When the financial crisis first struck, it appeared that IT shops were prepared to weather the storm and that IT spending might hold up despite the downward economy. But a lot has happened since then.

Several more banks have faltered or been acquired. The stock market has continued to ricochet around, enough to destroy the confidence of all but its wealthiest masters. And layoffs keep coming across many industries, including the technology realm -- with no end in sight.

[ Learn more about how the financial crisis is affecting IT and the high-tech industry, plus what IT can do to help, in InfoWorld's special report. ]

IT, both corporate departments and the industry itself, has survived tough economic conditions before, notably the dot-com crash of 2001. Perhaps that's why IT shops are already battening down the hatches.

Preparing for the storm
Steve Minton, vice president of worldwide IT markets at IDC, says, "Companies are in the mindset of not spending in the next 3 months and increasing only 1 or 2 percent in the next 12 months. That's quite a change from last year when it was between 7 and 8 percent."

Gartner, in a report issued earlier this month, stated that even though the bailout of banks spares IT from a worst-case scenario, they're still turning budgets downward while heading toward 2009.

The bank fallout itself is not to be overlooked. Gauging only from the hardships of Bear Sterns, Lehman Brothers, and Merrill Lynch, Robert Iati, a partner and global head of consulting of the Tabb Group, a research and advisory firm that focuses on financial markets, sees "investment banks spending about $4.5 billion, or 20 percent, less on IT in 2009 than in 2008." That's more than just a big number. "Investment banks represent the engine of cutting-edge enterprise technologies," Iati adds.

Critical to enterprise technology advancements they may be, but Wall Street firms, banks, and other financial services organizations are not the only ones yanking dollars out of the IT spending pool -- or abandoning and mothballing projects.

"We do see people throw away even great ideas in tight times," says Mark Raskino, a Gartner fellow and vice president for emerging technologies and trends.

As gloomy as it looks, the tech sector is not returning to the days of the dot-com bust. "We're not seeing a replay of the big tech bust of 2001-2002," says Andrew Bartels, a principal analyst at Forrester Research. "But we do see a slowdown."

Innovation may take a hit
There are implications to companies spending less on IT. That reality might not hit the largest tech vendors -- the ones still reporting profits and sitting on large cash reserves -- hard enough to break any bones, but smaller companies will certainly feel the sting of less spending.

"There will be a lot of disruption to the progress of the industry because the pipeline of startups that fuels innovation will be challenged by the credit crisis," Gartner's Raskino explains.

That, in turn, inhibits the fresh new ideas that IT shops can choose to achieve their goals. "Less competition alone will harm overall IT innovation and the future of IT," says Andre Preoteasa, director of IT at Castle Brands, the alcoholic beverage producer and importer.

Andr? Gold, former head of IT security at financial services firm ING, explains that "the startup market has changed over the last five years, so it's not as sexy or profitable as it once was for new companies to come to market, IPO, and make wealthy or wealthier the VCs and entrepreneurs who seeded and founded the company."

That said, though, Gold contends that the model is not broken and remains valuable to IT shops. "I have gone to small-cap companies and startups for superior [intellectual property] at a reduced rate," Gold explains. "If the company has good [intellectual property], I have no shame in putting my checkbook behind that because they're likely to be acquired, and by a vendor I already have a relationship with."

Just don't expect IT budgets to spring back quickly. Gartner's Raskino expects this turbulence to continue through next year. "There's no chance that it will all be sorted out by Christmas and all will be well on January 1," he says.

Tabb Group's Iati looks out even further: "We're in for a period where it will probably take five years to reach the tech spend we had in 2007."

"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." -- Joseph Stalin

In the past eight years, elections in the United States have taken on the guise of a TV game show, with the elections themselves not quite as compelling as watching voting mechanisms fail across the country, especially in key battleground states such as Florida and Ohio. Pols and pundits from both sides of the aisle are quick to place most of the blame on faulty electronic voting systems. But until we set a technical policy that favors open voting systems, as Australia did in 2001 with its open source eVACS (Electronic Voting and Counting System), we have only ourselves to blame.

