications that can on the desktop. "Essentially, AIR is basically, 'Forget the browser. You're now developing desktop applications'," Brimelow said.

AIR offers features such as network detection, file IO, drag and drop, and clipboard access.

A judge in U.S. District Court for the Northern District of Illinois, Eastern Division, has ordered the group, including Spear Systems of Wyoming and eHealthylife.com, to stop sending spam and to stop making product claims that the FTC charged were false or unsubstantiated.

The FTC's action was the first brought under the U.S. Safe Web Act, passed by the U.S. Congress in December 2006 to allow for more international law enforcement cooperation when fighting spam, spyware, and other Internet-based fraud.

The international enterprise, with defendants in the United States, Canada, and Australia, used spammers to drive traffic to Web sites selling two kinds of pills. One kind, called HoodiaLife and HoodiaPlus, was supposed to contain the ingredient hoodia gordonii and cause significant weight loss. The other, called HGHLife and HGHPlus, was supposed to be a "natural human growth hormone enhancer" that would dramatically reverse the aging process.

The FTC's spam database received more than 175,000 spam messages sent on behalf of the operation.

A telephone number for Spear Systems was not in service Wednesday. However, eHealthylife.com was still offering HGHLife on its Web site Wednesday. A salesman there said no one was immediately available to comment on the FTC complaint.

The defendants falsely claimed that their supposed hoodia products cause permanent, rapid, and substantial weight loss, as much as 25 pounds in a month, the FTC said.

The FTC complaint also charges that the defendants falsely claimed that their supposed HGH products would contain human growth hormone or result in a substantial increase in the consumer's growth hormone levels. The defendants falsely claimed that their HGH products would turn back or reverse the aging process, including reducing cellulite, improving hearing and vision, causing new hair growth, improving emotional stability, increasing muscle mass, and causing fat and weight loss.

The defendants made all of these claims without evidence to support them, the FTC said.

In addition, the operation violated the CAN-SPAM Act of 2003 by sending commercial e-mails that contained false "from" addresses and deceptive subject lines, and that failed to provide an opt-out link or physical postal address.

The FTC complaint was filed against Spear Systems, Bruce Parker, Lisa Kimsey, and Xavier Ratelle, doing business as eHealthylife.com. Earlier this month, Judge Wayne Andersen temporarily ordered the defendants to stop sending the e-mail messages and ordered that their assets be frozen.

A hearing scheduled for Thursday would determine whether to extend the restraining order and the assets freeze. The FTC is seeking permanently to bar them from further violations and to forfeit their profits from the operation.

On Wednesday the company announced the On-Demand Desktop Streaming, a server-based software, hardware, and services offering that streams the OS, applications, and data to diskless desktop clients over a Gigabit Ethernet network.

Centralizing control of desktops on a single server reduces maintenance and allows reinvestment of resources in the core business, said Jeff Clarke, Dell's senior vice president, on a conference call.

The system will reside on a shared PowerEdge 2950 server, and use the Citrix Provisioning Server software to stream the OS, applications and data to OptiPlex-based 745 and 755 desktop clients over a Gigabit Ethernet network. Users can take full advantage of a client's CPU and graphics processor, providing a full desktop experience with application access and complete multimedia capabilities, Clarke said.

As user and system data resides on a central servers, IT departments get more control over desktops. That reduces strain related to IT management and security issues, such as viruses and disaster recovery, if hardware fails, Clarke said.

Data in a central resource also makes computing flexible as users can access data from anywhere using a desktop client or mobile device, Clarke said.

"This is not a thin client or blade PC," he said, adding that blade systems are single-purpose and cannot be redeployed.

The ability to control desktops also reduces strains on a company's IT infrastructure, Clarke said. "Deskside IT visits are almost completely eliminated," he said.

Each virtual server with the system costs $1,100 per client and supports up to 100 clients. The new offering is available now.

