iPhone GPS app market heating up

The iPhone GPS app market unleashed by the release of the iPhone 3.0 software update is getting more interesting by the day, with several developers in an arms race to add new features to their initial offerings. My own in-car navigation box doesn't even speak street names (other than numbered freeways), and it sure makes a big difference. Taking the lead in the GPS app race is Navigon MobileNavigator, which recently added support for spoken street names-a major failing in the three apps that I previewed in a Macworld Video last month. Last week, I got to spend a little bit of time with Navigon's Johan-Till Broer, who showed me the next version of MobileNavigator, due as a free App Store update sometime in October.

The traffic update also does a better job of estimating the speeds of various roads without live traffic data. It adds live traffic to the party, downloading traffic updates over the digital cell network and rerouting you around slow spots. The end result should be that MobileNavigator will do a better job of suggesting the fastest route you should take to your destination, based on both current conditions and the time of day you're traveling. I've found Sygic Mobile Maps to be a solid app, although it feels more like a port of a standalone GPS device than a native iPhone app. Sygic, maker of the Sygic Mobile Maps GPS navigation app, recently updated its app to support spoken street names, as well as catching up with the other apps by integrating the addresses of the contacts in your iPhone's address book. However, you can't beat the price-Sygic is trying to drive sales of its updated app by reducing the price (temporarily, at least) to $40 for an app containing only United States maps and $60 for the app containing maps of all of North America.

TomTom's promised car kit for the iPhone, which promises a mount, speaker, and improved GPS reception, has yet to arrive here in the States. (Our friends at Macworld UK are reporting that the car kit is available for order on that side of the Atlantic, with shipping times listed as "two to three weeks.") As for the TomTom app, the company promises "several updates by the end of 2009," but hasn't given details. While Navigon and Sygic are not familiar names to most Americans, TomTom is a strong brand and its iPhone app has sparked a lot of interest, although the iTunes charts would suggest that it may have fallen behind Navigon in terms of sales. Presumably spoken street names and live traffic are high on the agenda. Look for a comprehensive comparison of iPhone GPS apps from Macworld in the near future. Reviewing these apps is hard, requiring a lot of driving (and a dedicated driver so the reviewer doesn't cause an accident!), and the features of the apps keep updating at a rapid pace.

In the meantime, check out my video above if you'd like to see the apps in action. From my perspective, right now Navigon MobileNavigator is the best choice available, but this game is far from over.

Dell-Perot Deal Spells Trouble for Tier-Two Outsourcers

The consolidating IT services market contracted a bit further on Monday with Dell's announcement that it will acquire Perot Systems for $3.9 billion. The fact that Dell paid nearly a 70 percent premium on Perot's stock price to seal the deal confirms "the value of integrating hardware and services for infrastructure management is clearly gaining momentum," says Peter Bendor-Samuel, CEO of outsourcing consultancy Everest Group, which counts both Perot and Dell among its clients. The Texas twosome can hardly match the scale of HP or IBM on the outsourcing front-Perot brings just $2.7 billion in services revenue to the table-but the matchup is clearly made in their image. It also suggests, he adds, that the size of outsourcing/hardware companies will continue to increase in importance.

But Dell, struggling as a hardware manufacturer at a time when infrastructure sales are slow, wants in on the outsourcing business, even if it takes several acquisitions to do it. "Perot's capabilities are focused on a few geographies and industries, which Dell will need to grow or complement with other acquisitions to attain greater scale to compete head-on with the likes of HP and IBM," says Bendor-Samuel. [ Related: Dell Perot Deal: Big Price Tag, Small Industry Impact and FAQ: What the Dell-Perot Merger Means for the IT Industry. ] Neither company is likely to be too worried about the competition at this point. While Perot operates in some high-interest industries-most notably healthcare and government services-its footprint remains relatively small. It's more likely that Dell-Perot will make inroads on smaller deals. "Dell and Perot Systems can exert pressure in this sector, and if played right, could see their market share increase in the midmarket in both products and services," says Stan Lepeak, managing director at outsourcing consultancy EquaTerra. India-based providers who've been attempting to ramp up their infrastructure offerings "must continue to find ways to grow and reach meaningful scale," says Bendor-Samuel. As such, it's the tier-two players that will be watching the Dell-Perot deal closely. Meanwhile, traditional IT services players who've yet to walk down the aisle with a hardware vendor-such as ACS, CSC and Unisys-may be wondering how wise it was to stay single. "They will be asking themselves how they can grow in the infrastructure space to meet the increased threat posed by the integrated hardware and services offerings of IBM, HP, and now Dell," Bendor-Samuel says.