[ For more on how technology is reshaping the race for the U.S. presidency, see InfoWorld's special report. ]

The closed source approach to disenfranchisement
Current U.S. policy ensures that e-voting remains in the hands of very few proprietary vendors, including the much-maligned Diebold, which has received so much bad press that it has renamed its voting machine division Premier Election Solutions.

Don't let the new name fool you. Little has changed about e-voting systems, which take on several forms, including the two most common: touchscreen devices and optical-scan readers. What they have in common, however, is that they all use closed source code. In many cases, even the manufacturers don't have the source code to software running on their own systems. Premier Election Solutions recently advised that its machines lost votes in Ohio primaries due to an incompatibility with McAfee's anti-virus software. In the words of XKCD, someone is clearly doing their job horribly wrong. Later, Premier claimed that its own software was at fault.

More often than not, however, blame for e-voting failure is placed on the storage media of these devices, either due to their relative fragility or their apparent ease of tampering.

When results from elections conducted on e-voting systems are called into question, manufacturers point the finger at defective "memory cartridges." Those of us in IT know that if all flash storage were this error-prone, digital cameras and iPods wouldn't exist. Worse, we know it's far simpler to pocket or swap out a small flash card containing a few thousand votes than it would be if those votes were recorded on paper ballots.

Another problem of current e-voting systems is that many still in operation provide no paper trail. Americans can't fill up their cars or access their bank accounts from an ATM without being prompted to print a receipt, but in many voting precincts, we can vote with nothing tangible to show for it.

Most voters already know these systems are flawed. It's the relative lack of outrage that is troubling. Perhaps trust in the electoral process is still sufficient to assuage fears of stolen elections, or the issue of flawed voting technology itself has become a running joke, like cracks about an honest politician. Even The Simpsons parodied the situation recently.

Those of us who live in IT every day know better. We know exactly how poorly designed some software frameworks are. We see the security challenges presented by Web servers, mail servers, remote access, and so on, but when it comes to the foundation of our democracy, we just shake our heads and move on.

Maybe it's time for us geeks to come to the rescue, with a little help from Congress. We've built the Internet, designed staggeringly complex technologies for conducting lightning-speed financial transactions, securing sensitive patient data, even our own entertainment. After all, you'd be hard-pressed to say that there's more complexity in an e-voting machine than in, say, your TiVo or even your cell phone.

But the key to securing e-voting resides in making its systems open source.

Opening the polls to open source
If you look around the open source community, you will find a wide variety of projects that are not only widely used but extremely well designed and very secure. Apache, Perl, PHP, OpenBSD, FreeBSD, and the Linux kernel are just a few examples. Coders who contribute to these projects generally do so without remuneration, producing some of the best code available.

It's time for us to make good on the promise of open elections and open our e-voting systems as well -- no black boxes, no intellectual property protections, no obfuscation, and certainly no backdoors. Doing so would require a federal mandate, one that would eliminate the use of closed source devices.

This being a free-market economy, vendors should certainly be able to participate in the construction of truly secure e-voting systems. But to ensure the integrity of our elections, the code they run on their products must be open. Moreover, it should be the same across all e-voting platforms. Just as the PC industry produces multiple PC brands that all run Windows, e-voting vendors should produce systems that run the same open source voting software.

The open source community has already gotten involved in reshaping our approach to e-voting systems. The Open Voting Consortium, for example, is pushing for simple, standard touchscreen voting systems that do not directly interface with any system, or record votes. These systems would simply print paper voting receipts with bar codes that would then be scanned and dropped into a ballot box, officially casting the vote.

This method removes the need for any polling station to be held responsible for counting votes, thus eliminating any effect tampering with machines might have on results. It also ensures a paper trail for potential recounts. Moreover, by relying on paper in printers rather than official ballots, no voter can be turned away for lack of ballots at a polling place.

This solution is cheap and straightforward, yet isn't widely used. Instead, we have spent billions of dollars on commercial solutions that offer no paper trail -- just a poor security history.

One recent example involved a Republican at-large election in Washington, D.C., in which thousands of votes appeared and then disappeared during the day. Sequoia Voting Systems equipment was used for that election. Not surprisingly, Sequoia has laid the blame for those phantom votes on human error, perhaps a corrupt memory cartridge. Retailers wouldn't accept cash registers that were this error-prone. In many cases, brand-new e-voting systems have been shelved due to such issues, at a fantastic cost to taxpayers.