Change in infrastructure requires quite an investment, so the potential audience for such systems is limited, said Toni Duboise, senior analyst at Current Analysis West. Customers looking to change their infrastructure or larger corporations could be willing to give it a try before others take it into consideration, she said.

"There's some logic to have a central source where the IT resources are concentrated," Duboise said. "We're progressing toward something like this, but it still takes a lot of investment."

Most corporations feel comfortable continuing with their existing PC infrastructure but may seek change, said Gordon Haff, principal IT advisor at Illuminata. "At some people have to sit down and say, 'It's time to change the IT infrastructure.'"

Dell also introduced Wednesday an online IT Simplification Self-Assessment tool, which determines the complexity and efficiency of a company's IT environment at different levels.

The FCC's decision to require so-called open-access rules on about a third of the 62MHz of spectrum, covering the entire U.S., could discourage large carriers from bidding on that spectrum and drive them instead to auctions for spectrum covering smaller geographic areas, which are targeted toward small carriers, said Christopher Guttman-McCabe, vice president of CTIA, a trade group representing wireless carriers.

Guttman-McCabe, testifying before the U.S. House of Representatives Small Business Committee, produced a letter signed by 139 small and regional wireless carriers urging Congress and the FCC to abandon the open-access rules. Large carriers will likely bid on the smaller licenses "rather than accept large, encumbered licenses," the letter said.

In July, the FCC voted to require that the winning bidder of 22MHz of spectrum allow devices sold by other wireless carriers to be used on its network. In addition, the FCC prohibited the winning bidder from blocking or slowing Web and voice content not approved by it. The spectrum to be auctioned is in the 700MHz band, being abandoned by U.S. television stations as they move to all-digital broadcasts.

These open-access rules, plus network build-out requirements and leasing limitations, will make it difficult for small carriers to bid on the spectrum, said executives with two small carriers.

"My fear is that ... large, nationwide telecommunications carriers will be in the best positions to win many of the licenses that will soon be auctioned, and that they will once again overlook rural towns and outlying areas," said Edward Kelly Bond, president of Public Service Communications, a telecom carrier based in Reynolds, Georgia.

In addition, the FCC has prohibited winning bidders from selling the spectrum for 10 years and prohibited them from leasing more than 25 percent of the spectrum to other carriers, said Shelley Spencer, president of Wirefree Partners, based in Vero Beach, Florida.

Wirefree Partners paid $152 million in a PCS auction in 2005 and was able to lease half of that spectrum to Sprint Nextel, Spencer said. "We should be able to wholesale, we should be able to lease," she said. "We shouldn't have straightjackets imposed on us that other carriers don't have to face."

The requirements that small business bidders hang on to spectrum for 10 years could require them to pay back-bidding discounts if they grow beyond the FCC's definition of a small business, she added. That rule could be a "death knell" for some small carriers, she said.

The small business rules will scare investors away from small bidders, Spencer added. "How do we raise the money to participate in this auction?" she said. "The capital requirements are staggering for small businesses."

FCC Chairman Kevin Martin said the FCC changed the auction rules for small businesses to prevent fraudulent bidders who had no intention of offering wireless service.

Representative Charlie Gonzalez, a Texas Democrat that represents the San Antonio headquarters of AT&T, agreed with Spencer and Bond. "I really don't see the spectrum rules benefitting small businesses, as far as ownership," he said.

Gonzalez also suggested the FCC should place a higher priority on getting larger bids for the spectrum, saying the U.S. government continues to face budget deficits. "You have a fiduciary responsibility to maximize that money," he told Martin.

But Martin said Gonzalez can't have it both ways. Cutting up the spectrum into small geographic areas encourages small carrier bidding, but offering nationwide spectrum would generate the most money, Martin said. "There are often competing and conflicting interests," he said.

Martin also defended the open-access rules, saying they would allow providers of Web and wireless applications access to the network without getting permission of the carrier that owns the spectrum.