While Dell may be eager to keep Perot clients-and their relatively healthy profit margins-existing customers should proceed with caution (See Five Steps to Take if Your Outsourcer is Sold.) Specifically, clients should assess any impact the deal has on non-Dell hardware options, Lepeak advises. As for integration issues, Dell and Perot may have an easier go of it than most. "Good cultural alignment, close physical proximity for key leaders, and the absence of an entrenched services business at Dell-together with the obvious convergence around the value of Perot as a hardware channel for Dell and Dell as a lead generator for Perot-should make integration much faster and less painful than is the norm for deals of this scale," says Mark Robinson, EquaTerra's chief operating officer. Those most worried about the Perot deal are Dell customers working with other outsourcers. "While growing the legacy Perot Systems' client base, Dell must use caution not to alienate hardware clients who are using other service providers for outsourcing services," says Lepeak.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers. Aardvark Mobile actually arrived in the App Store nearly a week ago.

Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered. The iPhone version of Aardvark works much the same way.

The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said. In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app.

Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

IPv6: Not a Security Panacea

With only 10% of reserved IPv4 blocks remaining, the time to migrate to IPv6 will soon be upon us, yet the majority of stakeholders have yet to grasp the true security implications of this next generation protocol. While IPv6 provides enhancements like encryption, it was never designed to natively replace security at the IP layer. Many simply have deemed it an IP security savior without due consideration for its shortcomings.

The old notion that anything encrypted is secure doesn't stand much ground in today's Internet, considering the pace and sophistication in which encryptions are cracked. Unfortunately, IPsec, the IPv6 encryption standard, is viewed as the answer for all things encryption. For example, at the last Black Hat conference hacker Moxie Marlinspike revealed vulnerabilities that breaks SSL encryption and allows one to intercept traffic with a null-termination certificate. But it should be noted that:  IPsec "support" is mandatory in IPv6; usage is optional (reference RFC4301). There is a tremendous lack of IPsec traffic in the current IPv4 space due to scalability, interoperability, and transport issues. Many organizations believe that not deploying IPv6 shields them from IPv6 security vulnerabilities.

This will carry into the IPv6 space and the adoption of IPsec will be minimal. IPsec's ability to support multiple encryption algorithms greatly enhances the complexity of deploying it; a fact that is often overlooked. This is far from the truth and a major misconception. For starters, most new operating systems are being shipped with IPv6 enabled by default (a simple TCP/IP configuration check should reveal this). IPv4 based security appliances and network monitoring tools are not able to inspect nor block IPv6 based traffic. The likelihood that rogue IPv6 traffic is running on your network (from the desktop to the core) is increasingly high. The ability to tunnel IPv6 traffic over an IPv4 network using brokers without natively migrating to IPv6 is a great feature.

Which begs the question, why are so many users routing data across unknown and non-trusted IPv6 tunnel brokers? However, this same feature allows hackers to setup rogue IPv6 tunnels on non-IPv6 aware networks and carry malicious attacks at will. IPv6 tunneling should never be used for any sensitive traffic. By enabling the tunneling feature on the client (e.g. 6to4 on MAC, Teredo on Windows), you are exposing your network to open, non-authenticated, unencrypted, non-registered and remote worldwide IPv6 gateways. Whether it's patient data that transverses a healthcare WAN or Government connectivity to an IPv6 internet, tunneling should be avoided at all costs.

The rate at which users are experimenting with this feature and consequently exposing their networks to malicious gateways is alarming. The advanced network discovery feature of IPv6 allows Network Administrators to select the paths they can use to route packets. Is your security conscious head spinning yet? In theory, this is a great enhancement, however, from a Security perspective it becomes a problem. So where are the vendors that are supposed to protect us against these types of security flaws?