Network integrity: Ensuring all votes count
Leveraging existing network infrastructures to completely remove the polling place from the vote-counting equation is another essential step to ensuring secure elections.

In many cases, public polling is conducted in government buildings, schools, community centers, and other facilities equipped with some form of broadband Internet access. Devices running open source software could be made to create an instant, encrypted link to transmit all votes to a centralized server, while still providing a paper trail at the polling place in the form of a printout.

In this way, votes from a significant number of precincts could be counted as they are entered, rather than after the fact. Communication with the central server would be secured using existing encryption methods such as AES (Advanced Encryption Standard) and certificate-based authentication. Even when voting in someone's garage, your vote would be more secure than it would be using a pile of flash cards in a box.

In addition, these devices wouldn't require manual configuration. Once connected and authenticated to the central server, all ballot choices would be pulled from the central server for display to the voter. Thus, setting up the polling place would simply require volunteers to plug everything in and turn the systems on.

Of course, connectivity to the central server is sure to be this solution's weakest link. Though all transactions would be encrypted, the system would also need to incorporate a queuing method to retain votes until the server is available. This functionality could also maintain vote integrity even where Internet connectivity is not available. Simply connect the device to the network at a later time, and the votes are delivered to the central server. As above, paper receipts of each vote would be made available as they were cast, as a fallback should problems occur.

Open source in the voting booth
Anyone familiar with current e-voting technologies will note that the logistics of this solution are no more or less complex than those of existing systems. The key, however, is that they would be driven by open source code that anyone could download and use.

With all the covers off, it becomes extremely difficult to embed backdoors or commit cloak-and-dagger fraud. The ability to view the code that records our votes should be a basic right -- if only to ensure that the conditions leading to a successfully recorded vote do not set success as a default.

The best bet for an open voting system would be code based on NetBSD or OpenBSD, embedded in nonremovable flash on the mainboard of the device. The device would also require a serial or USB-driven touchscreen, as well as a USB-connected, embedded printer. Code updates to the device would not be allowed via the touchscreen, but rather through a certificate or key-secured USB or serial connection.

Such a device would be less complex than a McDonald's cash register, running extremely basic, open code that's been hardened for years, and can be easily reduced to only the required functions. There's no reason it couldn't be cheap, simple, and extremely easy to produce. Further, it should easily handle being mothballed for a year or two between elections.

Detractors will claim that if the code is open, anyone planning to commit fraud will have the blueprints to circumvent the security of the system. The ever-growing adoption of open source software in businesses large and small, as well as the Internet's reliance on open source solutions, provides evidence to the contrary. For example, open cryptography solutions are no less secure than their closed counterparts. In fact, one could argue that they're more secure, given that complete code visibility greatly reduces the potential for backdoors.

Open elections require open systems
Ultimately, the call for open source e-voting systems isn't as much about open source software as it is about securing our inalienable right to legitimate elections. It just so happens that open source is the best way to accomplish that goal.

If the past few elections are any indication, secure voting machines are essential to political legitimacy. With machines sold by companies that produce far more secure ATMs than voting systems, something must change, especially as the inaccuracies and irregularities incurred by these systems continue to mount. No effective steps have been taken by the government thus far to address the integrity of our vote, other than small measures by state and county governments that have already blown budgets on insecure systems.

In 2002, Congress passed the Help America Vote Act in response to the hanging-chad debacle of Florida's 2000 presidential elections. The act's main thrust was to provide money to states to replace outdated punch-card- and lever-based voting systems with optical-scan or touchscreen models. The act largely accomplished that goal, filling the coffers of closed source voting system manufacturers. In doing so, the act may have inadvertently placed the country in a worse situation, given how difficult it is to rig large numbers of votes with punch card or lever systems. By contrast, a single poorly designed e-voting machine can be used to covertly modify large numbers of votes.

Of course, even with a paper ballot cast in a locked box, there have never been fail-safe assurances that any given vote has been counted and recorded. Human error and malfeasance are sure to be constants.