Jeffrey Black, chairman and chief strategy officer of wireless services vendor TalkPlus, agreed with Martin. Wireless carriers often block small companies from offering services on their networks, he said.

"Your electric utility can't limit your choice of a vacuum cleaner," he added. "Let the consumer, not the carrier, decide who can offer the best and brightest applications."

In April, Nacchio was convicted in the U.S. District Court for the District of Colorado on 19 counts of insider trading involving stock sales he made in 2001. In July, he was sentenced to six years in prison, a $19 million fine, and a forfeiture of about $52 million in gains from the stock sales. Nacchio's attorneys filed an appeal Tuesday in the U.S. Court of Appeals for the Tenth Circuit, in Denver.

A telecommunications bubble based on overly optimistic forecasts of Internet demand burst early in this decade, and Qwest's shares plummeted along with many others. Nacchio, who was CEO from 1997 to 2002, was accused of unloading his own Qwest shares while forecasting aggressive growth for the company. He and other executives were also accused of misrepresenting one-time sales of network capacity as ongoing revenue sources. Along with former WorldCom CEO Bernie Ebbers, Nacchio became a symbol of telecommunications greed.

In its opening brief on the appeal, Nacchio's lawyers claim he was made the scapegoat for a crash that cost Qwest investors and employees dearly. He had announced six months in advance that he would sell his shares as part of a compensation plan, and he never had any inside information that the company's results would fall drastically short, the argument says. It alleges, among other things, there was insufficient evidence and the district court ignored established case law and left out important jury instructions in the trial.

Arguments in the case are scheduled for Dec. 18.

Today's centralized, hierarchical mobile networks are overengineered, said Alcatel Lucent's Vice President Network and Technology Strategy Pierre Tournassoud.

Their use of specialized transport protocols makes them complex to design and manufacture, he said. This is good for a few big manufacturers but not for the industry overall, nor for the end-user, Tournassoud said in the keynote address on the second day of the event organized by Freescale Semiconductor.

Instead, future networks should adopt the kind of flat IP model toward which fixed-line networks are moving, Tournassoud said. There, the shift has led to a proliferation of so-called "triple-play" services, where operators use DSL to deliver phone calls, television programs, and Internet access over the same pair of copper wires, all managed using IP.

Vendors approaching the problem from the PC world, such as Intel, with its work on WiMax, or the traditional telecommunications equipment vendors working on LTE -- the Long Term Evolution enhancement to today's 3G mobile networks -- are converging on some common technologies.

With this approach, "mobile networks can be made a lot simpler like Internet platforms for mobile communications," Tournassoud said.

So simple, in fact, in the future mobile phone users could even have their own network base station at home, as operators adopt new technology such as femtocells -- tiny transmitters that improve in-home wireless coverage, plugging into a DSL connection to carry traffic back to the mobile network core over an IP connection.

But with the advantages of IP come some dangers: The Internet is open not just to well-meaning developers but also to all manner of criminals and vandals, and our always-on DSL connections bring us not only voice and video, but also viruses, along with phishing attacks, and Trojan horses.

That's why the developers of the next generation of mobile networks are trying to build security in from the start, according to Tournassoud and numerous engineers working for Freescale Semiconductor and its partners that were also present at the Paris conference.

"It requires a very solid, very secure hardware platform," said Tournassoud.

Others at the event echoed his sentiment. Alan Brown, principal analyst with Gartner Dataquest's semiconductor group, said a move to a flat IP structure in mobile networks will bring a lot of flexibility to mobile operators, application developers, and service providers. However, "with standard interfaces, there is also the ability for hackers to get into routers for financial gain or for the challenge," he said.

Freescale demonstrated a hardware reference platform with a number of security features for future mobile devices, its i.MX31 and i.MX31L multimedia applications processors. Based on the Arm 11 core designed by Arm Holdings, the chips have a run-time integrity checker that verifies the digital signature of code before executing it. This can help stop malware sneaking onto the device -- although it could also be used to lock down a mobile device and prevent the installation of third-party applications, much as Apple has attempted to do with its iPhone.