In the event that a local IPv6 Network is compromised, this feature will allow the attacker to trace and reach remote networks with little to no effort. The answer is, not very far along. Since there are no urgent mandates to migrate to IPv6, most are developing interoperability and compliance at the industry's pace. Like most of the industry, the vendors are still playing catch-up. So the question becomes: will the delay in IPv6 adoption give the hacker community a major advantage over industry?

As we gradually migrate to IPv6, the lack of interoperability and support at the application and appliance levels will expose loopholes. Absolutely! This will create a chaotic and reactive circle of patching, on-the-go updates and application revamp to combat attacks. There is more to IPv6 than just larger IP blocks. Regardless of your expertise in IPv4, treat your migration to IPv6 with the utmost sensitivity. The learning curve for IPv6 is extensive.

Many of the fundamental network principles like routing, DNS, QoS, Multicast and IP addressing will have to be revisited. People can't be patched as easily as Windows applications, thus staff training should start very early. Reliance on given IPv4 security features like spam control and DOS (denial of service) protection will be minimal in the IPv6 space as the Internet 'learns' and 'adjusts' to the newly allocated IP structure. Jaghori is the Chief Network & Security Architect at L-3 Communications EITS. He is a Cisco Internetwork Expert, Adjunct Professor and industry SME in IPv6, Ethical Hacking, Cloud Security and Linux. It's essential that your network security posture is of the utmost priority in the migration to IPv6. Stakeholders should take into account the many security challenges associated with IPv6 before deeming it a cure-all security solution.

Jaghori is presently authoring an IPv6 textbook and actively involved with next generation initiatives at the IEEE, IETF, and NIST. Contact him at ciscoworkz@gmail.com.

Report: New net neutrality rule coming next week

Federal Communications Commission chairman Julius Genachowski will propose a new network neutrality rule during a speech at the Brookings Institute on Monday, the Washington Post reports. Additionally, the principles state that consumers are "entitled to competition among network providers, application and service providers and content providers." Broadly speaking, net neutrality is the principle that ISPs should not be allowed to block or degrade Internet traffic from their competitors in order to speed up their own. Anonymous sources have told the Post that Genachowski won't offer too many details about the proposed rule and will likely only propose "an additional guideline for networks to be clear that they can't discriminate, or act as gatekeepers, of Web content."  The Post speculates that the rule will essentially be an add-on to the FCC's existing policy statement that networks must allow users to access any lawful Internet content of their choice, to run any legal Web applications of their choice, and to connect to the network using any device that does not harm the network. The major telcos have uniformly opposed net neutrality by arguing that such government intervention would take away ISPs' incentives to upgrade their networks, thus stalling the widespread deployment of broadband Internet.

The debate over net neutrality has heated up over the past few years, especially after the Associated Press first reported back in 2007 that Comcast was throttling peer-to-peer applications such as BitTorrent during peak hours. Several consumer rights groups, as well as large Internet companies such as Google and eBay, have led the charge to get Congress to pass laws restricting ISPs from blocking or slowing Internet traffic, so far with little success. Essentially, the AP reported that Comcast had been employing technology that is activated when a user attempts to share a complete file with another user through such P2P technologies. The FCC explicitly prohibited Comcast from engaging in this type of traffic shaping last year. As the user is uploading the file, Comcast would then send a message to both the uploader and the downloader telling them there has been an error within the network and that a new connection must be established. Both friends and foes of net neutrality have been waiting anxiously to see how Genachowski would deal with the issue, ever since his confirmation as FCC chairman earlier this year.

Tim Karr, the campaign director for media advocacy group Free Press, said at the time of Genachowski's nomination that he was instrumental at getting then-presidential candidate Barack Obama to endorse net neutrality during his presidential campaign. Net neutrality advocates cheered when Genachowski took over the FCC, as many speculated that he would be far more sympathetic to net neutrality than his predecessor Kevin Martin.