Yet in every industry, computers have reduced or eliminated human error and guarded against fraud. From banking to taxes to tollbooths, computers ostensibly provide a dispassionate third party to tally numbers, not as we might wish them to be but as they are. Voting systems are no exception, and they should be afforded far more protections, oversight, and regulation than those in most other industries as they protect the very foundation for our democracy.

The law has always trailed behind technical innovation. In the case of e-voting, Congress must act to close this gap, by passing legislation to provide grants for developing a single, open framework for all voting systems and to provide funds to states to retrofit existing hardware where possible.

This "Open Vote Act" should also enact laws that prohibit the use of any voting system that does not provide a paper audit trail, and it should mandate that companies use government-approved voting code without modification when building proprietary systems. If we can nationalize big banks and spend a trillion dollars to recover from the irresponsible actions of a relative few, we can certainly nationalize portions of our voting infrastructure. There's too much at risk to think otherwise.

Hanlon's razor: IT's call to action
As we head into the 2008 elections, we all hope that there are no surprises come Election Day. The media will hang on every instance of voting-system inaccuracy, and we're sure to hear from voters across the country who have been inadvertently disenfranchised by malfunctioning e-voting systems.

Here, Hanlon's razor ("Never attribute to malice that which can be adequately explained by stupidity.") comes into play. If there are widespread problems with e-voting systems this time around, we have no one but ourselves to blame. We have seen the flaws of these systems, and we have not acted to correct the system that has given rise to them.

If voting irregularities occur during this election, let's hope the novelty of current e-voting systems will wear off for the population at large, giving way to meaningful voting reform in Washington. If everything seems to go smoothly, however, let's not just assume the issue of e-voting security has magically gone away.

Either way, those of us who know how computers work, who know how easy it is to slip backdoors into closed code, and who know how these problems should be addressed will always provide an undercurrent of distrust -- not just for our individual votes but for the entire elections system in general.

Isn't it time we put our knowledge into action?

Researchers at McGill University in Montreal have discovered a new state of matter that they say could greatly extend Moore's Law.

Engineers at companies like Intel and AMD have long been cramming more and more transistors -- the building blocks of the processor -- onto a chip. Last fall, for instance, Intel announced that each of its new Penryn chips hold 820 million transistors. The Penryn chip keeps alive the 40-year-old prediction by Gordon Moore that the number of transistors on a chip will double every two years.

Some observers have long predicted that leakage and energy consumption will be significant roadblocks to the law at some point.

The McGill scientists, though, think they may have a way around those roadblocks.

The researchers say they've found a quasi-three-dimensional electron crystal that could enable them to harness quantum physics to make increasingly small computer chips. The crystal was discovered using a device cooled to a temperature that is 100 times colder than intergalactic space.

Dr. Guillaume Gervais, director of McGill's Ultra-Low Temperature Condensed Matter Experiment Lab, said that the material is not quite three-dimensional but it's something in between two-dimension and three-dimensional.

"In a standard transistor, you have a gate, and the electron flow is controlled by it like a faucet would control a gas flow," Gervais said in a statement. "You can understand the particles as independent units, which lets us treat them as ones and zeroes or on and off switches in digital computing. However, once you get down to the nano-scale, quantum forces kick in and the electrons may condense into a collective state and lose their individual nature. Then all sorts of bizarre phenomena pop up. In some cases, the electrons may even split. Concepts of 'on' and 'off' lose all meaning under these conditions."

Dan Olds, principal analyst with the Gabriel Consulting Group, said the McGill scientists are working on far-reaching science, and even if their theories hold true it would be quite some time before they could be used in the chip manufacturing process.

"There also isn't any evidence to say that this is the answer to continuing Moore's Law. It's a possible answer, it's a potential answer, but only after we understand how these new materials work, which we don't yet," said Olds.

"From a higher perspective, this is the kind of experimental activity that is taking place all over the world. It's great, because we see these breakthroughs that others will build on. Many will fall by the wayside -- blind alleys that don't go anywhere interesting -- but a few will be found to be extremely useful over time. It's the law of the jungle in technology," Olds added. "There are many experiments. Some are interesting but useless. A very few are interesting and very useful. It's too soon to tell which camp this one will fall into."