Prototypes are often designed with additional standard circuitry to make it easier to observe their behavior under test. Probes applied to that circuitry, known as a JTAG interface, can even be used to issue debugging instructions to the microprocessor. The connections for the prototype's JTAG interface often survive -- in different positions on the circuit board -- right through to final production. Identifying where these points were located on Apple's iPhone became one of the goals of those trying to unlock the devices as access to it might have allowed them to debug Apple's security code.

The development boards are set for release in January and will ship with Windows CE or Linux operating systems: Freescale expects manufacturers will use them to develop multimedia players, navigation devices, or similar gadgets.

Elsewhere at the Forum, Freescale showed multicore processors with built-in encryption engines. These can be used to accelerate the encryption of traffic flowing across a network -- but can also be used to decrypt application software on the fly, just before it is executed, making it harder for attackers to dissect the software in, for example, home base stations.

IMS is a combination hierarchical database and transaction system that runs only on IBM's zSeries line of mainframe computers (formerly called System/390).

IMS, which stores data in a tree structure rather than in the tables used in relational databases, was first used in 1968 for the NASA's Apollo space program.

The conventional wisdom is that the long-term usage of IMS is slowly dwindling, though some champions of the software heartily dispute that.

IMS, according to a blog post earlier this year by database analyst Curt Monash, is one of the several niche databases that are "fine things to stick with until you have to change."

Bernie Spang, director of data servers at IBM, added that the database remains vigorous despite its age. It still runs in the back rooms of over 95 percent of Fortune 1,000 companies, and, Spang claimed, 80 percent of large retail banks in the United States, Germany and Japan.

Spang said that IMS's year-over-year sales growth today is also higher than the 2 percent rate reported in 2003 by then-IBM database chief Janet Perna, though he declined to be specific. He also said that IBM's customers upgraded to Version 9 of IMS, released in October 2004, faster than they upgraded to previous versions.

Despite the fact that it has a large, diverse portfolio of database products that includes the DB2, Informix and U2 lines, IBM continues to invest in and market IMS as its best high-transaction data processing solution, Spang said.

For software, age 40 "could be the new 20," Spang said. "We've seen the first 40 years of IMS, now let's see what next 40 will be like."

Because of its high-transaction competence, IMS is used by many large package-tracking companies, automakers and insurance companies, he said. For instance, Spang said there's a bank that transfers US$3 billion a day using IMS. And one package-tracking firm, which he declined to identify, handles 100 million transactions a day using the database.

Version 10, which will start shipping on Oct. 26, focuses on strengthening the software's service-oriented architecture (SOA) features. They include new support for XQuery and enhanced support for XML and Web services, broader XML and Java tooling to encourage new application development, and enhanced database recovery control.

IBM offers IMS only through leasing programs. Pricing starts at $9,000 a month, a spokeswoman said. That excludes the cost of the zSeries server it runs on; IBM declined to reveal pricing for the zSeries server.

Computerworld is an InfoWorld affiliate.

"The threat that poses the most danger now is what has posed the most danger in the past," said Oliver Friedrichs, the director of Symantec's security response team and a writer on electoral cybercrime. "Phishing is the most significant problem now, and it has the potential to disrupt campaigns or even competing campaigns."

Not only are candidates' campaign Web sites prime targets for phishers -- the criminals could create bogus sites posing as the real deal to harvest contributors' credit card and bank account numbers -- but they could be victimized by radical followers of their opponent. "A phishing site could impersonate [the site of] one candidate, say Hillary Clinton, but actually submit the donation to another candidate, Rudy Giuliani, for example," said Friedrichs. "It might be very unlikely that a campaign would do something like this, but it could be launched by individuals who already consider themselves criminals, or by radicalized voters."