Linux driver chief calls out Microsoft over code submission

After a kick in the pants from the leader of the Linux driver project, Microsoft has resumed work on its historic driver code submission to the Linux kernel and avoided having the code pulled from the open source operating system. The submission was greeted with astonishment in July when Microsoft made the announcement, which included releasing the code under a GPLv2 license Microsoft had criticized in the past. Microsoft's submission includes 20,000 lines of code that once added to the Linux kernel will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology.

Greg Kroah-Hartman, the Linux driver project lead who accepted the code from Microsoft in July, Wednesday called out Microsoft on the linux-kernel and driver-devel mailing lists saying the company was not actively developing its hv drivers. If they do not show back up to claim this driver soon, it will be removed in the 2.6.33 [kernel] release. HV refers to Microsoft Hyper-V. He also posted the message to his blog. "Unfortunately the Microsoft developers seem to have disappeared, and no one is answering my emails. So sad...," he wrote. They are not the only company." Also new: Microsoft forms, funds open source foundation Kroah-Hartman said calling out specific projects on the mailing list is a technique he uses all the time to jump start those that are falling behind. Thursday, however, in an interview with Network World, Kroah-Hartman said Microsoft got the message. "They have responded since I posted," he said, and Microsoft is now back at work on the code they pledged to maintain. "This is a normal part of the development process.

In all, Kroah-Hartman specifically mentioned 25 driver projects that were not being actively developed and faced being dropped from the main kernel release 2.6.33, which is due in March. On top of chiding Microsoft for not keeping up with code development, Kroah-Hartman took the company to task for the state of its original code submission. "Over 200 patches make up the massive cleanup effort needed to just get this code into a semi-sane kernel coding style (someone owes me a big bottle of rum for that work!)," he wrote. He said the driver project was not a "dumping ground for dead code." However, the nearly 40 projects Kroah-Hartman detailed in his mailing list submission, including the Microsoft drivers, will all be included in the 2.6.32 main kernel release slated for December. Kroah-Hartman says there are coding style guidelines and that Microsoft's code did not match those. "That's normal and not a big deal. But the large number of patches did turn out to be quite a bit of work, he noted.

It happens with a lot of companies," he said. He said Thursday that Microsoft still has not contributed any patches around the drivers. "They say they are going to contribute, but all they have submitted is changes to update the to-do list." Kroah-Hartman says he has seen this all before and seemed to chalk it up to the ebbs and flows of the development process. The submission was greeted with astonishment in July when Microsoft made the announcement, which included releasing the code under a GPLv2 license Microsoft had criticized in the past. Microsoft's submission includes 20,000 lines of code that once added to the Linux kernel will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology. Follow John on Twitter

U.S. pledges $1.2 billion for digital health networks

The U.S. government has pledged $1.2 billion to help hospitals and clinicians develop and implement systems for digital health records and information sharing.

What $700 billion could buy your company

In an announcement made yesterday by Vice President Joe Biden and Health and Human Services Secretary Kathleen Sebelius, the government said it was awarding $598 million in grants to "establish approximately 70 Health Information Technology Region Extension Centers" to consult hospital technicians when they buy and deploy electronic health record systems. The government is also issuing $564 million in grants to support information sharing technologies within the digital health networks.

Dr. David Blumenthal, the national coordinator for health IT, said that the grants would "begin the process of creating a national, private, secure electronic health information system" to "help doctors and hospitals acquire electronic health records and use them… to improve the health of patients and reduce waste and inefficiency."

The http://www.networkworld.com/columnists/2009/031809antonopoulos.html ">digital health grants are being funded by the economic stimulus package passed by Congress earlier this year.

In addition to funding the digitization of health care records, the stimulus package has also designated $7.2 billion to fund broadband infrastructure investment. Of that money, $4.7 billion has been allotted to the National Telecommunications and Information Administration to award grants for projects that will build out broadband infrastructure in unserved or underserved areas; deliver broadband capabilities for public safety agencies; and stimulate broadband demand through training and education.

The remaining $2.5 billion in broadband stimulus money has been allotted to the U.S. Department of Agriculture (USDA) to make loans to companies building out broadband infrastructure in rural areas.