In its work to shrink transistors and extend Moore's Law, IBM announced last February that they had hit a major milestone in nanotechnology, figuring out how to measure the amount of force needed to move an atom. Their new measurement capabilities could enable researchers to shrink the size of transistors used in computer chips.

Shrinking transistors cuts power requirements and boosts speed.

One day after Microsoft issued a rare emergency Windows security patch, the bad guys have a few new ways to take advantage of the bug.

By Friday, security researchers had identified a new worm, called Gimmiv, which exploited the vulnerability, and a hacker had posted an early sample of code that could be used to exploit the flaw on the Web.

[ For earlier developments in this bug's progress, see "Microsoft to rush out emergency Windows patch" and "Attack code for critical Microsoft bug surfaces" ]

Microsoft issued the patch more than two weeks ahead of its next security updates because the bug could be used to create an Internet worm attack and Microsoft had already seen a small number of attacks that exploited the flaw.

This vulnerability lies in the Windows Server service used to connect with other devices on networks. Although the firewall software that ships with Windows will block the worm from spreading, security experts are worried that the flaw could be used to spread infections between machines on a local area network, which are not typically protected by firewalls.

And that's exactly what the Gimmiv worm is designed to do, according to Ben Greenbaum, a senior research manager with Symantec. "It is downloaded onto a target machine via social engineering and then proceeds to scan and exploit machines on the same network, using this newly disclosed vulnerability in the Server service," he said.

The worm then loads software that steals passwords, security experts say.

Both Symantec and McAfee said Friday that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting Thursday evening, they found a 25 percent jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.

That scenario becomes more likely, too, as more tools that exploit the flaw are released to the public. On Friday, sample exploit code was posted to the Milw0rm.com hacker site, and over the next few days hackers are expected to move that code into attack tools that are easy to use.

Greenbaum predicted that the attack code will soon be used to build botnet networks of infected computers. "What we are going to see is this attack being added to the arsenal of botcode," he said.

"Once it evolves to the point where people really don't have to know much about the exploit ... those are the situations where people write the worms that do a lot of [damage]," said McAfee researcher Craig Schmugar.

Does he expect a damaging worm to emerge from this latest bug? "If history is a lesson, then yes," he said.

The lawsuit filed by Waste Management against SAP in March over what the trash-disposal company claims was a botched ERP implementation is growing increasingly rancorous, with accusations of withheld information and deliberate foot-dragging.

In addition, the systems integrator Deloitte Consulting has become caught up in the suit, though not as an official party.

[ See earlier developments in this story: "Waste Management sues SAP over ERP implementation" and "Update: SAP files counterclaim against Waste Management" ]

In a filing in Harris County, Texas District Court earlier this month, SAP asked the court to delay the trial until February 2010 due to the complexity of the case. The vendor also alleges Waste Management has not behaved in good faith during the discovery process.

"Rather than focusing on producing the most relevant documents first, Waste Management appears to have taken the opposite approach," SAP said.

While Waste Management's production "has been voluminous, most of those documents -- such as customer invoices, office building sign-in sheets, and customer addresses -- relate generally to its business operations and not specifically to the purchase or implementation of the software at issue in this suit."

SAP also wants the court to delay the depositions of a number of SAP employees.

"The only possible explanation for Waste Management's refusal to produce the documents on which it intends to rely at the depositions -- or, for that matter, for seeking to depose key witnesses before producing its own documents -- is that it hopes to 'surprise' SAP's witnesses with documents they have never seen, or have not seen in years and have long forgotten," the filing alleges.

Meanwhile, SAP has produced "hundreds of thousands of pages of documents, including e-mails and what Defendants believe are most of the critical documents," SAP said.

But a response filed by Waste Management states "SAP has sought to delay the case at every turn," and that trial should begin in April 2009.

"These types of lawsuits, arising from defective software and failed implementation, are routine for SAP," Waste Management said. "There are standard motions it files and it uses the same types of expert witnesses. ... There is no reason the case cannot be discovered and tried in 2009."

SAP's assertions regarding Waste Management's conduct during discovery are "baseless," the filing adds. "Waste Management has made 10 separate productions of 'substantive' information to SAP totaling 947,304 pages (compared to SAP's production of approximately 308,000 pages)."