Even though the dollar amounts of such a steal-from-Hillary-to-pay-Rudy attack might be small, Friedrichs thinks there would be substantial fallout. "The diversion of donations like that has the potential to undermine the confidence in the online donation concept," he said.

In 2004, only two phishing attacks were detected that exploited the presidential election, Friedrichs said, both against the Kerry-Edwards campaign. In one instance, phishers set up a fictitious site shortly after the Democratic National Convention to supposedly solicit donations, although the criminals' goal was to gather credit card numbers and other personal information. In the second, phishers set up a site asking contributors to phone a for-fee 1-900 number that charged callers $1.99 a minute.

It's likely that the 2008 campaign will see a much larger number of election-oriented phishing campaigns. Phishing posed only a "marginal risk" in 2004, in part because the scam was small-scale compared to today but also because presidential campaigns had only begun to move online in search of contributions. Today phishers are more capable and candidates more dependent on the Internet.

"We've seen phishing against candidates in the past," said Friedrichs, "and we should expect to see it during this campaign."

One thing that could make phishers' crimes even easier is the large number of domains that are just a typo away from an actual candidate's campaign Web site, Friedrichs argued. Using specialized tools, Friedrichs generated possible typo domains -- "mitrromney.com" rather than the intended "mittromney.com", for example -- and analyzed domain registration records.

"Many of the typo domains were not registered by the candidates proactively," said Friedrichs. "Only one candidate [Mitt Romney] had registered a typo domain, and then only one domain. Every other candidate had not taken precautions."

Phishers could exploit typo domains, as well as what Friedrichs called "cousin" domains -- expanded versions of a candidate's actual domain, such as "presidentbarackobama.com" -- to trick contributors into clicking on links in e-mail messages.

But other kinds of profiteering is also not only possible with typo domains, but already in action, according to Friedrichs. Most typo domains, he said, are used to host ads, most often contextual ads. On some typo domains -- courtesy of ad syndicates or keyword purchasing -- the ads are in fact from the candidate whose domain has been abused. "The candidate is paying to have their ads displayed on the typo squatter's Web site. Candidate are paying for their own typo sites," said Friedrichs.

"Candidates and their campaigns are only beginning to understand the risks and have yet to take the necessary precautions in order to protect themselves," he concluded. "Our fear is that a true appreciation of the required countermeasures will not be realized until these attacks do in fact manifest themselves."

A draft of Friedrichs' chapter for the upcoming book Crimeware has been posted to Symantec's Web site, and includes sections on other threats to the electoral process, ranging from malicious code to Internet-based dirty tricks.

Computerworld is an InfoWorld affiliate.

The bug, which Microsoft acknowledged two weeks ago, displays 100,000 as the result of calculations that should instead show either 65,535 or 65,536. The error, Microsoft claimed last month, is not in Excel's calculations, but in the code that takes resulting values and formats them before they're displayed in a cell on the spreadsheet. Only the newest version, Excel 2007, and its online cousin, SharePoint's Excel Services 2007, contain the bug.

Fixes for the bug, as well as documentation logged into Microsoft's support database, have been posted to the company's download site, with links available on Microsoft's Excel blog. The download for Excel 2007 is a substantial 32.5MB.

"We are in the process of adding this fix to Microsoft Update so that it will get automatically pushed to users running Excel 2007 or Excel Services 2007," said David Gainer, the program's lead project manager, on the team's blog. The patch was not among the non-security updates included with yesterday's bulletins, however. Gainer also noted that the hotfix would be added to the first service pack for Office 2007, although Microsoft has said nothing about its work on Office 2007 SP1, or its release date.

The next regularly scheduled update is Nov. 13, but Microsoft has also taken to rolling out non-security hotfixes, especially for newer products such as Windows Vista, on the last Thursday of each month. This month, that day will be Oct. 25.

Computerworld is an InfoWorld affiliate.