The documents include issue and resolution logs "addressing specific issues with the programming, conversion and implementation of SAP Waste & Recycling software," the filing states.

SAP has also "refused to present witnesses for deposition, has failed to substantively answer interrogatories, and has lodged boilerplate objections to discovery that it refuses to withdraw," Waste Management said.

Therefore, "it is important for Waste Management to start depositions to determine what SAP refuses [to] disclose and determine what discovery SAP is not providing," the filing adds.

SAP previously filed a counterclaim to Waste Management's suit arguing in part that the trash-disposal company violated its deal with SAP including by "failing to timely and accurately define its business requirements" and not providing "sufficient, knowledgeable, decision-empowered users and managers" to work on the project.

Apparently in support of this line of argument, another recent filing shows that SAP has subpoenaed Deloitte, asking the company to provide all documentation tied to work Deloitte performed for Waste Management regarding the licensing and implementation of a range of SAP software, as well as "any analyses or other work performed by Deloitte concerning Waste Management's business processes."

Waste Management's internal name for the SAP implementation project was "C1" or "Customer First," and the company hired Deloitte to perform an independent review after a site in New Mexico went live, according to the filing.

Deloitte allegedly told Waste Management that "the original Blueprint workshops were ineffective at capturing the business requirements for the WM solution" and that "as a result, after the workshops the Blueprint design was allowed to constantly change as the teams' understanding of the functionality evolved."

"To the extent Waste Management believes [SAP's] software was a failure, the blame lies with Waste Management," the filing adds.

Waste Management argues that SAP's subpoena is worded too broadly. "To the extent that Deloitte's work at Waste Management is not part of the SAP implementation project, plaintiffs object that the request is an improper fishing expedition."

Waste Management and Deloitte declined additional comment on Friday.

SAP spokesman Andy Kendzie said the company does not discuss ongoing litigation. "I would say that beyond that, we will vigorously defend our brand and reputation during the litigation process," he added.

dMicrosoft will distribute the second service pack for Windows Vista to a small group of beta testers next Wednesday, the company said Friday.

A small group of Technology Adoption Program members will get a test version of Windows Vista Service Pack 2 (SP2) in the middle of Microsoft's Professional Developers Conference (PDC), which it scheduled next week in Los Angeles, the company revealed on the Windows Vista team blog.

Vista SP2 will include previously released fixes that focus on specific reliability, performance, and compatibility issues with Vista, according to the blog entry, attributed to Mike Nash, vice president of Windows product management at Microsoft.

The company expects Vista SP2 will be compatible with applications that are written using public APIs (application programming interfaces) that run on both Vista and Vista SP1, he said. It also will be released for both Vista and Windows Server 2008 simultaneously.

Microsoft has not set a date for the final release of SP2 and will base that release on feedback from the beta program, according to Nash's post.

Some of the improvements Microsoft plans to deliver in SP2 include the addition of Windows Search 4.0 to enable faster and better relevancy in searches, Bluetooth 2.1 Feature Pack to support the latest Bluetooth technology and the ability to record data onto Blu-ray video format natively in Vista, Nash said.

Vista SP2 also will add Windows Connect Now technology to simplify the configuration of Wi-Fi networks, and include support for UTC (Coordinated Universal Time) timestamps to ensure that files are synchronized across time zones, according to the blog post.

In his post, Nash advised users that if they are waiting for SP2 to upgrade to Vista, they should consider using the Vista SP1 OS now rather than wait.

"While we will recommend SP2 when it ships, your best bet today is Windows Vista SP1," he wrote.

Even as Microsoft readies Vista SP2, the company is expected to distribute an early release of Vista's follow-up, Windows 7, at the PDC next week.

In the run-up to its Professional Developers Conference, Microsoft on Friday opened a new initiative to let the developer community hear about and try early developer tools that the software giant is working on.

DevLabs is an online portal where Microsoft plans to share some "early thinking" and let developers help shape the direction of projects, wrote S. Somasegar, senior vice president in Microsoft's developer division in a blog entry. Developers will also get to use some early versions of tools in order to offer feedback.

Many of the projects will start with people who work in Microsoft's developer division, but they can come from other groups that may be working on projects geared toward developers, he said.

Somasegar stressed that the site isn't meant to draw feedback on next releases of existing products, since mechanisms for that are already in place. The projects featured on DevLabs will be early ideas that haven't yet been hammered into exact products, he said. Some projects could become features in existing products, others might be open sourced for the community and others may be trashed, he said.

For now, DevLabs is featuring four projects, including Small Basic, first unveiled on Thursday. Small Basic is a development tool for beginning developers that could be used by kids or adults. It is inspired by the BASIC programming language and based on .Net.

Pex and Popfly, two projects that have been around for a while, are also featured on the site. Popfly users can create games, mashups and Web pages, and Pex is a software testing tool.

Finally, developers can get involved with the creation of Chess, another software testing tool that Microsoft has been developing for a couple years and that it plans to reveal more about next week at its Professional Developers Conference.

Microsoft will herald a security project called Web Sandbox, for securing Web content through isolation, at the company's Professional Developers Conference in Los Angeles next week.

The Microsoft Live Labs Web Sandbox features a prototype of technology for mashing up code while maintaining better process isolation, quality of service protection, and security, according to the company.

"This will foster more efficient cross-browser development, increased mash-up innovation, and new third-party extensibility models," according to a description of the PDC effort released by a Microsoft representative.

The Live Web Sandbox Web site describes the project as addressing the problem of modern Web applications being "intrinsically insecure, often with unpredictable service quality."

"Today, Web gadgets, mashup components, advertisements and other third-party content on Web sites either run with full trust alongside your content or are isolated inside of IFrames," resulting in a lack of security, the Web page states.

"We have created a cross-browser JavaScript virtualization layer that provides a secure standards-based programming model without requiring any add-ons," according to the site. "We are not done yet. We need your help: Experiment with the Sandbox and make sure it works. We've included a set of samples so you can try to break the Sandbox. Our goal is to provide reusable components that will allow you to secure your Web 2.0 mashups. Our goal is to work together to standardize a secure Web platform. "

A growing number of Web 2.0 applications incorporate third-party content either via direct script inclusion or embedded in an IFrame, Live Labs said. Components included directly execute with full trust and can access private information, according to Live Labs. This leaves a site subject to intentional or non-intentional bugs that could compromise personal information or degrade a Web application's quality of service.

IFrames, meanwhile, offer isolation but not complete security, Live Labs said. Malicious code can try to install ActiveX controls, redirect users, or interrogate a browser history, thus degrading quality of service. IFrames also pose a problem with providing an integrated experience and sharing data across components, the labs said.

Microsoft's quarterly call with Wall Street on Thursday told the tale of two software franchises and their diverging financial fortunes.

Microsoft's Client revenue, which virtually all comes from sales of Windows Vista, grew just 2% year-over-year to $4.22 billion in its fiscal first quarter of 2009.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"That fell pretty far short of Microsoft's expectations," said Matt Rosoff, an analyst with the independent research firm Directions on Microsoft. "That's always a worry, since it's the core of the company's business."

This was the second recent quarter out of three that saw Vista sales grow sluggishly or shrink. In Microsoft's third quarter of 2008, Client revenue fell 24% year-over-year, although sales grew 13% year-over-year in the intervening fourth quarter.

Vista's weak growth was in spite of 10% to 12% growth in PC shipments. Microsoft blamed the sluggishness on flat PC sales in developed countries and zooming sales of low-cost PCs, in particular, NetBooks. Customers in developing countries are more likely to buy PCs with cheaper, basic versions of Windows Vista installed. Or, if they buy NetBooks, they are likely to get Windows XP Home or Linux, which results in little or no revenue to the software maker.

As a result, sales to PC manufacturers, which supply 80% of Vista's sales, actually fell 1% (The rest of Vista revenue comes from volume licenses to big companies and retail purchases by consumers and small businesses).

Microsoft hopes Vista can rebound in the second quarter with 7% to 10% growth during the traditionally strong holiday season.

"We think, particularly with Christmas coming up, that overall sales will be relatively good," said Microsoft CFO Chris Liddell during the earnings call. "We have reasonably good visibility into this quarter in terms of the inventory positions. We feel pretty good about some of the initiatives that we have in the unlicensed area. We've got channel inventory down to where we would like to see it."

But Rosoff said he is "surprised they are that optimistic for the holiday quarter."

Other bellwether PC vendors also lack Microsoft's confidence. Chip maker Intel Corp. expressed an uncertain outlook during its earnings call earlier this month. While Phoenix Technologies Inc., which supplies BIOS software to half of PCs, on Thursday cut its forecast for laptop sales growth in half to 15% from 30%.

Microsoft admits the picture for Vista sales is bleaker for the rest of the year. It expects sales to increase just 2%, meaning that revenue in the last two quarters of the year might actually fall slightly from the prior year.

That is despite Microsoft's own forecast that PC shipments would grow from 8% to 12% for the year. The reason, again, is the expectation that Vista sales will be flat in developed countries and that non-Vista-using NetBooks will drive PC unit growth.

Office 2007 enjoys strong growth

Office 2007, meanwhile, appeared to continue its unbroken string of stellar growth. Revenue in the Microsoft Business Division grew 20% year-over-year to $4.95 billion.

The company doesn't break out the percentage of MBD revenue that comes from Office. Microsoft has added several highly profitable products to MBD in recent years, most significantly, Exchange Server, which Rosoff estimates is almost a $2 billion annual business.

Still, Office undoubtedly comprises the majority of MBD's revenues, Rosoff said. Those revenues are expected to grow 7% to 8% in the next quarter, and 12% to 13% for the entire year, far higher than Client (Vista's) revenues.

Microsoft Office has beaten back many threats during its long era of domination. But with the advent of credible SaaS competitors such as Google Docs, cheaper desktop competitors such as IBM Symphony or the much-improved, free OpenOffice 3.0, and the weak economy, could Office's grip on 550 million users finally be weakening? Rosoff isn't buying it.

"I've heard this argument many times over the years. But Office continues to have a real stranglehold in the corporation," Rosoff said. "In the absence of evidence to the contrary, I think it's going to stay that way."

Google this week continued to hone its effort to push its Google Analytics service into corporate IT shops by adding a slew of new features, including custom report generation, advanced segmentation and integration with Google AdSense .

The new features will let larger companies using Google Analytics ditch any third-party tools they are using for segmentation or custom reporting of data generated from Google Analytics, noted Brett Crosby, group manager for Google Analytics.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

"This is an enterprise class feature launch," he said. "[Users have] been spending a lot of time and money trying to squeeze out this information from a lot of other tools. We think this will solve the dueling tool problem within these organizations."

The free hosted Google Analytics service was launched three years ago to demand so great Google had to temporarily suspend taking on new users.

The integration with Google's AdSense advertising network lets users see which pages of their site are driving the most revenue from AdSense ads. Integrating AdSense and Google Analytics will allow users to determine what content people like, which referring sources are driving the most revenue and which geographies are driving the most revenue, Crosby added.

"There are a lot of sites that use AdSense to drive revenue, and that is their primary source of revenue," he noted. "They can see what their return on investment is."

The update also adds support for advanced segmentation, allowing users to isolate and analyze subsets of their Web traffic -- like visitors who came through an e-mail marketing campaign or those who can from a company buying keywords, Google said. "It allows you to basically zero in on any segment of traffic you want to look at," Crosby said.

Once a company creates a segment for analysis, the tool can be used to compare the past behavior of that subset to the rest of the traffic on the site, Crosby added.

"The idea is to create segments of customer so you can see that buyers behave really differently than my 'looky loo' customers," Crosby noted. "You can start to identify the differences in those sorts of traffic."

Another new feature in Google Analytics allows users to create custom reports using any metrics, Crosby added. This feature could also be used in conjunction with advanced segmentation so users can have more options on how to analyze data.

New advanced visualization capabilities, which provide motion charts of data -- bubble charts that can be animated to show trends over time -- can help users find aspects of data that might not otherwise be apparent, Crosby added.

Finally, Google unveiled a beta of a new Google Analytics API, which will allow developers to pull data out of the analytics service to build new applications. Crosby said that "renegade developers" have already written scripts or created other ways on their own to build new applications that use Google Analytics data. Examples, he said, include iPhone application